A federal lawsuit filed in Virginia just before the new year dropped what might be the compliance bomb of 2025—with reverberations that will shake the AI voice industry throughout 2026: 

Can AI platforms be held liable for illegal robocalls and texts they didn't directly make?

The answer, according to plaintiff's counsel, is “absolutely, they are liable”. And if they're right, every communications platform, AI voice provider, and company building voice agents needs to pay very close attention to AI voice agent compliance requirements—starting now.

The "We're Just the Platform" Defense Is Under Attack

The named plaintiff, William Lowrey, allegedly received 30+ unwanted texts and multiple AI-powered robocalls about estate planning services. Mr. Lowery sued for TCPA violations. Except he didn't only name the company making the calls (Fresh Start Group) as defendants. He named Twilio and OpenAI.

Twilio didn't make the calls. OpenAI didn't send the texts. Fresh Start Group LLC did.

So why are Twilio and OpenAI named as defendants? Because the complaint alleges they enabled, facilitated, and profited from the violations while having full technical capability to prevent them.

Think about that for a second. The lawsuit isn't solely going after the telemarketer (they are, but that's expected). It's going after the infrastructure providers who made it possible. Twilio has a history of being a defendant in these "platform liability" cases, but the inclusion of OpenAI is a new approach—and one with potentially massive ramifications for the entire AI voice agent ecosystem.

Understanding Platform Liability Theory Under the TCPA

The complaint lays out a compelling argument for why voice AI legal requirements extend beyond the entity making the calls:

Twilio controls the messaging infrastructure. Their platform decides which messages get sent, from which numbers, at what volume (up to 1,000+ messages per second). They tout their ability to "handle compliance regulations" and offer opt-out filtering services.

OpenAI provides the autonomous AI agents. Their technology can fully automate calls—initiating them, generating the audio, and interacting with consumers—with zero human involvement.

Both companies have been on notice. Twilio received an FCC cease-and-desist letter in 2024 for enabling illegal robocall traffic. Industry publications have openly discussed how "spammers love Twilio" because it enables high-volume messaging without adequate checks.

Both chose not to implement safeguards. Despite having the technical capability, neither company implemented systems to automatically block messages to Do Not Call registrants or stop campaigns after opt-out requests.

The legal theory? Companies usually only think the “seller” or the marketer is at risk for TCPA liablity. But, under the TCPA, you can be liable if you "cause" a call to be initiated—not just if you physically dial the number yourself or just because you are the “seller”. This is the foundation of AI voice agent compliance exposure for platforms.

Voice AI Legal Requirements: The Current Regulatory Framework

Before we dive deeper into the implications, let's establish the current voice AI legal requirements that every platform and implementer must understand:

The FCC's February 2024 Declaratory Ruling

The FCC unanimously ruled that AI-generated voices constitute "artificial or prerecorded voice" under the TCPA. This wasn't new law—it was clarification that AI voices count the same as robocalls. The key implications:

Prior express consent required: AI voice calls require at minimum prior express consent—and prior express written consent for telemarketing.

No AI carve-out: The FCC explicitly rejected arguments that "conversational AI" or technology that mimics live agents should be exempt.

State AG enforcement: State attorneys general now have clear authority to pursue damages for AI voice violations.

All existing TCPA rules apply: Calling hours, Do Not Call lists, opt-out mechanisms, identification requirements—all apply to AI voice agents without modification.

Pending FCC Rulemaking (Watch This Space)

The FCC's August 2024 Notice of Proposed Rulemaking signals where regulation is heading. Proposed requirements include:

• Mandatory in-call disclosure that AI is being used

• AI-specific consent language in consent disclosures

• A formal definition of "AI-generated call"

Smart operators are implementing these now—before they become mandatory. It's not just good compliance; it's competitive differentiation.

The OpenAI Angle: AI-Powered Calls in the Crosshairs

The complaint alleges with specificity that OpenAI "made" the calls. Mr. Lowrey received messages stating that "All three attempts failed" and was redirected to an OpenAI website explaining that Fresh Start Group had "run out of credits or hit their maximum monthly spend." He received this error code multiple times.

The complaint specifically targets OpenAI's autonomous calling capabilities:

• OpenAI's own blog posts and tutorials show users how to build "voice agents" that make "cold calls" (OpenAI's own words).

• These AI agents operate completely autonomously—no human initiates each individual call.

• The technology is sophisticated enough to leave personalized voicemails and navigate phone trees.

• OpenAI knew these systems were being used for telemarketing but didn't implement safeguards.

Side note: How is it good business practice to promote "cold calling" use cases in your marketing materials? That documentation might become Exhibit A.

This is the first major TCPA case I've seen that directly targets an AI provider for enabling automated calling technology. And it raises a fascinating question for AI voice agent implementation:

If AI can make fully autonomous calls, who "initiated" them under the TCPA?

The traditional analysis looked at who pushed the button to start the dialer. But when there's no button—when the AI decides on its own timing, targets, and content—the calculus changes.

AI Voice Agent Implementation: Building Compliance In

If this platform liability theory holds—and I'm not saying it will, but if it does—the implications for AI voice agent implementation are enormous.

For Communications Platforms

1. You can't just sell the pipes and claim ignorance

2. "Optional" compliance features might become mandatory defensive measures

3. Your business model gets scrutinized if it incentivizes volume over compliance

4. The higher the volume you enable, the higher your exposure

For AI Providers

1. If your technology can autonomously make calls, you might be liable for what it says

2. Providing the tools isn't enough—you need guardrails

3. Your documentation showing clients "how to automate cold calls with AI" might become Exhibit A

For Companies Using AI Voice Agents

1. Vicarious liability theories apply—you're responsible for your AI

2. Consent language must specifically mention AI-generated calls

3. Documentation requirements are more stringent, not less

4. "The AI did it" is not a defense

What Every Platform Provider Should Do Now

Whether you're a communications platform, an AI provider, or any company offering technology that could be used for marketing outreach, here's your action list:

1. Audit Your Terms of Service

• Do they prohibit illegal telemarketing?

• Are they actually enforced?

• Who bears compliance responsibility per your terms?

2. Evaluate Your Compliance Features

• Are DNC scrubbing and opt-out management optional or mandatory?

• Should compliance be default-on rather than opt-in?

• What monitoring capabilities exist for detecting abuse?

3. Implement Know Your Customer (KYC) Protocols

• Do you know what your high-volume customers are actually doing?

• KYC isn't just for banks anymore—it's becoming essential for platform providers

• Document your due diligence on customer use cases

4. Review Your Marketing Materials

• Are you promoting use cases that could create liability?

  • Free advice: Don't claim you can help customers "automate cold calls with AI."

• Emphasize compliance-first messaging

5. Update Consent Language

• Add AI-specific disclosure to consent forms

  • Example: "I agree to receive calls, which may include AI-generated voice messages, from [Company]."

• This isn't required yet—but it's coming, and proactive companies are implementing now

6. Talk to TCPA Counsel

Yes, I'm biased. But seriously—this is not the time to DIY your compliance strategy. The intersection of AI technology, telecommunications law, and platform liability creates novel legal questions that require specialized expertise.

The Counterarguments (Because There Are Some)

Let's be clear: This isn't a slam dunk case. The defense arguments write themselves:

• Fresh Start Group made the calls, not the platforms

• Platforms can't police every customer in real-time

• Holding infrastructure liable would break the internet (every ISP, every cloud provider, every SaaS tool becomes liable for customer misuse)

• The TCPA doesn't impose affirmative monitoring obligations

• Section 230 might provide immunity (though that's primarily for content, not conduct)

These are real arguments, and courts have historically been reluctant to impose liability on truly neutral technology providers.

More importantly, the regulatory landscape around the FCC has changed. With the Supreme Court decisions in McKesson and Loper-Bright, courts no longer must defer to the FCC's past declaratory rulings. Not just questions around “are text messages considered calls”, but also the FCC’s guidance on platform liability in general and who is responsible for TCPA violations.

The Bigger Picture: Where AI Voice Compliance Is Heading

This case represents a fundamental question about responsibility in the age of platforms and AI:

When technology makes it trivially easy to violate the law at scale, who's responsible?

Is it solely the end user who pushed the button? Or do the companies that built the button, hosted the button, and profited from the button-pushing have some skin in the game?

The TCPA has always held that "causing" a call to be initiated is enough for liability. The question is whether providing the technological capability—especially when you know it's being misused—counts as "causing."

I don't know how this case will turn out. But I do know this:

The "we're just a platform" defense is getting harder to maintain when you're actively facilitating violations, have the technical ability to prevent them, and choose not to.

If you're building communications technology or AI systems that touch consumer outreach, it's time to think like a defendant. Because increasingly, that's exactly what platforms are becoming.

Need Help with AI Voice Agent Compliance?

If your company provides communications infrastructure, AI-powered outreach tools, or is implementing voice AI technology, let's talk about proactive compliance strategies before you're named in the next lawsuit.

Frequently Asked Questions

Are AI voice calls legal?

Yes—with proper consent. The FCC's February 2024 ruling confirmed that AI voice calls are legal when you have the required prior express consent (or prior express written consent for telemarketing). AI voice agent compliance requires following the same TCPA rules as traditional robocalls.

What consent is required for AI voice agents?

Currently, the FCC says that “AI voice calls” are considered “artificial voice calls” and therefore need the proper consent. However, the FCC has proposed requiring AI-specific consent language. Proactive companies are already updating their consent disclosures to specifically mention AI-generated voice technology.

Can platforms be held liable for their customers' TCPA violations?

This is an evolving area of law. The Lowrey v. OpenAI lawsuit argues yes—if platforms had knowledge of violations and the technical capability to prevent them but chose not to. Previous cases like Bauman v. Twilio have allowed platform liability claims to proceed based on a "totality of circumstances" analysis.

Do I need to disclose that callers are speaking with AI?

Not yet at the federal level, but several states (including California and Utah) have disclosure requirements for AI interactions. The FCC has proposed mandatory in-call AI disclosure as part of pending rulemaking. Given the regulatory trajectory, implementing disclosure now is advisable.

What are the penalties for AI voice agent TCPA violations?

$500 per violation, trebled to $1,500 for knowing or willful violations. There's no cap on total damages, and with AI enabling calls at massive scale, exposure can quickly reach millions or even billions. The Lowrey complaint notes theoretical exposure exceeding a trillion dollars for calls made across OpenAI's entire platform.