Artificial intelligence promises to be a game-changer for robocalling and robotexting in both good and bad ways. Responsible actors use AI to identify and stop harmful calls. Recently, the U.S. Federal Trade Commission hosted a Voice Cloning Challenge to promote multidisciplinary approaches to protecting consumers from AI-enabled voice cloning harms, such as fraud and the misuse of biometric data. The winners of the challenge included companies that use AI to differentiate between real voices and synthetic ones.
At the same time, bad actors use AI to exploit consumers. For example, deepfake calls, in which AI technology is maliciously leveraged to clone a person's voice, represent the perils of AI in the robocall space. An example of this is the series of AI-powered deepfake calls, purported to be from President Joe Biden, made to New Hampshire voters ahead of the primary election.
Policymakers and enforcement agencies at the federal and state levels are exploring the intersection of AI and robocalling/texting, with new and proposed laws emerging in numerous places. Nineteen states recently enacted laws to regulate synthetic media and deepfake technology related to elections. This year, Utah and Colorado also enacted laws that require disclosures when certain AI tools are used to interact with consumers. Several bills have also been introduced in the U.S. Congress to address the issue of fraudulent deepfakes and other AI-powered fraud calls, including the Do Not Disturb Act, introduced by Rep. Frank Pallone, D-N.J., which would "require disclosure of the use of AI to emulate human interaction over text or phone."
Looking beyond the emerging legal and regulatory frameworks to address AI, longstanding laws already apply to the technology. FTC Chair Lina Khan clarified that existing consumer protection laws already apply to technological advancements like AI and stated, "there is no AI exemption to the laws on the books."
Among the existing legal frameworks that apply in the context of robocalls and robotexts, key laws at the federal level include the Telephone Consumer Protection Act and the Telemarketing Sales Rule.
TCPA and TSR
The TCPA is a federal law that creates requirements and restrictions for various outbound calls and text messages. Enacted in 1991, the law is codified in the Communications Act and implemented by the U.S. Federal Communications Commission, but its jurisdictional reach encompasses a far wider array of entities and individuals than those traditionally regulated by the FCC. It applies to "any person within the United States, or any person outside of the United States if the recipient is within the United States" that makes or initiates certain calls and faxes.
However, the breadth of the TCPA does not stop at its jurisdictional reach. While it has heightened requirements for marketing and autodialed calls, the TCPA also establishes important rules and requirements for other calls, including informational and even manually dialed calls. For example, the TCPA governs telemarketing calls to residential subscribers, including those dialed manually and those that leverage automated technology, like prerecorded voices or autodialers. It also regulates a wide range of informational, nonmarketing calls, including automated informational calls to wireless numbers and residential landlines, subject to certain exceptions and conditions.
Moreover, the statute is not limited to traditional calls but also covers new and emerging technologies. A prime example of this is text messages. Although the TCPA was adopted before the first text message was ever sent, the FCC and the courts have long interpreted the law to treat a text message as a call.
In addition to its broad reach and application, the TCPA is complex, with different requirements and restrictions that depend upon several factors. In particular, which TCPA rules apply to any given call depends on how a call is placed. Did the caller use an autodialer or an artificial or prerecorded voice? It also depends on whether the call introduces an advertisement, constitutes telemarketing or is merely informational, as well as the type of number called, meaning whether the caller dialed a wireless number, residential landline or business line.
Of note, each of these key thresholds — including what constitutes an autodialer and what a telemarketing call is — have been subject to a host of interpretations by the FCC and the courts.
The TCPA has a range of requirements derived from the statute and the FCC's rules. Depending on the details of the call, one or several of the following requirements may apply.
Consent
Prior express consent is required for calls to wireless numbers that use autodialers or artificial or prerecorded voices and calls to residential landlines that use prerecorded or artificial voices, unless an exception applies, such as for nonmarketing calls and health care calls. The TCPA establishes different levels of consent depending on the call's content. Telemarketing calls trigger prior express written consent, the highest form of TCPA consent, and informational calls generally trigger prior express consent, which is lower than written consent.
Notably, the TCPA has also been interpreted to allow for opt-out rights. The FCC has held that consumers may revoke consent through any reasonable means and established new rules governing opt-out requests.
Additionally, artificial or prerecorded voice calls placed to a residential landline are subject to call volume limits if the call is made pursuant to an exception from the consent requirement.
Artificial or prerecorded call content
The TCPA requires artificial or prerecorded voice call messages to identify the caller and include callback numbers. There are heightened requirements — including adding an automated opt-out tool — if the artificial or prerecorded call is a marketing call or is placed to a residential landline under an exception from the consent requirement.
Do-not-call
The TCPA also establishes various do-not-call restrictions for marketing calls. Specifically, subject to various exceptions, calls that market goods or services must not be placed to numbers that have been registered in the National Do Not Call Registry, which is maintained by the FTC, or to numbers that have made specific do-not-call requests to specific callers. The FCC has recently taken steps to strengthen and expand these rules.
Additional requirements for calls include time of day. Telemarketers may not call before 8 a.m. or after 9 p.m., based on the local time at the called party's location. Telemarketers must also transmit accurate caller ID information when they place a call.
The U.S. Federal Trade Commission
The other major government player regulating robocalls and telemarketing is the FTC, which implements and enforces the TSR. The TSR was first promulgated by the FTC in 1995 under the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994. It applies to virtually all telemarketing activities directed at consumers, including telemarketing that originates in the U.S. and telemarketing that originates overseas and is directed to consumers in the U.S. Like the TCPA, the TSR contains a variety of substantive requirements and restrictions, including DNC Registry rules, disclosure requirements and consent requirements for placing prerecorded message calls.
Moreover, the FCC and the FTC have launched several enforcement efforts to combat illegal robocalls. For example, in April 2023, the FTC announced its Project Point of No Entry, intended to combat illegal robocalls from overseas. Through this project, the FTC is identifying point of entry Voice over Internet Protocol service providers that are routing or transmitting suspected illegal call traffic, issuing them warnings and monitoring them to help stop illegal calls from overseas. The FCC also actively enforces against illegal robocalls, including by proposing a USD6 million fine against the political consultant allegedly behind the presidential deepfake calls mentioned previously. Notably, the FTC and FCC also collaborate with other federal and state enforcement agencies to combat illegal robocalls. For example, last year, the FTC and the FCC renewed a memorandum of understanding to "promote cross-border collaboration to combat unsolicited communications, including email and text spam, scams, and illegal telemarketing."
Finally, the FTC continues to work alongside the FCC to ensure the DNC Registry, created to provide consumers the choice to receive telemarketing calls, is effective and accessible for consumers and telemarketers alike. According to a recent FTC report, the DNC Registry had 249.5 million active registrations at of the end of 2023.
Recent regulatory developments
The rapid development of AI technology has raised questions about how to best facilitate its benefits and mitigate its risks, including how existing laws apply to AI. Indeed, the Biden-Harris Administration's AI Executive Order encouraged regulatory agencies to exercise their authority to protect consumers from fraud, discrimination, privacy threats and other risks that may arise from the use of AI. Shortly after the executive order was released, federal agencies began working to implement its recommendations in the robocalling and robotexting space.
The FCC's Declaratory Ruling on AI and robocalls
In February 2024, the FCC took its first AI-specific action under the TCPA by issuing a Declaratory Ruling, which confirmed by unanimous vote that the TCPA's restrictions on the use of artificial or prerecorded voices cover current AI technologies that resemble human voices and/or generate call content using the technology. The Declaratory Ruling followed the FCC's November 2023 notice of inquiry, which asked about whether and how the agency should define AI, how the technology is used in calling and texting in practice, its benefits and risks, and how it impacts privacy rights under the TCPA.
Practically speaking, the ruling can be viewed as a roadmap for companies seeking to leverage AI in the robocalling and robotexting space, clarifying the general rules for such calls. Specifically, it clarified that "existing consumer protections under the TCPA (for artificial or prerecorded voice calls) apply to these (AI) calls."
As detailed above, the precise rules that apply depend on the context and specific facts of the call. Examples of requirements that may apply to these AI-powered artificial or prerecorded voice calls include prior express consent requirements, opt-out obligations, identification and other message content requirements, and call volume limits. There are additional requirements if the AI-powered artificial or prerecorded voice calls contain marketing.
The FCC's NPRM on AI-generated calls and texts
Most recently, the agency adopted a notice of proposed rulemaking 7 Aug. that proposes new TCPA rules to regulate AI-generated calls and texts. Among other things, the NPRM includes a proposal to amend the FCC's TCPA rules to require two distinct consent disclosure requirements. First, it proposes adding a consent disclosure requirement for "callers making calls using AI-generated artificial or prerecorded voice messages to include clear and conspicuous disclosure that the consumer's consent to receive artificial and prerecorded calls may include consent to receive AI-generated calls."
Second, it proposes adding a consent disclosure requirement for "callers making autodialed text messages that include AI-generated content to provide clear and conspicuous disclosure that the consumer's consent to receive such messages may include consent to receive AI-generated content."
The NPRM proposes requiring artificial or prerecorded voice messages using AI-generated voices to "clearly disclose to the called party that the call is using AI-generated technology" at the beginning of each call. Relatedly, it asks whether the agency should require specific language for AI-generated call disclosures or even whether the disclosures should incorporate "a special tone, icon, badging, or other indication that is visual, auditory, or otherwise to the called party."
These proposed new rules define "AI generated call" and include a proposed exemption to facilitate the use of AI to help individuals with speech or hearing disabilities communicate over the phone network. As proposed, the new rules would be in addition to the FCC's existing consent and disclosure requirements under the current TCPA rules.
Stakeholders can submit and reply to comments on the agency's proposal. Comments are due on or before 10 Oct., and reply comments are due 25 Oct.
FTC rulemaking
In April 2022, the FTC began its latest efforts to update the TSR. In March 2024, the FTC adopted a final rule extending telemarketing fraud protections to business-to-business calls and updating the rule's recordkeeping requirements, considering technological and marketplace developments. At the same time, the FTC issued an NPRM that would provide the agency with new tools to combat tech support scams. The TSR generally applies only to outbound calls made by telemarketers to consumers and certain categories of inbound calls made by consumers to telemarketers. The proposed rule would extend the TSR's reach to inbound calls in connection with sales of technical support services to the TSR's coverage. In announcing the new final and proposed rule, the FTC explained the "changes provide important new protections for small business and will help ensure that the FTC can take action against deceptive marketers who use AI robocalls and other emerging technology."
Consumer resources
The FCC and FTC maintain consumer guides on dealing with illegal or unwanted robocalls or texts. For example, the FCC's guide includes information on call blocking and labeling tools and resources. The FTC, meanwhile, maintains consumer advice pages on how to mitigate illegal and unwanted robocalls and texts. Additionally, the FTC maintains the National DNC Registry, which allows consumers to opt out of certain telemarketing sales calls and texts.
Conclusion
In short, AI promises to have major impacts in the robocalling and robotexting space, where it presents both benefits and new risks. Stakeholders should monitor and be aware of new laws and rulemaking activities being considered and adopted. They should also understand how developing AI technologies interact with longstanding legal frameworks like the TCPA and TSR.
Kathleen Scott, CIPP/US, CIPT, is a partner and Stephen Conley is an associate at Wiley. Aly Apacible-Bernardo, CIPM, is a legal research associate at the IAPP.
