I know, I know – quite an old meme, but that’s the image in my head every time we encounter voice broadcast compliance shocks. Because what I encounter are teams expecting to start immediately, but frustrated because no one told them how long compliance readiness takes.
And this expectation gap is where most first-time programs get into trouble.
Voice broadcast compliance catches new teams off guard more than any other. Not because the rules are impossible to follow, but because most teams do not know which rules apply to them until they are already mid-setup.
Three things consistently trip up new programs:
- Voice broadcast to cell phones is not the same as texting.
- Most organizations cannot clearly say whether they have an Established Business Relationship with the people on their list.
- And STIR/SHAKEN gets confused with 10DLC on almost every compliance review, even though they cover entirely different channels.
There is also a compounding problem. Compliance with voice does not stay in voice. Every opt-out, every consent record, every reassigned number you flag has to apply to your texts and emails, too. A compliant voice program sitting atop a leaky text program is still exposed.
This piece covers what you need to work through before the first dial: consent rules, calling windows, and sender-type differences. It also walks you through the platforms that help you speed up compliance.
Note: These are FCC and TCPA requirements as of publication. State rules vary. Nothing here is legal advice. Talk to qualified legal counsel for program-level decisions.
Why voice broadcast compliance is its own category
Most channels have one set of rules. Voice broadcast has three questions, and the answers to each one determine which rules apply to your campaign.
The FCC does not treat voice broadcasts as a single entity. Before any compliance framework kicks in, it asks:
- Is the voice prerecorded, AI-generated, or live?
- Is the destination a landline or a cell phone?
- Is the message commercial or informational?
Get those answers wrong at the classification stage, and every compliance decision downstream is built on the wrong foundation. TCPA penalties run up to $500 per call, and up to $1,500 per call if the violation is willful.
One point that catches most teams off guard: As of February 2024, the FCC confirmed that AI-generated voices count as prerecorded under the TCPA. If you are using text-to-speech or a synthetic voice in your broadcast, the same rules apply as a human recording. There is no lighter-touch category for AI voice.
The diagram below shows how the FCC’s three questions map to rule sets. Find your campaign type before you build your list.
Three voice broadcast compliance gaps that catch first-time campaigns off guard
Most voice broadcast compliance mistakes do not come from ignoring the rules. They come from misreading them. These three gaps show up consistently in programs that thought they were ready.
Gap 1: Voice broadcast to cell phones is not the same as texting
Most teams assume voice broadcast to a cell phone works under the same rules as an automated text. It does not, and the distinction is expensive to learn the wrong way.
For a prerecorded or AI-generated voice message to a cell phone, prior express written consent is required for commercial messages. For non-commercial messages, prior express consent (the lower bar) still applies. Neither is optional.
The reason the FCC treats prerecorded voice as more intrusive than text: a recorded message takes over the entire call. A text sits in a thread until the recipient chooses to read it.
What teams get wrong about the political exemption
Political campaigns are often told they have a broad exemption from robocall rules. That exemption applies only to prerecorded calls to landlines. The moment a recorded message is sent to a cell phone, prior express consent is required, regardless of whether the message is political.
This is the single most common misread rule across political and advocacy programs.
What this means for your list
Before uploading any cell phone list, every number needs to have logged consent at the correct level. Ask three questions about each list:
- Where did this list come from (voter file, third-party data provider, sign-up form)?
- Does the consent language specifically name your organization?
- Does it name voice broadcast as a channel?
If the answer to any of those is no or unclear, that list is not ready to dial.
Note on the Fifth Circuit: A February 2026 ruling in the US Fifth Circuit (covering Texas, Louisiana, and Mississippi) rejected the FCC’s written-consent requirement for prerecorded calls. Other circuits still follow the FCC standard. Unless every contact on your list is in the Fifth Circuit, plan against the stricter rule.
Gap 2: Established Business Relationship is tighter than most organizations think
An Established Business Relationship (EBR) provides organizations with a limited carve-out from certain consent requirements. The problem is that most teams apply it far more broadly than the TCPA actually allows.
What actually qualifies as an EBR
| Trigger | EBR window |
| A purchase, donation, or transaction | 18 months from the date |
| An inquiry or application | 90 days from the date |
| An email open, event attendance, or social engagement | Does not qualify |
That last row is where most programs go wrong. Engagement is not an inquiry under the TCPA. A donor from two years ago has passed the 18-month window. A supporter who opened your last email has no EBR at all.
What EBR does not cover
Even inside an active EBR window, the carve-out does not apply to autodialed or prerecorded calls to cell phones. It applies only to certain live calls to landline numbers on the National DNC Registry. And it cannot override an in-house do-not-call request. A prior relationship does not undo an opt-out.
If you plan to use EBR as your consent basis for any part of your list, map every record against those windows before you dial, not after.
Gap 3: STIR/SHAKEN and 10DLC are not the same thing
These two terms come up in nearly every compliance conversation, and they get confused in almost every one. They are separate systems covering separate channels.
10DLC (10-digit long code) is a registration standard for SMS and MMS campaigns sent from 10-digit numbers. It is a text rule. Registering for 10DLC affects whether your texts get delivered or filtered by carriers. It has no effect on voice calls.
STIR/SHAKEN is the call authentication framework carriers use to verify that an outbound call is actually coming from the number it claims. It operates at the carrier level and determines how your calls appear to recipients. Calls with A-level STIR/SHAKEN attestation display as verified. Calls without it get flagged as unknown or spam.
Why this matters in practice
If your team registered for 10DLC and assumed your voice campaigns were covered, they are not. The two systems do not overlap. A campaign that is fully 10DLC-compliant for texting can still have every voice call flagged as spam if STIR/SHAKEN attestation is not in place.
Carrier spam flagging compounds fast. A high-volume number can move from neutral to “Spam Likely” within hours of a campaign launch. Once flagged, connect rates collapse, and many recipients never see your caller ID at all.
Voice broadcast consent rules, calling windows, and opt-out requirements
Voice broadcast compliance is governed by four rule sets that apply to every campaign, regardless of sender type. Get any one of them wrong, and the others do not matter.
Consent levels: what each one actually requires
The TCPA recognizes two levels of consent, and the difference between them is not a technicality.
| Prior express consent | Prior express written consent |
| This is the baseline. The person agreed to receive calls from your organization. This covers non-commercial prerecorded calls to cell phones and most calls to landlines outside the National DNC Registry. | This is the higher bar. The person signed, checked a box, or pressed a key that specifically named your organization and the voice broadcast channel. This is required for commercial messages to cell phones. |
Three things disqualify consent records that teams assume are valid:
- Blanket consent through a third-party lead form (“I agree to be contacted by partners and affiliates”) does not meet written consent for your organization. It names someone else.
- Consent without a date, channel, and the exact language the contact agreed to is not a usable record. If you cannot produce it on demand, you do not have it.
- Purchased list consent almost never holds up. The original language typically points to the data seller, not to you.
Every consent record needs four things stored against the contact: the date, the channel, the language agreed to, and any subsequent opt-outs.
Calling windows and frequency caps
Federal rules restrict telephone solicitations to 8 am to 9 pm in the recipient’s local time zone, not yours. For commercial and telemarketing voice broadcasts, calling outside those hours is a violation on every call. Non-commercial, informational calls from tax-exempt nonprofits may fall under different rules, but respecting local calling windows remains best practice regardless of exemption status.
Some states pull the window tighter regardless of message type. Florida restricts calls to 8 am to 8 pm. Your platform needs to split sends by the contact’s time zone automatically, not your account’s clock.
Consent revocation
Under the FCC’s consent revocation rules, a person may withdraw consent by any reasonable means. The organization must honor it promptly, log it the moment it arrives, and apply it across every channel.
That last requirement is where most outreach stacks break.
An opt-out on a voice broadcast should not result in a text from the same campaign the next day, or an email the following week. If your opt-out list lives only in your voice tool, you have a compliant voice program sitting on top of an exposed text and email program.
The FCC’s broader “revoke-all” rule, which would require a single opt-out to cover all future robocalls and robotexts from the same caller, has been delayed to January 31, 2027. The practical requirement exists today regardless. One opt-out should stop everything, on every channel, without anyone managing it manually.
What to check in your current stack: Can you show, for any given contact, the exact date and method of their opt-out, and confirm it applied to voice, text, and email simultaneously? If that answer requires pulling three separate reports, your opt-out infrastructure has a gap.
Caller ID and disclosure requirements
Every prerecorded call must do three things within the first moments of connection:
- Identify the calling organization by name
- Provide a callback number
- Offer an opt-out keypress within two seconds of the organization’s name
These are legal requirements, not best practices. The opt-out keypress must be functional during business hours. The callback number must be answered or return a message during business hours.
A platform that cannot enforce these at the call-flow level passes the entire compliance burden back to the person writing the script. That is not a viable arrangement at the campaign scale.
How your sender type changes voice broadcast compliance rules
Sender type is not a detail you sort out after building your list. It drives almost every compliance decision: which DNC rules apply, what frequency caps you work within, and whether specific exemptions are yours to use.
Find your row before you build anything.
| Sender type | Cell phone rule | Landline rule | Key gotcha |
| 501(c)(3) nonprofit | Prior express consent required for recorded calls | Charitable exemption applies; DNC Registry may not apply | Three calls per 30 days cap applies even inside the charitable exemption |
| 501(c)(4) advocacy | Prior express consent required for recorded calls | DNC Registry applies if call content is commercial | The line between advocacy and commercial content is narrower than most teams assume |
| Political campaign | Prior express consent required for recorded calls | Political exemption applies; DNC Registry does not apply | Landline exemption does not extend to cell phones. This is the most common misread in political programs |
| Union | Written consent for sales messages; express consent for informational | DNC Registry applies for sales content | Member lists built before consent language was formalized often fail the standard |
Two rows deserve extra attention.
Political campaigns get the widest landline exemption of any sender type and are not subject to the National DNC Registry for those calls. That exemption ends the moment a recorded message goes to a cell phone. Prior express consent is required regardless of whether the message is political, informational, or get-out-the-vote content.
501(c)(3) nonprofits carry a charitable exemption that many teams read as broader than it is. The three-call-per-30-days cap applies inside that exemption. A nonprofit planning multiple broadcast waves in a single month, which is common during fundraising pushes or advocacy campaigns, must track total touches per number across all waves, not per individual campaign send.
One rule that applies to every row: An in-house do-not-call request overrides everything. No exemption, no EBR, no prior relationship undoes an opt-out. If a contact has asked not to be called, they do not get called.
When in doubt, default to the stricter rule. The cost of over-restricting one campaign is a smaller list. The cost of misclassifying your program is up to $1,500 per call. Those are not comparable risks.
This table is a starting point, not legal advice. If your sender type is genuinely unclear, or your program operates across multiple categories, that question belongs with qualified legal counsel before you dial.
What your voice broadcast platform needs to enforce
Knowing the rules is half the work. The other half is a platform that enforces them at the dial, not after the fact. If a vendor cannot demonstrate the features below, the compliance burden shifts back to your team. At the campaign scale, that is not manageable.
Use this evaluation checklist to determine whether you are assessing CallHub or another platform.
| Feature | What it must do | Ask the vendor |
| DNC scrubbing | Scrub against National DNC Registry and state lists before every dial. Not on a schedule. Not post-dial. | Does scrubbing run before each dial or on a batch schedule? |
| Reassigned Numbers Database | Confirm the person who gave consent still owns the number before every dial. | Is this included, or a separate add-on? |
| Time zone splitting | Fire dials within the recipient’s local window automatically. Track cumulative touches per number across all campaigns in a 30-day window. | Does splitting happen at contact level? Does it track across campaigns? |
| Answering machine detection | Detect live answer vs voicemail, wait for the beep, drop a voicemail-specific message with its own opt-out path. | Can you set separate messages for live and voicemail? Does voicemail have its own opt-out? |
| STIR/SHAKEN and spam monitoring | Sign every call with STIR/SHAKEN attestation at carrier level. Monitor caller ID reputation in real time and flag drops before they compound. | Is attestation on every call by default? Is reputation monitoring included? |
| Cross-channel opt-out propagation | Apply every opt-out to voice, text, and email simultaneously. No manual sync. No delay between channels. | Does a voice opt-out apply to text and email automatically? Can you show the record on demand? |
| Audit-grade logs | Store every dial record, consent record, and opt-out log. Retrievable on demand, not through a support request. | What is the retention period? Can records be exported on demand? |
How to get voice broadcast compliance ready: A realistic three-week timeline
Most of the compliance infrastructure runs automatically on CallHub. What takes time is getting your own list in order. Here is where the time goes and who does what.
| Week | What you do | What CallHub handles automatically |
| Week 1: List audit and consent mapping | Pull your list and segment by source. Confirm consent source, date, and language per record. Calculate EBR windows (90 days for inquiries, 18 months for transactions). Build a suppression file for records without valid consent. Tag opt-outs against contact records. | Nothing yet. This week is entirely on you. No platform can know where your contacts came from or what language they agreed to. |
| Week 2: Script and call flow setup | Write your live-answer script and voicemail script. Configure your call flow in CallHub. Test the opt-out keypress end to end before going to a live list. | DNC scrubbing before every dial. Reassigned Numbers Database checks. STIR/SHAKEN attestation on every call. Time zone splitting at the contact level. Answering machine detection and voicemail routing. Cross-channel opt-out propagation. |
| Week 3: Test send and final review | Send to 50 to 100 consented records. Check message clarity, opt-out keypress, voicemail detection, and time zone accuracy. Pull the test report and confirm call and opt-out records are logging. Clear the full send once everything checks out. | Spam Label Shield monitoring caller ID reputation in real time. Audit logs generated automatically for every dial, consent record, and opt-out. |
Once the infrastructure is built correctly, you do not rebuild it for every campaign. The consent records, suppression lists, and call flow structure carry forward. Build it once. Build it right.
Ready to dial? Start with the compliance layer.
The teams that get the most out of voice broadcast built the infrastructure right before the first dial. Those who skipped it rebuilt it under pressure.
CallHub’s voice broadcasting tool has a built-in compliance layer. DNC scrubbing, STIR/SHAKEN, cross-channel opt-outs, audit logs. All of it, without anyone managing it manually.
Frequently asked questions about voice broadcast compliance
Do I need TCPA consent for every voice broadcast?
Not in every case, but in most. The answer depends on three variables: your sender type, your destination (landline or cell phone), and whether your message is commercial or informational.
Prerecorded or AI-generated calls to cell phones require prior express consent for non-commercial messages. Commercial messages to cell phones require prior express written consent. Calls to landlines have narrower carve-outs available for political campaigns, tax-exempt nonprofits, and certain informational calls.
The safer default is to assume you need consent, then check whether a specific exemption applies before relying on it. Exemptions are narrower than most teams assume, and misclassifying your program is more expensive than over-restricting one campaign.
Can I use voice broadcast on a list I bought from a data provider?
In almost every case, no, at least not without rebuilding the consent layer first.
Purchased lists almost never include prior express written consent naming your organization. Even when a seller describes the list as opt-in, the original consent language typically points to the seller or its partners, not to you. For cell phone numbers, that gap alone makes the dial non-compliant.
Treat purchased data as a starting point for opt-in outreach on lower-risk channels. Do not treat it as a list you can broadcast to until you have rebuilt consent that specifically names your organization and the voice broadcast channel.
What happens if my calls get flagged as spam?
Carriers and analytics firms track caller ID reputation scores in real time. A high-volume number can move from neutral to “Spam Likely” within hours of a campaign launch. Once flagged, connect rates collapse, and many recipients never see your caller ID at all.
Recovery requires three things working together: proper STIR/SHAKEN signing at the carrier level, active reputation monitoring across carriers, and the ability to rotate numbers before flagging compounds. Monitoring this manually is not practical at a campaign scale.
What is the difference between STIR/SHAKEN and 10DLC?
They cover different channels entirely. 10DLC is a registration standard for SMS and MMS campaigns sent from 10-digit numbers. It governs text delivery. STIR/SHAKEN is the call authentication framework that verifies outbound voice calls at the carrier level. Registering for 10DLC has no effect on your voice calls. A fully 10DLC-compliant texting program can still have every voice call flagged as spam if STIR/SHAKEN attestation is not in place.
How long do I need to keep voice broadcast consent and call records?
The TCPA does not specify a single retention period, but most legal counsel use a minimum of 4 years, which aligns with the statute of limitations for private lawsuits under the TCPA. Some sectors and states have their own requirements that may extend that window. Keep records long enough to respond to any complaint, FCC inquiry, or discovery request that could arise from a campaign. When in doubt, keep longer rather than shorter.
Does an Established Business Relationship cover calls to cell phones?
No. An Established Business Relationship (EBR) applies only to certain live calls to landline numbers on the National DNC Registry. It does not cover autodialed or prerecorded calls to cell phones under any circumstances. If your consent strategy relies on EBR for cell phone contacts, that strategy has a gap.
Featured Image Source: Magda Ehlers
