For years, enterprise 911 compliance has operated in something of a gray zone. The federal mandates exist — Kari's Law and RAY BAUM's Act have been on the books since 2018 and 2020, respectively — but visibility into how well organizations are actually meeting those requirements has been limited. That's about to change.
Last week, the House passed H.R. 5201, the Kari's Law Reporting Act, with overwhelming bipartisan support. The bill directs the FCC to produce a compliance report within 180 days, specifically examining whether multi-line telephone system (MLTS) manufacturers and the organizations that deploy them are meeting federal 911 requirements.
In practical terms, this means the FCC will be taking a hard look at whether enterprises across the country can do what the law already requires: connect 911 calls without a prefix, deliver accurate dispatchable location data, and send on-site notifications when an emergency call is placed.
If you manage an enterprise communications environment, this is the moment to pay attention.
From Grace Period to Spotlight
We've been tracking this trajectory for a while. Earlier this year, we wrote about how the FCC's grace period for enterprise 911 compliance has ended and enforcement is ramping up. The regulatory posture has shifted — the FCC has moved past the implementation phase and into active enforcement, with significant penalties already levied against organizations whose emergency communications systems failed to meet standards.
The Kari's Law Reporting Act accelerates that shift. Where enforcement has so far been reactive — triggered by outages, complaints, or failed emergency calls — this bill creates a proactive mechanism. The FCC won't be waiting for something to go wrong. It will be actively investigating the state of compliance across the industry and publishing its findings publicly.
That public report changes the calculus for every organization running an MLTS. Right now, a compliance gap is an internal risk. Once the FCC publishes industry-wide findings, it becomes much harder to argue that gaps were unknown or that enforcement wasn't foreseeable.
Why This Matters More Than You Might Think
It's tempting to view an oversight bill as bureaucratic housekeeping — just another report that lands on a shelf. But the context around this legislation suggests otherwise.
The bill passed 405–5. That kind of margin isn't common in Congress right now, and it signals that emergency communications is one of the few areas where there's genuine political consensus. It also means that if the FCC's report reveals widespread non-compliance, there will be significant pressure to follow up with teeth — whether that's funding for enforcement, new penalties, or manufacturer-level mandates.
This bill is also part of a broader wave of emergency communications legislation moving through the 119th Congress, including measures focused on disaster reporting requirements and 911 outage transparency. The legislative momentum is clear: Congress is building an accountability framework around emergency communications infrastructure, and enterprise phone systems are squarely within scope.
Where Compliance Breaks Down in Practice
The challenge for most organizations isn't a lack of awareness that these laws exist — it's the gap between initial configuration and ongoing reality.
When Kari's Law and RAY BAUM's Act first took effect, many organizations updated their phone systems to meet the baseline requirements. But enterprise communications environments don't stay static. Consider what's changed in your organization since you last verified your 911 configuration:
Office moves and renovations. If your team relocated floors, buildings, or campuses, the dispatchable location data tied to those endpoints may still point to the old address. A 911 call from the third floor that routes responders to the first floor isn't compliant — and it's dangerous.
Hybrid and remote work. Employees dialing from softphones at home, in coworking spaces, or on the road present a location data challenge that traditional MLTS configurations weren't designed to handle. If your system can't dynamically update location based on where the call actually originates, you have a gap.
Device and platform changes. Migrations to cloud calling platforms, new handset deployments, or the addition of Microsoft Teams or Webex calling can introduce 911 routing issues if emergency calling wasn't part of the migration plan. We see this regularly — organizations upgrade their communications stack and inherit a compliance gap they didn't know existed.
Shared and flexible workspaces. Hot-desking and hoteling mean that the person sitting at a given extension today isn't the same person who was there yesterday — and the location data needs to reflect where the call is happening, not where the device was originally registered.
Each of these scenarios represents a real-world failure point. And when the FCC begins its compliance assessment, these are exactly the kinds of gaps that will surface.
The 180-Day Clock
Once the Kari's Law Reporting Act is signed into law, the FCC has 180 days to deliver its report. That timeline matters for two reasons.
First, it creates a concrete deadline. The FCC will need to gather data, assess manufacturer and enterprise compliance, and publish findings — all within roughly six months. That means the investigative work starts immediately.
Second, it creates a window. Organizations that identify and resolve compliance gaps before the report is published will be in a fundamentally different position than those caught off guard by the findings. This is the period to act — not after the report drops and the enforcement conversation intensifies.
What to Do Right Now
If your organization operates an MLTS — whether that's a traditional PBX, a cloud calling platform, or a hybrid environment — here's where to focus:
Audit your 911 call path. Place test calls (where your local PSAP supports it) or work with your provider to verify that 911 calls from every endpoint route correctly and deliver accurate location data. Don't assume the configuration from two years ago still holds.
Verify dispatchable location data. Walk your locations. Confirm that every floor, wing, and building has accurate location records tied to the endpoints deployed there. Pay special attention to any spaces that have been reconfigured since your last compliance review.
Address remote and mobile endpoints. If employees are placing calls through your corporate phone system from locations outside your facilities, confirm that your platform can deliver dynamic location data for those calls. This is one of the most common — and most overlooked — compliance gaps.
Review your notification workflow. Kari's Law requires on-site notification when a 911 call is placed. Confirm that your notification system is active, reaches the right people (security, front desk, facilities), and works across all call scenarios — including after-hours calls.
Document everything. As the compliance environment tightens, having a record of your audit process, findings, and remediation steps isn't just good practice — it's your evidence of due diligence.
The Bottom Line
The Kari's Law Reporting Act isn't a new set of rules. It's a signal that Congress is done assuming the existing rules are being followed and is asking the FCC to find out. For enterprise organizations, the question isn't whether your systems should be compliant — that's been settled law for years. The question is whether they actually are, right now, across every endpoint and every location.
The organizations that can answer that question with confidence will be well-positioned when the FCC's report arrives. The ones that can't should start working on it today.
Need to know where you stand? Schedule a call with the 9Line team. We'll walk through your calling environment, identify compliance gaps, and help you build a plan to close them — before the FCC's spotlight turns on.
Related: FCC Grace Period for Enterprise 911 Compliance Has Ended
