New robocall laws in 2024-2025: what outbound teams must know

FCC's 2024 AI robocall ruling, TRACED Act rules, California AB 2839, and TCPA penalties up to $1,500 per call explained for outbound sales teams.

LeadCompliant Team
21 min read
In This Article

Last updated 2026-07-10

Office worker reviewing compliance documents at a desk in afternoon light
Office worker reviewing compliance documents at a desk in afternoon light

TL;DR

There's no single new robocall law. The sharpest recent change is the FCC's February 2024 ruling that AI-generated voices in robocalls count as "artificial or prerecorded voices" under 47 USC 227, so they need prior express consent. The TRACED Act (2019) added STIR/SHAKEN and bigger fines. California AB 2839 added AI disclosure rules. TCPA violations run $500 to $1,500 per call, plus FCC forfeitures up to $23,727 each.

What is the new law on robocalls and when did it take effect?

There isn't one new robocall law. The phrase points to a stack of overlapping rules updated over the past six years, not a single statute. The base is still the Telephone Consumer Protection Act of 1991, codified at 47 USC 227. [1]

The TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act) became law in December 2019 and is the biggest robocall legislation since TCPA itself. [2] It let the FCC issue larger fines, required carriers to build STIR/SHAKEN call authentication, and stretched the agency's window to chase intentional violators.

Then came the ruling that made headlines. In February 2024 the FCC decided, unanimously, that robocalls using AI-generated voices are "artificial or prerecorded voices" under 47 USC 227(b)(1)(A), so they need prior express consent before they go out to any consumer. [3] The order took effect on adoption, February 8, 2024. It shut a loophole some callers thought they had, since AI-synthesized audio wasn't named in the original 1991 text.

So the honest answer: robocall law has been in a rolling update cycle since 2019. No single new statute, but the AI voice ruling in early 2024 is the change that matters most for outbound teams right now.

What did the FCC's 2024 AI robocall ruling actually change?

It killed the argument that a live AI voice isn't a "prerecording." Before February 2024, some callers claimed real-time AI voice synthesis fell outside the TCPA phrase "an artificial or prerecorded voice." [3] The FCC ended that reading. The term now covers any voice that isn't a live human speaking in real time, whatever technology makes the sound.

The ruling came straight out of a January 2024 incident. Robocalls using an AI-cloned voice of President Biden went to New Hampshire voters telling them to skip the primary. [4] The FCC moved fast, for the FCC. A cease-and-desist to the vendor followed within weeks, and the agency proposed a $6 million forfeiture against the operation within months. [4]

What it means for an outbound sales team, in plain terms:

  • If your dialing platform or any vendor uses AI voice synthesis, text-to-speech, or voice cloning to speak to consumers, you need prior express written consent before the call goes out. Same standard as any prerecorded robocall.
  • A live agent reading a script is still fine. The rule targets automated playback, not human speech.
  • AI-assisted call routing, whisper coaching, or sentiment analysis that the consumer never hears is not covered.

The FCC also told its Enforcement Bureau to pursue cases under the clarification, and that wasn't just talk. Ask your vendor one question: does any part of this system speak to consumers with a synthesized voice? If they can't answer clean, you have a problem.

What is California's robocall law and what changed recently?

California moves faster than federal regulators, and two state angles matter for callers. California's recording statute, Penal Code 632, requires all-party consent to record calls, which is stricter than federal one-party law. That predates any robocall rule, but it touches automated outreach because so many systems record by default. [5]

Second, California AB 2839, signed in September 2024, targets AI-generated election content, robocalls included. It requires disclosure when AI-generated content shows up in political communications and imposes liability for deceptive AI robocalls meant to sway elections. [6] It carries criminal exposure, not only civil. Run any political or advocacy calling in California and this applies to you today.

California's Automatic Dialing-Announcing Device rules, under Public Utilities Code 2872, have been on the books for years. They bar unsolicited automated calls to residential lines without consent. [5] The state hasn't passed a broad new general-purpose robocall law beyond the federal floor, but the Attorney General increasingly runs parallel state actions alongside FCC proceedings.

Stack it up. TCPA, the AI voice rule, AB 2839 for political content, and Penal Code 632 for recording. California is the strictest robocall jurisdiction in the country right now. Running a California campaign without solid consent records is a real risk, not a theoretical one.

What penalties do robocall violations carry under current law?

The numbers are real and they stack fast. Under 47 USC 227, each violating call carries $500 in statutory damages. [1] If a court finds the violation willful or knowing, that trebles to $1,500 per call. There's no cap per lawsuit. A single campaign of 10,000 unconsented robocalls exposes the caller to up to $15 million if a class certifies.

The FCC runs a separate forfeiture track. As of 2024, the maximum is $23,727 per violation per day for continuing violations, adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act. [7] The agency also aggregates. In 2021 the FCC proposed a $225 million forfeiture against a health insurance robocall operation, the largest in its history at the time.

The TRACED Act pushed the FCC's window to pursue intentional violations from one year to four. [2] That's not trivia. A campaign run in 2022 can still draw FCC action today.

State AGs add a third layer. Texas, Indiana, and North Carolina have each pursued robocall cases on their own in recent years, sometimes under state unfair-practice statutes rather than TCPA, which sidesteps some federal procedural hurdles.

Violation TypePer-Call ExposureWho Can Sue
Standard TCPA violation$500Individual or class
Willful/knowing TCPA violation$1,500Individual or class
FCC forfeiture (per violation/day)Up to $23,727FCC only
State AG actionVaries by stateState AG

This math is why class action lawyers treat robocall cases as a volume business. One campaign, thousands of calls, one certification, and the total gets ugly.

TCPA and FCC robocall penalties by violation type Maximum per-violation exposure under current federal law Standard TCPA violation (per call) $500 Willful TCPA violation (per call) $1,500 FCC forfeiture (per violation/day) $24k Source: 47 USC 227 [1]; FCC Forfeiture Policy [7]

What is STIR/SHAKEN and does it affect your calls?

STIR/SHAKEN is a call authentication framework the TRACED Act made carriers build. [2] The name stands for Secure Telephone Identity Revisited and Signature-based Handling of Asserted information using toKENs. Every major U.S. voice carrier had to implement it by June 30, 2021. [12]

Here's how it works. When a call crosses between carriers, the originating carrier cryptographically signs it with an attestation level of A, B, or C. Level A means the carrier can verify the caller ID number belongs to the customer placing the call. Level B means the carrier knows the customer but can't verify number ownership. Level C means the carrier just passed the call through.

Two reasons this matters to an outbound team. Calls that can't be authenticated, or that look spoofed, get flagged as "Spam Risk" or "Scam Likely" by mobile carriers before the phone ever rings. That isn't a fine. It's your calls dying unanswered. The second reason is enforcement. The FCC can use attestation data as evidence, and low or unsigned calls that match complaint patterns are easy to trace back to the vendor that sent them.

If you dial from a real business number you own or lease through a legitimate platform, you should be getting A-level attestation. If your vendor can't tell you what level your calls carry, ask them directly. Today.

Does the TCPA apply to AI-powered dialers and sales automation tools?

Yes, and wider than most small teams think. The Supreme Court clarified the autodialer definition in Facebook v. Duguid (2021), holding that to qualify as an Automatic Telephone Dialing System, equipment must use a random or sequential number generator to store or produce the numbers it dials. [8] That narrowed the definition compared to some lower court readings. A platform that only dials a fixed uploaded list, with no random generation, may not be an ATDS at all.

Here's the catch. Even if your dialer isn't an ATDS, you still violate TCPA if you play a prerecorded or artificial voice. The AI voice ruling applies no matter what kind of dialer you run. A basic click-to-call system playing a pre-recorded AI greeting still needs consent.

For a practical read on how tcpa law interacts with predictive dialers and power dialers, the ATDS line is fact-specific and circuit-specific. What's safe in the Ninth Circuit can still be contested in the Eleventh.

The FCC has an open proceeding on the ATDS definition as of mid-2025, so more rule changes are possible. High-volume outbound teams should track that docket.

Consent depends on the call type and who you're calling. Here's the breakdown.

Calls to residential landlines using an ATDS or prerecorded voice: prior express consent required. [1]

Calls to cell phones using an ATDS or prerecorded voice: prior express written consent required for marketing. [1] The FCC's 2012 rules defined that written consent to require a clear and conspicuous disclosure that the person agrees to receive autodialed or prerecorded calls, plus a signature, wet or electronic.

Calls using AI-generated voices, per the February 2024 ruling: treated exactly like prerecorded voice calls. That means prior express written consent for marketing to cell phones. [3]

The FCC's December 2023 one-to-one consent rule deserves its own flag. The Commission adopted a rule requiring consent per seller, so a single lead form naming dozens of companies as potential callers no longer created valid consent for each. [9] The Eleventh Circuit vacated that rule in January 2025 on the ground that the FCC exceeded its authority. [10] The rule isn't in effect. But the principle behind it, specific and identifiable consent, is still the safe practice. Vague lead-form bundling will still get you sued even without a rule to point to.

Your consent record needs the date and time consent was given, the exact language the consumer agreed to, the phone number provided, and ideally a session ID or IP address. Keep it at least four years, given the TRACED Act's extended window.

How do the new rules affect Do Not Call list compliance?

The National Do Not Call Registry runs alongside the TCPA rules, not inside them. The FTC maintains it under 16 CFR Part 310, and it's a separate layer from the autodialer and prerecorded-voice requirements. [11] Both apply at once. A number can sit on the DNC Registry (blocking most solicitation calls) and also be a cell number protected by TCPA consent rules. You clear both hurdles or you don't call.

The recent AI ruling didn't rewrite DNC rules. The core obligation stands: scrub your list against the registry before calling, keep your own internal DNC list, and honor opt-outs within 30 days. What changed is intensity. The FTC and FCC have run "Operation Stop Scam Calls" sweeps that cross-reference DNC complaints against carrier data and STIR/SHAKEN logs.

State DNC lists are their own problem. Indiana, Texas, Wyoming, and others keep separate registries you have to scrub on their own. Missing a state list is a common trap for teams that only check the federal one.

For how telephone call recording laws layer on top of DNC duties in each state, the consent standards for recording and for contacting are often different. Getting one right doesn't mean you got the other right.

What does the new robocall law mean for political and nonprofit callers?

Political and nonprofit calls have always sat in a different spot under TCPA, and that's still true, with one big caveat.

Non-commercial political robocalls to landlines don't require prior express consent under TCPA. The prohibition on prerecorded calls applies to "telephone solicitations," and political calls generally aren't solicitations in the legal sense. [1] That carve-out has held up.

The February 2024 AI voice ruling has no political exemption. If a campaign uses an AI-cloned voice of a candidate, or anyone else, in a robocall, it needs prior express consent under the prerecorded-voice standard. The FCC was explicit, because the ruling grew out of a political operation. [3]

California's AB 2839 goes further in that state, adding criminal liability for deceptive AI-generated political robocalls regardless of consent. It targets calls built to mislead voters about candidates or voting procedures. [6]

Nonprofits sit where political callers sit. TCPA generally exempts non-commercial calls from the strictest consent rules, but an AI-generated voice erases that comfort. The AI voice rule reaches everyone.

What should your outbound team actually do to comply right now?

The concept is simple. The execution is tedious. Here's what actually moves the needle.

Audit your tech stack first. Ask every vendor that touches your outbound calls one direct question: does any part of this system use AI-generated or synthesized voice in what consumers hear? If the answer is yes or unclear, you need written consent for every consumer you call with it.

Fix your consent language next. If your lead forms or intake flows say things like "you may be contacted by our partners," that isn't specific enough under best practices, and arguably wasn't even before the vacated one-to-one rule. Name your company. Describe the call type. Get a signature or a checked box.

Build a real DNC scrub workflow. FTC registry access requires you to scrub no more than 31 days before a call. [11] Put that into campaign setup, not into an afterthought. Automate it if you can.

Train your team on opt-outs. The 30-day honor window for DNC requests is hard law. A consumer who says "stop calling me" on a call goes onto your internal DNC list, timestamped.

Document everything. Consent records, scrub confirmations, opt-out logs. Four years minimum.

LeadCompliant has a free TCPA compliance kit with consent language templates, DNC scrub checklists, and a phone number checker. It's a reasonable starting point for small teams without a dedicated compliance person.

For teams calling into specific states, recorded phone call laws and is it against the law to record phone calls are worth a read, because your recording practices interact with your robocall consent practices in ways that create double exposure.

What pending changes to robocall law should you watch in 2025 and beyond?

Several live proceedings could reshape the rules again. Watch them.

The FCC's ATDS definition proceeding is open. The agency is weighing a rule-based definition after Facebook v. Duguid, and depending on the direction, some predictive dialers now considered safe could get pulled back in. [8]

The Eleventh Circuit's January 2025 vacatur of the one-to-one consent rule means the FCC may re-propose it in a form that survives review. If it does, consent gathered through shared lead forms becomes explicitly illegal, not merely risky. Watch the docket (FCC 23-107). [9]

Congress has floated bills to expand TCPA liability and create new private rights of action for AI robocalls. None cleared committee as of mid-2025, but the pressure from the 2024 New Hampshire incident hasn't faded.

At the state level, New York has legislation pending that would require affirmative disclosure when AI voices are used in any commercial call, not only political ones. If it passes, new york call recording law resources will need to be read next to any new AI disclosure requirement.

The safe posture for 2025: treat the one-to-one consent standard as if it's already law, because it probably will be again, and assume state AI voice disclosure rules are coming even where they don't exist yet.

Frequently asked questions

Is there a new federal law specifically banning robocalls in 2024 or 2025?

No single new statute bans robocalls outright. The TCPA (47 USC 227) remains the primary federal law. What changed in 2024 is an FCC ruling that AI-generated voices in robocalls require prior express consent, the same as prerecorded calls. The TRACED Act (2019) added stronger enforcement tools. Congress has bills in circulation but none passed as of mid-2025.

What does the FCC's AI robocall rule actually prohibit?

The February 2024 FCC ruling clarifies that calls using AI-synthesized or AI-cloned voices are "artificial or prerecorded voices" under 47 USC 227. Placing such calls to any consumer without prior express consent is prohibited. Calls to cell phones for marketing purposes require prior express written consent. The ruling applies to political, commercial, and nonprofit callers equally.

What is California's new robocall law?

California AB 2839, signed in September 2024, imposes disclosure requirements and criminal liability for deceptive AI-generated content in political robocalls, including calls that use cloned voices of candidates or fabricate election information. Separately, California's ADAD rules under Public Utilities Code 2872 prohibit unsolicited automated calls to residential lines without consent, layered on top of federal TCPA requirements.

How much can a company be fined for illegal robocalls?

Under TCPA, each illegal call carries $500 in statutory damages, trebled to $1,500 for willful violations. There is no cap per lawsuit, so a 10,000-call campaign can expose a company to up to $15 million. The FCC can separately impose forfeitures up to $23,727 per violation per day. State AG actions add further exposure under state unfair-practice statutes.

Does the new AI robocall law apply to my sales team's auto-dialer?

It depends on what your dialer does. If it plays an AI-synthesized voice message to consumers, the February 2024 FCC ruling applies and you need prior express consent. If it uses a live human agent and only dials automatically, the AI voice rule doesn't apply, though TCPA's ATDS rules may still apply depending on how the dialer generates numbers.

What is STIR/SHAKEN and do I have to do anything about it?

STIR/SHAKEN is a call authentication system mandated by the TRACED Act and required of all major carriers by June 2021. As a caller, you don't implement it yourself, your carrier does. But you should confirm with your dialing vendor that your calls receive Level A attestation. Calls without proper authentication are increasingly labeled Spam Risk by mobile carriers and can be flagged in FCC enforcement actions.

Does the Do Not Call Registry still apply with all these new rules?

Yes. The National DNC Registry under 16 CFR Part 310 is a separate layer that runs alongside TCPA consent requirements. You must scrub your call list within 31 days before dialing, maintain your own internal DNC list, and honor opt-out requests within 30 days. Several states also have separate DNC registries requiring independent scrubs.

Are political robocalls exempt from the new AI voice rules?

Partially. Political calls to landlines have historically been exempt from TCPA's prior express consent requirement because they aren't "telephone solicitations." But the FCC's 2024 AI voice ruling has no political exemption: any call using an AI-generated or AI-cloned voice still requires prior express consent. California's AB 2839 adds criminal liability for deceptive AI political robocalls in that state.

The FCC adopted a rule in December 2023 requiring consent to name a single specific seller, making shared lead-form consent invalid for multiple companies. The Eleventh Circuit vacated that rule in January 2025, finding the FCC exceeded its authority. The rule is not currently in effect, but the FCC may re-propose it. Using specific one-to-one consent language is still the safest practice regardless.

The TRACED Act extended the FCC's enforcement window for intentional violations to four years. While TCPA itself doesn't specify a retention period for consent records, keeping records at least four years is the practical standard most compliance attorneys recommend. Records should include the date, consent language shown, phone number, and electronic signature or form submission metadata.

Can individual states pass their own robocall laws stricter than federal rules?

Yes. TCPA explicitly preserves state law that provides greater protection to consumers. California, Indiana, Texas, New York, and others have all exercised this authority at various points. California's all-party recording consent rule and its AI political robocall law are examples. Teams targeting specific states need to check both federal and state-level requirements independently.

What is the simplest way to check if my call list is compliant before a campaign?

The minimum is a scrub against the National DNC Registry (access at donotcall.gov) within 31 days of your campaign launch, plus any applicable state DNC lists. Beyond that, verify cell numbers against consent records for any campaign using a prerecorded or AI-generated voice. Free phone number lookup tools can help identify landline versus mobile at the list stage.

Sources

  1. U.S. Government, 47 USC 227 (Telephone Consumer Protection Act): TCPA statutory damages of $500 per violation, trebled to $1,500 for willful violations; consent requirements for prerecorded voice calls
  2. U.S. Congress, TRACED Act (Pub. L. 116-105): TRACED Act extended FCC forfeiture action window to four years for intentional violations and mandated STIR/SHAKEN implementation
  3. FCC, Declaratory Ruling on AI-Generated Voice Robocalls (February 2024): FCC ruled February 8, 2024 that AI-generated voices in robocalls are artificial or prerecorded voices under 47 USC 227 and require prior express consent
  4. FCC, Consumer and Governmental Affairs, New Hampshire AI Robocall enforcement: FCC cited January 2024 New Hampshire AI-cloned Biden voice robocalls as direct impetus for the February 2024 ruling and proposed a $6 million forfeiture against the operation
  5. California Legislative Information, Penal Code 632 and Public Utilities Code 2872: California requires all-party consent to record calls under Penal Code 632; Public Utilities Code 2872 prohibits unsolicited automated calls to residential lines without consent
  6. California Legislative Information, AB 2839 (2024): California AB 2839, signed September 2024, imposes disclosure requirements and criminal liability for deceptive AI-generated political robocalls
  7. U.S. Government, 47 CFR 1.80 Forfeiture Penalty rules and inflation adjustments: FCC maximum forfeiture is $23,727 per violation per day, adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act
  8. U.S. Supreme Court, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held that an ATDS must use a random or sequential number generator to store or produce numbers; narrowed the definition from some lower court readings
  9. FCC, Report and Order FCC 23-107, One-to-One Consent Rule (December 2023): FCC December 2023 rule required consent to name one specific seller; adopted to close the lead-generator loophole
  10. U.S. Court of Appeals, Eleventh Circuit, Insurance Marketing Coalition v. FCC (2025): Eleventh Circuit vacated the FCC one-to-one consent rule in January 2025, finding the FCC exceeded its statutory authority under TCPA
  11. FTC, National Do Not Call Registry, 16 CFR Part 310: FTC requires telemarketers to scrub against the National DNC Registry no more than 31 days before a call campaign
  12. U.S. Government, TRACED Act STIR/SHAKEN mandate, 47 USC 227b: Major voice carriers were required to implement STIR/SHAKEN call authentication by June 30, 2021 under TRACED Act mandate

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

LeadCompliant
Build My Kit