Business owner with TCPA compliance documents in modern office, digital screens around.

TCPA Rules for AI Calls & Texts: A Small-Business Consent Guide

by

TCPA AI calls trigger the same federal consent rules as robocalls, and the FCC confirmed in 2023 that AI-generated voices close the loophole small businesses assumed protected them. Fines run $500 to $1,500 per individual call or text, not per campaign. Before you send a single automated message or let your AI dial out, you need to know what consent you have and how you captured it.

Key Takeaways:

  • TCPA applies to AI calls and texts: the FCC’s 2023 ruling confirmed AI-generated voice calls require prior express written consent, closing the loophole small businesses assumed existed.
  • Fines run $500 per violation for negligent violations and $1,500 per violation for willful ones, a 200-text campaign without consent can generate $300,000 in exposure.
  • Inbound calls and texts you receive are largely outside TCPA scope; outbound AI calls and texts you initiate carry the full consent burden, the direction of contact is the dividing line.

Does TCPA Apply to AI Calls and Texts?

Call center operator with headset, screens showing auto-dial and messaging systems.

TCPA is a 1991 federal law, the Telephone Consumer Protection Act, that regulates autodialed calls, prerecorded voice messages, and automated texts sent to mobile numbers. This means any system that auto-dials, plays a recorded voice, or sends texts without a human pressing send for each one falls under its rules. For a full look at how these rules intersect with AI tools across channels, the ai receptionist compliance hub covers the broader picture, and the master resource on ai for customer service explains how consent obligations fit into the customer-communication stack.

TCPA consent requirements govern AI-generated calls and automated texts. The FCC made this explicit in a 2023 declaratory ruling, holding that AI-generated voices qualify as “artificial or prerecorded voice” under 47 U.S.C. § 227(b). The substance is settled: there is no AI carve-out.

The dividing line is direction of contact. An AI answering service that answers inbound calls, where the customer picks up the phone and dials you, operates largely outside TCPA’s outbound restrictions. The customer initiated the contact. Your AI SMS system sending an automated follow-up text after that call is a different transaction. Your business initiated that outbound message, and full TCPA burden applies. Express consent must exist before that text goes out. Get the direction wrong and each message is a separate violation.

The Two Consent Types, and Which One Your AI System Actually Needs

Executives in meeting room reviewing consent forms for AI calls and texts.

Express written consent is required for outbound AI calls and commercial texts to mobile numbers. That is the stricter standard, and most small-business AI SMS use cases land there.

Here is how the two consent types and the carrier registration layer break down:

Requirement Express Consent Express Written Consent A2P 10DLC
Definition Oral or written agreement to be contacted Signed or digitally captured agreement, with specific disclosure language Carrier registration for business SMS campaigns
What it covers Informational calls and texts (appointment reminders, order status) Marketing, promotional, or telemarketing calls and texts All business SMS sent via 10-digit long code numbers
How to capture it Verbal agreement on a recorded call; web form requesting contact Unchecked checkbox on a web form with required disclosure language; signed physical form Brand registration through The Campaign Registry; campaign use-case registration
Applies to which channel Inbound callback requests; purely informational outbound messages Any AI SMS with promotional content; any outbound AI call placed for commercial purposes Every SMS campaign using a 10DLC number regardless of content type

A callback request on a web form is not express written consent for a marketing text. Those are different legal acts. The FCC requires consent disclosures to name the specific seller, state that messages are automated, include a message-and-data-rates notice, and provide opt-out instructions. A blanket “I agree to be contacted by our partners” clause does not satisfy express written consent under the FCC’s 2023 one-to-one consent rule, each seller must be named separately. The one-to-one rule is the standard that ended the lead-generator loophole.

For businesses using a business text message service to qualify and follow up with leads, express written consent must exist before the first marketing message goes out. No exceptions.

What Are the TCPA Fines for Automated Calls and Texts?

Accountant calculating TCPA fines, legal books and notepad on desk.

TCPA fines are $500 per violation for negligent or unintentional violations and $1,500 per violation for willful or knowing violations. Those figures come directly from 47 U.S.C. § 227(c)(5) and § 227(b)(3). No estimation needed, that is the statute.

Do the math on a modest campaign. A 200-text blast sent through your AI SMS system without proper consent at $1,500 per text produces $300,000 in potential exposure. A 1,000-contact campaign at the negligent rate hits $500,000. These numbers are not hypothetical scare tactics, they are the arithmetic of TCPA class actions, which is how small campaigns become catastrophic liability.

Private plaintiffs, not just the FCC, can sue under TCPA. Any recipient of an unwanted call or text has standing to file in federal court. Class actions are the mechanism that scales a single bad campaign into a case that threatens the business itself. There is no cap on total damages per class action, the fine multiplies by every recipient in the class.

TCPA is a strict liability statute for most of its provisions. Intent does not eliminate liability. A business that sends automated texts without consent but genuinely believed consent existed still owes $500 per text. Intent only determines whether you land at $500 or $1,500. An AI answering service that routes outbound follow-up texts without a consent gate is an exposure factory at any send volume.

TCPA Rules for Automated Texts: What Changes When You Use A2P 10DLC

Technician registering phone number for A2P 10DLC with screens showing forms.

A2P 10DLC is Application-to-Person 10-digit long code, the carrier registration system that T-Mobile, AT&T, and Verizon made mandatory for business SMS in 2023. This means any business sending automated texts from a standard 10-digit phone number must register that number and its campaign use case through The Campaign Registry before sending. A2P 10DLC registration reduces carrier blocking for business SMS campaigns sent via AI SMS systems.

A2P 10DLC is a carrier requirement, not a federal law. TCPA is federal law. You need both. Registering with carriers does not satisfy TCPA consent requirements, and having TCPA consent does not prevent carrier filtering if you skip registration. They run in parallel.

Here are the five steps to get compliant on the carrier side:

  1. Register your brand with The Campaign Registry (thecampaignregistry.com), provide your business name, EIN, and contact information. Verify current registration fees at thecampaignregistry.com, as fees change.
  2. Register your SMS campaign use case, specify whether messages are marketing, customer care, appointment reminders, or another category. Each use case is evaluated separately.
  3. Attach your 10DLC phone number to the approved campaign, carriers will not route texts from unregistered numbers at scale, regardless of consent status.
  4. Build opt-in confirmation into your SMS flow, double opt-in (sending a confirmation text that requires a reply) is the best-practice standard and provides a documented consent record.
  5. Include STOP and HELP keywords in every campaign message, these are carrier requirements and FCC best practices; STOP processes an opt-out, HELP returns your contact information.

Unregistered numbers get filtered or blocked by carriers regardless of TCPA consent. A clean consent record does not help if the message never arrives. For more on setting up compliant a2p 10dlc registration from scratch, that topic gets its own treatment in the next article in this series.

How Do You Actually Capture and Store Consent? (The Workflow)

Operator monitoring consent-capture workflow on monitor with timestamps.

Consent-capture workflows must produce a dated, timestamped record tied to each contact. That record is your defense in litigation and the proof carriers and regulators ask for. If you cannot produce it, you do not have it.

Five methods small businesses use, and what each one generates:

  • Web form with explicit consent checkbox: The checkbox must be unchecked by default and accompanied by disclosure language naming your business, stating messages are automated, including the message-and-data-rates notice, and providing opt-out instructions. The record created is a timestamped form submission with IP address, date, and the specific disclosure language the contact agreed to. Retain this record for at least 4 years, TCPA’s statute of limitations. Verify current FCC guidance on retention periods.
  • SMS keyword opt-in: The contact texts a keyword (JOIN, YES, or a campaign-specific word) to your number. Their text message is the consent record. Your system must immediately confirm the opt-in with a message that repeats the disclosure elements. The inbound text plus the confirmation timestamp constitute the record.
  • Verbal consent on an inbound call, confirmed by SMS: The AI answering service or a staff member captures verbal agreement on a recorded call, then sends an immediate follow-up SMS confirmation for the contact to reply YES. The call recording plus the SMS confirmation thread is the two-layer record. Verbal-only consent with no written confirmation is harder to defend.
  • Physical sign-in form at a front-desk location: Salons, dental offices, and law firms already collect signatures at check-in. Add a consent checkbox to that form with the required disclosure language. Scan or photograph the signed form and store it digitally, linked to the contact record.
  • Facebook or Meta lead form with consent language embedded: Meta’s lead ad forms allow custom disclaimer text before submission. The consent language must meet FCC standards, name your business, describe the message types, include rates disclosure and opt-out path. Meta timestamps the submission; export and store that data outside Meta’s platform, as ad account access can be lost.

Call recording consent adds a separate layer for Phoenix businesses. Arizona follows one-party consent for call recording under A.R.S. § 13-3005, your AI receptionist recording calls in Arizona is legal with one consent (your own). Callers from California, Florida, Illinois, and the other 11 two-party consent states require disclosure before recording starts. The safest practice: have your AI announce “This call may be recorded” at the start of every call, regardless of the caller’s apparent location. You cannot verify a caller’s state before the call connects, so treat every call as potentially two-party. For verticals where caller location varies, the ai receptionist for law firms compliance treatment covers how intake calls handle this disclosure requirement.

For businesses deploying ai receptionist by industry across multiple verticals, the consent workflow needs to be built once at the system level, not patched individually per vertical.

Frequently Asked Questions

Does TCPA apply to texts my business sends automatically after a missed call?

Yes. Automated texts sent to a mobile number, including missed-call text-back messages, fall under TCPA if sent using an automated system or any system with the capacity to auto-send. You must have prior express written consent if the text contains any marketing or promotional content, or prior express consent for a purely informational message. A2P 10DLC registration is also required to avoid carrier filtering regardless of consent status.

Can I get sued under TCPA even if I didn’t mean to violate it?

Yes. TCPA is a strict liability statute for most provisions, which means intent does not eliminate liability, it only sets the fine tier. Unintentional violations cost $500 per violation; willful violations cost $1,500 per violation. Private plaintiffs can sue directly without waiting for FCC action, and class actions are the standard mechanism when a campaign reaches thousands of recipients without proper consent.

Is an AI receptionist that only answers inbound calls subject to TCPA?

An AI answering service that handles inbound calls only, where the customer initiates the contact, operates largely outside TCPA’s outbound restrictions. TCPA’s core consent requirements target outbound calls and texts your business initiates. If that same system automatically sends a follow-up text or calls the customer back after the inbound interaction, those outbound actions are subject to full TCPA consent requirements.

Sledgehammer Intelligence

Turn your local business into a 24/7 profit-generating machine with AI employees that automatically qualify leads, schedule appointments, and manage customer service—no need to hire a single human!