Legal

    TCPA & CASL Compliance Guide

    Version 1.1 · Effective April 18, 2026 · 2845341 Ontario Inc.

    Effective Date: April 18, 2026
    Version: 1.1
    Company: 2845341 Ontario Inc. (VocaIQ)

    Important notice: This document is an educational reference guide to help VocaIQ Customers understand key telemarketing compliance obligations under U.S. and Canadian law. It is not legal advice. Laws and regulations change frequently and vary by jurisdiction. Customers should consult qualified legal counsel before deploying AI voice agents for outbound calling. See Section 7 for a clear description of Customer vs. VocaIQ responsibilities.

    1. Overview - TCPA (United States) vs. CASL (Canada)

    Customers using VocaIQ to make or receive calls in North America must navigate two principal legal regimes governing telemarketing and automated communications:

    Dimension TCPA (U.S.) CASL (Canada)
    Full name Telephone Consumer Protection Act, 47 U.S.C. § 227 Canada's Anti-Spam Legislation, S.C. 2010, c. 23
    Regulator FCC (Federal Communications Commission); FTC for TSR CRTC, CASL Task Force; provincial regulators for privacy
    Scope Automated calls, prerecorded messages, SMS to mobile phones; also live calls to residential lines Commercial electronic messages (email, SMS); CRTC Unsolicited Telecommunications Rules for calls
    Consent requirement Prior express written consent for marketing autodialed calls/texts to mobile; prior express consent for non-marketing Express consent for commercial electronic messages to new contacts; implied consent under defined circumstances
    Private right of action Yes - statutory damages of $500-$1,500 per violation; class actions common No private right of action (as of 2017 amendment); government enforcement only
    Maximum penalties $500-$1,500 per call/text; uncapped class actions Up to CAD $10 million per violation for organisations; CAD $1 million for individuals
    Documentation retention FTC recommends 5 years for consent records 3 years from date of consent or last commercial message

    2. Consent Types

    2.1 TCPA Consent Framework (U.S.)

    Under the TCPA, as interpreted by FCC regulations and case law, the following consent standards apply:

    • Prior express written consent (highest standard): Required for autodialed or prerecorded marketing calls and texts to mobile phones. Must be a signed written agreement (including electronic signature) that clearly discloses: (a) that the consumer agrees to receive autodialed or prerecorded calls/texts, (b) from a named entity or entities, (c) for the phone number provided. The agreement must not be a condition of purchase. As of January 2025 (FCC 2024 Order), one-to-one consent linking the consumer to a specific seller is required.
    • Prior express consent (standard): Required for non-marketing autodialed calls and informational prerecorded calls to mobile phones. Can be inferred from a consumer providing their number in a relevant context (e.g., providing a mobile number on a contact form for appointment reminders).
    • No consent required: Emergency calls, calls placed without autodialer technology, calls solely to landlines (different rules apply).

    2.2 CASL Consent Framework (Canada)

    CASL's consent framework applies primarily to commercial electronic messages (CEMs), which include SMS messages. Phone calls are governed by the CRTC Unsolicited Telecommunications Rules and the National Do Not Call List (DNCL) regime. Under CASL:

    • Express consent: An explicit, informed consent given by the recipient specifically to receive CEMs from the sender, with clear identification of the sender and a description of the type of messages to be sent. Required for contacts without an existing relationship. There is no prescribed form; oral express consent is valid but harder to prove.
    • Implied consent - existing business relationship (EBR): Arises within 2 years of a purchase, contract, or inquiry by the recipient to the sender. Does not require explicit opt-in but is time-limited.
    • Implied consent - conspicuous publication: Where a person has conspicuously published their contact information without stating they do not wish to receive CEMs, and the CEM is relevant to the person's business role.

    2.3 AI Voice Call Disclosure Requirements

    Several U.S. states (including California, Florida, New York, and others) and Canadian federal regulations require that callers disclose at the beginning of any automated or AI-generated call that the caller is not a human. Specific requirements vary by jurisdiction but typically require:

    • An opening statement identifying the caller by name and business;
    • A disclosure that the call is automated or AI-generated;
    • The purpose of the call; and
    • Where applicable, an opportunity for the called party to opt out immediately.

    3. Required Disclosures at Call Start

    To comply with applicable law and best practices, each AI-handled call should include at the very beginning of the call:

    1. AI/automated system disclosure: "This call is from an AI assistant." (or equivalent language clearly disclosing the non-human nature of the caller)
    2. Caller identity: The name of the business on whose behalf the call is being made.
    3. Call purpose: A brief statement of why the call is being made.
    4. Recording disclosure (if applicable): "This call may be recorded." (required in all-party consent jurisdictions; recommended universally as best practice)
    5. Opt-out mechanism: Where required, an immediate opt-out option (e.g., "Press 2 to be removed from our list" or verbal opt-out instruction).

    VocaIQ provides configurable opening script templates to assist Customers in meeting these disclosure requirements. Customers are responsible for ensuring their opening scripts comply with the laws of their jurisdiction and the jurisdictions of their callers.

    4. Do-Not-Call (DNC) Obligations

    4.1 United States - Federal and State DNC

    • National Do Not Call Registry (FTC): Telemarketers must scrub against the FTC National DNC Registry before making marketing calls. Registrations must be re-checked no less than every 31 days. Registration at donotcall.gov.
    • Wireless numbers: Adding a mobile number to the DNC Registry does not provide protection from TCPA claims. The absence of a number from the DNC list does not indicate that an autodialed call is permissible - TCPA consent rules apply independently.
    • State DNC lists: Many U.S. states maintain their own do-not-call registries (e.g., Indiana, Wyoming, Colorado). Verify applicable state requirements in each jurisdiction where outbound calls are placed.
    • Internal DNC list: Any consumer who requests not to be called must be added to the caller's internal DNC list immediately. Calls to persons on the internal DNC list must stop within a reasonable time (generally the next business day). Internal DNC lists must be maintained indefinitely.

    4.2 Canada - National DNCL

    • National Do Not Call List (CNCRL): Telemarketers must register with and subscribe to the Canada's National Do Not Call List administered by the CRTC. Before making telemarketing calls, registered numbers must be scrubbed against the list no less than every 31 days. Registration at lnnte-dncl.gc.ca.
    • Exemptions: Calls to persons with whom the caller has an existing business relationship, a registered charity relationship, or prior written consent are generally exempt from DNCL requirements, subject to specific conditions.
    • Internal DNC: Any Canadian consumer who requests to be added to a caller's internal do-not-call list must be honoured for a minimum of 3 years.

    4.3 Scrubbing Frequency

    Customers must scrub all outbound call lists against applicable federal, provincial/state, and internal do-not-call lists no less frequently than every 31 days. Phone numbers added to any do-not-call list after the last scrub date must not be called until the list has been re-scrubbed and confirmed clear.

    5. Documentation and Retention

    Maintaining accurate and complete consent records is essential to defending against TCPA, CASL, and regulatory enforcement actions. Best practices include:

    Record Type U.S. (TCPA / FTC) Canada (CASL / CRTC)
    Written consent records 5 years recommended (FTC guidance) 3 years from date consent obtained
    Internal DNC list entries Indefinitely (per FTC rule) Minimum 3 years
    Call logs (date, time, number) 5 years recommended 3 years
    Opt-out requests and processing 5 years 3 years
    Employee training records 3 years 3 years

    Consent records should capture: the method of consent (web form, phone, in-person), the date and time of consent, the specific phone number consented for, the specific type of communications consented to, and the identity of the person who gave consent. Where consent is oral, a contemporaneous written record or call recording should be made.

    6. How VocaIQ Helps

    VocaIQ provides tools and features designed to assist Customers with compliance, including:

    • Configurable opening scripts: Customers can configure AI agent opening statements to include legally required disclosures (AI identity, caller identity, call purpose, recording notice, opt-out instructions). Template language is provided as a starting point.
    • Call transcripts: Every call generates a full transcript providing a contemporaneous record of what was communicated during the call, including disclosures made and opt-out requests received.
    • Call recordings: Audio recordings serve as evidence of disclosures, consent expressions, and opt-out requests.
    • Spam and DNC call filtering: VocaIQ can be configured to detect and reject calls from numbers on specified DNC lists or to flag calls matching spam signatures.
    • Real-time opt-out detection: The AI agent can be configured to detect verbal opt-out requests and trigger immediate call termination and CRM flagging.
    • SMS opt-out handling: Outbound SMS notifications include standard opt-out instructions (e.g., "Reply STOP to opt out") and honour STOP requests automatically.

    7. What VocaIQ Does NOT Do - Customer Remains Responsible

    VocaIQ provides technology infrastructure; we are not a compliance consultant and we do not make legal determinations on behalf of Customers. The following responsibilities rest entirely with the Customer:

    • Obtaining and documenting consent: VocaIQ does not obtain consumer consent on the Customer's behalf. Customers must independently obtain, document, and store all required consents before using VocaIQ to contact consumers.
    • DNC list subscription and scrubbing: Customers must independently subscribe to the FTC National DNC Registry (U.S.) and Canada's National DNCL, and must scrub call lists against these registries at the required frequency. VocaIQ does not perform DNC scrubbing on behalf of Customers unless explicitly contracted to do so as a separate service.
    • Jurisdiction-specific compliance: Customers are responsible for determining which laws apply to their calls based on the jurisdiction of callers, and for configuring VocaIQ accordingly.
    • Legal advice: VocaIQ does not provide legal advice. This guide is educational and informational only. Customers must consult qualified legal counsel.
    • Regulatory filings and registrations: Customers are responsible for registering with applicable telemarketing regulatory bodies, obtaining required licences, and making required disclosures to regulators.
    • Indemnification: As stated in the Terms of Service, the Customer agrees to indemnify 2845341 Ontario Inc. for any regulatory fines, claims, or liabilities arising from Customer's failure to comply with applicable telemarketing, consent, or DNC laws.

    Contact

    For questions about how VocaIQ can be configured to support your compliance program, please contact:

    2845341 Ontario Inc. - Legal & Compliance
    Email: [email protected]
    Address: 215 Daffodil Court
    Website: https://vocaiq.ai

    Record Retention - FTC Telemarketing Sales Rule (16 CFR Part 310)

    The FTC Telemarketing Sales Rule (TSR) requires sellers and telemarketers to maintain certain records relating to telemarketing activities. The current minimum retention period, as amended by the FTC in March 2024, is five (5) years from the date each record is produced (or, for scripts and advertising, five years from the date last used in telemarketing). There is no longer a 24-month period; that standard applied only to the pre-2024 rule.

    Records you must retain for at least five years include:

    • All substantially different telemarketing scripts, prerecorded messages, and promotional materials
    • Records of each telemarketing call (including called number, date, time, duration, and call detail records)
    • Records sufficient to demonstrate consumer consent for each called number
    • Do-not-call registry records and entity-specific do-not-call lists
    • Contracts with service providers used to deliver outbound calls (kept for 5 years from contract expiration)

    Who must retain: Both the seller and the telemarketer are responsible for maintaining these records, unless a written agreement between the parties allocates this responsibility to one party. Even if your agreement places retention responsibility on VocaIQ's underlying telephony providers, you as the seller must ensure you maintain access to all required records. VocaIQ retains call metadata and, where enabled, call recordings for the retention period specified in your subscription agreement. You are responsible for retaining consent documentation and supplemental call records as required by the TSR.

    Violations of the TSR can carry civil penalties in excess of $50,000 per call. See 16 CFR Part 310, https://www.law.cornell.edu/cfr/text/16/310.5.

    Questions about this document?

    Contact us at [email protected]. We respond within 5 business days.