What is the TCPA?

The TCPA — short for the Telephone Consumer Protection Act — is the U.S. federal law that governs when and how businesses can make automated phone calls or send text messages to consumers. It was passed by Congress in 1991 and has been amended and reinterpreted repeatedly since.

If your business is going to make outbound calls or send SMS to consumers using any form of automation — including AI voice agents — TCPA is the law you need to understand. Violations carry statutory penalties of $500 to $1,500 per call or text. Class-action settlements in the tens of millions are not rare.

What the TCPA covers

•Automated or prerecorded calls to cell phones — requires prior express consent (stricter), or prior express written consent for marketing

•Automated or prerecorded calls to residential landlines — similar consent rules, with some exceptions for informational calls

•Text messages — treated as calls for TCPA purposes; same consent rules apply

•The National Do-Not-Call Registry — prohibits marketing calls to registered numbers, regardless of technology used

•Fax transmissions — unsolicited fax advertising is separately restricted (yes, the law still covers fax)

The two standards of consent

•Prior express consent — the consumer has given permission to be contacted at their number. Required for informational and transactional automated calls/texts.

•Prior express written consent — a specific, documented agreement that the consumer can receive marketing communications from the business at that number, using automated technology. Required for marketing.

Written consent does not literally have to be on paper — electronic consent via a checkbox or signed form counts — but it must be specific, trackable, and retainable.

What counts as an "automated call"

This has been the most litigated question in TCPA law. The statute defines an "automatic telephone dialing system" (ATDS) in a specific way, and courts have gone back and forth on what it means.

•The Supreme Court's Facebook v. Duguid decision (2021) narrowed the definition significantly — the system has to use a random or sequential number generator

•Most AI voice agents calling from a fixed, known list of numbers do not meet the statutory ATDS definition after Duguid — but caution is warranted because state laws and other TCPA provisions still apply

•Prerecorded voice and artificial voice calls are separately regulated, and AI voice agents likely qualify as "artificial voice" — which means consent rules apply regardless of the ATDS question

The safe approach for any AI-driven outbound calling: treat every outbound call as requiring consent.

Key safe harbors and exceptions

•Calls for emergency purposes don't require consent

•Certain informational calls (like appointment reminders) to customers with existing relationships are treated more permissively

•Calls or texts to business lines are generally outside the TCPA's scope (though some state laws cover them)

•Non-telemarketing calls to residential lines have different rules than calls to cell phones

State-level laws

Several states have their own "mini-TCPA" laws that are stricter than federal TCPA. Florida, Oklahoma, and Washington are notable examples. State laws often have their own statutory damages and shorter statutes of limitations.

What the TCPA means for AI voice agents

•Inbound calling is generally fine — if a consumer calls you, you can have an AI answer

•Outbound calling requires consent documentation for each recipient

•Your AI voice agent should include opt-out handling ("please stop calling") and honor requests immediately

•Call recordings and transcripts should capture what the consumer said about consent

•You need to maintain a company-level Do Not Call list and scrub against the National DNC Registry for marketing calls

Related concepts

•10DLC — the registration framework for SMS, which operates alongside TCPA

•A2P messaging — the SMS category TCPA most commonly governs

•STIR/SHAKEN — caller authentication, which supports TCPA enforcement

•Text messaging compliance help collection

See it in action

365agents builds TCPA-aware consent, opt-out handling, and DNC scrubbing into the Receptionist Agent and every other agent on the platform. Our onboarding team will walk you through what you need to document on your end, and our compliance controls handle the rest — including our own SOC 2 Type II audit trail.