Yes, it is legal for AI to answer your business phone. There are disclosure requirements you should know about.
The FCC's 2024 robocall ruling does not apply to inbound calls. California requires disclosure. HIPAA requires a BAA for medical practices. This page covers the actual regulations with primary-source links, not blog summaries.
Key Takeaways
- There is no federal law prohibiting AI from answering inbound business phone calls. The FCC's February 2024 ruling targets outbound robocalls under the TCPA, not businesses answering their own phones.
- California requires disclosure when a bot communicates with a person for sales purposes (B&P Code 17940-17943). Best practice everywhere: disclose upfront.
- Medical practices need a BAA with any AI receptionist provider that handles PHI. This is existing HIPAA law, not new AI regulation.
- Law firms can use AI for intake without violating attorney-client privilege because the AI is answering phones, not practicing law.
- Proactive disclosure is the strongest hedge against future regulation because nearly every proposed AI law starts with a disclosure requirement.
On this page
Is it legal for AI to answer my business phone?
Yes. There is no federal or state law in the United States that prohibits a business from using AI to answer its own inbound phone calls. The key regulatory question is not whether you can use AI to answer calls, but whether you must disclose that the caller is speaking to an AI system rather than a human.
The confusion stems from the FCC's February 2024 declaratory ruling, which made AI-generated voices in robocalls illegal under the Telephone Consumer Protection Act (FCC-24-17). That ruling applies to outbound automated calls, not to a business picking up its own ringing phone. The distinction is critical and covered in detail below.
The regulatory landscape for AI phone systems in 2026 is best described as a disclosure framework, not a prohibition. Where laws exist, they require transparency. Where laws do not yet exist, proactive disclosure satisfies the intent of every major proposal currently under consideration.
What does the FCC say about AI on phone calls?
The FCC's February 8, 2024 declaratory ruling (FCC-24-17) classified AI-generated voices as "artificial" under the Telephone Consumer Protection Act (TCPA). This makes AI-voiced robocalls subject to the same restrictions as prerecorded-voice robocalls. It does not make AI phone answering illegal.
The TCPA regulates calls "made using an artificial or prerecorded voice." The FCC's ruling clarified that AI-generated voices fall within the definition of "artificial." This matters for outbound calls: if you dial someone using an autodialer and play an AI-generated voice without prior express consent, you are violating the TCPA.
When a customer calls your business, that is an inbound call initiated by the customer. Your business is not "making" the call. The TCPA's restrictions on artificial voices apply to the party initiating the call, not the party answering it. An AI receptionist that picks up inbound calls is functionally identical to a voicemail system or an IVR menu from the TCPA's perspective. The caller chose to dial your number.
This distinction is not ambiguous. The FCC's ruling specifically targeted "robocall campaigns" and "scam operations" that use AI voices to deceive recipients of outbound calls. The ruling text references "calls made" throughout, not "calls received."
Does California require disclosure that a caller is speaking to AI?
Yes, under specific conditions. California's Bot Disclosure Law (Business and Professions Code Sections 17940 through 17943) requires that a bot disclose its non-human identity when communicating with a person in California for the purpose of incentivizing a purchase or sale of goods or services, or influencing a vote in an election.
For a business using an AI receptionist, this means that if the AI is handling calls that could lead to a sale (booking a consultation, scheduling an appointment, taking an order), the AI should identify itself as non-human at the start of the conversation. A simple opening like "Hi, this is TaskChad, an AI assistant for [Business Name]. How can I help you?" satisfies the requirement.
The law applies to communications "with a person in California," which means any business that receives calls from California residents should assume the law applies. For national businesses, the simplest compliance path is universal disclosure on every call, regardless of the caller's state.
Other states are considering similar disclosure requirements. Illinois, Texas, and New York have introduced AI disclosure bills in recent legislative sessions. Universal disclosure satisfies all of them preemptively.
What about HIPAA for medical practices?
If an AI receptionist at a medical practice handles any protected health information (PHI), the AI provider must sign a Business Associate Agreement (BAA) with the covered entity. This is not a new AI-specific regulation. It is existing HIPAA law (HHS Business Associate Guidance) applied to a new technology.
PHI on a phone call includes: the caller's name combined with any health information (symptoms, diagnoses, medications), appointment details, insurance information, and provider names. If the AI receptionist asks "What is the reason for your visit?" and the caller says "I need to refill my blood pressure medication," that is PHI.
A HIPAA-compliant AI receptionist deployment requires:
- A signed BAA between the medical practice and the AI provider
- Encrypted data transmission (TLS 1.2 or higher for voice and data)
- Access controls limiting who can access call recordings and transcripts
- Data retention policies that comply with HIPAA's minimum necessary standard
- Audit logging of all access to PHI
Not all AI receptionist providers offer a BAA. Medical practices should verify BAA availability before signing any contract. Using a non-BAA-compliant AI system to handle patient calls is a HIPAA violation, regardless of how good the AI technology is.
What about attorney-client privilege for law firms?
An AI receptionist handles intake, not legal counsel. Attorney-client privilege attaches when a person communicates with a lawyer for the purpose of obtaining legal advice, in confidence. An AI answering the phone and collecting the caller's name, case type, contact information, and scheduling preferences is performing a clerical function, not a legal one.
The ABA has not issued a blanket prohibition on AI phone systems for law firms. The relevant ethical obligations are:
- Disclosure: The caller should know they are speaking with an AI system, not an attorney or paralegal.
- Confidentiality: The AI system must not store or share intake information beyond what the firm authorizes. The firm's data handling agreement with the AI provider must address confidentiality obligations.
- Competence: The AI must not give legal advice, make representations about case outcomes, or assess the merits of a potential case. It collects information and routes calls.
- Supervision: An attorney must oversee the intake process. The AI is a tool under attorney supervision, similar to a human receptionist or answering service.
Most state bars treat AI receptionists the same as traditional answering services. The AI does not form an attorney-client relationship. The relationship begins when the attorney reviews the intake and decides to take the case.
For a deeper look at AI receptionist deployment at law firms, including cost, ROI, and capability limits, see our AI Receptionist for Law Firms page.
What does NOT apply: why inbound AI answering is not a robocall
A robocall is an outbound call made by an automated telephone dialing system (ATDS). An AI receptionist answering your business phone is the opposite: it receives calls that humans chose to make. The entire body of TCPA regulation, FCC enforcement actions, and state robocall laws addresses outbound call initiation, not inbound call handling.
Here is why the distinction matters legally:
- The TCPA defines "robocall" by who initiates: The statute restricts calls "made using" an ATDS or artificial/prerecorded voice. The word "made" means initiated. Your phone system does not "make" a call when a customer dials your number.
- FCC enforcement targets outbound campaigns: Every FCC enforcement action related to AI voices has targeted outbound telemarketing, political robocalls, or scam call campaigns. There are zero enforcement actions against businesses for answering their own inbound calls with AI.
- Consent is built into inbound calls: The TCPA's consent framework exists because outbound callers contact people who did not ask to be called. When a customer dials your business, they consented to communicate with whoever or whatever picks up, the same way they consent to interact with your IVR, voicemail, or on-hold music system.
- State robocall laws mirror the federal framework: State-level robocall restrictions (like California's additional penalties for illegal robocalls) define robocalls the same way the TCPA does: outbound calls made using automated systems. Inbound answering is not covered.
The regulatory risk for AI phone answering is not that it will be classified as a robocall. That is a misreading of the law. The risk is future disclosure requirements, and the way to manage that risk is to disclose proactively today.
Primary sources
- FCC Declaratory Ruling FCC-24-17, February 8, 2024: AI-Generated Voices in Robocalls
- 47 U.S.C. 227: Telephone Consumer Protection Act (TCPA), full text
- California Business and Professions Code, Sections 17940-17943 (Bot Disclosure Law)
- HHS HIPAA Business Associate Guidance
- HHS HIPAA Security Rule
- ABA Model Rules of Professional Conduct
Things people ask
Is it illegal for a business to use AI to answer phone calls?
No. There is no federal or state law that prohibits a business from using AI to answer its own inbound phone calls. The FCC's February 2024 ruling made AI-generated voices in outbound robocalls illegal under the TCPA, but that ruling specifically targets unsolicited outbound calls. When a customer dials your business and your AI receptionist picks up, that is an inbound call initiated by the caller, not a robocall.
Do I have to tell callers they are talking to an AI?
It depends on the state. California's Bot Disclosure Law (Business and Professions Code Sections 17940 through 17943) requires disclosure when a bot is used to communicate with a person in California for the purpose of incentivizing a sale or influencing a vote. Several other states are considering similar legislation. Even where not legally required, disclosure builds trust and reduces caller frustration. Best practice: disclose at the start of the call.
Does HIPAA apply to AI receptionists at medical practices?
Yes. If the AI receptionist handles any protected health information (PHI), such as appointment details, symptoms described by callers, or insurance information, the AI provider must sign a Business Associate Agreement (BAA) with the covered entity. The AI system must also meet HIPAA security requirements for data transmission and storage. Not all AI receptionist providers are HIPAA-compliant, so medical practices must verify BAA availability before deployment.
Can a law firm use an AI receptionist without violating attorney-client privilege?
Yes, because the AI receptionist handles intake, not legal counsel. The AI collects the caller's name, contact information, case type, and urgency. It does not assess case merits, give legal advice, or form an attorney-client relationship. The privilege analysis is the attorney's responsibility: the firm must ensure that intake data is stored securely, that the AI provider's data handling agreement covers confidentiality, and that the AI is configured not to retain or share privileged information beyond what the firm authorizes.
What is the difference between an AI receptionist and a robocall?
A robocall is an outbound call initiated by an automated system, typically for telemarketing or scam purposes. The FCC regulates robocalls under the Telephone Consumer Protection Act (TCPA). An AI receptionist answers inbound calls that the customer initiated. The customer chose to call your business. This is legally and functionally the opposite of a robocall. The FCC's February 2024 ruling on AI voices applies to robocalls, not to businesses answering their own phones.
Are there federal laws specifically regulating AI phone answering for businesses?
As of June 2026, there is no federal law that specifically addresses AI-powered inbound phone answering for businesses. The TCPA regulates outbound robocalls. The FTC Act's Section 5 prohibition on deceptive practices could apply if an AI receptionist deliberately misleads callers about its nature, but this is an existing consumer protection standard, not an AI-specific regulation. State laws like California's Bot Disclosure Law are the most directly relevant legislation.
What happens if AI phone regulations change?
AI regulation is evolving. The EU AI Act, various US state proposals, and ongoing FCC rulemaking could introduce new requirements. Businesses using AI receptionists should choose providers that commit to compliance updates, disclose AI use proactively (this satisfies most proposed regulations before they pass), and review their setup annually. Proactive disclosure is the single strongest hedge against future regulation because nearly every proposed law starts with a disclosure requirement.
See how an AI receptionist works on your actual business line.
60 minutes, 1:1 with Pedro. We map where leads are dropping, show you a live AI receptionist call, and tell you which AI employee to build first. The audit is free and credited 100% against your build.
Get compliance updates as AI phone laws evolve.
Primary-source regulatory updates for business operators using AI phone systems. No spam.