← All Resources

Do-Not-Call Compliance for Automated Calling: The 2026 Guide

The National Do-Not-Call Registry is just the start. Internal DNC lists, the FCC's 2025 revocation rule, in-call opt-outs, and record-keeping — what an outbound calling operation actually has to do in 2026, and why the screening must fail closed.

Three lists, not one

"DNC compliance" gets talked about as if it were a single checkbox. It's actually three separate obligations, and an outbound calling operation has to satisfy all of them:

  • The National Do-Not-Call Registry. The FTC's registry of numbers that may not receive telemarketing calls. Your list must be scrubbed against it at least every 31 days — numbers stay registered permanently, so a scrub from two months ago proves nothing about today's campaign.
  • Your internal (entity-specific) DNC list. Anyone who tells your business to stop calling goes on a list that applies to your business forever, even if their number was never on the national registry — and since April 2025, the request must be honored within at most 10 business days (down from the old 30-day maximum). This is the list regulators check first, because it's the one businesses most often fumble.
  • State DNC lists and litigator databases. A handful of states maintain their own registries, and professional TCPA plaintiffs seed lists with their own numbers. Screening against these is cheap insurance at campaign scale.

The 2025 revocation rule changed the game

The FCC's consent-revocation rule, effective April 2025, lets consumers revoke consent by any reasonable means — saying it on a call, replying STOP to a text, sending an email — and requires callers to honor the revocation within 10 business days. You cannot funnel opt-outs through one official channel and ignore the rest.

For automated calling, the sharpest consequence is this: the call itself is now an opt-out channel. If a called party says "stop calling me" to your AI agent and the agent cheerfully continues the script, your system just ignored a legally effective revocation — and generated a timestamped recording proving it.

The engineering implication: revocation phrases have to be recognized in the live conversation, at the platform level, on every call. "Stop calling," "take me off your list," "don't call me," "remove me" — when the caller says it, the call should end and the number should land on the internal DNC list in the same transaction. This can't be left to each agent's prompt; a prompt is a suggestion, not a control.

Fail-closed is the only defensible screening posture

Every dialer screens numbers against DNC lists before calling. The design question that separates serious platforms from demos is: what happens when the screening check fails?

A fail-open system — one where a database timeout or a service error lets the dial proceed unscreened — converts an infrastructure hiccup into a batch of potential violations. At automation scale, "the DNC check was down for twenty minutes" can mean hundreds of unscreened calls, each one a separate statutory violation with a $500–$1,500 price tag under the TCPA's private right of action.

A fail-closed system treats "couldn't verify" as "don't call." Calls held for a failed check can always be retried after the check recovers; calls placed to registered numbers can't be un-placed. When you evaluate a calling platform, this is a question worth asking directly: if your DNC service errors, does the dial go out?

Keep the records — for five years

The FTC's amended Telemarketing Sales Rule requires keeping telemarketing records — including consent evidence and DNC requests — for five years. Two practical consequences follow:

  • Consent needs provenance, not just a flag. "This contact consented" is worthless in a dispute without when, how, and from where the consent was captured. Store the source with the consent at import time, because you cannot reconstruct it later.
  • Deleting data has a carve-out. If you purge customer data — off-boarding, a deletion request — the consent and DNC records the TSR requires you to keep are the exception. A deletion pipeline that wipes everything indiscriminately destroys the evidence that protects you.

How Vosy handles it

Vosy treats DNC as a platform control rather than a user responsibility. Screening on every dial path is fail-closed — an errored check holds the call. A platform-wide phrase floor listens for revocation language ("stop calling," "take me off," "do not call," "opt out," and variants) on every live call, ends the call, and writes the number to the org's DNC list immediately — it's always active and no agent configuration can turn it off. Consent provenance is captured at contact import, and the retention pipeline preserves the five-year TSR records even through account closure and data-deletion flows.

If you're comparing platforms: the honest test isn't whether DNC management exists in the dashboard — it's whether the platform or your prompt is what stands between a revoked number and the next dial. See also: the calling-hours rules that pair with DNC →

Frequently asked questions

How often do I have to scrub my list against the National DNC Registry? expand_more

At least every 31 days. Under the FTC's Telemarketing Sales Rule, you may not call a number that has been on the registry for 31 days or more, so lists older than a month are stale by definition. Numbers stay on the registry permanently — registrations do not expire.

What is an internal (entity-specific) Do-Not-Call list? expand_more

Separate from the national registry, every business that makes telemarketing calls must keep its own list of people who have asked that business not to call them — and honor those requests. Asking to be removed on a call goes on the internal list even if the number was never on the national registry.

What changed with the FCC's revocation rule in 2025? expand_more

Effective April 2025, consumers can revoke consent by any reasonable means — saying "stop calling" mid-call, replying STOP, an email — and the caller must honor the revocation within 10 business days. You cannot require a specific opt-out channel, which means your calling system itself has to recognize revocation when it hears it.

What does "fail-closed" DNC screening mean? expand_more

If the DNC check errors, the call does not go out. A fail-open design — where a database timeout lets the dial proceed unscreened — turns an infrastructure hiccup into a batch of potential violations. Fail-closed treats "couldn't verify" as "don't call," which is the only defensible posture at automation scale.

Does an AI agent have to recognize "stop calling" during a call? expand_more

Practically, yes. Since revocation by any reasonable means includes saying it on the call, an automated calling system that can't hear and act on "stop calling," "take me off your list," or "don't call me" isn't honoring the rule. The agent should end the call and write the number to the internal DNC list immediately.

Compliance you don't have to remember

Vosy enforces calling windows, Do-Not-Call screening, consent-gated recording, and AI disclosure in the dial path itself. Start free — 1 agent, 20 minutes, no credit card.

Get Started Free