FDCPA + State Laws for AI Debt Collection: 50-State Guide
Disclaimer
This guide is for informational purposes only and does not constitute legal advice. Debt collection laws change frequently at both state and federal levels. Always consult with a qualified attorney specializing in debt collection compliance for your specific situation and jurisdiction.
The Federal FDCPA Baseline
The Fair Debt Collection Practices Act establishes the floor for debt collection regulation in the United States. Every AI voice agent used in debt collection must comply with FDCPA regardless of which state it operates in. Understanding this baseline is essential before layering state-specific requirements on top.
The FDCPA governs third-party debt collectors - agencies collecting debt on behalf of others or companies collecting debt they purchased. Original creditors collecting their own debts are generally exempt from FDCPA, though many state laws cover them too. For AI implementations, you need to determine whether your use case falls under FDCPA or only under state regulation.
Key FDCPA requirements that directly affect AI voice agent design include the Mini-Miranda disclosure (identifying as a debt collector and stating the call is an attempt to collect a debt), restrictions on calling times (8am-9pm in the consumer's time zone), prohibitions on harassment and abuse, validation notice requirements within 5 days of initial contact, and specific procedures for disputed debts.
AI voice agents have a compliance advantage here - they deliver required disclosures with 100% consistency. Unlike human collectors who occasionally forget or rush through disclosures, AI follows the script every time. This consistency is both a compliance benefit and a documentation advantage if calls are ever challenged.
Where State Laws Diverge from FDCPA
FDCPA is the minimum standard. Many states impose additional requirements that are stricter than federal law. When state and federal laws conflict, the stricter standard applies. For AI systems operating across multiple states, this means configuring for the most restrictive applicable rules.
| Regulatory Area | FDCPA Standard | Common State Variations |
|---|---|---|
| Calling hours | 8am-9pm consumer time zone | Some states restrict further (e.g., 9am-8pm) |
| Mini-Miranda disclosure | Standard federal language | Additional state-specific disclosures required |
| Written validation notice | Within 5 days of first contact | Some states require notice in first communication |
| Cease and desist | Must honor written requests | Some states allow verbal cease-and-desist |
| Recording consent | Federal allows one-party | Twelve states require all-party consent |
| Licensing | No federal license required | 30+ states require collector licensing |
| Statute of limitations disclosure | No specific requirement | Some states require disclosure of expired SOL |
| Consumer right notifications | Dispute rights within 30 days | Additional rights notifications in some states |
The practical challenge for AI systems is that the debtor's location determines which state rules apply, not the collector's location. An AI system calling debtors across all 50 states needs to know and apply the correct rules for each debtor's jurisdiction. This requires either maintaining a rules database indexed by state or configuring the AI to use the most restrictive rules nationwide.
Mini-Miranda Variations by State
The Mini-Miranda warning is the disclosure debt collectors must make during initial communications. The federal version is straightforward, but several states require additional language that AI voice agents must incorporate.
| State Category | Additional Requirements | Example States |
|---|---|---|
| Federal standard only | No additional state disclosure required | Most states follow FDCPA standard |
| Enhanced disclosure states | Must include state-specific language about consumer rights | New York, California, Colorado, Connecticut |
| Original creditor inclusion | Must disclose original creditor if different from collector | Massachusetts, Connecticut |
| Amount verification | Must provide specific balance information in disclosure | New York City (local law) |
| Language requirements | Disclosures may need to be available in Spanish or other languages | California, New York City |
| Written confirmation | Verbal disclosure must be followed by written version | Several states with consumer protection emphasis |
For AI voice agents, the Mini-Miranda scripting guide provides specific templates that can be configured per state. The key implementation detail is that the AI must determine the debtor's state before delivering the disclosure, which means the state lookup happens early in the call flow - typically during the identity verification step.
New York deserves special attention because it has some of the strictest disclosure requirements in the country. New York City has additional local regulations on top of state requirements. AI systems calling New York consumers need separate disclosure scripts for NYC versus rest-of-state, adding another layer of geographic specificity.
State Licensing Requirements for AI Collections
More than 30 states require debt collectors to obtain a license or register before collecting debts from consumers in that state. This licensing requirement applies regardless of whether the collection is performed by humans or AI - the entity operating the AI system needs proper licensing.
Determine which states require licensing
Most states require some form of debt collector licensing. The type and requirements vary - some require surety bonds, some require net worth minimums, some require exam passage. Your compliance team needs to identify every state where your AI will contact consumers.
Obtain licenses before AI deployment
License applications can take weeks to months to process. Plan your AI rollout around licensing timelines. Operating without required licenses - even inadvertently - can result in the inability to collect on debts and significant penalties.
Maintain license renewals and compliance
Most licenses require annual renewal with updated financial statements, bond certificates, and complaint disclosures. Build a license management calendar that triggers renewal processes well before expiration dates.
Configure AI to respect license boundaries
If you are licensed in 40 states but not all 50, your AI system must not contact consumers in unlicensed states. Build state validation into your call initiation logic so the AI never calls a consumer in a state where you lack authorization.
The licensing landscape is complex because each state has different requirements, different application processes, and different oversight agencies. Some states regulate through the state banking department, others through the attorney general, and others through dedicated consumer protection agencies. Multi-state operations often use compliance management platforms or outside counsel to track license status across jurisdictions.
State-Specific Calling Restrictions
Beyond the FDCPA's 8am-9pm calling window, states impose additional restrictions that AI systems must respect.
| Restriction Type | FDCPA Rule | State Variations |
|---|---|---|
| Calling hours | 8am-9pm consumer local time | Some states narrow to 9am-8pm or similar |
| Sunday calls | Permitted during allowed hours | Several states prohibit or restrict Sunday calls |
| Holiday calls | No federal restriction | Some states prohibit calls on state holidays |
| Workplace calls | Prohibited if employer disapproves | Stricter workplace contact rules in several states |
| Cell phone calls | TCPA autodialer restrictions | Additional state cell phone protections |
| Frequency limits | Reg F: 7 calls per 7 days per debt | Some states impose stricter frequency limits |
| Voicemail | Reg F provides limited safe harbor | State rules vary on voicemail content requirements |
For AI systems, calling restriction compliance is relatively straightforward to implement because it is rule-based. The system maintains a database of state calling rules, determines the consumer's state and time zone, and validates that a call is permitted before dialing. The challenge is keeping this rules database current as states update their regulations.
For detailed guidance on call frequency limits, the Reg F and CFPB communication rules guide covers the federal framework that intersects with state restrictions.
Statute of Limitations by State
The statute of limitations on debt varies dramatically by state and debt type. This affects AI collection calls because some states require disclosure when a debt is past its statute of limitations, and collecting on time-barred debt carries legal risks.
| Debt Type | Shortest SOL | Longest SOL | Common Range |
|---|---|---|---|
| Written contracts | 3 years (several states) | 10 years (several states) | 4-6 years most common |
| Oral agreements | 3 years | 10 years | 4-6 years most common |
| Promissory notes | 3 years | 10 years | 5-6 years most common |
| Open accounts (credit cards) | 3 years | 10 years | 3-6 years most common |
| Medical debt | Varies by state classification | Varies by state classification | 3-6 years typically |
AI systems must track the statute of limitations for each account based on the debtor's state and the debt type. When the SOL has expired, the system needs to either suppress the account from AI calling or modify the script to include required disclosures about the debt being time-barred. Some states make it a violation to sue or threaten to sue on time-barred debt, and AI systems must never imply legal action on such accounts.
A critical nuance: in some states, making a payment on a time-barred debt can restart the statute of limitations. AI systems offering payment arrangements on older accounts need to be aware of this interaction and comply with any state requirements to disclose this consequence to the consumer.
Emerging AI-Specific State Regulations
As AI becomes more prevalent in debt collection, states are beginning to address AI-specific regulatory questions. This is an evolving area with significant activity expected through 2026 and beyond.
- AI disclosure requirements: Several states are considering or have passed legislation requiring disclosure when a consumer is interacting with AI rather than a human. For debt collection, this means the AI may need to identify itself as automated early in the call.
- Algorithmic fairness: States with strong consumer protection frameworks are examining whether AI collection systems produce discriminatory outcomes. If AI prioritizes calls or collection strategies based on demographic data (even indirectly), it may trigger fair lending or civil rights scrutiny.
- Data use limitations: AI systems that analyze consumer behavior, voice patterns, or financial data to optimize collection strategies may face restrictions under state data privacy laws (like CCPA in California or equivalent laws in other states).
- Consent for AI interaction: Some states are exploring whether consumers should have the right to opt out of AI collection interactions and demand human contact. This would require AI systems to have reliable human escalation paths.
The regulatory landscape for AI in debt collection is moving rapidly. Organizations deploying AI collection systems should monitor legislative developments in their active states and build flexibility into their systems to accommodate new requirements without major technical overhauls.
Implementing State-Aware AI Compliance
Building an AI collection system that complies with 50+ jurisdictions requires a systematic architecture rather than ad hoc configuration.
Build a state rules engine
Create a centralized database that maps each state to its specific requirements: calling hours, disclosure scripts, licensing status, recording consent rules, SOL periods, and any AI-specific regulations. This becomes the compliance brain that the AI queries before each interaction.
Implement pre-call validation
Before the AI places any call, it validates: Is the account in a state where we are licensed? Is the current time within allowed calling hours for that state? Is this call within frequency limits? Is the SOL expired and does the state require disclosure? Does the state require all-party recording consent? Each check must pass before dialing.
Configure state-specific scripts
Build script templates that include state-variable fields. The Mini-Miranda section loads the correct state version. The recording disclosure adapts based on consent requirements. Validation notices include state-specific consumer rights. The AI selects the correct template based on the debtor state.
Automate compliance monitoring
Build dashboards that flag compliance risks: calls made outside allowed hours, disclosure delivery failures, frequency limit approaches, and license expiration warnings. Automated monitoring catches issues before they become violations.
Establish a regulatory update process
Assign responsibility for monitoring state legislative changes and court decisions that affect collection rules. When rules change, update the state rules engine and test the AI's behavior in that state before the effective date.
The investment in a state rules engine pays off at scale. Without it, every new state regulation requires custom code changes to the AI system. With it, you update a configuration entry and the AI automatically adjusts its behavior. This architecture difference determines whether your compliance team can keep pace with regulatory changes or falls behind.
Frequently Asked Questions
Yes. The FDCPA applies to the entity performing collection, regardless of whether humans or AI make the calls. If your organization is a third-party debt collector under the FDCPA definition, all calls made by your AI system must comply with FDCPA requirements just as human-made calls would.
Generally, the debtor's state law applies. If a collector in Texas calls a debtor in California, California's debt collection laws govern the interaction. Some states also assert jurisdiction over collectors located within their borders. AI systems should apply the debtor's state rules for each individual call.
In most cases, yes. Over 30 states require debt collector licensing, and the requirement is based on where the debtor is located, not where the collector operates. If your AI contacts consumers in those states, you need the applicable license. Operating without a license can void debts and trigger penalties.
In two-party consent states, the AI must disclose that the call is being recorded and obtain consent before proceeding. If the consumer does not consent, the AI must either disable recording for that call or end the call. Build consent logic into the early portion of your call flow, before any substantive conversation begins.
The FDCPA does not specifically prohibit Sunday calls (as long as they fall within the 8am-9pm window). However, several states restrict or prohibit debt collection calls on Sundays. Your AI system needs to check state-specific Sunday rules before dialing consumers in those states.
When state law is stricter than FDCPA, the stricter standard applies. FDCPA explicitly states that it does not preempt state laws that provide greater consumer protection. Your AI system should always apply the more protective rule when there is a conflict between federal and state requirements.
State legislatures and regulatory agencies update debt collection rules regularly. Significant changes happen in multiple states each year, particularly around AI disclosure requirements, data privacy, and consumer protection enhancements. Building a quarterly review process into your compliance operations is the minimum recommended frequency for monitoring changes.
Many state laws do apply to first-party (original creditor) collection, even though FDCPA generally does not. California, Colorado, and several other states have debt collection laws that cover original creditors. If your AI makes first-party collection calls, check each state's specific definition of covered entities.
Some states require disclosure when collecting on time-barred debt - informing the consumer that they cannot be sued for the debt but that payment may restart the SOL clock. Configure your AI to check the SOL status for each account and deliver required disclosures in applicable states. Never imply legal action on time-barred accounts in any state.
As of early 2026, there are no federal regulations specifically targeting AI in debt collection. The CFPB has issued guidance suggesting that existing consumer protection laws apply equally to AI-mediated collection. However, federal AI-specific regulation is actively under consideration and could emerge. Monitor CFPB guidance and proposed federal legislation for developments.
Founder & CEO, AInora
Building AI digital administrators that replace front-desk overhead for service businesses across Europe. Previously built voice AI systems for dental clinics, hotels, and restaurants.
View all articlesReady to try AI for your business?
Hear how AInora sounds handling a real business call. Try the live voice demo or book a consultation.
Related Articles
Mini-Miranda Scripts for AI Voice Agents
Compliant disclosure templates and state-specific variations for AI debt collection calls.
Reg F & CFPB Rules for AI Debt Collection
Communication frequency limits and channel rules for AI-powered debt collection under CFPB Regulation F.
AI Debt Collection Call Recording: Consent by State
Call recording consent requirements for AI debt collection across one-party and two-party consent states.