Last updated 2026-07-09

TL;DR
Federal wiretapping law (18 U.S.C. § 2511) lets one party to a call record it without telling the other. But 13 U.S. states require everyone on the call to consent before recording. If your outbound team calls into California, Illinois, Pennsylvania, or any other all-party state, you need affirmative consent or you face civil and criminal liability.
What is the federal baseline for recording business calls?
The federal wiretap law, 18 U.S.C. § 2511(2)(d), sets the national floor: recording a phone call is legal as long as one party to the conversation consents. [1] You are a party to your own calls, so federal law lets your reps record without notifying the customer, full stop.
That sounds simple. It is not. Federal law is a floor, not a ceiling. States write stricter rules, and the stricter rule governs the call whenever it applies. A rep in Texas calling a customer in California still has to follow California's all-party consent rule, because the customer sits in an all-party state.
The FCC does not regulate call recording consent under the TCPA (47 U.S.C. § 227). [2] TCPA governs consent to call and text, not the act of recording. Two separate frameworks. Confusing them is one of the most common mistakes small outbound teams make.
Know federal law, then layer in every state your customers sit in. Never assume the one-party federal default covers you.
Which states require all-party (two-party) consent to record calls?
Thirteen states had all-party consent requirements as of mid-2026. The common label is misleading. It does not mean only two parties. It means every party on the call must consent before recording begins.
| State | Governing statute | Notes |
|---|---|---|
| California | Penal Code § 632 | Strictest enforcement; $5,000 per violation civil penalty [3] |
| Connecticut | C.G.S. § 52-570d | Civil cause of action |
| Delaware | 11 Del. C. § 1335 | Criminal + civil |
| Florida | Fla. Stat. § 934.03 | Felony for intentional violation |
| Illinois | 720 ILCS 5/14-2 | Criminal; class 4 felony |
| Maryland | Md. Courts § 10-402 | All-party; strong enforcement [4] |
| Massachusetts | M.G.L. c. 272 § 99 | Criminal; also covers in-person |
| Michigan | M.C.L. § 750.539c | Criminal misdemeanor |
| Montana | Mont. Code § 45-8-213 | Criminal |
| Nevada | NRS § 200.620 | Criminal + civil |
| New Hampshire | RSA 570-A:2 | Criminal |
| Oregon | ORS § 165.540 | Criminal |
| Pennsylvania | 18 Pa.C.S. § 5703 | Criminal; wiretap act [5] |
| Washington | RCW § 9.73.030 | Criminal; active plaintiff bar |
Some sources count 12, some count 13, because courts occasionally differ on how to read Montana's statute. I include it because the text is all-party on its face.
For sales teams, California, Illinois, Florida, Pennsylvania, and Washington generate the most litigation. If any meaningful share of your list is in those states, treat their rules as your default. For a detailed breakdown of Pennsylvania's rules, see pa call recording laws. For Maryland specifically, see maryland call recording laws.
What does California's call recording law require for business calls?
California Penal Code § 632 prohibits recording a confidential communication without the consent of all parties. [3] The word "confidential" does the heavy lifting. California courts have generally held that most calls between a business and a consumer are confidential unless the parties plainly understand the content could be shared widely. So almost every B2C call into California needs all-party consent before you hit record.
Consent in California must come before recording starts. The standard approach is a verbal disclosure at the top of the call: "This call may be recorded for quality and training purposes." The caller then waits for the customer to proceed, which courts have treated as implied consent. Silence after a clear disclosure has generally (not universally) been found sufficient, though a few plaintiffs have argued otherwise.
The civil penalty under § 637.2 is $5,000 per violation or three times actual damages, whichever is greater. [3] Class actions are common because each recorded call is a separate violation. A call center that records 10,000 California calls without consent is not facing one $5,000 fine. It is facing potential exposure of $50 million before any multiplier.
California's law also has a business-to-business nuance. If both parties are sophisticated commercial entities and the call is not "confidential" in the statutory sense, some courts have found one-party consent sufficient. Do not rely on that. Get explicit consent on every call into California.
How does the "which state's law applies" question actually work for outbound calls?
This is where most teams get tripped up. You have a rep in Texas (a one-party state) calling a prospect in California (all-party). Whose law governs?
California's law, because the person being recorded is in California. Courts and regulators consistently apply the law of the state where the non-consenting party is located. [6] Some courts have applied the law of both states at once, meaning if either state is all-party, you need all-party consent.
The only clean path for teams that call nationally is a universal all-party disclosure on every call. That way you are compliant in all 50 states regardless of where the customer sits.
For Texas-specific rules, see texas call recording laws. For New York, which is one-party but has nuances around eavesdropping law, see new york call recording law. For Arizona, see arizona call recording laws.
One more wrinkle. If your call crosses an international border, federal wiretap law and your dialer's terms of service are the starting point, but the foreign country's laws apply too. Canada, for example, requires consent under the Criminal Code, so calls into Canadian numbers need a disclosure even if your rep sits in a one-party U.S. state.
Does the TCPA govern call recording, or is that a separate law?
Separate law. The TCPA (47 U.S.C. § 227) controls whether you can call or text someone at all: consent to be called, do-not-call compliance, autodialer rules. [2] It says nothing about recording the call once you are on it.
Call recording is governed by the federal wiretap act (18 U.S.C. §§ 2510-2523) and state equivalents. These two frameworks run in parallel. A call can be fully TCPA-compliant (proper consent to call, no DNC violation) and still be an illegal recording if you did not get all-party consent in a state that requires it. It cuts the other way too. You can disclose your recording beautifully and still face a TCPA suit if you called a cell phone with an autodialer without prior express consent.
For a full breakdown of what the TCPA covers, see tcpa law. For a broader look at phone recording legality, is it against the law to record phone calls and telephone call recording laws go deeper on the wiretap side.
Good compliance programs address both frameworks together. Just understand they are legally distinct.
What happens if you record a call without proper consent?
The exposure is real and it scales fast. Here is what can happen.
Under federal wiretap law, intentional unlawful interception is a federal crime carrying up to five years imprisonment plus civil damages of $10,000 per violation or actual damages plus attorney fees, whichever is greater. [1]
Under California Penal Code § 637.2, plaintiffs can sue for $5,000 per recorded call. [3] Class actions have produced settlements in the millions. In the 2022 Javier v. Assurance IQ case, the Ninth Circuit held that a website-embedded session recording tool could violate California's wiretap law, and courts have applied that reasoning to phone recordings as well.
Florida makes intentional recording without consent a third-degree felony under Fla. Stat. § 934.03. Illinois makes it a class 4 felony under 720 ILCS 5/14-2.
Pennsylvania's wiretap act (18 Pa.C.S. § 5703) is one of the broadest. It creates both criminal liability and a private civil cause of action. [5]
The pattern across states is consistent. Criminal statutes exist, but prosecutors rarely go after businesses for recording consent failures absent egregious intent. The real risk is plaintiff attorneys filing class actions, common because each call is a separate violation. A company that recorded 50,000 calls without consent in California has statutory exposure of $250 million. Settlements land far lower, but defense costs alone can run into the hundreds of thousands.
For a broader look at penalties across call compliance areas, see recorded phone call laws.
What does a legally compliant call recording disclosure sound like?
There is no federally mandated script. What matters is that the disclosure is clear, comes before recording starts, and gives the other party a meaningful chance to object.
A compliant disclosure for an outbound sales call sounds like this in practice:
"Hi, this is [Name] from [Company]. Just to let you know, this call may be recorded for quality and training purposes. Do you have a moment to chat?"
That sentence identifies the caller, discloses the recording, and invites the customer to respond before the substantive conversation starts. The customer continuing the call is treated as implied consent in most jurisdictions.
For inbound calls, the standard is an IVR message before the agent picks up: "Calls to this number are recorded for quality and training purposes."
A few practical points.
Do not bury the disclosure at the end of a long opener. Courts have found disclosures inadequate when they came after several sentences of sales pitch.
Document your disclosure practice. If you use a dialer that automatically plays a disclosure message, keep logs showing the message played and the customer stayed on the call.
Beware of automatic "beep tones." Some states (Florida notably) have held that a beep tone is not sufficient notice. A verbal statement is safer everywhere.
Georgia deserves a mention here. It is a one-party state by statute, but group calls have nuances. See georgia call recording law and georgia recording consent law group audio call for specifics.
Do B2B calls have different recording rules than B2C calls?
Mostly no, but a few real distinctions exist.
The federal wiretap act and state recording laws apply to all telephone conversations, not only consumer calls. A business-to-business call in California is still subject to Penal Code § 632. [3] The "confidentiality" element may be harder to establish in a purely commercial context (courts have sometimes found that arms-length commercial negotiations are not "confidential"), but that is not a reliable safe harbor. Get the disclosure on B2B calls too.
Where B2B calls get cleaner treatment is in the TCPA context, not the recording context. B2B cold calls to business lines generally fall outside TCPA's prohibition on autodialed calls to cell phones when the cell phone is provided for business use. Again, that is TCPA consent to call, not recording consent.
One practical B2B difference: if you record calls for legitimate business purposes (CRM notes, dispute resolution, training) and both parties are commercial entities who routinely record calls, you are less likely to face a class action. The real class action risk is B2C, especially in California, Florida, Illinois, Pennsylvania, and Washington.
For Indiana-specific rules that affect some B2B teams in the Midwest, see indiana call recording laws.
How should a small outbound team build a call recording compliance process?
Here is what I would actually do to set up a 10-person outbound team calling nationally.
Step 1: Map your call list geography. Pull the states your contacts are in. If more than a trivial share sit in California, Florida, Illinois, Pennsylvania, or Washington, those states drive your policy.
Step 2: Adopt universal all-party disclosure. It is the only policy that works across all 50 states. Script it into your opener. If you use a power dialer, configure it to play a pre-recorded disclosure before the live agent speaks. Five9, RingCentral, and Salesforce Dialer all support this.
Step 3: Log the disclosure. Your dialer should timestamp recordings and note that the disclosure message played. Store logs for at least four years to match the typical statute of limitations window for wiretap claims.
Step 4: Train your reps. They should know the disclosure by heart and understand why skipping it is not acceptable even when a prospect seems eager to talk. One skipped disclosure on one class member can open the door to a class action.
Step 5: Audit quarterly. Pull a random sample of call recordings (the irony is intentional) and verify the disclosure is happening at the start of every call.
LeadCompliant's free compliance kit includes a call recording disclosure checklist and a state consent map you can use as a starting template. It is not a substitute for legal advice, but it gives small teams a documented starting point.
Total cost of this process: your dialer configuration time plus a few hours of rep training. The cost of skipping it: potentially millions in class action exposure in California alone.
What records should you keep, and for how long?
Federal wiretap civil claims have a two-year statute of limitations under 18 U.S.C. § 2520. [1] California allows three years for § 632 claims. Washington is two years. Pennsylvania is two years for private civil claims under the wiretap act.
Given that variation, a four-year retention policy for call recordings and disclosure logs covers you in every state without being excessive.
What to keep:
The recordings themselves, if your business purpose requires them (many teams only need recordings for 90 days for QA, then delete).
Timestamped logs showing the disclosure message played and the call continued.
Training records showing reps were instructed on disclosure requirements.
Your dialer configuration showing the disclosure was active during the relevant period.
If you delete recordings after 90 days for storage reasons, keep the metadata and disclosure logs for four years. You need to be able to show the disclosure happened even if you no longer have the audio.
One thing teams get wrong: they keep the recording but delete the disclosure log. If a plaintiff claims no disclosure was made, the recording proves what was said, but the log proves the process was systematic. Both matter. [7]
Are there any industry-specific call recording rules beyond state wiretap laws?
Yes. Several regulated industries layer extra requirements on top of wiretap law.
Financial services: FINRA Rule 3110 requires broker-dealers to record and retain communications related to securities transactions. [8] The SEC's Regulation SP and related rules add further requirements. If you call on behalf of a financial services firm, you likely have mandatory recording obligations, more than permission to record.
Healthcare: Recording calls that contain protected health information triggers HIPAA considerations. The recording itself is not prohibited, but storage, access controls, and breach notification rules apply to any PHI captured on the recording. [9]
Debt collection: The FDCPA does not require call recording, but it limits what collectors can say on calls. Many collection agencies record all calls as evidence of FDCPA compliance. Some state attorneys general have issued guidance encouraging it.
Insurance: Some states require recorded verification calls be retained for specific periods. California Insurance Code has its own nuances around recorded policyholder communications.
For most outbound sales and marketing teams, wiretap laws and the TCPA are the primary frameworks. But if your product sits in a regulated vertical, check whether your industry regulator has added recording requirements that go beyond the baseline.
What do courts actually look at in call recording lawsuits?
Wiretap cases in federal and state court tend to turn on a short list of questions.
Was the recording intentional? The federal wiretap act and most state equivalents only impose liability for intentional, not inadvertent, recording. If your system accidentally captured a call because of a software bug, that is a different (and generally weaker) case than a deliberate policy of recording without disclosure.
Was the communication "confidential"? In California, this is a genuinely contested issue. Courts look at whether the parties had a reasonable expectation that the contents would not be overheard or recorded. Business calls with strangers tend to be treated as confidential. Calls made in loud public settings have occasionally been found not confidential, but that is a thin defense for a sales call.
Did the plaintiff actually consent? Courts look at whether the disclosure came before recording started, whether it was clear enough that a reasonable person would understand they were being recorded, and whether the plaintiff's conduct after the disclosure constituted consent. The Ninth Circuit has been fairly strict on this in recent years.
Did the defendant know about the law? Knowledge of the law is generally not required for civil liability. A company that records calls without consent in California is liable under § 637.2 even if it genuinely did not know about the statute. Ignorance is not a defense. [3]
Class certification is often the strategic hinge of these cases. Plaintiffs try to certify a class of everyone recorded without consent. Defendants argue individual consent questions predominate. Whether a class gets certified often decides whether the case settles or goes away.
Frequently asked questions
Can my business record calls without telling anyone?
At the federal level, yes, because one-party consent applies and you are a party to your own calls. But 13 states, including California, Florida, Illinois, Pennsylvania, and Washington, require all-party consent. If any of your customers are in those states, recording without disclosure is illegal there. Most outbound teams adopt a universal disclosure policy to avoid tracking which state each customer is in.
Is it legal to record a phone call for business purposes without notifying the other party?
It is legal under federal law and in one-party states (roughly 37 states). It is illegal in all-party consent states. For business teams calling nationally, recording without notice is a serious liability. The safer and more defensible practice is always disclosing at the start of the call, regardless of which state the customer is in.
What is the penalty for recording a call without consent in California?
California Penal Code § 637.2 allows civil suits for $5,000 per violation or three times actual damages, whichever is greater. Each recorded call is a separate violation. Class actions are common. Criminal penalties under § 632 also exist, though prosecutions of businesses are rare. The real financial risk is plaintiff class actions, which have resulted in multi-million dollar settlements.
Does the TCPA require consent for call recording?
No. The TCPA (47 U.S.C. § 227) governs consent to call or text someone, autodialer rules, and do-not-call compliance. It says nothing about recording the call. Call recording consent is governed by the federal wiretap act (18 U.S.C. § 2511) and state equivalents. These are separate legal frameworks that both apply to your calls.
If my sales rep is in a one-party state but the customer is in California, whose law applies?
California's law applies. Courts consistently look to the law of the state where the non-consenting party is located. If your rep is in Texas and the customer is in California, you need all-party consent. Some courts apply both states' laws at once. Either way, the answer is the same: if either party is in an all-party state, get consent from everyone on the call.
What is the best way to get consent to record a business call?
A verbal disclosure at the very start of the call, before substantive conversation begins, is the standard practice. Something like: 'This call may be recorded for quality and training purposes.' The customer continuing the call is treated as implied consent in most states. For inbound calls, an IVR message before the agent picks up works. Document that the disclosure played on every call.
How long should I keep recorded business calls?
The federal wiretap civil statute of limitations is two years under 18 U.S.C. § 2520. California allows three years for § 632 claims. A four-year retention policy for disclosure logs covers every state. Recordings themselves can be deleted sooner for storage reasons, but keep the metadata and logs showing the disclosure was made for the full four years.
Do B2B calls require recording consent, or is that just a B2C concern?
B2B calls are subject to the same state wiretap laws. California's § 632 applies to any telephone communication, not only consumer calls. The practical class action risk is lower in B2B, but the legal requirement is the same. Disclose on B2B calls too. The argument that commercial calls are not 'confidential' under California law is not a reliable safe harbor.
Does Florida require all parties to consent before recording a call?
Yes. Florida Statute § 934.03 requires all-party consent to record a phone call. Intentional violation is a third-degree felony. Florida is one of the more active states for recording consent litigation, particularly in financial services and insurance. Any outbound team calling Florida numbers must disclose recording before the call begins.
Is a beep tone enough notice that a call is being recorded?
Not in all states. Florida courts have held that a beep tone alone does not satisfy the consent requirement. A clear verbal disclosure is safer in every jurisdiction. If your system uses a beep tone, add a verbal disclosure anyway. The cost of adding one sentence to your opener is trivial compared to the exposure from an inadequate notice defense.
What states are one-party consent for call recording?
Approximately 37 states follow one-party consent, meaning only one person on the call needs to agree to the recording, and that person can be you. Examples include Texas, New York, Georgia, Arizona, Ohio, Indiana, and most other states. Always verify current state law before relying on this, as statutes do change and some states have unusual interpretations.
Are there federal rules beyond the wiretap act that affect call recording?
FINRA Rule 3110 requires broker-dealers to record and retain certain communications. HIPAA imposes storage and access controls on recordings that contain protected health information. The FCC's TCPA rules govern consent to call, not recording. For most outbound sales teams outside regulated industries, the federal wiretap act and state equivalents are the primary frameworks.
Can I use AI call recording tools and still comply with recording laws?
Yes, but the legal framework does not change because of the technology. AI call recording, transcription, and analytics tools must still satisfy the same consent requirements as traditional recording. If the tool records the call, you need the same disclosure you would need for any other recording method. Check your vendor's terms to confirm they do not create separate liability through their data handling.
What should my call recording disclosure script say?
A compliant script for an outbound call covers three things: who you are, that the call is being recorded, and an invitation to continue that functions as consent. Example: 'Hi, this is [Name] from [Company]. This call may be recorded for quality and training purposes. Do you have a moment to chat?' Keep it at the very start of the call, before any substantive conversation, and train reps not to skip it.
Sources
- U.S. Code, 18 U.S.C. § 2511, Federal Wiretap Act: Federal law permits recording when one party to the communication consents; civil damages of $10,000 per violation or actual damages; criminal penalty up to five years
- California Legislature, Penal Code §§ 632 and 637.2: California prohibits recording confidential communications without all-party consent; civil penalty of $5,000 per violation or three times actual damages
- Maryland General Assembly, Maryland Courts and Judicial Proceedings § 10-402: Maryland requires all-party consent to record telephone conversations
- Pennsylvania General Assembly, 18 Pa.C.S. § 5703, Pennsylvania Wiretapping and Electronic Surveillance Control Act: Pennsylvania prohibits intentional interception of wire communications without all-party consent; creates criminal and civil liability
- Ninth Circuit Court of Appeals, Kearney v. Salomon Smith Barney, Inc., 39 Cal.4th 95 (2006): California courts apply California recording law when a California party is recorded without consent, regardless of where the recording party is located
- U.S. Code, 18 U.S.C. § 2520, Civil actions under federal wiretap law: Federal wiretap civil statute of limitations is two years; damages include $10,000 per violation or actual damages plus attorney fees
- FINRA, Rule 3110, Supervision: FINRA Rule 3110 requires broker-dealers to record and retain certain communications related to securities transactions
- U.S. Department of Health and Human Services, HIPAA Security Rule: HIPAA imposes storage, access control, and breach notification requirements on recordings that contain protected health information
- Washington State Legislature, RCW § 9.73.030, Recording private communications: Washington State requires all-party consent to record private telephone conversations; criminal penalty applies
- Florida Legislature, Fla. Stat. § 934.03, Interception and disclosure of wire, oral, or electronic communications prohibited: Florida requires all-party consent; intentional violation is a third-degree felony