In early 2024, the FCC made a ruling that sent a ripple through the voice AI industry: AI-generated voices in calls are "artificial or prerecorded" under the Telephone Consumer Protection Act (TCPA). That single determination changed the compliance picture for every telecom reseller, MSP, and business deploying AI voice agents.
If you are selling or operating AI calling solutions, the rules that applied to robocalls now apply to you. Here is a practical breakdown of what you need to know.
What Is STIR/SHAKEN and Why Does It Matter for AI Calls?
STIR/SHAKEN (Secure Telephone Identity Revisited / Signature-based Handling of Asserted information using toKENs) is the caller ID authentication framework mandated by the FCC. It uses digital certificates to verify that a caller is actually using the number they are calling from.
When a call carries a valid STIR/SHAKEN attestation, it shows a "Verified" label on supporting devices. When it does not, carriers and analytics platforms are more likely to flag it as "Spam Likely" or block it entirely.
For AI voice agents, this matters enormously. If your AI calls are not authenticated properly, a significant portion of them will never get answered. That is a business problem before it is even a compliance problem.
Attestation Levels You Should Know
STIR/SHAKEN uses three attestation levels:
- Full Attestation (A): The carrier can verify both the customer and that the customer is authorized to use the calling number.
- Partial Attestation (B): The carrier verified the customer but cannot confirm the number assignment.
- Gateway Attestation (C): The carrier only knows where the call entered the network.
AI outbound calls should aim for A or B attestation. Anything less increases the chance of calls being flagged or blocked.
Do AI Voice Calls Need TCPA Consent?
Yes. The FCC's 2024 ruling closed a loophole that some AI calling platforms were relying on. Prior express written consent is required for any AI-initiated call to a cell phone, regardless of whether the call is purely informational or promotional.
There are two consent tiers worth knowing:
- Prior express consent: Required for non-marketing AI calls to wireless numbers (appointment reminders, delivery notifications, etc.).
- Prior express written consent: Required for any AI call that includes marketing, advertising, or is intended to influence a purchase decision.
The practical difference is that written consent must be a signed, clear agreement that specifically mentions automated calls. An opt-in checkbox buried in a terms of service page may not hold up.
What Does Not Count as Consent
- Giving a business card with your phone number
- Purchasing a product (without separate consent language)
- A general "we may contact you" clause in a privacy policy
- Consent obtained before the FCC's 2024 AI ruling, unless it explicitly covered AI-generated calls
Penalties for Getting This Wrong
TCPA violations carry $500 per call for unintentional violations and $1,500 per call for knowing or willful violations. Class action lawsuits under TCPA are common. For a campaign that touches thousands of numbers, the exposure is real.
FCC AI Robocall Rules: What Changed in 2025 and 2026
The FCC has continued tightening rules since the 2024 AI ruling. A few key developments:
2025 rulings expanded the definition of "robocall" to include any call using AI voice synthesis, not just pre-recorded audio files. This means real-time AI voice agents are explicitly covered, not just static recordings.
The FCC also introduced stricter requirements on voice service providers to block calls from bad actors upstream. Providers that fail to implement "reasonable call blocking" can lose their ability to originate or terminate traffic.
For 2026, the FCC is moving toward tighter caller identity verification requirements, with proposed rules that would require voice providers to validate the legal identity behind a calling number before assigning it STIR/SHAKEN attestation.
TCPA Compliance for AI Voice: Where Telecom Resellers Sit in the Chain
Here is the part that catches a lot of MSPs and resellers off guard: your upstream provider's compliance does not cover you.
When you resell voice services or deploy AI calling on behalf of your clients, you are a separate party in the call chain. The FCC and plaintiffs' attorneys look at every entity that had a hand in initiating or facilitating a non-compliant call.
That means:
- If your client's AI agent calls someone without proper consent, your client is liable. But if you configured the calling system or provided the platform, you could be too.
- If you are using a carrier that has STIR/SHAKEN certification, that certification covers that carrier. It does not certify the content or consent status of the calls you are making through them.
The safest position is to treat compliance as your responsibility, not something you outsource to whoever is upstream.
Practical Compliance Checklist for AI Voice Deployments
This is not legal advice, but it is a reasonable baseline for any reseller deploying AI voice agents on behalf of clients.
Consent management
- Obtain and document prior express written consent for any marketing AI calls
- Store consent records with timestamps, IP addresses, and the exact consent language shown
- Verify consent was obtained after the FCC's 2024 AI ruling, or get fresh consent
Do Not Call compliance
- Scrub call lists against the National Do Not Call Registry before every campaign
- Honor company-specific do-not-call requests within 30 days
- Maintain your own internal do-not-call list
Opt-out handling
- Every AI call must offer a clear, functioning opt-out mechanism
- Opt-outs must be honored promptly; the standard is within 30 business days under TCPA
- Log all opt-out requests
Caller ID and STIR/SHAKEN
- Register calling numbers with your carrier and ensure they have proper STIR/SHAKEN attestation
- Do not spoof caller ID; only use numbers your clients are authorized to use
- Verify that outbound calls are showing as "Verified" where possible
Call recording disclosures
- Many states require two-party consent for call recording (California, Florida, Illinois, and others)
- AI calls that are recorded must disclose recording at the start of the call
- Check the law in every state your calls will reach, not just where your client is based
Platform-level controls
- Confirm your AI calling platform has built-in consent checking before dialing
- Ensure calling times are restricted to 8 AM to 9 PM in the called party's local time zone (TCPA requirement)
- Keep audit logs of all calls placed
How Compliant AI Voice Platforms Handle This
Not all AI voice platforms are built with compliance in mind. When evaluating a platform for your clients, the key things to look for are:
Consent management built in: The platform should store consent records and check them before dialing, not leave that to a spreadsheet managed by your client.
Proper caller ID handling: The platform should work with carriers to ensure STIR/SHAKEN attestation is in place and that calling numbers are registered correctly.
Opt-out automation: When a caller says "stop calling me," the platform should log it and suppress that number automatically, without relying on a human to update a list.
Call recording disclosure: The platform should handle the "this call may be recorded" notice at the start of every call, including state-specific variations where needed.
Audit trails: Compliance is only as good as your ability to prove it. Every call should have a log entry with the number called, the time, the consent status at the time of the call, and the outcome.
If a platform cannot do these things, the liability for what it misses ends up sitting with you or your client.
Voxtell is built specifically for telecom resellers and MSPs who need AI voice agents that work within these compliance requirements, not around them. Consent management, STIR/SHAKEN-compatible caller ID, and opt-out handling are part of the platform, not afterthoughts.
FAQ
Do AI voice calls need TCPA consent?
Yes. Since the FCC's 2024 ruling, AI-generated voices are treated as "artificial or prerecorded" under TCPA. Prior express consent is required for informational AI calls to cell phones, and prior express written consent is required for any AI calls with a marketing component.
What are STIR/SHAKEN requirements for AI calls?
AI outbound calls should carry Full (A) or Partial (B) STIR/SHAKEN attestation to avoid being flagged as spam. Your carrier must be able to verify your identity and your authorization to use the calling number. Calls without proper attestation are increasingly blocked or labeled "Spam Likely" by receiving carriers.
What are the FCC AI robocall rules in 2025 and 2026?
The FCC's 2025 rules explicitly classify real-time AI voice synthesis as covered by robocall regulations, not just pre-recorded audio. In 2026, the FCC is tightening caller identity verification requirements for voice service providers. The trend is toward more accountability at every point in the call chain.
Are telecom resellers liable for TCPA violations from their clients' AI calls?
It depends on how involved they are in configuring and delivering the calling solution. Resellers who configure AI calling systems or provide the platform can face liability alongside the end client. Upstream carrier compliance does not protect you. The safest approach is to build compliance controls into your offering and document them.