Yes, in most cases you need consent before calling or texting a customer, and the kind of consent depends on what the message is for. Marketing calls and texts sent with an autodialer, an AI voice, or a prerecorded voice require prior express written consent; informational and servicing messages (appointment reminders, job updates, invoice notices) require a lower bar, usually the ordinary express consent implied when a customer gives you their number for that purpose. Manually dialed, live-voice calls to customers you have a relationship with generally do not require written consent, though do-not-call rules still apply.
That is the short version. The rest of this article walks through where those lines come from, how to get consent the right way, how to keep proof of it, and what changes the moment an AI or recorded voice is on the line.
Where the rules come from
The main federal law here is the Telephone Consumer Protection Act, enforced by the FCC, with a private right of action that lets individual consumers sue for statutory damages of $500 to $1,500 per call or text. Text messages count as calls under the TCPA, so everything below applies to SMS as well as voice. Alongside it sit the FTC's Telemarketing Sales Rule, the National Do Not Call Registry, and a patchwork of state mini-TCPA laws (Florida and Oklahoma are the best known) that can be stricter than the federal rules. If you want the full background on the statute itself, start with what the TCPA is and how it applies to business phone calls.
One line to keep in mind before we go further: this article is general information for business owners, not legal advice. Consent rules turn on facts and on the states you operate in, so run your specific calling program past a lawyer.
The two tiers of consent
The law recognizes two levels of consent, and which one you need depends on the content of the message and the technology used to deliver it.
Prior express consent is the everyday tier. When a customer gives you their phone number in connection with your work for them (on an estimate request, a work order, an intake form), they have consented to calls and texts closely related to that transaction. A roofing customer who books an inspection has consented to a text confirming the time. No signature, no checkbox, no special language required.
Prior express written consent is the higher tier, and it applies to telemarketing or advertising delivered by autodialer, artificial voice, or prerecorded voice. Written here includes electronic signatures and checkboxes under the E-SIGN Act, but the disclosure has to be clear and conspicuous: it must say the person agrees to receive marketing calls or texts from your business specifically, that an autodialer or artificial voice may be used, and that consent is not a condition of buying anything. A number scribbled on an estimate does not clear this bar. A pre-checked box does not either; the customer has to take the affirmative action themselves.
The practical translation: if the message tries to sell something and a machine is involved in dialing or speaking, you need the written tier. If the message services an existing job or relationship, the everyday tier covers you. The line between those two categories matters enough that we wrote a whole piece on the legal difference between a marketing call and a servicing call.
What about existing customers?
People often assume an existing business relationship is a blanket license to call. It is narrower than that. The established business relationship exemption mainly matters for the Do Not Call Registry: you can place live telemarketing calls to someone on the registry for up to 18 months after their last purchase or payment, or 3 months after an inquiry, unless they ask you specifically to stop.
What the relationship does not do is substitute for written consent when you use an autodialer, AI voice, or prerecorded voice for marketing. A past customer is still a written-consent situation the moment a robocall pitches them a new service. Several states also refuse to recognize the exemption at all, so if you work across state lines, treat it as a thin shield.
How to obtain and record consent
Consent you cannot prove might as well not exist. In a dispute, the burden is on the business to show when, where, and how the person agreed. A few habits make this easy:
- Put a consent line on every intake surface: your website contact form, estimate request form, booking page, and paper work orders. For marketing consent, use the full clear-and-conspicuous language with an unchecked checkbox.
- Capture the metadata, not just the yes. Store the timestamp, the source (which form, which page), the exact wording shown, and the phone number as entered.
- Keep consent records at least four years, which tracks the TCPA statute of limitations.
- Track consent per phone number, not per customer. If a customer changes numbers, the old consent does not automatically follow, and reassigned numbers are a real liability trap; the person now holding that number never consented to anything.
A CRM makes this dramatically easier than a spreadsheet, because the consent record lives on the contact alongside every call and text you actually sent.
Opt-outs: honor them fast and everywhere
Consent is revocable at any time, by any reasonable means. Under the FCC's current rules, a revocation must be honored within a reasonable time, capped at ten business days, and you cannot force people to use one specific channel to opt out. In practice:
- Every marketing text should include opt-out language (reply STOP to unsubscribe).
- A STOP reply, a spoken request during a call, an email, or a note to your office all count. Train your team to log every one.
- Opt-out means opt out of that category. Someone who opts out of marketing texts can still get a servicing message about the job they hired you for, but be conservative when the line is blurry.
- Enforce the opt-out list before every outbound message, automatically. A human remembering to check a list is not a system.
Sloppy opt-out handling does more than create legal risk. Recipients who keep getting unwanted texts hit report junk, and enough of those reports will get your business number flagged as spam, which hurts every legitimate call you make afterward.
What changes when AI or a prerecorded voice makes the call
In 2024 the FCC confirmed that AI-generated voices count as artificial voices under the TCPA. That means an AI voice agent calling on your behalf is treated like a robocall for consent purposes, even when the conversation is dynamic and two-way. The consequences:
- AI-voice marketing calls require prior express written consent, full stop. No relationship exemption saves you.
- AI-voice informational calls (appointment reminders, follow-ups on a completed job, invoice reminders) ride on ordinary express consent, the same as a prerecorded reminder call would.
- Disclosure matters. Callers should be told promptly that they are speaking with an AI, and calls should offer a path to a human. Some states are moving to require AI disclosure explicitly.
- If the call is recorded, recording consent rules apply on top of everything above; those vary by state, and we cover them in whether it is legal to record a phone call with a customer.
This is why well-built voice AI products are conservative by design. Coastline's assistant, Current, answers a workspace's business line and places only informational outbound calls like reminders and follow-ups; it opens every call by naming the business, identifying itself as an AI assistant, and noting the call may be recorded, and it checks each contact's opt-out status before dialing. Cold outbound marketing is deliberately not supported, because that is the territory where written consent, DNC scrubbing, and state robocall rules all stack up.
A practical checklist
- Sort every call and text you send into marketing or servicing before you send it.
- Collect written consent (real checkbox, real disclosure) anywhere you plan to send marketing by text, autodialer, or AI voice.
- Store proof: timestamp, source, wording, number.
- Honor opt-outs across all channels within days, and enforce them automatically per contact.
- Scrub marketing call lists against the National Do Not Call Registry and check your states' rules.
- If an AI or recorded voice is involved, treat the call as a robocall for consent purposes and disclose the AI up front.
Consent is not a one-time legal chore; it is a running record attached to every contact you communicate with. Get the record-keeping right once, and staying compliant becomes the default instead of a scramble.
This article is general information about US law as of 2026, not legal advice. Talk to an attorney about your specific calling and texting practices.