Do-Not-Contact Compliance for AI Campaigns: Avoid Costly Violations

One DNC violation costs $500. Let AI rack up thousands of calls, and you could face millions in penalties. Here is how to run compliant AI campaigns without losing sleep.

Your marketing team just approved a 50,000-contact campaign. Your AI is ready to dial. But somewhere in that list are numbers on the National Do Not Call Registry, people who have opted out from previous campaigns, and contacts in states with their own DNC requirements.

Every unchecked number is a potential lawsuit. At $500 minimum per violation under the Telephone Consumer Protection Act, and up to $1,500 for willful violations, a single campaign run without proper compliance safeguards can generate fines exceeding your entire marketing budget.

The scale that makes AI calling attractive is the same scale that makes compliance failures catastrophic. When human agents make calls, mistakes happen one at a time. When AI makes calls, mistakes happen thousands of times simultaneously.

This guide covers everything marketing and sales operations professionals need to know about DNC compliance for AI campaigns in 2026, from federal requirements to state-specific rules to the technical safeguards that keep your organization protected.

Understanding Do-Not-Call Compliance Fundamentals

Do-Not-Call compliance operates across three distinct layers, and you must respect all of them to stay legal. Missing any single layer exposes you to liability.

The National Do Not Call Registry

The Federal Trade Commission maintains the National Do Not Call Registry, a database of phone numbers from consumers who have indicated they do not want telemarketing calls. As of 2026, the registry contains over 250 million phone numbers.

Before placing any telemarketing calls, unless an exemption applies, telemarketers are required to subscribe to the National DNC Registry, pay all necessary fees, and scrub potential called party numbers against the list. This is not optional. It is the baseline requirement for any outbound calling operation.

The registry is enforced by the FTC, the Federal Communications Commission (FCC), and state attorneys general. Violations can result in civil penalties, and consumers can sue directly under the TCPA for statutory damages.

State Do-Not-Call Lists

Approximately 14 states maintain their own DNC registries with additional requirements beyond the federal list. These include California, Colorado, Florida, Indiana, Louisiana, Massachusetts, Missouri, New York, Oklahoma, Pennsylvania, Tennessee, Texas, Wisconsin, and Wyoming.

State lists often have different registration fees, update frequencies, and enforcement mechanisms. Some states impose penalties higher than federal minimums. Your compliance program must account for every state where you place calls, not just the states where your business operates.

Internal Do-Not-Call Lists

Federal law requires you to maintain an internal DNC list of anyone who has asked your company specifically not to call them. This is separate from the national registry. When someone says "take me off your list" during a conversation, you must honor that request within 30 days and never call that number again for telemarketing purposes.

Internal DNC requests stay with your company indefinitely. There is no expiration date. A request made in 2015 still binds you in 2026.

Prior Business Relationship Exemptions

The Do-Not-Call rules include limited exemptions for established business relationships. You may call consumers with whom you have an existing business relationship, defined as a transaction or business inquiry within specified timeframes.

However, this exemption is narrower than many marketers assume. The relationship must be recent, typically within 18 months of a transaction or 3 months of an inquiry. And if the consumer has asked to be placed on your internal DNC list, the business relationship exemption does not apply.

For AI campaigns, relying on business relationship exemptions requires meticulous record-keeping and accurate data about relationship dates. One stale record, and you have a violation.

TCPA Requirements for AI-Generated Calls

The rules for AI calling became dramatically clearer in February 2024 when the FCC issued a Declaratory Ruling confirming that AI-generated voices fall under the TCPA's restrictions on artificial and prerecorded voice messages.

AI Voices Are "Artificial" Under the TCPA

The FCC determined that when AI technologies, such as voice cloning, are used to emulate real or artificially created human voices on a phone call, those calls are "artificial" voice messages within the meaning of the TCPA. This means AI calls face the same consent requirements as traditional robocalls.

For marketing calls to cell phones, you need prior express written consent. This is not verbal consent. It is documented, written authorization that clearly discloses that the consumer will receive calls using automated technology.

Consent Requirements for AI Campaigns

Under current TCPA rules, AI-generated marketing calls require:

Prior express written consent: The consumer must provide written agreement (including electronic signatures) that specifically authorizes calls using automated dialing systems or artificial/prerecorded voices.

Clear disclosure: The consent form must clearly state that the consumer is agreeing to receive marketing calls, identify who will be calling, and explain that automated technology will be used.

Voluntary agreement: Consent cannot be a condition of purchase. The consumer must be able to buy your product or service without agreeing to receive marketing calls.

2026 Consent Rule Changes

A significant rule change takes effect April 11, 2026: If a consumer opts out of one type of call or text, that revocation applies to all communications from that caller, regardless of subject matter. This means a consumer who opts out of appointment reminders has also opted out of marketing calls and service notifications from your organization.

Additionally, the FCC has proposed rules that would require specific consent for AI-generated calls and in-call disclosure when AI is being used. While these proposals are still under consideration, organizations should prepare for additional consent requirements specific to AI technology.

Why AI Campaigns Multiply Compliance Risk

The characteristics that make AI calling powerful for sales are the same characteristics that make compliance failures devastating. Understanding this risk profile is essential for building appropriate safeguards.

High Volume Means High Exposure

A human agent making 60 calls per day might generate 60 potential violations over time. An AI system making 10,000 calls per hour generates 10,000 potential violations in that same hour.

The math is simple but brutal. If just 1% of your campaign list contains DNC numbers due to incomplete scrubbing, a 50,000-contact campaign creates 500 violations. At $500 each, that is $250,000 in potential liability. At the treble damage rate of $1,500 for willful violations, it is $750,000.

Automation Removes Human Judgment

When human agents make calls, they sometimes catch errors. They recognize when something seems off, when a number appears on multiple lists, or when a contact seems inappropriate. That judgment layer disappears with full automation.

AI systems execute instructions. If you instruct the system to call a list, it calls the list. The system will not pause and wonder whether that number should really be there. Every number you feed into the system is a number that gets dialed.

Mistakes Scale Instantly

Human errors happen one call at a time and can often be caught before they compound. Automation errors happen at scale and compound before anyone notices.

Consider a scenario where your data import accidentally marked opted-out contacts as active. A human team might make a dozen bad calls before someone catches the pattern. An AI system might make thousands of bad calls in the same timeframe, creating thousands of violations from a single data error.

Record-Keeping Becomes Critical

TCPA litigation often hinges on whether you can prove compliance. Can you demonstrate that a contact consented? Can you show when your DNC list was last updated? Can you prove that a number was not on the registry at the time of the call?

AI campaigns generate massive volumes of call data. Without systematic record-keeping, proving compliance becomes impossible even when you were actually compliant. The absence of records can be as damaging as actual violations.

How Burki Handles DNC Compliance

Burki builds compliance infrastructure directly into the campaign platform. Rather than treating compliance as an afterthought, Burki makes it impossible to run campaigns without appropriate safeguards in place.

Automatic DNC List Scrubbing

Before any campaign executes, Burki automatically scrubs your contact list against current DNC data. Numbers that appear on the National DNC Registry are flagged and excluded from calling. This happens every time, without manual intervention, ensuring that stale data never slips through.

The scrubbing process runs at campaign launch, not just at list import. This matters because DNC registrations change daily. A number that was callable when you built your list might be on the registry by the time you launch.

Internal DNC Management

Burki maintains a unified internal DNC list across all your campaigns. When a contact opts out during any call, that opt-out applies across your entire organization. The system tracks:

• The date and time of the opt-out request
• The specific campaign and call where the request was made
• The method of the request (verbal, keypress, or SMS)
• Complete audit trail for compliance verification

This centralized approach prevents the common failure mode where opt-outs from one campaign are not honored by another campaign using a different list.

Real-Time Opt-Out Processing

Under FCC rules, you must honor opt-out requests within a reasonable time. Burki processes opt-outs immediately. The moment someone says "stop calling" or presses a key to opt out, their number is blocked from all future campaign calls within seconds.

The system recognizes opt-out language automatically during calls. When the AI detects phrases like "take me off your list," "stop calling," "do not call me again," or similar expressions, it terminates the call gracefully and immediately adds the number to your internal DNC list.

Consent Management

Burki tracks consent status for every contact in your system. The platform maintains records of:

• How consent was obtained (web form, verbal, written)
• When consent was obtained
• What scope of consent was granted
• Any modifications or revocations of consent

This documentation becomes critical if you ever face a compliance challenge. Having systematic consent records is often the difference between a defensible position and an indefensible one.

Time Window Enforcement

TCPA prohibits telemarketing calls before 8 AM or after 9 PM in the recipient's local time. Burki automatically enforces calling windows based on each contact's time zone. The system will not dial numbers outside permitted hours, regardless of when you schedule the campaign.

For contacts with unknown time zones, Burki applies conservative defaults to avoid inadvertent violations.

Comprehensive Audit Logging

Every campaign action is logged with complete detail. Burki maintains records of:

• Every number dialed and when
• DNC scrubbing results for each campaign
• Opt-out requests and processing timestamps
• Consent status at time of call
• Call recordings and transcripts

These logs persist for the retention period required by your compliance needs and can be exported for legal review or regulatory response.

Best Practices for Compliant AI Campaigns

Technology handles the mechanics, but compliance ultimately depends on operational discipline. These practices reduce risk even with automated safeguards in place.

Scrub Before Every Campaign

Never assume a list is clean because it was clean last month. DNC registrations happen continuously. Best practice is to scrub immediately before launch, even for lists you have used before. The minor delay is worth the protection.

Honor Opt-Outs Immediately

When someone asks to stop receiving calls, stop calling immediately. Not tomorrow, not after this campaign ends, now. Every call after an opt-out request is a separate violation. Instant processing is not just good practice; it is the difference between one violation and dozens.

Keep Meticulous Records

Document everything. Record when you obtained consent, how you obtained it, when lists were scrubbed, and when opt-outs were processed. If you cannot prove compliance, you cannot defend against claims of non-compliance.

Train Your Team

Everyone who touches campaign data needs to understand DNC compliance. A well-intentioned employee who imports a legacy list without proper scrubbing can create massive liability. Make compliance training mandatory and ongoing.

Audit Regularly

Do not wait for a complaint to discover compliance gaps. Audit your processes regularly. Pull samples of calls and verify they were properly scrubbed. Check that opt-outs are being processed correctly. Find problems before regulators or plaintiffs find them for you.

Use Suppression Files Conservatively

When in doubt, suppress. If there is any question about a contact's consent status or DNC status, do not call. The potential revenue from one marginal contact never justifies the risk of a violation.

State-Specific Rules to Know

Federal DNC rules provide the baseline, but state laws can impose additional requirements. Here are key state considerations for AI campaigns:

California

California has extensive telemarketing regulations including its own DNC list and additional disclosure requirements. Violations can result in penalties up to $2,500 per call. California law also includes specific requirements for automated calls and recordings.

Texas

Texas Senate Bill 140, effective September 2024, is one of the most comprehensive state-level AI calling laws. It requires callers to disclose within the first 30 seconds if AI is being used. Failure to disclose creates separate liability beyond standard DNC violations.

Florida

Florida maintains its own Do Not Call list and has enacted aggressive enforcement policies. The state has pursued class actions against telemarketing violations, resulting in multi-million dollar settlements.

New York

New York requires registration with the state DNC list and has specific rules about calling hours that may differ from federal standards. The state attorney general actively investigates telemarketing complaints.

Pennsylvania

Pennsylvania's telemarketing law includes provisions specifically addressing automated calling systems. Violations can result in civil penalties and private causes of action.

For any significant AI campaign, consult with legal counsel familiar with telemarketing regulations in every state where you plan to place calls. State requirements change frequently, and the penalties for non-compliance can exceed federal fines.

Frequently Asked Questions

What is the penalty for calling a number on the National DNC Registry?

Violations can result in penalties of $500 to $1,500 per call under the TCPA. The FTC can also impose penalties up to $50,120 per violation for DNC violations under the Telemarketing Sales Rule. Class action lawsuits can result in damages in the millions.

Does the DNC Registry apply to B2B calls?

The National DNC Registry only covers residential numbers, not business numbers. However, many business owners list their cell phones, and cell phones often appear on the registry. Additionally, some states have B2B calling restrictions. Always scrub against available data.

How often is the National DNC Registry updated?

The registry is updated continuously as consumers add their numbers. Telemarketers must update their copies of the registry at least every 31 days. For AI campaigns at scale, more frequent updates provide better protection.

Do I need consent for AI calls even if the number is not on the DNC?

Yes. DNC compliance and consent requirements are separate. Even if a number is not on the registry, calling a cell phone with AI-generated messages for marketing purposes requires prior express written consent under TCPA.

What if someone on my internal DNC list contacts us first?

A consumer inquiry can restart communication, but carefully. If someone on your internal DNC calls you with a question, you may respond to that inquiry. However, this does not reopen marketing permission. A service call is not consent to receive AI sales campaigns.

How long must I keep compliance records?

The statute of limitations for TCPA claims is four years in most jurisdictions. Maintain consent records, DNC scrubbing logs, and opt-out processing records for at least five years to provide adequate protection against delayed claims.

Can AI campaigns use the established business relationship exemption?

The EBR exemption applies to the DNC rules, not to the TCPA consent requirements for calls using artificial voices. Even with an established business relationship, AI marketing calls to cell phones still require prior express written consent.

The Bottom Line on DNC Compliance

AI campaigns amplify everything, both opportunity and risk. The same technology that lets you reach 10,000 prospects can create 10,000 violations if compliance safeguards fail.

The solution is not to avoid AI calling. It is to build compliance into the foundation of your campaign infrastructure. Automated scrubbing, real-time opt-out processing, systematic consent tracking, and comprehensive audit logging transform compliance from a liability into a competitive advantage.

Organizations that get this right can scale confidently. Organizations that cut corners face existential risk from a single mismanaged campaign.

DNC compliance is not optional, and with AI campaigns, it cannot be manual. The volume and speed of AI calling demand automated compliance infrastructure that works every time, without exception.

Ready to run compliant AI campaigns at scale? Start your free trial with Burki and experience built-in compliance safeguards that let you focus on results instead of risk. 200 minutes included, full compliance infrastructure from day one.

Sources:

• Electronic Code of Federal Regulations - Telemarketing Sales Rule
• Federal Communications Commission - Do Not Call
• National Do Not Call Registry
• FCC Confirms TCPA Applies to AI Technologies
• Klein Moynihan Turco - Do-Not-Call Compliance Guide
• ActiveProspect - Understanding Do-Not-Call Rules
• TCN - TCPA Compliance for Contact Centers in 2026
• Mayer Brown - FCC Declares Authority to Regulate AI-Generated Calls

Related reading: Learn more about [AI Outbound Campaigns](/blogs/campaigns/ai-outbound-campaigns) and [contact management best practices](/blogs/campaigns/contact-management) for building compliant outbound programs.