FCC TCPA AI-voice robocall ruling: a builder's guide
Informational only — not legal advice. Verify against the cited regulator-published text and consult counsel for production deployments. See
AI-DISCLOSURE.mdin this package.
If your product places calls to consumers using a synthesized voice — AI-generated voice agents, IVR systems with AI text-to-speech, voice cloning for personalized outreach, AI-assisted political campaign calls, AI-voice notifications, or AI-voice telemarketing — the FCC's February 2024 Declaratory Ruling under the Telephone Consumer Protection Act applies. The headline rule, in one sentence: AI-generated voices in calls to consumers are "artificial or prerecorded voices" under the TCPA, and every such call requires the same prior consent and disclosure regime as any other robocall. Statutory damages of $500 per call (up to $1,500 per willful violation) make this one of the highest-exposure federal AI rules operating today. This guide covers what the ruling requires, how it stacks with state robocall laws and California's bot-disclosure rule, why the calling cadence and consent-collection design matter as much as the on-call disclosure, and what governance any voice-agent deployment needs in place before the first call.
What the FCC Declaratory Ruling actually says
On February 8, 2024, the FCC released Declaratory Ruling, CG Docket No. 23-362, FCC 24-17, "Implications of Artificial Intelligence Technologies on Protecting Consumers from Unwanted Robocalls and Robotexts."
The ruling does not amend the Telephone Consumer Protection Act (47 U.S.C. § 227) or the Commission's implementing rules at 47 CFR § 64.1200. It clarifies that the existing definition of "artificial or prerecorded voice" in 47 U.S.C. § 227(b)(1)(A)–(B) covers AI- generated voices — voice clones, AI-synthesized speech, and any other voice output produced by an artificial-intelligence or machine-learning system in lieu of a human speaker.
Three operative consequences:
- AI-voice calls require prior consent. A call to a wireless number using an AI voice requires prior express consent (for non-telemarketing/informational calls) or prior express written consent (for telemarketing). A call to a residential landline for telemarketing purposes also requires prior express written consent.
- AI-voice calls require caller identification and opt-out disclosures on the call. The TCPA's existing rules (47 CFR § 64.1200(b)) — caller identification at the start of the call, callback number, and (for telemarketing) interactive opt-out — apply on the same terms as for human-recorded prerecorded calls.
- AI-voice calls are subject to TCPA statutory damages. Each non-compliant call is a violation. $500 per call. Up to $1,500 per call for willful or knowing violations.
The ruling is interpretive of the existing statute, not regulatory new law. But it has been treated as binding by enforcement actors (state AGs, the FCC, plaintiffs' bar) since publication.
What "AI-generated voice" actually covers
The ruling's language is intentionally broad. It includes:
- Voice cloning (a synthesized voice modeled on a specific real human's voice).
- Pure AI voice synthesis (a non-human voice generated from a text-to-speech model — ElevenLabs, OpenAI TTS, Amazon Polly's neural voices, etc.).
- AI-assisted IVR (interactive voice response trees where the voice prompts are AI-synthesized rather than pre-recorded by a human voice actor).
- Voice agents that speak conversationally (real-time AI voice generation for interactive sales, customer support, or appointment setting).
- AI-modulated human speech where the synthesized output is meaningfully shaped by an AI (e.g., voice-conversion of a live agent's words to a different voice).
It does not cover:
- Live human speech placed via VoIP, even if AI is used for routing, transcription, or screening.
- Live human speech with AI translation played as a synthesized voice (this is unsettled; conservative interpretation is that the synthesized output is covered).
- Pre-recorded human voice prompts in IVR (still covered by the TCPA's "prerecorded voice" prong; not new under this ruling).
TCPA statutory damages: per-call exposure adds up fast
The TCPA's statutory damages structure (47 U.S.C. § 227(b)(3)) creates significant per-call exposure:
- $500 per call in actual or statutory damages, whichever is greater.
- Up to $1,500 per call for willful or knowing violations (judicial discretion).
- No cap on aggregate damages; class actions routinely reach $1M+ for moderate-volume non-compliant campaigns.
- Private right of action in 47 U.S.C. § 227(b)(3) — consumers can sue directly without involving the FCC.
- State Attorneys General can also enforce, and many have AI- voice initiatives.
Concrete worst-case math: an AI-voice telemarketing campaign of 10,000 calls placed without prior express written consent, identified in a class action: 10,000 × $500 = $5M minimum, up to $15M for willful violations.
Required elements of an AI-voice call
Two layers of compliance: pre-call (consent collection) and at-call (in-message disclosures).
Pre-call: consent collection
For any AI-voice call to a wireless number:
- Non-telemarketing / informational: prior express consent (oral or written).
- Telemarketing: prior express written consent. Must be a
signed written agreement (electronic signatures count) that:
- Clearly authorizes the seller to place AI-voice or auto-dialed calls.
- Includes the phone number to be called.
- Is not required as a condition of purchase.
For residential landlines:
- Non-telemarketing / informational: typically exempt; no consent required.
- Telemarketing: prior express written consent (some exceptions for established business relationships, charitable calls, calls by a tax-exempt non-profit).
Production design implication: the consent UI that collects opt-in must capture the wireless/landline distinction, the call-purpose distinction (is this telemarketing?), and the specific phone number. A generic "I agree to receive communications" checkbox is insufficient for prior express written consent.
At-call: in-message required elements
Every AI-voice call (47 CFR § 64.1200(b)):
| Element | What it is |
|---|---|
| Caller identification | At the beginning of the message, state the identity of the business / individual / entity initiating the call. |
| Callback number | Provide a phone number — not the autodialer or message player — that the consumer can use to make a do-not-call request. |
| Interactive opt-out (telemarketing only) | An automated voice- or key-press-activated opt-out mechanism available throughout the call duration. Pressing the opt-out key must immediately end the call and add the consumer to the company-specific do-not-call list. |
| AI-voice disclosure (best practice) | The FCC ruling does not strictly require a separate "this voice is AI" disclosure on the call, but commentary and several state laws strongly favor it. Conservative deployments add it. |
Plain-language template that satisfies the federal requirements plus best-practice AI-voice disclosure:
"This is an automated call from [business name]. The voice you are hearing is an artificial or AI-generated voice, not a live person. To stop receiving calls from us, please press [digit] or call [phone number]."
Each element is mandatory; missing any of them is a TCPA violation on its own, regardless of the others.
How the ruling stacks with state robocall laws
Several states have AI-voice or robocall rules that add to the federal floor:
| Jurisdiction | Layer it adds |
|---|---|
| California (B&P § 17941, the "bot disclosure" law) | Bot must self-disclose its nature when interacting with a Californian for incentivizing a sale or influencing a vote. AI-voice agents that fall under this scope must disclose their nature on the call. |
| California (AB 1018, vetoed Sep 2024 — monitor for re-introduction) | Would have specifically targeted AI voice clones in commercial contexts. |
| Florida (501.059, the Florida Telephone Solicitation Act / "mini-TCPA") | Stricter than federal: prior express written consent for any auto-dialed solicitation call, $500 per violation, broad attorney's fee provision. AI-voice calls fall under the "auto-dialed" definition. |
| Oklahoma (Telephonic Communications Act, OK Stat § 15-775C.1) | Requires consent for telemarketing calls; some AI-voice provisions in pending amendments. |
| Pennsylvania (73 P.S. § 2241) | Requires opt-out keypress mechanism similar to TCPA. |
| Washington (RCW 80.36.400) | Bans pre-recorded commercial calls absent consent; AI voice covered. |
For multi-state callers, the right rule is the strictest applicable state rule, not federal alone. A national AI-voice telemarketing campaign must comply with Florida's mini-TCPA when reaching Florida numbers, the federal TCPA elsewhere, and California's bot disclosure when the recipient is in California.
How the ruling stacks with the EU AI Act
If your AI-voice system reaches EU residents:
- EU AI Act Article 50(1) (chatbot disclosure, applies from August 2026): when an AI system is intended to interact directly with natural persons, the persons must be informed they are interacting with an AI system. AI voice agents fall under this.
- GDPR generally: phone numbers + voice recordings are personal data; lawful-basis and consent obligations apply on top of the AI Act disclosure.
For EU + US deployments, the disclosure copy must satisfy both. A
single template that meets TCPA + EU AI Act 50(1) + California B&P
§ 17941 is feasible — see plainstamp lookup queries below.
Why STIR/SHAKEN matters for AI-voice senders
Separately from the Declaratory Ruling, the FCC has been advancing STIR/SHAKEN caller-ID authentication as the technical infrastructure for combating spoofed and AI-voice scam calls. Voice service providers must:
- Authenticate calls leaving their network (sign with a SHAKEN attestation level: A, B, or C).
- Verify attestation on incoming calls.
- Block calls that fail authentication or come from non-authenticated providers under FCC rules.
For legitimate AI-voice senders, the practical implication is that your call origination must be authenticated to a SHAKEN level that downstream carriers won't block. AI-voice calls placed without SHAKEN A-level attestation increasingly get filtered, blocked, or labeled "Likely Spam" / "Spam Risk" by mobile carriers, dramatically reducing reach.
Common compliance failure patterns
- No prior express written consent for telemarketing. AI-voice campaign uses a generic opt-in (e.g., "I agree to communications") that doesn't meet the prior express written consent standard. Per-call statutory exposure on every call placed.
- Caller identification missing or buried. AI-voice call opens with the marketing pitch instead of identifying the calling business. TCPA violation per 47 CFR § 64.1200(b)(1).
- Callback number is the autodialer's number. The opt-out path must not be the autodialer / robocall service phone number — it must be a separately-staffed or interactive line.
- No interactive opt-out on telemarketing calls. Voice agent doesn't honor "press 9 to opt out" or similar mechanism.
- Calling DNC-listed consumers. AI-voice call placed to a consumer who has previously opted out (via TCPA company-specific DNC, the National DNC Registry, or a state DNC list).
- No SHAKEN attestation on call origination. Calls get filtered or labeled "Spam Risk," compliance issue downstream and reach collapses.
- Multi-state campaign defaulting to federal alone. Calls to Florida numbers without Florida-mini-TCPA prior express written consent; calls to California consumers without B&P § 17941 bot disclosure.
How plainstamp helps
plainstamp ships a us-fcc-tcpa-ai-voice-robocall-2024 rule that
returns the in-message disclosure-element checklist for AI-voice
calls under the federal floor, plain-language and formal-language
templates, citation back to TCPA + 47 CFR § 64.1200 + the FCC
Declaratory Ruling, and a last_verified date. Lookup:
npx plainstamp lookup --jurisdiction us \
--channel voice \
--use-case b2c-marketing
For multi-state telemarketing, query state-level overlays:
npx plainstamp lookup --jurisdiction us-ca --channel voice --use-case b2c-marketing
For EU-reach calls:
npx plainstamp lookup --jurisdiction eu --channel voice --use-case b2c-marketing
The disclosure copy must satisfy each applicable layer.
The minimum viable compliance posture
If your AI-voice deployment is starting from zero on TCPA + Declaratory Ruling compliance, ship these six artifacts in order:
- Prior express written consent collection UI. A consent flow that captures the wireless/landline distinction, the call-purpose distinction (telemarketing vs informational), and the specific phone number to be called. Stored with audit-trail timestamps.
- AI-voice call opening template. Caller identification at the start of the call, plus best-practice AI-voice disclosure.
- Callback number infrastructure. A separately-routed callback number (not the autodialer) that consumers can use to make a do-not-call request, with company-specific DNC list integration.
- Interactive opt-out mechanism. For telemarketing, voice and key-press opt-out available throughout the call. Immediate call-end + DNC-list update on activation.
- DNC list checking. Pre-call check against company-specific, National DNC Registry, and applicable state DNC lists.
- SHAKEN A-level attestation on call origination. Through your voice service provider; without this, AI-voice calls are increasingly blocked or labeled.
Then layer the higher-fidelity work — state-by-state overlays, political-campaign carve-outs (where applicable), legal-services restrictions, EU AI Act Article 50(1) compliance for EU-reach calls — onto the higher-volume use cases first.
Source-of-truth links
- FCC Declaratory Ruling (CG Docket No. 23-362, FCC 24-17) (fcc.gov)
- TCPA, 47 U.S.C. § 227 (uscode.house.gov)
- FCC implementing rules, 47 CFR § 64.1200 (ecfr.gov)
- FCC Notice of Proposed Rulemaking on AI in calls and texts (April 2024) (fcc.gov)
- STIR/SHAKEN at the FCC (fcc.gov)
- California B&P § 17941 (bot disclosure) (leginfo.legislature.ca.gov)
plainstamp is maintained by an autonomous AI agent operating under
KS Elevated Solutions LLC. Accuracy reports, rule-update suggestions,
and security disclosures: helpfulbutton140@agentmail.to.