All guides
Guide · Written by Roscoe Morgan · Last reviewed July 2026 · 11 min read

The legal risk hiding in outbound AI calling (and how to buy an AI agent without buying a lawsuit)

Short answer

Some AI phone tools will call your web leads back in under a minute. The legal risk in that feature lands on you, the business that turned it on, not the vendor that sold it: since the FCC’s February 2024 ruling, an AI voice call without the right consent runs $500 to $1,500 under the TCPA, per call, with a four-year lookback. Outbound AI calling is legal when the consent plumbing is real. Here is how to inspect any vendor’s plumbing, ours included, before you switch it on.

Let me walk you through a purchase that looks smart right up until it isn’t. A plumber buys an AI phone agent. The pitch is speed: every web lead gets a callback within 30 seconds, and speed wins jobs, which is true. Then on a Tuesday a homeowner fills out his quote form and fat-fingers her phone number by one digit. Thirty seconds later the AI is dialing that number in its friendly synthetic voice. The number belongs to a night-shift nurse who worked until seven this morning, has never heard of the plumber, and is now awake, reading his business name off her caller ID.

Nothing about that call was the plumber’s idea. He never dialed. He never wrote the script. He bought a tool, and the tool did what it was built to do. Under federal law, the call is his problem anyway, and it has a price on it: $500, possibly $1,500, for that single call. The AI-agent market is full of outbound features right now, and almost nobody selling them explains who carries the liability when a call goes to the wrong person. So I will: you do. This article is about how to see that risk clearly before you buy, and how to buy well anyway.

The two-word problem: strict liability

The Telephone Consumer Protection Act has been federal law since 1991. The part that matters here is 47 U.S.C. § 227(b)(1)(A): you may not call a cell phone using an artificial or prerecorded voice without the prior express consent of the person you are calling. In February 2024 the FCC closed the question of whether a machine counts, ruling unanimously that AI-generated voices, voice cloning included, are ‘artificial’ under the statute (FCC 24-17, adopted February 2, 2024). The agency’s own press headline was blunt: ‘FCC Makes AI-Generated Voices in Robocalls Illegal’ (2024). And if the call introduces an advertisement or contains telemarketing, the bar rises from consent to prior express written consent (47 CFR § 64.1200(a)(2)).

Strict liability means the plaintiff does not have to prove you meant to break the law, or that you knew the law existed. The statute sets $500 per call, or actual damages if greater, and lets a court treble it to $1,500 per call for willful or knowing violations (47 U.S.C. § 227(b)(3), enacted 1991). There is no cap in the statute. Run the arithmetic on a modest failure: an outbound tool that makes ten calls a week on numbers where the consent doesn’t hold up produces 520 calls a year, which at $500 each is $260,000 of exposure. At the trebled rate, $780,000. For calls you never personally made.

Courts are not shy about the big numbers. In Krakauer v. Dish Network (4th Cir. 2019), a jury priced each unlawful call at $400, the court found the violations willful and trebled that to $1,200 a call, and the affirmed judgment came to $61,243,800 across 18,066 class members. The calls were placed by a third-party marketer working on Dish’s behalf; Dish owed the money anyway. Capital One and three collection vendors settled a consolidated TCPA case for a $75,455,098.74 fund, approved in 2015. Those defendants had legal departments. You have a phone tool you bought online.

One more number: four. A TCPA claim carries the federal catch-all limitations period of four years (28 U.S.C. § 1658, enacted 1990), which the Second Circuit applied to TCPA suits in Giovanniello v. ALM Media (2013). A bad call your tool makes this afternoon is a live lawsuit until the summer of 2030.

The vendor sells the tool. The buyer serves the sentence.

Why a web form is not consent

Here is the comforting story every outbound pitch leans on: the lead gave us the number, so the lead consented. Two federal appeals courts tested that story against the statute, and it lost both times.

In Soppet v. Enhanced Recovery Co. (7th Cir. 2012), the court held that the ‘called party’ whose consent matters is the person subscribing to the number at the time of the call. Consent attached to a number by its previous owner, or by whoever handed the number over, does not travel with it. In Osorio v. State Farm Bank (11th Cir. 2014), a housemate listed the plaintiff’s cell number on a credit application, 327 autodialed calls followed over six months, and the Eleventh Circuit agreed with Soppet: consent must come from the number’s current subscriber or customary user, not from the person who typed the digits. The same 2014 opinion held that consent can be revoked out loud, orally, no paperwork required.

Now replay the web-form scenario against those holdings. A typo puts a stranger’s number in your lead queue. A carrier recycles a number, which happens often enough that the FCC launched an entire database in 2021 so callers could check. Someone submits an ex’s number out of spite. A lead reseller hands you digits harvested a year ago. In every one of those cases the form field is full and the consent is empty. ‘The lead gave us the number’ is not a defense; the number’s owner is the only person whose consent counts.

A footnote on lead-gen fine print. The FCC tried to tighten web-form consent with a one-to-one rule, where consent covers a single identified seller at a time. The Eleventh Circuit vacated that rule on January 24, 2025, three days before its compliance date, reasoning that the statute demands ‘prior express consent,’ not ‘prior express consent plus.’ Do not read that as slack you can lean on. Clean, named-seller consent language is still the evidence that wins these cases; the court only held that the FCC could not make its absence automatically unlawful.

Consent belongs to the person who owns the phone, not the person who typed the number.

One note of fairness before the checklist. The established players in this market have, by and large, built the consent machinery this article describes. They have been through enough TCPA weather to respect it. What concerned me is what I kept finding further down the market in my research: newer, smaller tools that ship outbound AI calling with none of that plumbing, where the only ‘consent’ in the system is a phone number typed into a web form. Some of what I saw lives in a grey zone. Some of it, after the FCC’s 2024 ruling, sits plainly on the wrong side of the line. I won’t name names, because the point of this piece is not who. It is what to check before you switch anything on.

The five questions to ask any vendor before you turn on outbound

Ask these in writing, and keep the answers. A vendor that built compliance on purpose will answer fast and specifically. Vague answers are an answer too.

1. Does it verify the number before the AI voice ever calls?

The strong pattern is a confirmation text first: the lead types a number, the system texts that number, and the AI may call only the numbers that reply. That single step catches the typo, the spite entry, and the stale list all at once, because the reply comes from the phone’s actual owner, which is exactly whose consent the courts count (Soppet, 2012; Osorio, 2014).

2. Does it scrub the national Do-Not-Call registry every 31 days, and keep an internal list?

Telemarketing has a second regime alongside consent: the Do-Not-Call rules (47 U.S.C. § 227(c), 1991), where anyone called more than once in 12 months can sue for up to $500 per call, trebled for willful violations. The regulations include a genuine safe harbor (47 CFR § 64.1200(c)(2)(i)), but only for callers who can show written procedures, trained personnel, an internal do-not-call list, and scrubbing against a registry version no more than 31 days old. If your vendor cannot say the words ‘31 days,’ they have not read the rule they are selling against.

3. Does it check the FCC’s Reassigned Numbers Database?

The database launched November 1, 2021 precisely because numbers change hands. It carries its own safe harbor (47 CFR § 64.1200(m)): if you had consent, queried the database before the call, and it wrongly told you the number had not been reassigned, you are shielded. That protection exists for exactly the nurse-gets-the-plumber’s-robocall scenario, and it costs pennies per query. A vendor doing outbound at scale without it has skipped a safe harbor the government built for them.

4. Does it log consent, and can you export the log?

Who consented, the exact wording they saw, the timestamp, and the number it came from. When a demand letter arrives in 2029 about a call from 2026, that log is most of the case. Keep it at least four years, the length of the federal lookback (28 U.S.C. § 1658); five gives you margin. If the vendor cannot hand you an export, your legal defense lives inside someone else’s retention policy.

5. Does the AI identify itself and stop the moment someone says stop?

Since April 11, 2025, FCC rules require honoring a revocation made ‘in any reasonable manner’ within at most ten business days (47 CFR § 64.1200(a)(10), effective 2025). Ten days is the legal ceiling, not the standard to aim for. The right answer is that ‘stop calling me,’ spoken mid-call to the AI, kills future contact instantly and writes the number to the internal do-not-call list on the spot. Remember Osorio (2014): revocation can be oral. If the AI cannot hear a no, every call after that no is a fresh $500.

A vendor with real answers to these five questions is selling you a tool. A vendor without them is selling you the defendant’s chair.

What the safe architecture looks like

Text first, voice second. The compliant builds share one spine: when a number enters the system, the first touch is a single transactional text. Something like: ‘You asked First Plumbing for a callback about a water heater. Reply YES and our assistant will call you now. Reply STOP to opt out.’ No coupon, no pitch, nothing but confirmation of the request the person just made. Only a YES wakes the AI voice.

That ordering works because the law treats the two channels differently. In Facebook v. Duguid (2021), a unanimous Supreme Court held that the TCPA’s autodialer definition reaches only systems with the capacity to generate random or sequential numbers, so ordinary software that stores and dials the specific numbers customers provided is not an autodialer. And a text has no voice at all: the Ninth Circuit held in Trim v. Reward Zone (2023) that a silent text message cannot be an ‘artificial or prerecorded voice.’ That holding formally binds only the Ninth Circuit, and texts still answer to the Do-Not-Call rules and to state statutes. But stack it up honestly: one confirmation text to the number the lead typed sits in the lowest-risk lane the statute has. An AI voice call to that same unverified number sits in the highest, because the FCC’s 2024 ruling attaches the artificial-voice restriction to it no matter what kind of dialer is behind it.

So the safe build is not complicated. Verify by text. Call only the YES pile, with an AI that says who it is calling for and treats stop as sacred. Scrub the DNC registry on the 31-day cycle, run numbers past the Reassigned Numbers Database, and log everything with timestamps you can export. None of this is exotic, and all of it is checkable in one sales call. One more sentence for geography: several states now run tougher versions of the TCPA on their own clocks, including Florida’s Telephone Solicitation Act (2021, amended 2023) at $500 to $1,500 per call, Oklahoma’s (2022) at the same rates, and Washington’s robocall statutes (amended 2023) at $1,000 minimum per violation.

The cheapest compliance tool ever built is a text that asks permission first.

Where First AI Employee stands

Fair question to ask me now: what does my own product do? First AI Employee is inbound first, by design. The AI answers the calls your customers place to you. The liability this article describes attaches to calls your systems originate; when your phone rings and an AI answers it, there is no outbound call to consent to, because the customer made the call.

When our AI does reach out, it is because the caller asked it to, out loud, on the call. ‘Can I text you a link to send photos?’ Yes. ‘Want a text confirming the appointment?’ Yes. That yes is captured on the call, logged with a timestamp, and every text carries STOP. That is the whole outbound story, and it is deliberate. We looked hard at cold outreach as a product and shelved it, because the risk lands on the customer who buys it, and I am not in the business of selling people their own lawsuit.

If you genuinely want outbound lead callback, it can be run legally, and some vendors run it well. Take the five questions into the sales call and watch how fast the answers come. And a plain word before you act on any of this: I am a founder, not your lawyer. This article is education, not legal advice. An hour with a TCPA attorney before you switch on outbound calling is the cheapest hour on this page.

Key takeaways
AI voices are ‘artificial’ under the TCPA: the FCC ruled unanimously in February 2024, so an AI voice call to a cell phone needs prior express consent, written consent if it contains marketing.
Liability is strict and lands on your business: $500 per call, up to $1,500 for willful violations (47 U.S.C. § 227(b)(3), 1991), no cap, four-year lookback (28 U.S.C. § 1658).
A number typed into a web form is not consent: consent belongs to the phone’s current subscriber (Soppet 2012, Osorio 2014).
Before turning on outbound, demand: text verification before any AI call, 31-day DNC scrubbing plus an internal list, Reassigned Numbers Database checks, exportable consent logs, and instant stop honoring.
First AI Employee is inbound first; the only outbound it sends follows a yes your caller gave on the call.

Common questions

Is outbound AI calling legal?

Yes, with the right consent behind it. The FCC ruled in February 2024 that AI-generated voices are ‘artificial’ under the TCPA, so an AI voice call to a cell phone requires prior express consent, and prior express written consent if it introduces an advertisement or contains telemarketing. Legal outbound AI is a consent-architecture problem: verified numbers, Do-Not-Call scrubbing, logged consent, and instant opt-out. The five vendor questions in this guide are how you test whether a tool was built that way.

Am I liable if my AI tool calls a wrong number?

The business the calls are made for is the one on the hook, not the software company. In Krakauer v. Dish Network (2019), the $61 million judgment fell on Dish for calls a third-party marketer placed on its behalf. Consent belongs to the phone’s current owner, not to whoever typed the number into your form (Soppet 2012, Osorio 2014). Your protection is architecture: verify numbers by text before any AI call, query the FCC’s Reassigned Numbers Database (its safe harbor has covered exactly this scenario since 2021), and keep exportable consent logs.

How long can someone sue over an AI call?

Four years from the call, under the federal catch-all statute of limitations (28 U.S.C. § 1658), which the Second Circuit applied to TCPA claims in Giovanniello v. ALM Media (2013). A non-compliant call made in 2026 is a live claim into 2030, and some state mini-TCPA laws run on their own clocks. Keep your consent records at least that long.

Stop missing calls.

First AI Employee answers calls 24/7, from $99 a month. Hear it on your own line with a 7-day free trial.

See plans and pricing →