Introduction
AI can dial, qualify, and follow up at a scale no human team can match, which is exactly why regulators are watching. TCPA class actions rose sharply in 2025, and AI voices are now squarely inside the rules. This playbook lays out what TCPA compliance for AI outbound calling looks like in 2026: who the rules cover, the consent and disclosure standards, and a checklist you can hand to your team. One caveat up front: this is general information, not legal advice, so validate your program with counsel.
AI voices are covered by the TCPA
The starting point is settled. The FCC has confirmed that AI-generated and AI-cloned voices count as artificial voices for TCPA purposes. That single ruling pulls AI outbound calling under the same framework that governs prerecorded and artificial-voice campaigns. If your agent speaks in a synthetic voice and dials consumers, you are operating inside the TCPA, full stop.
Why it matters: recent AI-calling class actions have settled in the range of roughly $5 million to $20 million, and filings jumped close to double year over year. The downside of getting this wrong is not a warning letter, it is litigation.
It is worth being precise about why AI raises the stakes rather than lowering them. The TCPA was written around prerecorded and artificial-voice calls and autodialers, and a synthetic agent is squarely an artificial voice. Statutory damages run per call, commonly cited at $500 and up to $1,500 for willful violations, and because an AI system can place thousands of calls a day, a small configuration mistake multiplies fast. A human team that dials the wrong list makes a few dozen bad calls before someone notices. An automated campaign can make tens of thousands before the morning is over. Scale is the feature you are buying, and it is also the reason compliance has to be built in from the start rather than bolted on after the first complaint.
Consent and the AI disclosure rule
Consent is the spine of compliance, and the standard depends on what kind of call you place.
| Call type | Consent standard |
|---|---|
| AI-voice telemarketing | Prior express written consent for mobile and residential lines |
| Informational, non-marketing | Prior express consent, which can be oral (reminders, account notices) |
| Purchased lead lists | High risk: verify a specific consent basis before dialing |
Two shifts deserve attention. First, the old practice of shared consent through lead generators, where one form let many businesses call, has been eliminated, so consent must now be specific to your business. Second, when in doubt, default to written consent. The cost of collecting it is trivial next to the cost of defending a call you should not have made.
Good consent is also documented consent. It is not enough to believe you had permission; you need to be able to show when it was given, how, and for what. That means capturing the language the person agreed to, a timestamp, and the source, then storing it somewhere you can retrieve on demand. Treat purchased lists with bundled or vague consent as a liability rather than an asset, because in a dispute the burden of proving consent falls on the caller, not the recipient. The safest programs collect their own consent through their own forms and keep the record attached to the number, so that if a call is ever challenged, the proof is one lookup away instead of a frantic search through a vendor's data.
Disclose the AI at the start of every call
Beyond consent, there is a disclosure duty. The FCC requires businesses using AI agents for outbound calls to disclose, at the beginning of the call, that the call is from an automated system or uses artificial intelligence. This is not a footnote you bury later in the script. It belongs in the opening line, before the pitch.
The practical version is simple: write the disclosure into the first sentence of every outbound agent and test that it fires on every call. A clear opener also builds trust, and trust tends to lift answer and completion rates rather than hurt them.
Calling windows, do-not-call, and revocation
Consent and disclosure get you in the door. Operational hygiene keeps you there.
Calling windows
Stay within local hours, commonly 8am to 9pm in the recipient's time zone.
DNC scrubbing
Honor the National do-not-call registry and your own internal suppression list.
Instant revocation
When someone opts out, log it immediately and stop calling that number.
Records and logs
Keep consent proof, transcripts, and opt-out timestamps you can produce on demand.
This is where platform features earn their keep. Live transcripts with intent and event capture, configurable PII redaction, encrypted storage, and SOC 2-aligned infrastructure give you the audit trail and data controls that compliance reviews ask for. 9278.ai builds those controls in, which makes documenting consent, disclosures, and opt-outs far less manual. The tooling does not replace counsel, but it makes a defensible program practical to run.
State law adds a layer on top of the federal rules, and it is where many programs trip. A number of states maintain their own do-not-call lists, mini-TCPA statutes, and tighter calling windows or consent standards than the federal baseline, and a few are notably aggressive about enforcement. Because your callers may sit in any state, the practical move is to design to the strictest rule you are likely to touch rather than the loosest, and to scrub against state registries alongside the national one. Revocation deserves the same rigor: when someone says stop, in any words, the system should capture it, suppress the number immediately, and never let a later campaign quietly call it again. Honoring an opt-out a day late is still a violation, so the safe default is to make it instant and irreversible.
Your pre-launch compliance checklist
Before a single outbound campaign goes live, walk this list:
1. Confirm written consent for any telemarketing list, specific to your business. 2. Put the AI disclosure in the first line of every script. 3. Scrub against National and internal DNC lists. 4. Enforce local calling windows. 5. Wire opt-out capture to stop calls in real time. 6. Retain consent proof, transcripts, and timestamps. 7. Have counsel review the program and your state-law exposure.
Run this list before the first campaign, then revisit it on a schedule rather than treating it as a one-time gate. Rules shift, registries update, and a script that was compliant in January can drift out of bounds by summer as someone edits the opening line or adds a new list. A short monthly review, who changed what, which lists were scrubbed, how many opt-outs were honored and how fast, keeps small mistakes from compounding into a class action. Compliance is not a launch checkbox; it is an operating habit.
Conclusion
TCPA compliance for AI outbound calling is not a barrier to using voice agents, it is the price of using them well. AI voices are covered, consent must be express and specific, disclosure belongs at the top of the call, and your operations need clean DNC, calling windows, and records. Build those into the program from day one, lean on tooling that captures the audit trail, and confirm the details with a lawyer before you dial.
Frequently asked questions
Does the TCPA apply to AI voice calls?
Yes. The FCC has confirmed that AI-generated and AI-cloned voices are artificial voices under the TCPA. That means AI outbound calls fall under the same consent, disclosure, and do-not-call rules that govern prerecorded and artificial-voice calls.
What consent do I need for AI outbound telemarketing?
For AI-voice telemarketing to mobile or residential lines, the standard is prior express written consent. For purely informational, non-marketing calls such as appointment reminders or account notices, prior express consent applies, which can be oral. When unsure, get written consent.
Do I have to tell people the call uses AI?
Yes. The FCC requires businesses using AI agents for outbound calls to disclose at the start of the call that it is from an automated system or uses artificial intelligence. Build that disclosure into the opening line of every outbound script.
What changed with the one-to-one consent rule?
The practice of shared consent through lead generators, where one form authorized many businesses to call, has been eliminated. Consent now needs to be specific to your business. Treat purchased lists with bundled consent as high risk and verify the basis before calling.
What are the calling-window and DNC rules?
Calls should run within local calling windows, commonly 8am to 9pm in the recipient's time zone, and you must honor the National and any internal do-not-call lists. Scrub your lists, log opt-outs immediately, and stop calling numbers that revoke consent.
Want to see it in action? Build your first agent or talk to the team.