Sully
Open chatSign in
← All posts
TCPA ComplianceAI Voice RegulationApril 22, 2026Sully Research Team

TCPA Compliance for AI Voice and SMS in Home Services: What Contractors Need to Know in 2026

The FCC ruled in February 2024 that AI voices are 'artificial' under TCPA. Penalties run $500 to $1,500 per violation with no cap. Most contractors do not know this applies to them.

Key takeaways

  • TCPA penalties run $500 to $1,500 per violation with no statutory cap, meaning a 10,000-contact campaign carries $15 million of theoretical exposure
  • The FCC's February 2024 Declaratory Ruling classified AI-generated voices as 'artificial' under TCPA, requiring prior express written consent for outbound calls
  • FTC's September 2024 'Operation AI Comply' sweep brought combined fines over $5 million with several companies permanently banned from AI robocalls

The FCC ruled on February 8, 2024 that AI-generated voices are "artificial" under TCPA, requiring prior express written consent for outbound calls. Penalties run $500 to $1,500 per violation with no statutory cap. A 10,000-contact campaign with no consent is $15 million of legal exposure.

Most contractors do not know this applies to them. They bought an AI voice agent for HVAC, turned it on for outbound quote follow-ups, and never thought about federal law.

Here is what you actually need to know before your first lawsuit.

What Changed in February 2024

The FCC adopted a Declaratory Ruling on February 8, 2024 that explicitly brings AI-generated voice calls under existing TCPA restrictions on prerecorded and artificial voice calls. Per the FCC's official release and subsequent analysis in Wilson Sonsini's client alert, this means three things.

One. AI voices are treated identically to robocalls. There is no "AI exception" that lets you skip consent rules just because the agent sounds natural.

Two. Outbound calls using AI voices require prior express written consent from the recipient. Implied consent is not enough.

Three. Penalties apply per call, with no cap. $500 to $1,500 per violation. Willful violations hit the ceiling.

The ruling took effect immediately. Every AI voice platform operating in the U.S. has been in-scope since February 8, 2024.

What TCPA Penalties Actually Look Like

Per Kixie's 2025 TCPA guide and corroborated across legal analysis from Wilson Sonsini and McDermott:

  • Standard violation: $500 per call
  • Willful/knowing violation: up to $1,500 per call
  • Treble damages in private class actions (multiply damages by 3)
  • Class action settlements historically range $5M to $40M+
  • FCC enforcement actions run $1M to $10M+

The FTC's September 2024 "Operation AI Comply" sweep targeted companies using deceptive AI practices with combined fines and settlements over $5 million and permanent bans on several companies from using AI-generated robocalls.

Class actions are the real risk for contractors. One customer gets an outbound AI call they did not consent to, they post on Reddit, a TCPA plaintiff's firm picks it up, and your "simple quote follow-up automation" becomes a $2 million lawsuit.

What Counts as a Violation

Per the FCC's 2024 rulings and Providertech's compliance guide on conversational AI, a violation occurs when:

  • You use an autodialer or AI voice without prior express written consent
  • You send SMS or voice with promotional content without consent
  • You call outside 8 AM to 9 PM in the recipient's local time zone
  • You fail to honor an opt-out or STOP request immediately
  • Your AI voice does not identify your business at the start of the call
  • You do not provide an easy opt-out mechanism

Any one of these is a violation. Multiple violations can stack on a single call.

The Contractor-Specific Risk Zones

TCPA hits hardest in home services across four workflows. Here they are.

Risk Zone 1: Outbound AI voice for quote follow-up. Your tech leaves a quote on a Tuesday. The system makes an AI voice call on Thursday to follow up. That call requires prior express written consent. Per the 2024 FCC ruling, no exception exists for existing customer relationships on AI voice calls.

Risk Zone 2: Missed-call SMS auto-replies with promotional content. The first SMS reply on a missed-call text back is generally treated as consented (the customer initiated the contact). Subsequent promotional texts need separate opt-in, and any outbound leg of a missed-call follow-up agent needs its own consent record.

Risk Zone 3: Review-request text blasts. A post-job automated "how did we do?" text that bundles a review link with promotional content (discount codes, seasonal offers) needs express consent for the promotional portion.

Risk Zone 4: Reactivation campaigns. You have a list of 2,000 customers from the last 3 years. You want to text or AI-call them about a seasonal tune-up promotion. This is the highest-risk workflow in home services and the reason any customer reactivation program needs a clean consent ledger. Without documented express consent, it is a textbook class-action trigger.

What Counts as Consent

Prior express written consent requires four things, per the TCPA implementation regulations and the 2024 FCC follow-on guidance:

  1. A signed written agreement (electronic signature counts)
  2. Clear disclosure that the customer is consenting to AI/automated calls or texts
  3. Specific business name that will be calling
  4. Phone number the customer consents to be contacted on

This is not the "I agree to terms" checkbox at the bottom of a booking form. It is a specific, isolated consent for marketing or automated communications.

A generic "by booking, you agree to be contacted" clause will not hold up in court. Separate checkbox, separate language, separate record.

The 2024 Revocation Rule (Easy for Customers to Opt Out)

The FCC also passed a revocation rule in 2024 that went into effect mid-2025. Customers can revoke consent through "any reasonable method" including reply STOP, verbal request on a live call, email, or even a DM on social media.

Once revoked, you have 10 business days to stop all automated contact. Per Providertech's compliance guidance, the clock starts when your organization receives the revocation, not when it lands in your CRM.

This matters operationally. If a customer replies STOP to an AI SMS, you cannot re-enroll them three months later for a seasonal campaign without fresh express consent.

The One-to-One Consent Rule (January 2025)

The FCC also announced a one-to-one consent rule intended to take effect in January 2025. Under this rule, consent to be contacted by one business cannot be transferred to a network of affiliates.

The rule was subsequently vacated by the Eleventh Circuit Court in January 2025 before taking effect. But it is still the regulatory direction: consent is to a specific business, not to a network.

Contractors buying lead lists from a network aggregator (HomeAdvisor, Angi, Networx) need to confirm the consent captured by the aggregator explicitly names your business. If it does not, calling that lead with AI voice is TCPA-noncompliant regardless of what the aggregator says.

Inbound AI Voice Is Different (Generally Safer)

Good news. The TCPA governs outbound calls and texts. Inbound AI voice answering (the call the customer initiated) does not trigger the consent rules for the initial interaction.

Avoca, Sameday, and Goodcall and most trades-focused inbound voice agents are low-risk for TCPA as long as they stay inbound-only. The risk shifts the moment you enable outbound features (proactive quote follow-up calls, reactivation campaigns, AI-driven appointment reminders to non-consented numbers).

Appointment reminders to existing booked customers are a gray area. The safest path is to have the customer explicitly consent to AI voice reminders at booking, with a separate checkbox.

State Laws Stack On Top

TCPA is federal. Several states have stricter laws.

California's AB 2905 (2024) requires AI voices to disclose they are AI at the start of every call. Florida's TCPA-equivalent (FTSA) has private-right-of-action provisions with $500 per violation. Washington and Maryland have their own auto-dialer restrictions.

A contractor with multi-state operations has to comply with the strictest applicable state law, not just federal TCPA.

Real-World Lawsuit Patterns

Finley v. Altrua Ministries (filed April 4, 2025) is one of the first documented TCPA lawsuits specifically targeting AI-generated voice messages. The plaintiff alleged receiving at least five AI-generated voice messages without consent.

The New Hampshire Primary robocall case (January 2024) resulted in a $6 million proposed FCC fine for AI-generated calls impersonating President Biden. That was a political case but the enforcement template applies to any unauthorized AI voice campaign.

The Klein Moynihan Turco TCPA tracking team has documented a sharp uptick in AI-specific lawsuits through 2024 and 2025. Per their Blacklist Alliance analysis, the most common fact pattern is a company using an AI voice for outbound marketing to customers who gave only basic contact consent, not express consent for AI calls.

What Tommy Mello and A1 Garage Do Differently

On The Home Service Expert podcast, Tommy Mello has repeatedly emphasized that A1 Garage Door Service's customer communications are opt-in by default and consent is captured explicitly at the booking stage. That is why A1 can run aggressive follow-up automation without legal exposure.

The general pattern from $100M+ home service operators: capture consent explicitly at every touchpoint (booking form, technician on-site, customer portal), log it with timestamp and exact language, and treat revocation as a CRM-level event that cascades across every channel (voice, SMS, email).

Small contractors skip this because "it's just 500 customers in my CRM, nobody's going to sue me." That thinking is how $500 per violation becomes $250,000 in aggregate exposure.

The Practical Compliance Checklist

Every contractor running AI voice or AI SMS needs this.

At consent capture:

  1. Dedicated checkbox (not bundled with booking terms)
  2. Clear language: "I consent to receive automated calls and texts from [YOUR BUSINESS NAME] at [PHONE NUMBER]. Messaging and data rates may apply. Reply STOP to opt out."
  3. Captured at booking, online form, and technician in-person
  4. Logged with timestamp, source, and exact text of the disclosure

At outbound send:

  1. Verify consent on file before every outbound AI call or SMS
  2. Honor quiet hours (8 AM to 9 PM local time)
  3. Identify your business at the start of every AI voice call
  4. Include STOP instruction on every SMS
  5. Rate limit to avoid call frequency complaints

At revocation:

  1. Process STOP replies in real time
  2. Cascade opt-out across voice, SMS, and email
  3. Honor the 10-business-day rule for any revocation method
  4. Log revocation events for legal defense

At audit:

  1. Monthly review of consent records
  2. Quarterly review of any outbound campaigns
  3. Annual legal review of consent language against current TCPA guidance

What AI Voice Vendors Handle vs Leave to You

Pre-built vendors (Avoca, Sameday) handle:

  • Inbound call recording disclosures
  • STOP compliance on SMS
  • Basic opt-out flows

Vendors generally do not handle:

  • Your consent capture at booking
  • Multi-channel revocation cascade (voice opt-out also stopping SMS)
  • State-specific disclosure rules (like California AB 2905)
  • Auditable consent logs for TCPA defense

VAPI and Retell handle none of the above. You (or your dev shop) own all of it.

Raw VAPI or Retell builds are the highest TCPA-risk configuration because most dev shops do not know TCPA well and it will not be in their scope of work.

The Cost of Getting This Right vs Getting This Wrong

Getting it right:

  • 20 hours of legal review: $5,000 to $10,000
  • Consent capture update in your CRM and booking form: 40 hours of engineering, $4,000 to $8,000
  • Annual compliance audit: $2,500 to $5,000
  • Total: $12,000 to $23,000 one-time + $5,000/year

Getting it wrong:

  • One class-action filing: $50,000 to $250,000 in legal defense alone
  • Settlement (if you settle): $500,000 to $5,000,000
  • Business disruption: 6 to 18 months
  • Customer trust damage: incalculable

The math is not close.

How Sully Handles This

Sully ships with TCPA-compliant opt-in language, STOP handling on every SMS, quiet hours enforcement, multi-channel revocation cascade, and consent logging built-in. It uses Twilio under the hood with rate limiting, content rules, and per-user preferences wired in by default.

That is not a silver bullet. You still own your consent capture process at booking and your consent language in written agreements.

What you do not have to build: the SMS compliance layer, the STOP handling across channels, the quiet-hours logic, the consent audit log. Those ship pre-built.

OpenAI, Claude, VAPI, and Retell give you developer primitives. Avoca and Sameday cover inbound voice compliance only.

Sully is built for contractors who want AI voice + SMS + email follow-up with TCPA compliance handled at the platform level.

The Next 30 Days

This week:

  1. Audit every outbound automated communication you run
  2. Flag any AI voice or bulk SMS that lacks documented express consent
  3. Turn off any campaign that cannot prove consent today
  4. Update your booking form consent language

Next two weeks:

  1. Engage a TCPA-experienced lawyer for a 2-hour review ($1,500 to $3,000)
  2. Update your CRM consent capture
  3. Document revocation handling procedure
  4. Train your CSR team on STOP compliance

Ongoing:

  1. Monthly consent records review
  2. Quarterly outbound campaign audit
  3. Annual legal update on TCPA case law

The contractors running AI voice and SMS in 2026 without a compliance layer are gambling. The ones with it are protected.

Do not be the test case.

See Sully in action

Sully is the pre-built AI for home service shops. Connect your CRM, email, and phone system in minutes and the agents run on your real data.

Connect your CRM