FCC Enforces Team Telecom Mitigation Commitments Against Marlink

The Federal Communications Commission (FCC) recently penalized violations of a Team Telecom mitigation agreement through a consent decree, resolving an Enforcement Bureau investigation into Marlink, a provider of satellite communications and digital services. The January 8, 2026 consent decree, arrives amid a broader shift in federal oversight that treats communications network governance and data handling as national security imperatives, and increasingly penalizes violations of national security agreements with the government. 

Background

Team Telecom—formally known as the interagency Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector—was established  by Executive Order in 2020. The FCC, exercising authority under the Communications Act (including Section 214 and Title III), refers applications to provide telecommunication services that present foreign ownership or other national security, law enforcement, or foreign policy considerations for Executive Branch review. Typically, those cases have involved (1) applications for international Section 214 authorizations and submarine cable landing licenses, (2) applications to assign, transfer control or modify such authorizations and licenses where the applicant has reportable foreign ownership, and (3) petitions to exceed foreign ownership thresholds applicable to broadcast licenses under Section 310(b). Where risks are identified, Team Telecom frequently negotiates Letters of Assurance (LOAs) (as well as more formal National Security Agreements, collectively known as mitigation agreements) that impose binding operational, access, and reporting controls. The FCC then incorporates those commitments as express conditions on affected Section 214 authorizations, radiofrequency licenses, and other authorizations, making adherence enforceable under the Communications Act.

In recent years, the FCC has intensified engagement with the Executive Branch’s national security review of telecommunications matters, pairing that approach with structural reforms to international Section 214 oversight. Those reforms include expanded foreign ownership disclosures, cybersecurity attestations, and routine referrals to Team Telecom for entities with risk indicators. In parallel, the Committee on Foreign Investment in the United States (CFIUS) has increased monitoring and sanctions for mitigation failures and misstatements—issuing more penalties in 2023–2024 than in its prior five decades combined, publicly disclosing a $60 million penalty against a major telecommunications company for breaches of a national security agreement, and publishing a rule to increase maximum civil penalties to $5 million per violation while expanding investigative and subpoena tools. The FCC likewise took enforcement action in 2024 involving Liberty Latin America affiliates related to Team Telecom LOA and CPNI breach-notification rules, imposing a civil penalty and strengthened data governance and vendor oversight.

The Marlink Order and Consent Decree

The FCC determined that Marlink breached national security mitigation commitments that had been incorporated as conditions of the company’s international Section 214 authorization and earth-station licenses. Those commitments, arising from a 2022 LOA with the Department of Justice (on behalf of the Team Telecom agencies), required Marlink to implement strict controls on foreign-person employee access to specified US communications infrastructure and customer information, and to provide DOJ with at least 30 days’ notice before granting such access to any foreign employee.

According to the Enforcement Bureau’s investigation, Marlink permitted extensive access by foreign-person employees without the required prior DOJ notification. Of 303 foreign-person employees with access to US records and domestic communications infrastructure, 186 were not submitted to DOJ for advance vetting. DOJ ultimately approved access for those individuals, but only after the FCC had commenced its investigation. The Bureau attributed the noncompliance in part to an inadequate manual screening process and noted that Marlink undertook remedial steps to strengthen procedures once the issue surfaced. DOJ referred the matter to the FCC.

The Consent Decree

The consent decree resolves the FCC’s investigation with a monetary payment and a detailed compliance plan that resets governance expectations for Marlink. As part of the settlement, Marlink agreed to make a $175,000 voluntary contribution to the U.S. Treasury. The decree also mandates a comprehensive compliance program designed to ensure that foreign access controls and DOJ notifications are implemented faithfully and consistently going forward.

The decree requires the designation of a senior Compliance Officer with subject-matter knowledge of the LOA and licensing conditions. It obligates Marlink to establish formal operating procedures that embed vetting checks into onboarding and access-granting workflows, coupled with systems to process, manage, and track all DOJ notifications. A written compliance manual must be distributed to covered personnel and kept current. A training program must be rolled out within defined timeframes and refreshed annually, with specific instruction on recognizing and reporting noncompliance. The decree also compels periodic compliance reporting to the FCC at 90 days and annually over a three-year term, along with prompt notice of any noncompliance within 30 days of discovery.

Key Takeaways for Businesses

The FCC framed the matter as adding “real teeth” to Team Telecom’s commitments to safeguard national security and the integrity of US communications networks. This signals that national-security-driven enforceable obligations—whether agreed pursuant to the FCC’s Team Telecom process or CFIUS authorities—will continue to be a focus of the Executive Branch, with real financial and operational consequences.

Companies subject to Team Telecom or CFIUS mitigation commitments should take several actions in light of the FCC’s consent decree with Marlink. First, verify that foreign-access screening and notice obligations are embedded in automated identity and access management workflows rather than manual processes. Second, companies should confirm that responsibility sits with an accountable senior compliance owner. Finally, companies should maintain auditable evidence, align training to LOA triggers and timelines, and perform periodic internal testing against the specific metrics required by any LOA.