Is AI Cold Calling Legal? What Business Owners Need to Know in 2026

AI-powered phone calls are growing rapidly. The global conversational AI market reached $13.2 billion in 2024, according to Precedence Research, with voice-based AI accounting for a significant share. But as the technology has scaled, so has regulatory scrutiny. The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both taken aggressive action against illegal robocalling, and AI-generated calls have become a specific enforcement target.

This guide covers the current legal landscape for AI phone calls in the United States, breaks down the critical difference between AI cold calling and AI appointment setting, and provides a compliance checklist that keeps your business on the right side of federal and state law.

$500Minimum penalty per illegal robocall under the TCPA. Treble damages of $1,500 per call for willful violations (47 U.S.C. Section 227)

$2.4BTotal TCPA settlement payouts from 2015 to 2024, according to WebRecon LLC's annual litigation report

55.9BRobocalls placed in the U.S. in 2024, per YouMail's Robocall Index, despite aggressive enforcement

Feb 2024FCC unanimously ruled that AI-generated voice calls are "artificial" under the TCPA, requiring prior express consent

The Critical Distinction: Outbound Cold Calling vs. Inbound Appointment Setting

Before diving into regulations, you need to understand the fundamental difference between two very different use cases for AI voice technology. The legal implications are dramatically different.

AI Cold Calling (Outbound, Unsolicited)

AI cold calling means using artificial intelligence to place outbound calls to people who have not requested contact from your business. This includes calls to purchased lead lists, scraped phone numbers, or any number where the person did not initiate the relationship. This is the category that triggers the most regulatory enforcement.

AI Appointment Setting (Inbound, Consent-Based)

AI appointment setting means using AI to answer calls or respond to inquiries from people who have already expressed interest. When someone fills out a contact form, clicks "call me," dials your phone number, or submits a service request, they have initiated contact. The cost of missing those inbound calls is significant, which is why businesses turn to AI in the first place. An AI agent that responds to these inbound inquiries operates in a fundamentally different legal category than one that initiates unsolicited outbound calls.

The legality of AI phone calls depends almost entirely on one question: did the person being called initiate the contact? If yes, you are on solid legal ground. If no, you are navigating a regulatory minefield.

Federal Law: The TCPA

The Telephone Consumer Protection Act of 1991 (47 U.S.C. Section 227) is the primary federal law governing automated phone calls. Originally written to address recorded-message telemarketing, the TCPA has been repeatedly updated and reinterpreted to cover modern AI calling technology.

What the TCPA Prohibits

Automated calls to cell phones without prior express consent: Any call using an automatic telephone dialing system (ATDS) or prerecorded/artificial voice to a mobile number requires the called party's prior express consent. For marketing calls, this must be prior express written consent.
Calls to numbers on the National Do Not Call Registry: Telemarketers must scrub their call lists against the DNC registry. Violations carry penalties of up to $51,744 per call (as adjusted for inflation by the FTC in 2024).
Calls before 8 AM or after 9 PM local time: All telemarketing calls must fall within the 8 AM to 9 PM window in the called party's time zone.

The February 2024 FCC Ruling on AI Voices

On February 8, 2024, the FCC issued a Declaratory Ruling that AI-generated human voices in phone calls qualify as "artificial or prerecorded voice" under the TCPA. This was a landmark decision. Before this ruling, there was ambiguity about whether AI-generated speech (which is synthesized in real time, not "prerecorded") fell under the TCPA's robocall restrictions.

The ruling eliminated that ambiguity. Any AI-generated voice call that mimics human speech is now subject to the same TCPA restrictions as prerecorded robocalls. This means prior express consent is required for AI calls to cell phones, and prior express written consent is required for AI marketing calls.

Enforcement Alert

The FCC has authority to issue fines of up to $23,727 per unwanted robocall and has proposed penalties exceeding $300 million against illegal robocall operations since 2021. In December 2023, the FCC fined a single robocall operator $299 million for 5 billion illegal calls.

FTC Enforcement: The Telemarketing Sales Rule

The FTC enforces the Telemarketing Sales Rule (TSR), which adds additional requirements on top of the TCPA. Under the TSR, telemarketers must disclose the identity of the seller and the nature of the call promptly at the beginning of the conversation. AI calls that fail to make these disclosures violate the TSR regardless of consent status.

In February 2024, the FTC proposed an updated rule specifically addressing AI-generated calls, seeking to prohibit the use of AI to impersonate individuals or organizations. The proposed rule also targets AI "cloning" of voices without consent. As of March 2026, enforcement actions under these updated guidelines are actively proceeding.

State-by-State Laws

Federal law sets the floor, but many states impose stricter requirements. Here are the key state-level variations that affect AI calling.

States with AI-Specific Calling Laws

California (CCPA/CPRA): California requires explicit disclosure when a call is made by an AI or automated system. The California Consumer Privacy Act also gives consumers the right to opt out of automated decision-making, which can include AI call qualification.
Illinois (AI Video Interview Act, extended to voice): Illinois was the first state to regulate AI in communications. Businesses must notify individuals when AI is used in interactions and obtain consent for AI-analyzed conversations.
Washington: Requires clear disclosure that a call is automated or AI-generated at the start of the call. Failure to disclose carries penalties under the state's Consumer Protection Act.
Colorado (Colorado AI Act): Effective 2026, requires businesses to disclose AI involvement in consumer-facing interactions and maintain documentation of AI systems used in high-risk decisions.
New York: Pending legislation (as of 2026) would require AI calling systems to identify themselves as artificial within the first 10 seconds of any call.

Two-Party Consent States (Call Recording)

If your AI agent records calls for quality assurance or training, you need to know which states require all-party consent for recording. As of 2026, 13 states require two-party (all-party) consent for recording phone calls: California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Pennsylvania, and Washington. Your AI agent must disclose recording at the start of every call if operating in these states.

Where AI Appointment Setting Falls Legally

Here is why the inbound versus outbound distinction matters so much. When a potential customer initiates contact with your business by filling out a form, calling your number, or clicking a "request callback" button, they have provided implied consent for your business to respond. An AI appointment setter that responds to these inbound inquiries is not making an unsolicited call. It is returning a requested contact.

The TCPA's consent requirements apply primarily to outbound, unsolicited calls. When someone dials your business phone number, you are answering their call. When someone submits a web form requesting a callback, they have provided prior express consent for that callback. This is the legal framework within which AI appointment setting services like CallSetter AI operate.

Answering the phone when someone calls your business is not a robocall. Responding to a form submission from someone requesting information is not spam. AI appointment setting handles inbound leads who have already raised their hand.

Stay Compliant While Never Missing a Lead

CallSetter AI operates on the inbound side: answering calls and responding to form submissions from people who contacted you first. Fully TCPA compliant. Fully disclosed.

Book a Demo

Penalties for Non-Compliance

The financial risk of illegal AI calling is severe and personal, making a compliant inbound AI approach far more profitable than risking penalties. TCPA violations carry statutory damages of $500 per call, and $1,500 per call for willful violations. In class action lawsuits, these per-call damages multiply across every affected consumer. A campaign of 10,000 illegal calls could generate liability of $5 million to $15 million.

Recent enforcement examples illustrate the scale. In August 2024, the FCC proposed a $6 million fine against a political consultant who used AI-generated voice calls impersonating a public figure to discourage voting in the New Hampshire primary. In 2023, a home warranty company agreed to pay $7.2 million to settle TCPA claims involving automated calls. These are not theoretical risks. They are active, well-funded enforcement actions.

Your Compliance Checklist

Whether you are using AI for inbound appointment setting or considering outbound AI calling, this checklist covers the requirements you need to meet.

AI Calling Compliance Checklist

Disclose AI use at the start of every call ("This call is assisted by an AI system")
Obtain prior express written consent before any outbound marketing calls to cell phones
Scrub outbound call lists against the National Do Not Call Registry every 31 days
Provide a clear opt-out mechanism during every call
Restrict calling hours to 8 AM to 9 PM in the called party's local time zone
Disclose call recording in two-party consent states before recording begins
Identify the business name and purpose of the call within the first 30 seconds
Maintain records of consent for at least 5 years (FTC recommendation)
Honor do-not-call requests within 30 days and maintain an internal DNC list
Implement caller ID displaying your actual business number (no spoofing)
Review state-specific AI disclosure laws for every state where you operate
Document your AI calling system's compliance measures in writing

The Safe Path Forward

The safest and most effective use of AI voice technology for most businesses is inbound appointment setting. You are not cold-calling strangers. You are responding to people who have already expressed interest in your services. This model provides the speed-to-lead advantages of AI (responding in under 60 seconds, 24/7 availability, consistent qualification) while staying firmly within the legal boundaries established by the TCPA, FTC, and state regulators.

For businesses that want to pursue outbound AI calling, the compliance burden is substantial but manageable with proper legal counsel and robust consent management systems. The key is to never cut corners on consent, disclosure, and DNC compliance. The penalties are too severe and the enforcement too active to treat compliance as optional.

This article provides general information about telecommunications law and should not be construed as legal advice. Consult with a telecommunications attorney for guidance specific to your business and jurisdiction. For industries like dental practices, insurance agencies, and law firms, industry-specific regulations add additional layers to consider.