Last updated 2026-07-09

TL;DR
TCPA does apply to business-to-business calls, including AI-generated and prerecorded calls to business lines. A recognized B2B exemption exists for calls to business numbers when a prior business relationship exists and the call reaches a business employee acting in their business capacity. The exemption is narrow, not absolute. AI calls carrying prerecorded messages still face consent requirements in many scenarios.
Does TCPA apply to business-to-business calls at all?
Yes. TCPA applies to business-to-business calls. The statute, 47 U.S.C. § 227, does not carve out commercial entities from its core prohibition on using an automatic telephone dialing system (ATDS) or prerecorded voice to call any telephone number without prior express consent [1]. The FCC has never issued a blanket exemption saying "B2B calls are free from TCPA." That belief, which circulates constantly in sales circles, is a dangerous misreading.
What actually exists is narrower: a B2B exemption applies specifically to calls made to a business subscriber's telephone line, placed by another business, where the call reaches an employee acting in their business capacity and a prior business relationship (PBR) is in place. The FCC recognized this distinction in its 1992 rulemaking implementing TCPA and has referenced it in later orders [2]. The exemption does not eliminate TCPA obligations wholesale. Prerecorded or AI-generated voice messages calling a business line with no prior relationship still carry real legal risk.
The practical takeaway is simple. If you are calling a business cell phone listed in someone's name (not a direct company landline), you are in murkier water. If your AI dialer is calling that cell to reach an employee, courts have generally treated the personal cell as a personal line even when the call is for business purposes. Several plaintiffs have won on exactly this point.
What does the actual TCPA statute say about business calls?
The core restriction lives in 47 U.S.C. § 227(b)(1)(A), which prohibits using an ATDS or prerecorded/artificial voice to call any number assigned to a cellular telephone service without the prior express consent of the called party [1]. The statute says "any number." It does not say "any consumer number" or "any residential number." Business cell phones are cell phones.
For residential lines, 47 U.S.C. § 227(b)(1)(B) prohibits initiating a telephone call to a residential telephone line using an artificial or prerecorded voice without prior express consent, subject to regulations the FCC may prescribe. The FCC's implementing regulations at 47 C.F.R. § 64.1200 focus certain requirements on residential subscribers, but the cellular prohibition is technology-based, not subscriber-type-based.
The statute does authorize the FCC to exempt certain calls. Section 227(b)(2)(B) allows the FCC to exempt from the prerecorded-call prohibition calls to a cellular number if the call is not charged to the called party and is in the interest of public health, safety, or made for emergency purposes [1]. Commercial B2B calls do not fit that exemption.
One quotable line from the law: the statute prohibits "any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice" to a cellular line [1]. That language does not distinguish between a Fortune 500 company's cell fleet and a consumer's personal phone.
Where does the B2B exemption actually come from?
The B2B exemption is regulatory, not statutory. It traces to the FCC's 1992 Report and Order implementing TCPA (FCC 92-443), where the Commission explained that the rules were designed primarily to protect residential subscribers and that calls between businesses fall under a different analysis [2]. The FCC stated that the restrictions on telephone solicitations "are intended to protect residential telephone subscribers," and from that language a workable B2B exemption emerged.
In practice, the exemption has three requirements that courts and the FCC apply together:
1. The call must be placed to a business line, not a personal cell. 2. The caller must have an established business relationship (EBR) with the recipient business. 3. The called party must be a business, and the call must relate to that business.
If all three conditions are met, courts have generally held that prerecorded calls, and by extension AI-generated voice calls, to that business line do not violate TCPA. The Seventh Circuit addressed this framing in Patriotic Veterans, Inc. v. Zoeller, 845 F.3d 303 (7th Cir. 2017), holding that TCPA's autodialer restrictions apply broadly while acknowledging the FCC's EBR framework for commercial contexts [3].
The exemption is not self-executing. You still need to document the relationship. "We sold them something two years ago" is not documentation. A written record showing the date the relationship began, the business contact name, and the nature of the relationship is the floor, not the ceiling.
Do AI calls and prerecorded messages get the same B2B treatment?
Largely yes, with one wrinkle that has grown since the FCC's 2024 AI guidance.
For traditional TCPA purposes, the B2B exemption applies the same way to AI-generated voice calls as it does to older prerecorded messages. If the call qualifies under the three-part B2B framework above, the delivery technology does not change the analysis. A human-sounding AI voice reading a prerecorded script to a business line where an EBR exists sits in the same legal posture as a static MP3 recording.
Here is the wrinkle. In February 2024, the FCC issued a Declaratory Ruling clarifying that AI-generated voices in robocalls are covered by TCPA's artificial-or-prerecorded-voice prohibition [4]. The FCC stated plainly that "the use of AI-generated voices in prerecorded messages constitutes an 'artificial or prerecorded voice' under the TCPA." That closed the argument that AI voices were somehow distinct from traditional robocall technology and therefore exempt. Every obligation that applied to robocalls now explicitly applies to AI voice calls.
So the B2B exemption still works for AI calls, but only if the underlying requirements are satisfied. An AI calling a business line without an EBR is still a TCPA violation. An AI cold-calling a business employee's personal cell is still a TCPA violation regardless of any B2B relationship. The 2024 ruling did not expand the B2B exemption. It confirmed that AI voices face the same rules as any other prerecorded delivery [4].
What counts as a 'business line' versus a personal cell?
This question breaks more B2B defenses than any other. Courts do not automatically accept "this was a business call" as proof the number was a business line.
A business line for TCPA purposes is generally a number that appears in the company's name in public directories or its own records, is a direct-dial office line (not a cell assigned to one employee personally), or is registered to the business entity rather than to an individual.
A personal cell phone does not become a business line because the employee uses it for work. Multiple federal courts have ruled this way. In Soppet v. Enhanced Recovery Co., 679 F.3d 637 (7th Cir. 2012), the Seventh Circuit made clear that consent follows the subscriber of record, not the use of the phone [5]. If a sales rep gives out her personal iPhone number on her business card, that number is still a personal cellular line. Any AI call to it still needs prior express consent.
One practical check: look at the number type before calling. Carrier lookup tools can flag whether a number is registered as a landline (more likely a business line) or a cell (full TCPA protections apply). This is not foolproof since numbers port, but it is a reasonable first screen. If you are uncertain, treat the number as cellular and require consent.
Some companies run their entire sales motion off calling published main business numbers (the 1-800 lines listed on company websites, for example). Those numbers are plainly business lines. The risk there is minimal for AI calls if an EBR exists. The risk rises sharply when you move to direct-dial cell numbers sourced from LinkedIn or enrichment tools.
How do AI autodialers affect the ATDS analysis in a B2B context?
After Facebook v. Duguid, 592 U.S. 395 (2021), the Supreme Court narrowed the definition of an ATDS to systems that use a random or sequential number generator to either store or produce numbers [6]. Systems that dial from a pre-uploaded list without generating numbers randomly may not qualify as an ATDS under the federal definition.
For B2B callers, this matters. If your AI dialer works from a fixed list of business contacts, it may not be an ATDS under the Duguid standard. If it is not an ATDS, the cellular consent requirement under 47 U.S.C. § 227(b)(1)(A) may not apply to it at all. That is a real defense.
Do not overread Duguid. Several states, including California and Florida, define ATDS more broadly than the Supreme Court's federal interpretation. California's TCPA analog and the Florida Telephone Solicitation Act have their own standards, and a system that escapes federal ATDS classification may still violate state law. Florida's law, amended in 2021, covers any system with the capacity to make calls from a list, which is precisely how most modern AI dialers work [7].
The 2024 FCC AI ruling also operates independently of the ATDS question. Even if your system is not an ATDS, if it uses an artificial or prerecorded voice (including AI-generated voice), the separate prohibition under § 227(b)(1) still applies to cellular calls. You can escape the ATDS analysis and still land on the wrong side of the prerecorded-voice rule. These are two separate gates. Most outbound teams only think about one of them.
What is the established business relationship and how long does it last?
An established business relationship (EBR) for TCPA purposes means a prior or existing relationship between the calling business and the recipient business, formed by a voluntary two-way communication involving a purchase, transaction, or inquiry [2]. The FCC defined this in the residential context, but courts and practitioners apply the same logic to B2B interactions.
For residential purposes, the FCC set specific time limits: an EBR from a purchase or transaction lasts 18 months from the date of the last business transaction, and an EBR from an inquiry lasts 3 months from the date of the inquiry [2]. In the B2B context these timelines are not codified in a statute, but treating them as a safe harbor is the conservative approach. If the last business interaction was more than 18 months ago, your EBR defense is weaker.
Some practical documentation standards:
| EBR Evidence Type | What to Keep | Retention Minimum |
|---|---|---|
| Purchase or contract | Invoice or signed agreement, date, counterparty name | 4 years |
| Inbound inquiry | CRM record with timestamp and contact info | 4 years |
| Ongoing service | Active contract or subscription record | Duration + 4 years |
| Opt-in consent | Written consent record with date, number, scope | 4 years |
Four years is the TCPA statute of limitations, so that is the floor for records. Keep them longer if you can. In litigation, the burden shifts to you to show the relationship existed. "We probably talked to them" does not hold up.
What are the real penalties if you get this wrong?
TCPA violations carry statutory damages of $500 per call, or up to $1,500 per call for willful or knowing violations [1]. In a class action, where a dialer placed thousands of AI calls to business numbers with no valid EBR or consent, those per-call damages compound fast.
The FCC can also take enforcement action independent of private litigation. FCC fines for TCPA violations have historically ranged from tens of thousands of dollars into the millions for systematic violators. In 2021 the FCC proposed a $225 million fine against a health insurance robocall operation, the largest in its history, though collection is a separate matter [8].
For a concrete example of how class actions unfold even for B2B-adjacent companies, see the UnitedHealthcare TCPA case, which resulted in a $2.5 million settlement. Healthcare companies with enterprise clients still face these suits. A B2B relationship is a defense you have to raise and prove. It does not stop anyone from filing the complaint.
The Credit One TCPA settlement is another illustration of per-call damages adding up across a dialing program. Even with a B2B exemption available, the cost of defending a suit to the point of asserting that defense is real money. Prevention through documentation is cheaper.
Recent TCPA news in 2024 and 2025 shows rising plaintiff activity around AI voice calls specifically, partly because the FCC's February 2024 AI ruling made it easier for plaintiffs to argue that AI voices trigger the same violations as older robocalls.
How should a B2B outbound team actually structure its AI calling program?
Here is what a defensible B2B AI calling program looks like in practice.
First, segment your lists by number type before any call goes out. Run every number through a carrier lookup. Separate confirmed landlines from cellular numbers. Confirmed business landlines with a documented EBR are your lowest-risk bucket. Cellular numbers, regardless of whether they belong to businesspeople, need express written consent before any AI or prerecorded call.
Second, build an EBR log. Every business contact should have a timestamped record in your CRM showing how the relationship began. If you are calling a prospect you have never spoken to and have no prior transaction with, you do not have an EBR, and the B2B exemption does not help you. For those contacts, either have a human place the first call or obtain consent through a different channel (a web form with clear TCPA consent language, for example) before routing them to an AI dialer.
Third, train your team on what the B2B exemption actually covers. Most sales managers have heard "B2B calls are fine" and stopped there. The nuance matters. Write a one-page internal policy that states exactly which call types require consent documentation versus which can proceed under the EBR framework.
Fourth, audit your dialer's technical classification. After Duguid, determine whether your system qualifies as an ATDS under the federal standard. If it does not, document that analysis. If it does, or if it uses AI voice, consent requirements for cellular apply regardless of the B2B exemption.
LeadCompliant's compliance kit includes a call-type classification worksheet and an EBR documentation template that cover these four steps in a format you can hand to a lawyer for review. Running your program through a structured checklist before you go live is faster and cheaper than answering a demand letter afterward.
Fifth, check your state. Florida, California, Texas, and Washington all have telemarketing laws that may impose requirements beyond federal TCPA. Florida's Telephone Solicitation Act in particular covers list-based dialers in a way the federal ATDS definition no longer does [7]. State exposure does not disappear because you have a clean federal analysis.
Which states add extra rules on top of the federal B2B exemption?
Federal TCPA sets the floor. States can go higher, and several do.
Florida passed the Florida Telephone Solicitation Act (FTSA) in 2021, effective July 1, 2021. It covers any automated system with the capacity to dial from a list, which is broader than the post-Duguid federal ATDS definition. It also applies to text messages [7]. Florida's law has a B2B exemption of its own, but it is conditional on the called party being a business subscriber and the call relating to a commercial transaction between the two businesses. A Florida B2B exemption claim still needs documented commercial context.
California's Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA) both create additional obligations for outbound callers operating in California or calling California residents (including California-based employees of businesses). CIPA § 632 covers call recording consent, a separate issue from TCPA but one that affects any AI call that records the conversation [9].
Washington State's robocall statute and its commercial email act impose registration requirements for telemarketers operating in the state. Texas has its own Business and Commerce Code chapter on unsolicited commercial calls with fines that can stack on top of federal penalties.
The B2B exemption you read about in a federal court case from Illinois does not automatically transfer to a Florida case. Assume each state where your called parties are located requires its own analysis. If you call across multiple states, map out each state's law before you assume the federal B2B framework covers you everywhere.
Does DNC registration matter for B2B calls?
The National Do Not Call Registry is administered by the FTC under the Telemarketing Sales Rule and by the FCC under TCPA. For residential subscribers it carries real force: calling a registered number without consent or an EBR is a separate violation from the ATDS/prerecorded-voice prohibition.
For business numbers, the DNC Registry applies only to residential subscribers [12]. A company's main office line is not on the National DNC Registry the way a homeowner's number is. So for pure B2B calls to verified business lines, National DNC registration is generally not a barrier.
The FTC's Telemarketing Sales Rule still reaches calls to business numbers in certain contexts, particularly calls that are essentially telemarketing regardless of who answers. Several states also maintain their own DNC lists that may cover businesses differently than the federal list. Minnesota and Indiana, for example, have state DNC lists with different scope from the federal registry.
Here is the more practical point. Even if a business number is not on the National DNC list, once a business contact has told your company to stop calling, any further calls are a violation regardless of the DNC analysis. Internal do-not-call lists are legally required under the FTC's TSR for any company making telemarketing calls [10], and maintaining one for B2B contacts is both required and smart. Every AI calling program needs an automated mechanism to flag and suppress numbers where the called party has asked for no further contact.
How does consent work when your AI is calling a business?
For business landlines with an EBR, you generally do not need written consent to place an AI or prerecorded call under the federal framework. The EBR functions as the substitute. That is the core of the B2B exemption.
For business cellular numbers, the analysis reverts to the standard TCPA consent rules. Prior express consent is required for ATDS calls to cell phones. Prior express written consent is required for telemarketing calls that use an ATDS or prerecorded/artificial voice [2]. "Express written consent" under TCPA means a written agreement (including electronic) that clearly authorizes the specific type of call, includes the phone number, and discloses that consent is not a condition of purchase.
In a B2B context, many companies collect consent through their sales contract or order forms. A line in a service agreement that says "by signing, you agree to receive calls and messages from us at the numbers you provide" can work as prior express written consent if it meets the FCC's requirements. But courts have found consent language buried in terms of service insufficient when it is not conspicuous. The contact must actually see and agree to the language.
One approach that works: use a two-step consent capture. When a business prospect fills out a web form or books a demo, put explicit TCPA consent language on that form with a checkbox that is not pre-checked. That creates a documented, timestamped consent record tied to the specific number they entered. You can then route that number into your AI dialing sequences with a defensible consent record attached.
For tools to structure this, LeadCompliant's free checker tools let you verify number types before calling, a useful first step before applying any consent or EBR analysis.
Frequently asked questions
Does TCPA apply to businesses receiving calls, more than consumers?
Yes. TCPA's prohibition on ATDS calls and prerecorded/artificial voice calls to cellular numbers applies to any cellular number, including those used by businesses or their employees. The statute does not limit protection to consumers. A B2B exemption exists for calls to business landlines with an established business relationship, but it does not cover business cell phones or cold calls to businesses with no prior relationship.
Does TCPA apply to business-to-business calls on cell phones?
TCPA fully applies to business cell phones. The cellular restriction under 47 U.S.C. § 227(b)(1)(A) turns on the number type, not the subscriber's identity. An employee's cell phone used for business is still a cellular line. AI or prerecorded calls to that number require prior express consent regardless of any B2B relationship. The B2B exemption only helps with confirmed business landlines.
What is the TCPA established business relationship and how long does it last?
An established business relationship (EBR) is a prior or existing relationship formed by a voluntary transaction, purchase, or inquiry between the two parties. The FCC's guidance for residential contexts sets a limit of 18 months from the last transaction and 3 months from the last inquiry. B2B callers generally apply the same benchmarks as a conservative safe harbor. Document every EBR with a timestamped CRM record.
Are AI-generated voice calls treated the same as robocalls under TCPA?
Yes, explicitly since February 2024. The FCC issued a Declaratory Ruling stating that AI-generated voices in robocalls constitute an 'artificial or prerecorded voice' under TCPA. Every obligation that applies to traditional robocalls applies to AI voice calls. The B2B exemption still works for AI calls to qualifying business landlines with an EBR, but creates no new relief for AI voice technology.
Does the National Do Not Call Registry apply to business phone numbers?
The National DNC Registry covers residential subscribers, not business lines. Calls to a company's verified business landline are generally not restricted by the National DNC list. But any number where a business contact has specifically asked to stop receiving calls must be added to your internal DNC list. The FTC's Telemarketing Sales Rule requires all telemarketers to maintain and honor an internal do-not-call list.
Can I use an AI dialer to cold-call businesses I have never spoken to?
Not safely. Cold calls to business landlines using AI or prerecorded voice with no prior relationship fall outside the B2B exemption, which requires an established business relationship. Cold calls to business cell phones require prior express consent. For true cold outreach, human-placed calls to business landlines carry the least TCPA risk. AI dialing is better used on warm contacts where an EBR or documented consent already exists.
Does the Supreme Court's Facebook v. Duguid ruling help B2B AI callers?
It can. Facebook v. Duguid (2021) narrowed the federal ATDS definition to systems that use a random or sequential number generator. If your AI dialer works from a fixed list without generating numbers randomly, it may not qualify as an ATDS under federal law, which reduces your cellular consent exposure. But the artificial-voice prohibition still applies independently, and several states define ATDS more broadly, so Duguid does not erase TCPA risk for AI callers.
What records do I need to keep to defend a B2B exemption claim?
Keep a CRM record for every business contact showing the business name and phone number, how the relationship began (purchase, inquiry, signed contract), the date the relationship started, and the date of the last interaction. Retain these records for at least four years, which matches TCPA's statute of limitations. Written consent records, if any, should include the date, the specific number consented, and the scope of calls authorized.
Do state laws override the federal TCPA B2B exemption?
States can impose stricter rules than federal TCPA, and several do. Florida's FTSA covers list-based autodialers more broadly than the post-Duguid federal standard and reaches B2B calls in some contexts. California's CIPA adds call recording consent requirements. State B2B exemptions are separate from the federal one and must be analyzed individually. Operating across multiple states means mapping each state's telemarketing law, more than the federal standard.
What consent language works for B2B AI calling programs?
Effective consent for AI calls to business cell phones requires a written agreement that explicitly authorizes automated or prerecorded calls at a specific number, is signed or electronically confirmed by the called party, and states that consent is not a condition of any purchase. A conspicuous checkbox on a web form or a contract clause that is not buried in fine print both work if they meet these elements. Pre-checked boxes do not count as valid consent.
How does the TCPA B2B exemption interact with text messages?
TCPA applies to text messages sent via ATDS the same way it applies to voice calls. The B2B exemption for prerecorded voice calls does not automatically extend to text messages. Text messages to business subscribers require the same prior express consent analysis as calls to cellular numbers. For a full breakdown of text message compliance rules, see LeadCompliant's text message marketing resource.
What is the penalty per AI call if the B2B exemption does not apply?
TCPA carries statutory damages of $500 per violation, trebled to $1,500 per call for willful or knowing violations under 47 U.S.C. § 227(b)(3). Each individual call or message counts as a separate violation. In a class action where an AI dialer placed thousands of calls without valid exemption or consent, total exposure reaches millions of dollars. The $500 minimum means even a small dialing campaign generates significant liability if the exemption fails.
Does a business-to-business exemption exist under the Telemarketing Sales Rule as well?
The FTC's Telemarketing Sales Rule (TSR) applies broadly to telemarketing calls but exempts calls where the seller has an existing business relationship with the recipient. For B2B calls, the TSR also generally focuses on consumer protection. But the TSR's internal DNC requirements apply to any telemarketing program regardless of whether it targets businesses or consumers. Both FTC TSR and FCC TCPA rules must be satisfied independently.
Can I rely on a third-party data vendor's claim that a number is a business line?
Not fully. Third-party data vendors can help identify number type, but legal responsibility for TCPA compliance stays with the calling entity, not the vendor. Courts have rejected the defense that a vendor certified the number was a business line. Run your own carrier lookups, document them, and if any doubt exists about whether a number is a personal cell, obtain consent before using AI or prerecorded calling. Vendor indemnification clauses help but do not erase your exposure.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA prohibits using an ATDS or prerecorded/artificial voice to call any cellular number without prior express consent; carries $500-$1,500 per-violation damages
- FCC, In the Matter of Rules and Regulations Implementing the TCPA of 1991, Report and Order (FCC 92-443), and 47 C.F.R. § 64.1200: FCC established business relationship (EBR) framework, 18-month transaction window, 3-month inquiry window, and residential focus of TCPA rules; B2B exemption recognized in 1992 rulemaking
- Seventh Circuit Court of Appeals, Patriotic Veterans Inc. v. Zoeller, 845 F.3d 303 (7th Cir. 2017): Seventh Circuit applied TCPA autodialer restrictions broadly while acknowledging the FCC's EBR framework for commercial B2B contexts
- Seventh Circuit Court of Appeals, Soppet v. Enhanced Recovery Co., 679 F.3d 637 (7th Cir. 2012): Seventh Circuit held that TCPA consent follows the subscriber of record, not the use of the phone; personal cell remains a personal line regardless of business use
- U.S. Supreme Court, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition to systems using a random or sequential number generator; list-based dialers may not qualify as ATDS under federal standard
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida FTSA effective July 1, 2021 covers any automated system with capacity to dial from a list; broader than post-Duguid federal ATDS definition; applies to text messages
- California Penal Code § 632, Invasion of Privacy Act (CIPA): California CIPA requires all-party consent for call recording; applies to AI calls that record conversations in California
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR requires telemarketers to maintain internal DNC lists and honor do-not-call requests; National DNC Registry covers residential subscribers; TSR EBR exemption mirrors TCPA framework
- FTC, National Do Not Call Registry: National DNC Registry applies to residential telephone subscribers; business lines are generally not covered by National DNC registration requirements