California robocall law: what outbound teams must know in 2025

California's robocall rules layer TCPA and state law. Violations cost $500, $1,500 per call. Learn consent rules, exemptions, and how to stay compliant.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Compliance manager reviewing outbound call compliance documents at a sunlit California office desk
Compliance manager reviewing outbound call compliance documents at a sunlit California office desk

TL;DR

California robocall law combines federal TCPA rules (47 U.S.C. § 227) with state statutes: the Automatic Dialing-Announcing Device law (Penal Code § 653b) and the California Invasion of Privacy Act. TCPA violations cost $500 per call, $1,500 if willful, plus separate state penalties. You need prior express written consent before autodialing or robocalling a cell phone. California enforces harder than most states.

What is California's robocall law?

California has no single statute called "the robocall law." Callers into or out of the state work under a stack of overlapping rules: the federal Telephone Consumer Protection Act (TCPA, 47 U.S.C. § 227), FCC rules at 47 C.F.R. Part 64, California Penal Code § 653b (the Automatic Dialing-Announcing Device statute, or ADAD law), and the California Invasion of Privacy Act (CIPA, Penal Code §§ 630-638) [1][2][3].

The federal TCPA is the floor. It bans autodialed or prerecorded calls to cell phones without prior express consent, and it bans prerecorded commercial calls to residential landlines without prior express written consent. California's statutes sit on top of that floor and raise it.

An outbound team calling California residents has to clear both layers at once. Passing the TCPA test is necessary but not enough. California courts and the state Attorney General reach for state law whenever federal preemption arguments run thin, and they win with it.

What does California Penal Code § 653b say about robocalls?

Penal Code § 653b governs Automatic Dialing-Announcing Devices, which the statute defines as any device that automatically dials a phone number and delivers a prerecorded message [2]. The law is older than modern predictive dialers and text blasts, but courts have stretched it to cover today's tech.

The statute requires that every ADAD call open with three things: the name of the business or person calling, a callback number where the recipient can ask to be removed, and a statement that the call uses an automatic dialing device. Violations are a misdemeanor. That criminal exposure sits separate from civil TCPA liability, so one bad campaign can spawn a class action and an enforcement referral at the same time.

Here is the wrinkle that catches people. Section 653b exempts calls made with the prior consent of the called party. But the statute never defines what form that consent takes. Careful practitioners treat it as demanding the same written documentation they keep for TCPA purposes, rather than betting a court will accept an oral nod.

How do federal TCPA rules apply to calls into California?

The TCPA at 47 U.S.C. § 227(b) bars using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice to call any cell phone without "prior express consent" of the called party, and bars prerecorded commercial calls to residential lines without "prior express written consent" [1]. The FCC has defined those terms across decades of orders. Its 2024 one-to-one consent rule tightened things further, requiring that written consent name the specific seller rather than a broad category of "partners" [7].

The Supreme Court's 2021 ruling in Facebook v. Duguid narrowed what counts as an ATDS. To qualify, the court held, a system must use "a random or sequential number generator" to store or produce the numbers it calls [5]. That gave some relief to sellers running purpose-built CRM dialers off fixed lists. The FCC still reads the autodialer definition broadly, and it keeps signaling that it wants to protect consumers regardless of how a dialer is wired [7].

Prerecorded voice calls get the harshest treatment. Under 47 C.F.R. § 64.1200(a)(3), a prerecorded commercial call to a residential line needs written consent that clearly authorizes the specific entity making the call [7]. A generic opt-in on a lead form that never names your company does not clear that bar under the 2024 order.

California is also an all-party consent state for call recording under CIPA [3]. Any recorded call, including one where a prerecorded message plays, needs consent from everyone on the line. If your prerecorded sales message runs while you record the interaction for quality or compliance, you may trip a separate CIPA duty. For more on recording rules, see telephone call recording laws and recorded phone call laws.

What is the difference between a robocall and a human voice call under California law?

This line matters more than most teams think. A live agent dialing by hand sits in a different legal box than an autodialed or prerecorded call.

A live human call to a cell phone, dialed manually, needs only prior express consent, and oral consent can carry it (document it anyway). An autodialed or prerecorded call to a cell phone needs prior express written consent under the TCPA [1]. Human voice calls carry lighter baseline consent, which is exactly why some outbound teams eat the lower volume and dial by hand.

The hard part is defining "manual" after Facebook v. Duguid. When a system queues numbers and hands them to an agent who clicks to connect, courts have split on whether that is an ATDS [5]. Some courts have found certain click-to-dial platforms are not autodialers; others left the question open. California federal courts sit in the Ninth Circuit, which reads the post-Duguid ATDS definition on the narrower side. That gives power dialers more room than they had before 2021. It does not erase the risk.

Prerecorded messages are different. It does not matter who starts the call. Once a prerecorded message plays, the call counts as a robocall under 47 U.S.C. § 227(b), no matter how the connection got made.

What are the penalties for violating California robocall laws?

The exposure stacks from several directions at once.

Under the TCPA, each violation carries $500 in statutory damages, trebled to $1,500 per call if the violation was willful or knowing [1]. There is no per-plaintiff cap in individual suits, and class actions aggregate millions of calls. The Ninth Circuit, which covers California, has hosted some of the largest TCPA settlements in the country. Numerous companies have paid seven-figure settlements over campaigns of a few hundred thousand calls.

Under Penal Code § 653b, an ADAD violation is a misdemeanor, punishable by up to one year in county jail and a fine [2]. Criminal enforcement is rare. It is not unheard of, especially when the conduct is egregious or involves fraud.

CIPA recording violations carry $5,000 per violation in civil penalties and a private right of action [3]. Because CIPA reaches anyone who records a confidential communication without consent, it catches things the TCPA misses, like recording a call with a California resident even when the call itself was lawfully placed.

The table below sorts the main penalty tiers.

StatutePer-violation civil penaltyCriminal exposure
TCPA (47 U.S.C. § 227)$500, up to $1,500 if willfulNo (federal civil only)
California Penal Code § 653b (ADAD)Civil injunction possibleMisdemeanor, up to 1 year
CIPA (Penal Code § 632)$5,000 per violationUp to 1 year or state prison
Do Not Call (16 C.F.R. § 310)Up to $51,744 per call (FTC)No (federal civil)

For how these penalties compare to other frameworks, see tcpa law.

TCPA and California robocall violation penalties by statute Maximum civil penalty per violation (not per campaign) TCPA willful violation (per call) $1,500 TCPA standard violation (per call) $500 CIPA recording violation (per cal… $5,000 FTC DNC violation (per call) $52k Source: 47 U.S.C. § 227; 16 C.F.R. § 310; California Penal Code § 632; FTC 2024 penalty schedule

It depends on the type of call and the type of phone. Get this wrong and everything downstream is exposed.

Autodialed or prerecorded calls to cell phones need prior express written consent. The FCC defines that as an agreement in writing, signed (electronic signatures count), that clearly authorizes the specific company to contact the person at a specific number using autodialing or prerecorded tech [7]. A checkbox reading "I agree to receive calls from our partners" does not cut it after the 2024 one-to-one order, because it names no specific seller.

Prerecorded commercial calls to residential landlines also need prior express written consent under 47 C.F.R. § 64.1200(a)(3) [7].

Live human calls to residential lines, with no ATDS and no prerecorded message, need prior express consent, which can be oral. Document it anyway. An undocumented oral consent is worth little in a fight.

The CCPA adds another layer. If your organization uses consumer data to target calls, California residents have rights to know how their data gets used, to opt out of its sale, and to demand deletion [11]. The CCPA does not create a separate robocall consent rule, but buying phone numbers from a vendor who sold them without proper disclosures can hand you CCPA and TCPA liability in one shot.

The safest play for lead-gen callers: collect written consent at the point of capture, keep a timestamped record, and confirm the consumer named your company by name, not a category.

Does the National Do Not Call Registry apply in California?

Yes, fully. The National Do Not Call Registry, run by the FTC under the Telemarketing Sales Rule (16 C.F.R. Part 310), covers telemarketing calls to California numbers exactly like everywhere else [6][9]. California residents register cell and landline numbers, and telemarketers must scrub their lists against the registry before dialing. The FTC's current maximum penalty for calling a registered number is $51,744 per violation.

California keeps no separate state DNC list, unlike Indiana or Texas. So federal compliance is the main event. But a caller who breaks the National DNC rules against California residents can catch both FTC enforcement and a private TCPA suit, since the TCPA's DNC provision at § 227(c) gives individuals their own claim worth up to $500 per violation.

The Telemarketing Sales Rule requires telemarketers to scrub against the registry and not call numbers that have been registered for more than 31 days [9]. Exemptions cover an established business relationship (within 18 months of the last purchase, or 3 months of an inquiry), but California courts read the EBR exemption narrowly once state claims get layered on top.

Are there exemptions to California's robocall rules?

Several exist. They are narrower than most compliance teams assume.

The TCPA exempts emergency calls, calls by or for tax-exempt nonprofits, noncommercial calls, and calls to people who gave prior express consent [1]. The FCC also carved out certain informational calls (package delivery notices, appointment reminders, fraud alerts) under strict conditions, including a flat ban on advertising content inside those messages.

Penal Code § 653b exempts calls made with the prior consent of the called party and calls between businesses in the ordinary course of business [2]. That B2B carve-out helps B2B sales teams, but it does not reach calls to individuals at business numbers when the product being sold is personal rather than commercial.

The National DNC rules exempt calls to existing customers with a relationship established in the prior 18 months, or where the consumer inquired within 3 months [9]. That exemption never overrides the TCPA consent requirement for autodialed or prerecorded calls to cell phones.

One exemption that burns people: political and survey calls. The TCPA does not shield consumers from autodialed or prerecorded calls that are purely political (candidate advocacy, get-out-the-vote). California still imposes disclosure rules on political calls, and CIPA still governs any recording of them. "Political exemption" is not a license to call without consequence.

California is an all-party consent state under CIPA (Penal Code § 632) [3]. Recording a confidential communication without the consent of everyone on the line carries civil and criminal liability.

This shows up in robocall work two ways. First, if your campaign plays a prerecorded message and then bridges a live agent for follow-up, and you record that conversation, every California party must have consented to the recording. Second, even AI-generated voice calls that record any slice of the interaction, including voicemails left on answering machines, can trigger CIPA analysis depending on how a court reads "confidential."

The practical fix is a clear disclosure at the top of every recorded call: "This call may be recorded for quality assurance purposes." That line, plus the consumer choosing to stay on the line, usually establishes implied consent under California law. It has to land before the recording starts, not after.

If you run campaigns across state lines, know how California stacks up. See is it against the law to record phone calls for the national picture, and new york call recording law for another strict-consent state.

What California robocall rules apply to text messages (SMS)?

The TCPA treats texts to cell phones like calls to cell phones for autodialing purposes [1]. The FCC confirmed back in 2003 that text messages are "calls" under the statute. Every consent, opt-out, and timing rule that applies to autodialed calls also applies to marketing texts sent to California numbers.

California has no standalone SMS marketing statute, but the CCPA still matters here [11]. If you text from a purchased or licensed list of California consumer numbers, the data's origin matters. A consumer can claim their number got sold without adequate disclosure, and that lights up both CCPA and TCPA exposure.

Opt-out handling draws heavy enforcement in text campaigns. A consumer who replies STOP has to come off the list fast. FCC rules require honoring the request within a reasonable time; best practice is within 24 hours or one business day. Texting after a STOP reply is one of the most common TCPA triggers because it is trivially easy to document.

Timing trips people too. The TCPA limits calls and texts to 8 a.m. through 9 p.m. in the recipient's local time. For a California recipient, that means Pacific Time, no matter where the sender sits.

What should a small outbound team do right now to comply with California robocall law?

A short list, in priority order. Do the first two this week.

First, audit your consent documentation. For any campaign hitting California cell phones with autodialing or prerecorded messages, you need written consent that names your company. If you buy leads, get the vendor's consent-chain documentation in writing before your next campaign runs.

Second, scrub against the National DNC Registry. If your list is older than 31 days without a fresh scrub, you are already exposed. The FTC's DNC subscription runs $77 for one area code and caps at $18,044 for access to all numbers under the current fee schedule [6].

Third, add a CIPA-compliant disclosure to every recorded call, placed before the recording begins.

Fourth, check your dialer setup. If you run a click-to-call CRM dialer that queues calls but makes an agent connect each one, document how it works and get a written opinion on ATDS classification from a TCPA-literate attorney. Do not assume you are safe without that analysis.

Fifth, build an opt-out process that actually works. Every prerecorded call has to give an automated way to opt out during the call itself under 47 C.F.R. § 64.1200(b) [7]. Test it monthly.

LeadCompliant's free TCPA compliance tools and one-time compliance kit can help you stand up a consent documentation system and a DNC scrubbing workflow without building from zero.

If you also operate elsewhere, compare California against texas call recording laws and pa call recording laws to see where your exposure concentrates.

How are California robocall complaints investigated and enforced?

Enforcement comes from three directions: private plaintiffs, the FTC, and the California Attorney General.

Private plaintiffs file the bulk of TCPA cases. California federal courts, especially the Northern and Central Districts, carry heavy TCPA volume. A plaintiff needs only to show they got an unwanted autodialed or prerecorded call without valid consent. Statutory damages of $500 per call require no proof of actual harm, which is what makes class actions so attractive to the plaintiffs' bar.

The FTC enforces the National DNC rules and the Telemarketing Sales Rule through civil actions, seeking injunctions and civil penalties [9]. Recent FTC actions have targeted companies pushing prerecorded pitches for home warranties and student loan services.

The California AG can bring cases under CIPA, under the CCPA, and under the Unfair Competition Law (Business & Professions Code § 17200), which reads "unlawful" business conduct broadly enough to sweep in TCPA violations as predicate acts [10].

Consumers file complaints through the FTC's DoNotCall.gov, the FCC's complaint portal, and the California AG's office. Those complaints feed enforcement databases. A pattern of complaints from California consumers has historically preceded both FTC and AG investigations.

The FCC runs its own complaint process and can refer matters to its Enforcement Bureau, which has issued hundreds of millions of dollars in proposed robocall forfeitures since 2019. Collected amounts run far lower than the proposed figures.

Frequently asked questions

Is California's robocall law stricter than the federal TCPA?

In several ways, yes. Penal Code § 653b adds criminal misdemeanor exposure for ADAD violations that the federal TCPA never carries. CIPA adds all-party recording consent at $5,000 per violation. The California AG can also use the Unfair Competition Law to bring TCPA violations as state claims. Federal TCPA is the floor; California law raises it.

Can I robocall a California number if the person opted in online?

Only if that opt-in was written, signed (electronic counts), and named your company and the number being called, with language that clearly authorized autodialed or prerecorded calls. After the FCC's 2024 one-to-one consent order, generic lead-form opt-ins referencing a broad category of sellers do not qualify. The consent has to be granular and documented.

What time of day can I call California residents?

The TCPA limits calls and texts to 8 a.m. through 9 p.m. in the called party's local time zone. For California residents, that means Pacific Time. If you call from a different time zone, calculate by where the recipient is, not where you are. Calls outside those hours are per se violations at $500 to $1,500 each.

Does the robocall law apply to B2B calls in California?

Federal TCPA B2B exemptions are limited. The cell phone prohibition applies no matter whether a number is used for business. Penal Code § 653b has a business-to-business exemption for ADAD calls in the ordinary course of business, but it does not cover calls to personal cell phones even when the recipient is a business contact. Document each B2B call setup carefully.

What disclosures are required at the start of a robocall in California?

Under Penal Code § 653b, an ADAD call must state at the beginning: the name of the business or person calling, a callback number for opt-out requests, and a statement that an automatic dialing device is being used. Under 47 C.F.R. § 64.1200(b), the call must also provide an automated opt-out mechanism during the call and identify the calling entity.

The TCPA exempts purely political robocalls from its consent requirements, but California still imposes ADAD disclosure duties under Penal Code § 653b. Calls supporting or opposing a candidate must carry the required disclosures. CIPA's recording consent rules also apply. Prerecorded political messages to cell phones without consent remain regulated; the exemption is narrower than most political callers assume.

How long do I have to honor a robocall opt-out request in California?

Under FCC rules (47 C.F.R. § 64.1200), opt-out requests from prerecorded call recipients must be honored on a company-specific DNC list within a reasonable time. FCC guidance treats 30 days as the outer limit; industry best practice is within one business day. For SMS opt-outs (STOP replies), the same standard applies. Continuing to call or text after an opt-out is one of the most litigated TCPA triggers.

Can a California resident sue me directly for a robocall violation?

Yes. The TCPA at 47 U.S.C. § 227(b)(3) gives individuals a private right of action for $500 per violation, trebled to $1,500 for willful violations, with no need to prove actual damages. CIPA (Penal Code § 637.2) also provides a private right of action for $5,000 per recording violation. California has an active plaintiffs' bar built around these suits, filed often in California federal courts.

Does CCPA affect robocall compliance?

Indirectly but meaningfully. If you buy or use consumer phone data to target calls, California residents can demand to know how their data was obtained and request its deletion. A vendor that sold consumer numbers without proper CCPA disclosures can expose your campaign to CCPA liability on top of TCPA liability. Run due diligence on list vendors' CCPA compliance before any California campaign.

What is the difference between an ADAD call and a standard robocall under California law?

Penal Code § 653b uses the term Automatic Dialing-Announcing Device (ADAD) for a device that automatically dials and delivers a prerecorded message. The federal TCPA uses "automatic telephone dialing system" (ATDS) and separately addresses prerecorded voice calls. Most robocalls qualify under both, but a prerecorded message delivered by a manually initiated call is still covered by TCPA prerecorded-voice rules even if it might not meet the ATDS definition after Duguid.

Are there robocall exemptions for debt collection calls in California?

The FCC created a limited exemption for prerecorded calls from financial institutions to their own customers for debt-related purposes, subject to strict conditions including a cap on call frequency and a ban on third-party debt collectors using it. California courts read the exemption narrowly. A collector calling a California debtor on a cell phone without written consent still faces TCPA liability if the system qualifies as an ATDS.

What records should I keep for robocall compliance in California?

Keep written consent records (timestamped, with the exact opt-in language), DNC scrub logs showing each scrub date and the registry version used, call disposition records, and opt-out request logs with confirmation of removal. Courts have made defendants produce consent records going back years. The FTC recommends keeping telemarketing records for 24 months; TCPA prudence suggests longer for written consent documents.

How do I know if my dialer counts as an ATDS under California law?

After Facebook v. Duguid (2021), a system qualifies as an ATDS if it uses a random or sequential number generator to store or produce numbers to be called. Ninth Circuit courts apply this standard. A dialer that calls from a fixed uploaded list, with no random or sequential generation, is arguably not an ATDS under current Ninth Circuit precedent. The FCC has signaled it may revisit the definition, so this stays a litigated area. Get a current attorney review of your specific system.

Sources

  1. U.S. Government Publishing Office, Telephone Consumer Protection Act, 47 U.S.C. § 227: TCPA prohibits autodialed or prerecorded calls to cell phones without prior express consent; $500 per violation, $1,500 if willful; requires automated opt-out mechanism in prerecorded calls
  2. California Legislative Information, Penal Code § 653b (Automatic Dialing-Announcing Devices): California Penal Code § 653b requires ADAD calls to state the business name, a callback opt-out number, and disclosure that an automatic dialing device is used; violations are a misdemeanor
  3. California Legislative Information, Penal Code § 632 (California Invasion of Privacy Act): CIPA requires all-party consent to record confidential communications; civil penalty of $5,000 per violation with private right of action
  4. Supreme Court of the United States, Facebook, Inc. v. Duguid (2021): To qualify as an ATDS, a system must use a random or sequential number generator to store or produce numbers to be called
  5. FTC, National Do Not Call Registry, Telemarketer Information: Telemarketers must scrub lists against the National DNC Registry; subscription fees range from $77 for one area code to $18,044 for all numbers; penalty per violation up to $51,744
  6. Code of Federal Regulations, 47 C.F.R. § 64.1200 (FCC TCPA implementing rules): 47 C.F.R. § 64.1200(a)(3) requires prior express written consent for prerecorded commercial calls to residential lines; § 64.1200(b) requires automated opt-out mechanism in every prerecorded call
  7. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: Telemarketing Sales Rule governs National DNC compliance, requires established business relationship exceptions only within 18 months of last purchase or 3 months of inquiry
  8. California Legislative Information, Business & Professions Code § 17200 (Unfair Competition Law): California's UCL defines 'unlawful' business acts broadly, allowing AG and private plaintiffs to bring TCPA violations as predicate state UCL claims
  9. California Legislative Information, California Consumer Privacy Act (CCPA), Civil Code § 1798.100: CCPA gives California residents rights to know how personal data (including phone numbers) is used and to request deletion, affecting outbound call list sourcing practices

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Forms & Templates

Related Glossary Terms

LeadCompliant
Build My Kit