Is AI Calling Legal for Insurance Agents? The 2026 TCPA and DNC Field Guide
Every life-insurance agent eyeing an AI dialer asks the same first question: is this even allowed? The short answer is that AI calling is legal, and the longer answer is that the rules you already follow when you pick up the phone are the rules an AI voice has to follow too, just enforced more strictly.
Informational, not legal advice. This guide explains how the rules generally work as of June 13, 2026. It is not a substitute for advice from TCPA or insurance counsel, and the cited authorities can change quickly. Confirm anything load-bearing before you rely on it.
Yes, AI calling is legal for US insurance agents, with guardrails. The FCC treats an AI or generated voice as an artificial or prerecorded voice under the TCPA, so AI calls are permitted when you have valid consent, scrub do-not-call lists, call only within allowed hours, identify yourself, and offer an opt-out. The voice being synthetic does not create a new ban. It pulls the call into existing rules.
Key takeaways
- The FCC ruled in February 2024 that AI-generated voices are an "artificial or prerecorded voice" under the TCPA, so AI calls are legal but regulated, not prohibited.
- For telemarketing-purpose calls, federal rules generally point to prior express written consent (PEWC), a higher bar than a live agent dialing by hand.
- The federal calling window is 8 a.m. to 9 p.m. in the called party's local time, and several states are narrower, so gate on the strictest applicable rule.
- Do-not-call obligations survive consent: internal opt-outs always bind, and the National DNC Registry expects a scrub no more than 31 days old.
- Damages run $500 per violation and up to $1,500 for willful conduct, per call, uncapped, which is why a documented decision trail matters.
Is AI calling legal for insurance agents?
AI calling is legal for insurance agents, provided each call clears the same compliance layer that governs any artificial or prerecorded voice call. On February 8, 2024, the FCC issued a unanimous Declaratory Ruling confirming that the TCPA's restrictions on an "artificial or prerecorded voice" cover current AI technologies that generate human voices (FCC, February 8, 2024). The agency was explicit that these calls are "legal but subject to a range of restrictions," and that callers must obtain consent, provide identification, and offer opt-out mechanisms (FCC 24-17, February 8, 2024).
So the question is not whether you may use an AI voice. It is whether you can prove, for every single call, that you cleared consent, the do-not-call layers, the calling window, and the disclosure requirements. That proof burden is the whole game, and it is where most GHL builds and homegrown dialers quietly fall apart.
If you are coming at this from the lead-handling side rather than the legal side, our final expense speed-to-lead playbook walks through how fast follow-up and compliant calling fit together in practice.
Five terms every agent should know
A quick glossary, one line each, so the rest of this guide reads cleanly.
- TCPA (Telephone Consumer Protection Act): the federal law, 47 USC 227, that restricts autodialed and artificial or prerecorded voice calls and texts.
- DNC (Do Not Call): the federal and state registries plus your own internal list of people who asked not to be called.
- PEWC (prior express written consent): a signed agreement, e-signature acceptable, that names the seller and discloses that automated or artificial-voice calls may be made.
- Quiet hours: the times of day when telemarketing calls are not allowed, measured in the called party's local time.
- A2P 10DLC (application-to-person, 10-digit long code): the carrier registration framework for business SMS in the US, requiring approved brand and campaign records before texts flow.
Does an AI voice change the consent rules?
An AI voice generally raises the consent bar compared with a human manually dialing. Because the FCC classifies AI and generated voices as an artificial or prerecorded voice, a telemarketing-purpose call placed with that voice falls into the higher federal consent tier. The FCC ruling states that callers must obtain "either prior express consent or prior express written consent" before making AI-generated voice calls, with the written tier applying to telemarketing (FCC 24-17, February 8, 2024).
For an insurance follow-up funnel, the purpose of the call is to move someone toward a future purchase, which is treated as telemarketing regardless of whether you quote a premium on the call. That points to prior express written consent as the safe national floor: a signed writing that names the seller, names the number, and discloses that automated or artificial-voice calls may be used. A bare "I agree to be contacted" checkbox is widely viewed as too thin to carry that burden.
Two recent court decisions reshaped the edges of this rule without lowering the floor:
- The one-to-one consent rule was vacated. In Insurance Marketing Coalition Ltd. v. FCC, No. 24-10277, the Eleventh Circuit vacated the FCC's one-to-one consent requirement on January 24, 2025, one business day before it would have taken effect, holding the FCC exceeded its statutory authority (11th Cir., January 24, 2025). This removed a restriction on shared or partner-sourced leads. It did not change the underlying consent standard.
- One circuit questioned written consent itself. In Bradford v. Sovereign Pest Control, decided February 25, 2026, the Fifth Circuit held the TCPA's text does not require prior express written consent for telemarketing calls, reasoning that oral consent can suffice (Holland & Knight, March 2026). This is jurisdiction-specific. It binds within the Fifth Circuit (Texas, Louisiana, Mississippi) and is being read narrowly elsewhere. Building a nationwide dialer to that carve-out would be a risky bet, because most of the country still operates under the written-consent expectation.
The practical read: treat PEWC as your national baseline, and treat the circuit split as a reason to keep your consent records strong, not as permission to weaken them.
What still applies even when leads opted in
Several obligations survive consent, which is the trap that catches agents who assume an opt-in is a free pass.
| Requirement | What it means | Does consent waive it? |
|---|---|---|
| Internal (company-specific) DNC | Honor anyone who tells you to stop, and keep a written DNC policy | No. An internal opt-out always binds. |
| National DNC Registry | A registered number needs a valid exemption, such as documented written consent, before a telemarketing call | Documented written consent is the durable exemption; you still scrub. |
| Calling window | 8 a.m. to 9 p.m. in the called party's local time federally, narrower in some states | Treat as binding; the consent-exempts-quiet-hours question is unsettled. |
| Identification and opt-out | State the responsible business at the start, give a callback number, offer an opt-out | No. Required on artificial-voice calls regardless of consent. |
| Revocation | Honor an opt-out by any reasonable means within 10 business days | No. Revocation overrides prior consent. |
On the registry side, the FTC expects telemarketers to scrub against a copy of the National Do Not Call Registry that is no more than 31 days old (FTC DNC guidance). Roughly a dozen states also run their own DNC lists with separate scrubbing, some narrower than the federal rules. The conservative posture is to scrub both layers and refresh on a 31-day cadence.
On revocation, the FCC's consent-revocation rule has required callers to honor an opt-out within 10 business days since April 11, 2025. The broader cross-topic "revoke-all" requirement, under which a single opt-out cuts off unrelated future contact, was extended to take effect January 31, 2027 (Consumer Financial Services Law Monitor, January 2026). A reasonable design treats any opt-out as global and suppresses across every channel, which sidesteps the timing question entirely.
What hours can you call, and from whose clock?
The federal telemarketing window runs from 8 a.m. to 9 p.m. in the called party's local time, under 47 CFR 64.1200(c)(1) (eCFR, current). The clock that matters is the consumer's, not your agent's and not your office HQ's. A dialer in one time zone calling someone two zones west can drift below 8 a.m. local without anyone noticing, and a timestamp on a call log is exactly the kind of mechanical, easy-to-prove fact that drives a wave of quiet-hours class actions.
Several states tighten the window further. Some end the day at 8 p.m., some start at 9 a.m. or 10 a.m., a few add per-day call caps or Sunday and holiday restrictions, and at least one bars automated-voice devices outside weekday business hours. Because area codes follow ported numbers around the country, the reliable input is the lead's address or ZIP, not the phone prefix. The safe rule is to gate each call on the most restrictive of the federal window and any applicable state window, computed from where the lead actually lives.
If you want to see how those saved minutes add up across a book of business, our time-saved calculator puts a number on the manual scrubbing and dialing the gate replaces.
How The Standard CRM keeps every call inside the lines
The Standard CRM runs compliance as a deterministic gate that executes before any contact attempt, and it logs the result of that gate to an immutable ledger. The principle behind the design is blunt: you cannot defend what you cannot prove.
Here is what runs on every outbound action, in order, as pure code rather than anything the AI decides:
- Consent check. The system reads the consent record for the lead and the channel. Where written consent is the required tier, an implied web-form opt-in is not treated as sufficient for an AI call. The check is version-stamped so you can show which rule applied on which date.
- DNC check. Federal and state do-not-call scrubbing runs on a refresh cadence, and the gate fails closed when a vendor verdict is indeterminate, so an uncertain number is held rather than dialed.
- A2P status check. For SMS, the gate confirms the tenant's brand and campaign registration is approved before a message leaves, because carriers filter unregistered A2P traffic.
- Quiet-hours check. The window is computed in the lead's local time, with conservative defaults, so a call that would land outside the allowed hours is deferred, not placed.
Only when all four pass does the call or message go out. Every one of those decisions, including the ones that block a contact, is written to an append-only ledger with consent provenance and the evaluation results, before the vendor SDK is ever invoked. That ordering is deliberate. The record exists whether or not the downstream call succeeds, which is what turns a compliance posture into a court-admissible trail instead of a hopeful policy document.
The AI plans the conversation; the rules gate the contact. The model never overrides the deterministic checks, and it is held to scheduling and gentle qualifying rather than quoting price or recommending a policy, which keeps the call clear of unlicensed-solicitation territory. You can read more about that design on our compliance overview, and the audit trail itself is detailed on the compliance ledger feature page.
Why the proof trail is the real product
The reason any of this matters in dollars is the damages structure. The TCPA provides statutory damages of $500 per violation, rising to up to $1,500 per violation for willful or knowing conduct, under 47 USC 227 (Cornell Legal Information Institute). The count is per call and uncapped, so a list of a few thousand numbers dialed without clean consent is not a parking-ticket problem. It is a class-action problem, and the insurance-lead vertical has been a named focus for the plaintiff bar.
In that environment, the deciding factor in a dispute is rarely whether you meant well. It is whether you can produce a per-call record showing the consent basis, the scrub results, the time the call was placed in the consumer's zone, and the disclosures given. An immutable ledger that captured each gate decision before the call went out is the difference between a defensible record and a stack of guesses. The compliance layer is not overhead bolted onto the dialer. For a regulated activity like this, it is the part that makes the dialer worth running at all.
Agents working higher-consideration products feel this even more sharply, since the sales cycle is longer and the contact history is deeper. Our guide to working IUL leads covers how disciplined, documented follow-up plays out over those longer timelines.
Frequently asked questions
Is AI calling legal for insurance agents?
Yes. AI calling is legal for insurance agents when the calls follow the same rules that govern any artificial or prerecorded voice call: valid consent, do-not-call scrubbing, allowed calling windows, and clear identification. The FCC confirmed in February 2024 that AI-generated voices count as an artificial or prerecorded voice under the TCPA, so the existing restrictions apply rather than a blanket ban.
Does the TCPA treat an AI voice differently from a human dialer?
The TCPA treats an AI or generated voice as an artificial or prerecorded voice. That generally means stricter consent than a manually dialed live call: for telemarketing, federal rules call for prior express written consent (PEWC). A live agent dialing by hand sits in a different, often lower, consent tier.
What calling hours apply to AI insurance calls?
The federal telemarketing window is 8 a.m. to 9 p.m. in the called party's local time, under 47 CFR 64.1200(c)(1). Several states set narrower windows and per-day call caps, so the conservative posture is to gate on the most restrictive of the federal and applicable state rules, computed from the lead's location.
Do I still have to scrub the Do-Not-Call list if leads opted in?
Generally yes. Internal company-specific do-not-call requests are honored regardless of any consent, and a registered number on the National DNC Registry needs a valid exemption such as documented written consent. The FTC expects telemarketers to use a registry copy no more than 31 days old.
What are the penalties for getting AI calling wrong?
The TCPA provides statutory damages of $500 per violation, rising to up to $1,500 per violation for willful or knowing conduct, under 47 USC 227. Because the count is per call and uncapped, a single bad list can scale into class-action exposure fast.
References
- Federal Communications Commission, "FCC Confirms that TCPA Applies to AI Technologies that Generate Human Voices," February 8, 2024. https://www.fcc.gov/document/fcc-confirms-tcpa-applies-ai-technologies-generate-human-voices
- Federal Communications Commission, Declaratory Ruling FCC 24-17, February 8, 2024. https://docs.fcc.gov/public/attachments/FCC-24-17A1.pdf
- Insurance Marketing Coalition Ltd. v. FCC, No. 24-10277 (11th Cir. Jan. 24, 2025). https://law.justia.com/cases/federal/appellate-courts/ca11/24-10277/24-10277-2025-01-24.html
- Bradford v. Sovereign Pest Control, No. 24-20379 (5th Cir. Feb. 25, 2026), summary via Holland & Knight, March 2026. https://www.hklaw.com/en/insights/publications/2026/03/tcpa-reset-fifth-circuit-rejects-prior-express-written-consent-rule
- Consumer Financial Services Law Monitor, "FCC Further Extends Effective Date for TCPA Revoke-All Rule," January 2026. https://www.consumerfinancialserviceslawmonitor.com/2026/01/fcc-further-extends-effective-date-for-tcpa-revoke-all-rule/
- 47 CFR 64.1200, Electronic Code of Federal Regulations (current). https://www.ecfr.gov/current/title-47/chapter-I/subchapter-B/part-64/subpart-L/section-64.1200
- Federal Trade Commission, "Q&A for Telemarketers and Sellers About DNC Provisions in the TSR." https://www.ftc.gov/business-guidance/resources/qa-telemarketers-sellers-about-dnc-provisions-tsr-0
- 47 USC 227, Cornell Legal Information Institute. https://www.law.cornell.edu/uscode/text/47/227