One wrong call costs up to $43,792. Not per campaign. Per call. If you're running a Do Not Call list AI dialer at scale, that math gets dangerous fast, and the rules just got stricter.
The FCC updated its AI voice call rules in February 2024. The FTC tightened opt-out processing windows in April 2025. Most outbound sales teams are still operating on the old playbook, which means they're one audit away from a penalty that ends the year.
This guide covers what "Do Not Call" actually means across federal and state registries, what consent AI calls legally require, how often you need to scrub your lists, and what real compliance looks like at 10,000 calls a week. For the broader picture on AI call legality, read our AI cold calling legal overview.
1. What 'Do Not Call' Actually Covers
There isn't one Do Not Call list. There are three types, and missing any of them creates liability.
The National Do Not Call Registry is managed by the FTC. Over 244 million numbers are registered. You must check every number against it at least every 31 days. Calling a registered number without written consent can cost you $43,792 per call under the FTC's Telemarketing Sales Rule.
Your internal DNC list is the one you build from opt-out requests. If someone tells you to stop calling, you now have 10 business days to honor it, a change that took effect in April 2025. The old window was 30 days. Most teams haven't updated their workflows.
Then there are state DNC registries. Eleven states maintain their own lists: Colorado, Florida, Indiana, Louisiana, Massachusetts, Missouri, Oklahoma, Pennsylvania, Tennessee, Texas, and Wyoming. Some are stricter than the federal standard. If you're calling into those states, you need to scrub both.
2. Why AI Dialers Face a Stricter Consent Standard
In February 2024, the FCC issued a ruling that changed everything for AI-powered outbound sales: AI-generated voices are now classified as "artificial or prerecorded" voices under the TCPA.
That classification matters because calls using artificial or prerecorded voices have always required prior express written consent (PEWC). Not oral consent. Not implied consent. Written, with a timestamp.
A lot of teams running AI dialers assumed this only applied to robocalls in the political sense. It doesn't. If your AI agent sounds human, has a conversation, and is trying to sell something, you're under the same standard. Our TCPA compliance guide for AI cold calling covers the full consent framework.
3. What Prior Express Written Consent Actually Requires
Written consent isn't a checkbox buried in your terms and conditions. The FTC and FCC are specific about what counts.
Valid PEWC has to be:
Voluntary: The person can't be required to give consent to receive a product or service. Tying consent to purchase invalidates it.
Clear authorization: The person must explicitly agree to receive automated calls to their number. The language needs to be unambiguous.
Separate agreement: It can't be bundled inside another contract or agreement. It needs to be its own clear statement.
Documented with timestamp: You need a record showing who consented, when, and to what. If you can't produce this in an audit, you don't have it.
At scale, this means your lead intake process needs to capture consent as a structured data point. If you're calling 1,000 leads a day (see how teams do that with AI), you need that consent record for every single number in your queue.
4. DNC List Scrubbing: How Often and How to Do It Right
The FTC requires you to check your calling list against the National DNC Registry at least every 31 days. That's the legal floor, not a best practice.
For teams running more than a few hundred calls a week, monthly scrubbing isn't enough. Numbers get registered constantly. A lead that was clean on the 1st may be on the DNC list by the 15th. High-volume teams scrub weekly or daily.
The scrubbing workflow looks like this:
Upload your lead list to a DNC scrubbing service such as DNCScrub, PossibleNOW, or your dialer platform's built-in tool.
Scrub against all relevant lists: National DNC, your internal DNC list, and any state registries for the states you're calling into.
Remove flagged numbers before importing into your campaign queue. Don't just flag them, actually exclude them from the dialer.
Log the scrub date for every campaign. If you're audited, you need to show when the list was scrubbed and against which registries.
Want to see what compliant AI calling actually costs vs. your current outbound setup? Run the numbers in our outbound ROI calculator.
5. Building an Internal DNC List That Doesn't Fall Apart
Your internal DNC list is the one you control. Every opt-out request, every "take me off your list" from any channel, goes in here. The April 2025 change means you have 10 business days to process it, down from 30.
Where teams fail: the opt-out happens in one system but doesn't reach the dialer. Someone tells your chatbot to stop contacting them. Your CRM gets the note. But the campaign launched that morning still has the number in queue.
The fix is real-time CRM sync. Opt-outs need to propagate from your CRM to your dialer instantly, not in the next batch update. That's a technical requirement, not just a process one. Our AI dialer CRM integration guide goes deeper on getting those integrations right.
6. Common DNC Violations and What They Cost
These are the violations that show up most in enforcement actions:
Calling without prior written consent: $500 to $1,500 per call under TCPA, or $43,792 per call under the TSR. Knowing violations can triple the TCPA amount.
Calling outside permitted hours: The legal window is 8am to 9pm in the recipient's local timezone. Not yours.
Failing to disclose an AI voice: The FCC's 2024 rules require disclosure that the call is AI-generated. Not disclosing this is a separate violation on top of any consent issue.
Scrubbing lists too infrequently: If you can't show you checked the DNC Registry within the last 31 days for each number called, every call on that list is a potential violation.
Ignoring opt-outs past 10 business days: Each call made after the processing deadline is its own violation.
In 2024, an Oregon jury awarded $925 million in a mass robocalling case. That's an extreme outcome, but TCPA class actions are real. A single batch of bad calls to 5,000 numbers without valid consent can trigger a lawsuit that runs into the millions.
7. How TopCalls Handles DNC Compliance at Scale
Compliance at scale stops being a manual process and starts being an infrastructure question. TopCalls was built with TCPA, TSR, and GDPR requirements baked into the platform. Our secure infrastructure includes consent management, audit trail logging, and end-to-end encryption across every call.
The Smart Campaigns system handles timezone-aware scheduling automatically, so you're never calling a Florida number at 6am local time. Smart retry logic accounts for busy signals, unanswered calls, and failed attempts, each on its own schedule.
Every call is recorded and transcribed. The complete audit trail documents every number called, the timestamp, the outcome, and the consent record tied to it. If you're audited, you can pull that in minutes instead of digging through spreadsheets.
Teams running 63,000+ AI calls daily can't manage DNC scrubbing manually. The platform handles it as part of campaign setup. The same logic that reduces drop calls on AI outbound also ensures that automated follow-up sequences respect opt-out status in real time.
8. Where Automated DNC Compliance Falls Short
No dialer platform solves every compliance scenario. These are the gaps to know about.
State-by-state rules: The 11 state registries each have different requirements. Some states require separate registration to access their list. If you're calling nationally, you need legal counsel reviewing your state-by-state exposure.
Industry-specific overlays: Debt collection calls are covered by the FDCPA on top of the TCPA. Healthcare calls may trigger HIPAA. Financial services have FINRA rules. Platform compliance doesn't cover these.
Consent record quality: If your lead intake form doesn't capture written consent in the right format, the dialer can't manufacture that retroactively. The consent problem starts at the top of the funnel.
Third-party lead lists: If you're buying leads from outside vendors, their consent records need to meet the PEWC standard. Many don't. You're still liable for calls made on those lists.
The teams that scale AI outbound without regulatory problems aren't the ones who built a compliance spreadsheet. They built compliance into every step of the pipeline, from lead intake to the dialer to the CRM sync.
If you're building out AI-powered sales acceleration and want compliance built in from day one, book a strategy call. We'll walk through your call flow and consent model before you launch a single campaign.
Get AI calling tips in your inbox
No spam. One email per week with actionable sales automation tips.
