A Florida debt collection company got hit with a $3.4 million TCPA settlement after its autodialers called people who had never given consent. A solar company paid $19.7 million for robocalling numbers on the National Do Not Call Registry. A mortgage lender settled for $9.5 million after placing over 2.7 million unconsented calls. These are not fringe cases. TCPA litigation is a thriving industry and plaintiff attorneys are actively hunting for businesses that run AI cold calling programs without the right safeguards.
Here is the reality: AI calling is legal, powerful and growing fast. Our AI sales agent books meetings around the clock without the overhead of a human SDR team. But the difference between a program that generates millions in pipeline and one that generates millions in legal fees comes down to a few compliance fundamentals that most business owners never learn until it is too late.
This guide breaks down the Telephone Consumer Protection Act (TCPA) in plain English, explains exactly how it applies to AI and automated calling and gives you a practical compliance checklist you can act on today. We cover B2B versus B2C rules, state-level laws that go further than federal law, the real penalty math and exactly how Multiply Revenue builds compliance into every outbound campaign we run.
Disclaimer: This article is for educational purposes only and does not constitute legal advice. TCPA compliance depends on your specific business, call type, prospect list and state. Consult a licensed attorney before launching any outbound calling program.
What Is the TCPA? The Telephone Consumer Protection Act Explained
The Telephone Consumer Protection Act was passed by Congress in 1991. At the time lawmakers were responding to the explosion of telemarketers placing outbound telemarketing calls to residential phone numbers at all hours using automated dialers. The law gave consumers new rights and gave the FCC authority to enforce strict rules around automated calling and all forms of outbound calling.
In plain terms, the TCPA restricts who you can call, when you can call them, what equipment you can use to call them and what you need from them before you pick up the phone. The law applies to voice calls and text messages. It covers both mobile numbers and residential landlines. And it includes a private right of action, meaning any individual who receives a call that violates the TCPA can sue you directly without going through a government agency first.
That private right of action is what makes TCPA exposure genuinely dangerous. Class action attorneys scan for TCPA violations at scale. One noncompliant calling campaign can become a class action representing thousands of plaintiffs, with statutory damages stacking up at $500 to $1,500 per individual call.
The FCC enforces the TCPA at the federal level and issues guidance on AI call compliance. States can and often do pass their own telemarketing laws that are even stricter than the federal baseline. We cover the major state laws in a dedicated section below.
Does the TCPA Apply to AI Calls, AI Agents and AI-Generated Voice?
Yes. This is the question we hear most often from business owners exploring AI outbound calling. The short answer is unambiguous: TCPA applies fully to AI-powered calls, AI agents using an AI-generated voice and any automated system used for outbound calling.
The TCPA restricts calls made using an Automatic Telephone Dialing System (ATDS) and voice calls using an artificial or prerecorded voice. AI voice agents fall squarely into both categories. their AI-generated voice output makes them subject to the same restrictions as traditional robocalls and prerecorded telemarketing calls. The FCC has confirmed this interpretation consistently and courts across the country have upheld TCPA liability for AI-generated calls and automated calling systems.
Key ruling: In 2021 the Supreme Court narrowed the definition of an ATDS in Facebook v. Duguid, ruling that a system must use a random or sequential number generator to qualify. This gave some relief to companies using targeted prospect lists. However, calls using an artificial or prerecorded voice remain independently restricted under a separate TCPA provision regardless of the dialing system used. AI voice agents use an artificial voice. The separate restriction applies.
The practical implication: if you use AI to make AI voice calls to a consumer cell phone without the proper consent, you are exposed to TCPA liability even if you are using a curated list and not random dialing. The technology does not create a loophole. Businesses that use AI for outbound calling face the same compliance requirements that have always applied.
In March 2024 the FCC issued a declaratory ruling explicitly addressing AI-generated voices in robocalls. The ruling clarified that AI voice calls are subject to the same TCPA restrictions as traditional prerecorded robocalls. This closed any remaining ambiguity and gave plaintiff attorneys a clear legal foundation to pursue cases against AI calling programs that lack proper consent.
FCC ruled AI-generated voice calls fall under TCPA robocall restrictions
FCC Declaratory Ruling, March 2024The Consent Rules: Express vs. Prior Express Written Consent and Best Practice
Consent is the foundation of TCPA compliance. Get it right and you can run an aggressive AI outbound program. Get it wrong and every single call is a potential $1,500 liability. There are two levels of consent under the TCPA and they apply in different situations.
Prior Express Consent
This is the lower standard. It covers informational calls to consumers who have provided their phone number in connection with the subject of the call. Example: a patient who gave their number to a dental practice when scheduling an appointment has provided prior express consent for that practice to call them with appointment reminders. The consent does not need to be in writing. It just needs to be real and directly related to the call topic.
Prior Express Written Consent
This is the higher standard and it applies to telemarketing calls and calls using an artificial or prerecorded voice to wireless numbers. This means almost every AI cold calling program targeting consumer cell phones needs prior express written consent.
Prior express written consent requires a written agreement that clearly discloses the caller's identity, states that calls may be made using an autodialer or artificial or prerecorded voice, includes the specific phone number being consented for contact and is signed by the consumer. Electronic signatures and checkbox agreements on web forms qualify as long as the disclosure language is clear and the consumer affirmatively opts in.
Best practice: Use a dedicated opt-in form on your website or landing page with a clearly visible consent statement above the submit button. Something like: 'By submitting this form, you agree to receive automated or prerecorded calls and texts from [Company Name] at the number provided. Consent is not a condition of purchase.' Save timestamped records of every opt-in.
A key rule that tripped up many businesses: the FCC's one-to-one consent rule, finalized in late 2024 and effective January 2025, requires that prior express written consent be obtained on a per-company basis. You cannot get consent for one business and share or sell that consent to other companies. If your lead generation vendor provides a consent list, that consent is only valid for the specific company named in the original opt-in. This eliminated the practice of lead generation companies bundling consent for dozens of callers in a single opt-in.
FCC one-to-one consent rule: each company must obtain its own written consent, effective January 2025
FCC Report and Order, December 2023Do Not Call Registry Requirements for Telemarketing and AI Outbound Calling
The National Do Not Call Registry, administered by the FTC, lists consumers who have opted out of receiving telemarketing calls. Calling a number on the DNC list without an established business relationship or written consent is a TCPA violation. The fine is up to $51,744 per call under current FTC enforcement authority.
Businesses running outbound calling programs must scrub their call lists against the National DNC Registry at least every 31 days. You must subscribe to the registry to access and download the do-not-call list for the area codes you plan to call. The subscription is free for small businesses calling fewer than five area codes.
- Subscribe to the National DNC Registry at donotcall.gov before launching any telemarketing campaign
- Download and scrub your call lists at least every 31 days
- Honor consumer requests to be added to your internal company-specific DNC list within 30 days
- Maintain your internal DNC list for a minimum of 5 years
- Train anyone who manages your calling program on DNC procedures
Beyond the national registry, many states maintain their own do-not-call lists with additional requirements. Florida, Indiana, Louisiana, Pennsylvania, Texas and Wyoming all operate state DNC registries that must be scrubbed separately. Your calling program needs to account for both federal and applicable state registries.
The established business relationship (EBR) exception: if a consumer has purchased from you, inquired about your services, or submitted a form within the past 18 months (purchases) or 3 months (inquiries), you may call them even if they are on the National DNC Registry. But the moment a consumer asks you to stop calling, you must honor that request immediately regardless of the EBR.
B2B vs. B2C: Different Rules for Outbound Calling and AI Cold Calling
This distinction matters enormously for companies using AI cold calling as a sales tool. The rules are meaningfully different for business-to-business versus business-to-consumer outreach.
B2C Calling: Full TCPA Applies
When you are calling consumers at their personal numbers, residential lines or personal cell phones, the full weight of the TCPA applies. Prior express written consent is required for telemarketing calls to cell phones using an artificial voice. National DNC scrubbing is mandatory. Calling hours restrictions apply (8 AM to 9 PM in the recipient's local time zone). There is no shortcut around these requirements for consumer-facing campaigns.
B2B Calling: More Permissible, But Not a Free Pass
Calls to business numbers, where you are reaching someone at their place of business, are generally not subject to the National DNC Registry. The FTC's Telemarketing Sales Rule (TSR) includes a business-to-business exemption. The prior express written consent requirement for cell phones technically applies to all wireless numbers, but courts have generally been less aggressive about pursuing TCPA claims for calls to business professionals at their work numbers.
That said, B2B calling to cell phones of individual business professionals sits in a gray zone. If a prospect is reached on their personal cell phone, even in a business context, the TCPA's cell phone restrictions apply. The safest B2B approach uses direct business landlines or business-registered phone numbers rather than individual cell phones where possible.
| B2C (Consumer) Calling | B2B (Business) Calling |
|---|---|
| Prior express written consent required for cell phone AI calls | EBR or implied consent often sufficient for business numbers |
| National DNC Registry scrubbing mandatory | National DNC Registry business-to-business exemption applies |
| Calling hours restricted to 8 AM to 9 PM local time | Standard business hours are expected but rules are less rigid |
| Individual private right of action, high litigation risk | Lower litigation risk but not zero |
| State laws may add further restrictions | State laws may add further restrictions |
Practical takeaway: Most of Multiply Revenue's [AI sales agent](/services/ai-sales-agent) deployments focus on B2B outreach, which carries substantially lower TCPA risk when called to verified business numbers. For businesses with consumer audiences, we build consent capture directly into the lead generation workflow before any AI calls go out.
State-Level Laws That Go Further Than the TCPA
Federal law sets the floor. State laws can and do set higher ceilings. If you are calling into any of these states, you need to understand the additional requirements.
Florida: Florida Telephone Solicitation Act (FTSA)
Florida passed significant TCPA-plus restrictions in 2021. The FTSA prohibits making sales calls using any autodialer or prerecorded voice to any telephone number without prior express written consent. Florida does not limit this to cell phones the way the federal TCPA does after the Facebook v. Duguid ruling. The FTSA applies to residential and business landlines as well. Florida allows a $500 per call private right of action and the state generates a disproportionately large share of telemarketing class action litigation in the country.
California: CCPA and State DNC
California's Consumer Privacy Act (CCPA) intersects with calling compliance because it governs how personal data including phone numbers can be collected, stored and used. California also maintains its own state DNC registry. Companies calling California consumers need to comply with both. California's Automatic Renewal Law adds requirements for any subscription or recurring billing arrangement that originates from a sales call.
Texas and Other States
Texas operates a state DNC list that must be scrubbed separately from the national registry. Washington state has its own Commercial Electronic Mail Act that governs some electronic solicitations. Indiana, Louisiana, Wyoming and Pennsylvania all maintain state DNC lists. If your AI calling campaign covers multiple states you need a compliance checklist that addresses each state's specific requirements rather than relying solely on federal TCPA compliance.
State laws can change quickly. Florida amended the FTSA in 2023 to add a requirement that callers provide written notice before filing suit, but the underlying consent requirements remain strict. Always verify current state law before launching campaigns in Florida, California or any state with known telemarketing legislation.
The Real Penalty Math: FCC and FTC Telemarketing Enforcement
TCPA penalties are designed to hurt. Congress set statutory damages at levels that make individual violations worth pursuing even when the actual harm to any one consumer is minimal. Here is how the math works in practice.
The treble damages provision is where businesses get into serious trouble. If a court finds that your TCPA violation was willful or knowing, damages triple from $500 to $1,500 per call. Running a calling campaign without proper consent records, or continuing to call after a consumer requests to be added to your DNC list, can meet the willful standard.
Real Cases: What TCPA Enforcement Actually Looks Like
These are documented settlements and judgments that illustrate the real-world cost of TCPA noncompliance:
- Capital One: $75.5 million class action settlement for calling cell phones of customers who had not consented to automated calls
- Dish Network: $61 million FTC judgment for over 57 million calls to DNC-registered numbers
- SolarCity (Tesla): $19.7 million settlement for calling consumers on the DNC registry
- Caribbean Cruise Line: $76 million judgment for automated calls made without consent
- GreenStar Services: $40 million judgment for robocalls made to consumers who had explicitly opted out
Notice the pattern: most of these are not obscure fly-by-night operations. They are established businesses that built calling programs without adequate consent management or DNC scrubbing processes. The technology scaled their reach and the liability scaled with it.
Capital One TCPA settlement for automated calls without proper consent
In re Capital One Telephone Consumer Protection Act Litigation, 2015How to Run a Compliant AI Cold Calling Program: Best Practice Guide
Compliance does not have to be a barrier to running an effective AI outbound program. It does require building the right infrastructure before your first call goes out. Here are the steps that matter most.
Build Consent Capture Before You Build Your Call List
Your consent infrastructure comes first. For B2C campaigns, create opt-in forms with clear TCPA disclosure language above the submit button. For B2B campaigns, document how each number was obtained and whether it is a business line or personal cell. Timestamp every consent record and store it in a system you can access quickly when a complaint arrives.
Scrub Against the National DNC Registry Every 31 Days
Subscribe at donotcall.gov and pull your list on a regular 31-day schedule. Do not wait until you launch a new campaign to scrub. If your list sits dormant for two months and you reactivate it, scrub it fresh before calling. Add any state-specific DNC registries relevant to the numbers on your list.
Maintain an Internal Do Not Call List
Any consumer who asks to stop receiving calls from you must be added to your internal DNC list within 30 days. Honor the request on your next call cycle, but ideally suppress the number the same day. Store your internal DNC list for a minimum of 5 years. Your AI system should check this list automatically before every outbound call.
Set Up a Real-Time Opt-Out System
Every AI call must give recipients a clear and immediate way to opt out. This typically means prompting the recipient to say or press a number to stop receiving calls. When that signal is received, the system must update your internal DNC list in real time and confirm the opt-out to the recipient. The opt-out must work on the first request. Requiring multiple prompts to opt out has been cited in TCPA enforcement actions.
Record Your Calls and Keep Logs
Call recordings and detailed call logs serve as your primary defense in a TCPA dispute. Logs should include the number called, the timestamp, the consent record associated with that number and whether any opt-out request was received. Recording laws vary by state (most require one-party consent but some states require all-party consent) so check local rules before recording.
Respect Calling Hours and Identify Your Business
TCPA restricts telemarketing calls to between 8 AM and 9 PM in the recipient's local time zone. Your AI must identify the name of the business making the call and provide a phone number where the recipient can reach you. Failing to identify the caller in an automated call is a separate TCPA violation.
The businesses that run the most effective AI calling programs are the ones that treat compliance as a competitive advantage rather than a cost. When your consent records are clean and your DNC scrubbing is current, you can call aggressively because you know your list is solid. You get more responses and zero legal exposure.
How Multiply Revenue Handles AI Outbound Calling Compliance for Our Clients
When businesses come to us to build an AI sales agent program, compliance is part of the architecture from day one. We do not hand you a dialer and a script and wish you luck. Here is how we approach this.
B2B Data With Verified Business Numbers
The majority of our outbound campaigns use verified B2B data targeting businesses at their registered business numbers. This eliminates the highest-risk scenario in TCPA exposure: AI calls landing on consumer personal cell phones. When you are calling a business line to reach a business professional, you are operating in the most permissible category of outbound calling under federal law.
Built-In DNC Scrubbing
Every call list we use for B2C campaigns goes through National DNC Registry scrubbing before it enters the dialing queue. We maintain scrub schedules and update lists on the required 31-day cycle automatically. Our AI automations flag any number that has previously requested opt-out across any campaign we have run.
Real-Time Opt-Out Processing
Our AI voice agents are programmed to recognize and honor opt-out requests in real time. The moment a prospect says they want to stop receiving calls, the system captures that signal, updates the suppression list and confirms the request to the caller. This happens without human intervention on our end. No delay, no process failure, no follow-up call that should never have gone out.
Transparent Caller Identification
Every AI call we run identifies the company making the call by name and provides a callback number. This is non-negotiable in our call scripting. It satisfies the TCPA identification requirement and it is also better sales practice. Prospects are more likely to engage when they know who is calling and why.
Consent Capture Integration for Consumer Campaigns
For clients running consumer-facing campaigns where AI calling to personal numbers is part of the strategy, we build consent capture into the top of the funnel before any call goes out. This means web forms with proper TCPA disclosure language, timestamped consent records tied to specific phone numbers and storage in a CRM that gives you instant access to proof of consent if it is ever challenged. Contact us to discuss how this works for your specific campaign.
We never start an AI calling campaign for a new client without first understanding the prospect list origin, the business versus consumer split and the consent status of the list. This is not us being overly cautious. It is us protecting your business from liability that could wipe out months of campaign ROI in a single lawsuit.
Frequently Asked Questions
Is AI cold calling legal?
Yes, AI cold calling is legal when done with proper consent, DNC scrubbing and caller identification. The TCPA does not ban automated or AI calling. It regulates it. Businesses that follow the consent rules, honor opt-out requests and scrub against the DNC registry can run AI outbound programs without TCPA exposure. The calls that lead to lawsuits and fines are the ones placed without consent records, to numbers on the DNC registry or without real-time opt-out capability.
Does TCPA apply to AI calls?
Yes. The FCC confirmed in a March 2024 declaratory ruling that AI-generated voice calls are subject to the same TCPA restrictions as traditional prerecorded robocalls. AI voice agents use an artificial voice, which triggers the TCPA's separate prohibition on artificial or prerecorded voice calls to wireless numbers without prior express written consent. The Facebook v. Duguid ruling in 2021 narrowed the ATDS definition but did not affect the artificial voice restriction that applies to AI calling.
What are the penalties for TCPA violations?
Statutory damages under the TCPA are $500 per negligent violation and $1,500 per willful or knowing violation. There is no cap on aggregate damages in a class action. FTC fines for DNC violations can reach $51,744 per call. Real-world settlements range from hundreds of thousands for small businesses to hundreds of millions for large corporations with high-volume calling programs. The statute of limitations is 4 years under federal law, giving plaintiff attorneys a wide window to build cases against past calling activity.
Do you need consent for AI sales calls?
It depends on who you are calling and what number you are calling them at. For telemarketing calls to consumer cell phones using an artificial or prerecorded voice, yes, prior express written consent is required. For B2B calls to verified business landlines, the consent requirements are lower and the DNC registry restrictions are less stringent. For calls to existing customers within the established business relationship window (18 months for purchases, 3 months for inquiries), you may be able to call without separate written consent. The safest approach is always to have documented consent regardless of the legal minimum requirement.
The Bottom Line
AI cold calling is one of the most cost-effective sales tools available in 2026. A well-configured AI sales agent can handle hundreds of outbound calls per day, qualify leads against your exact criteria, book meetings directly on your calendar and cost a fraction of what a single SDR costs annually. The technology is proven, the ROI is real and the barrier to entry has never been lower.
But the compliance layer is not optional. The TCPA was written before AI existed and the FCC has worked deliberately to ensure it applies to AI calling with full force. One unconsented calling campaign can generate class action exposure that dwarfs any revenue the campaign ever produces. The businesses that win with AI outbound are the ones that treat compliance as a built-in requirement, not an afterthought.
If you want to see how a properly structured AI outbound program looks in practice, from list sourcing to consent capture to live calling with real-time opt-out, contact us and we will walk you through exactly how we build it for our clients.
Reminder: This article is educational and does not constitute legal advice. TCPA compliance is fact-specific and the law changes. Work with a licensed telemarketing compliance attorney before launching any outbound calling program, especially one targeting consumers.
Sources and Further Reading
Sources & Research
- 1.Telephone Consumer Protection Act, 47 U.S.C. § 227 (full statutory text via Cornell Law School LII)
- 2.FCC TCPA Information Page: fcc.gov/consumers/guides/stopping-unwanted-calls-and-texts
- 3.FCC Declaratory Ruling on AI Voice Calls, March 2024 (FCC-24-17)
- 4.FTC National Do Not Call Registry: donotcall.gov
- 5.Facebook, Inc. v. Duguid, 592 U.S. 651 (2021), Supreme Court ATDS definition ruling
- 6.FCC One-to-One Consent Rule, Report and Order, December 2023 (effective January 2025)
- 7.Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059
- 8.California Consumer Privacy Act: oag.ca.gov/privacy/ccpa
- 9.In re Capital One TCPA Litigation, N.D. Ill., $75.5M settlement, 2015
- 10.United States v. Dish Network, C.D. Ill., $61M judgment, 2017