The short answer
A TCPA violation costs $500 per call for an ordinary violation and up to $1,500 per call when it's willful or knowing (47 U.S.C. § 227(b)(3)). There's no cap on the total, which is why TCPA class actions routinely settle in the millions to tens of millions. The danger with AI is the multiplier: a script flaw repeated across an automated dialer's volume turns one mistake into thousands of identical violations.
Per-call penalties were written for a world where calling was slow and manual. AI breaks that assumption, so the arithmetic stops being abstract. Watch what happens to the exposure as call volume climbs.
One missing disclosure × your call volume
$500-$1,500 per call1,000 calls
$0K
negligent · $500K
up to $1.5M
willful (treble)
10,000 calls
$0K
negligent · $5M
up to $15M
willful (treble)
100,000 calls
$0K
negligent · $50M
up to $150M
willful (treble)
Illustrative TCPA statutory-damages arithmetic, (calls affected) × ($500 negligent / $1,500 willful), per 47 U.S.C. § 227(b)(3). Aggregate damages are uncapped; actual outcomes are decided in litigation.
The math, made painfully simple
Take a single missing disclosure on an outbound campaign. The formula is just: (calls affected) × (per-call damages).
| Calls with the flaw | × $500 (negligent) | × $1,500 (willful) |
|---|---|---|
| 1,000 | $500,000 | $1,500,000 |
| 10,000 | $5,000,000 | $15,000,000 |
| 100,000 | $50,000,000 | $150,000,000 |
And TCPA is only one regime. The same call can stack exposure under other laws at the same time:
| Regime | Typical exposure | Primary source |
|---|---|---|
| TCPA | $500-$1,500 per call; uncapped in aggregate | 47 U.S.C. § 227 |
| HIPAA | Up to ~$2M per violation category per year (inflation-adjusted) | 45 CFR 160 / HHS |
| FDCPA | Statutory damages + class actions; mini-TCPA state laws stack | 15 U.S.C. § 1692 |
| State wiretap (e.g. CA CIPA) | Criminal penalties + civil damages per recording | Cal. Penal Code § 632 |
The hidden costs nobody puts in the spreadsheet
- Legal defense: even a meritless TCPA class action costs six figures to defend.
- Discovery pain: if you can't produce call records, you litigate from a position of weakness.
- Card processing: a PCI failure can cost you the ability to take payments at all.
- Reputation: a public enforcement action follows your brand around in search results.
How to make the number zero
The cost of monitoring every call is trivial against the cost of one missed disclosure at scale. Trace scans 100% of calls, flags the violation *before* it's repeated ten thousand times, and keeps the audit trail that turns a discovery nightmare into a one-click export. The expensive thing isn't compliance. It's finding out you weren't compliant after the lawsuit is filed.
Connect your calls
Point Trace at the calls you already make, phone agents, Zoom, Meet, Teams. No new phone system, no rip-and-replace.
Pick your rule packs
Turn on TCPA, HIPAA, PII, and brand-voice packs, or upload your own. No model training required.
Get a scorecard per call
Every call comes back with a verdict, cited findings, redactions, and an audit hash. Live the same afternoon.
Educational, not legal advice
Damages figures are statutory starting points; real-world outcomes depend on the facts and are decided in litigation, and amounts change with inflation adjustments and court rulings. Confirm current figures and your exposure with qualified counsel.
Primary sources
We cite the statute or ruling so you can verify every claim. Status changes, confirm currency with counsel.
Frequently asked questions
How much is a TCPA violation?
$500 per call for a negligent violation and up to $1,500 per call for a willful or knowing one, with no cap on the aggregate. That's why TCPA class actions frequently settle in the millions.
Why is the TCPA especially risky for AI calling agents?
Damages are assessed per call. An AI agent can place thousands of identical calls, so a single script or consent flaw is replicated across the whole campaign, multiplying the exposure linearly with volume.
Can one call violate more than one law?
Yes. A single call can simultaneously implicate the TCPA (consent), state wiretap law (recording), HIPAA or PCI DSS (sensitive data), and the FDCPA (collections), stacking exposure across regimes.
What does it cost to monitor calls for compliance?
Trace scans calls for a fraction of a cent compared to per-call statutory damages multiplied across an automated dialer's volume.