There’s a TCPA complaint sitting in a Virginia federal court that should be on every outbound operator’s radar — not because of the consumer who filed it, but because of who he sued.

In Lowry v. OpenAI, the plaintiff alleges he received unwanted marketing text messages from a company called Fresh Start Group, sent via Twilio-provisioned numbers, that were generated using OpenAI’s platform. So far, so unremarkable. The unusual move is that the complaint names OpenAI itself and Twilio as defendants — not just the company that actually sent the messages.

The platform liability theory

The theory: under the TCPA, you can be liable if you ’cause’ a call or text to be initiated — not just if you physically dial. The complaint argues that by providing the AI platform that generated the messages and the telephony infrastructure that delivered them, OpenAI and Twilio caused the messages and should share liability with the downstream caller.

If that theory survives — and even if it only survives early motions long enough to drive a settlement — it reshapes the TCPA risk model for every operator that uses an AI agent or a CPaaS provider in their outbound stack. Which, in 2026, is basically all of them.

The exposure math

The complaint seeks to represent a class of every U.S. consumer who received marketing messages generated on OpenAI’s platform, where the recipient’s number was on the DNC list and OpenAI did not have consent. At $500 per call with a four-year TCPA lookback, the theoretical class damages run into the trillions. That number is obviously aspirational, but it is the number plaintiff’s counsel will use at the settlement table.

Twilio is not new to this argument. The company received an FCC cease-and-desist letter in 2024 over allegedly enabling illegal robocall traffic. The platform-liability theory in Lowry didn’t appear from nowhere — it’s the legal extension of years of regulatory pressure on the infrastructure layer.

Why this matters even if you’re not Twilio or OpenAI

For operators, the practical implication is not ‘we should stop using AI or CPaaS providers.’ The implication is that the indemnity and consent structure of your vendor agreements just got a lot more important. If your CPaaS or AI vendor takes a settlement-driven hit from a Lowry-style case, every contract clause about pass-through liability, indemnity, and audit rights becomes live.

Three operator action items:

1. Read your CPaaS terms of service. Most CPaaS providers explicitly disclaim TCPA liability and push it back to the customer. That’s fine until a court holds the CPaaS provider liable anyway — at which point the disclaimer becomes a contract fight, not a liability shield.

2. Document your consent-to-platform chain. If a platform-liability case lands and the platform comes asking, you want a clean record of how every number on your campaign ended up there with consent.

3. Watch the FCC’s posture. The FCC has already issued cease-and-desist letters to infrastructure providers and has ruled that AI-generated voices are ‘artificial or prerecorded voice’ under the TCPA. The trend is toward more, not less, liability up the stack.

If you run an outbound calling or texting program, the cheapest insurance against any of this is screening your dial list before you hit send. TCPALitigatorList.com maintains a continuously updated database of known TCPA plaintiffs and serial litigators so operators can scrub their files and quietly remove the numbers most likely to turn a routine campaign into a class action. A few minutes of list hygiene beats a few months of discovery every time.

The bigger arc

The TCPA was written in 1991 for a world of human dialers calling from cubicles. The legal system has spent 35 years stretching its concepts of ‘call,’ ‘caller,’ and ‘consent’ to cover autodialers, prerecorded voice, ringless voicemail, SMS, and now AI-generated messages routed through stack-of-stack platforms.

Lowry v. OpenAI is the next chapter of that stretch: holding whoever provided the technology that caused the message, not just the entity whose name was on the customer-facing brand. Watch this case closely. Whether it wins or settles, it will move where TCPA liability lands for the next decade.

Sources

National Law Review: New TCPA Complaint Names OpenAI and Twilio
Henson Legal: OpenAI and Twilio Sued for Customers’ TCPA Violations
Lowry v. OpenAI Complaint (PDF)

For years, ringless voicemail (RVM) vendors sold the same comforting story to operators: drop a message straight into a consumer’s voicemail without actually placing a call, and you sidestep the TCPA. That story is dead. Two 2026 cases have driven a stake through it, and any operator still running RVM campaigns without TCPA-grade consent is sitting on an unsexploded class action.

The $6.5M warning shot

National Retail Solutions (NRS), a point-of-sale technology provider, agreed to pay over $6.5 million to resolve a TCPA class action alleging it used ringless voicemail technology without the level of consent the statute requires. The class is limited to RVMs sent by a single provider, with over 50,000 class members each set to receive more than $100. The ceiling on what NRS sent is almost certainly much higher than the class that got certified.

The case is a clean operator-side cautionary tale. NRS wasn’t a fly-by-night dialer shop. It was a B2B technology company that ran a growth program through a marketing channel its leadership probably believed was compliant. The compliance belief was wrong, the scale was high, and the bill is $6.5M.

The GoHighLevel realtor case

The second case to know is the Britney Gaitan / GoHighLevel matter out of Las Vegas. A solo realtor used GoHighLevel — a popular all-in-one marketing platform — to send ringless voicemails to expired listings. A court certified a class against her on the theory that the voicemails were prerecorded calls under the TCPA, and that she had no documentation of consent from class members.

The operator-level lesson here is brutal. You don’t need to be a Fortune 500 telemarketer to face TCPA class exposure. You need to run a single high-volume RVM campaign without consent records, and you can lose your business.

Why courts keep treating RVM as TCPA-regulated

The FCC settled this question in 2022 with a Declaratory Ruling that ringless voicemails to wireless phones are subject to the TCPA’s robocall provisions because they are calls made using an artificial or prerecorded voice. Every court ruling since has reinforced that position, including a 2025 decision in Taylor v. Kit Insurance holding that identical voicemail content is enough at the pleading stage to allege a prerecorded call.

The vendor story — that RVMs aren’t ‘calls’ because they bypass the ring — has been rejected by the FCC and the courts. If your vendor is still pitching that line, find a new vendor.

Operator checklist if you run RVM

Treat RVM exactly like a robocall. Same prior express written consent. Same DNC scrubbing. Same revocation handling. Same recordkeeping. There is no separate compliance lane.

Audit your consent records by source. If you can’t produce, per number, a time-stamped, source-traceable consent record for the specific channel and specific purpose, you don’t have consent.

Get rid of legacy lists. Old lead lists are where TCPA class actions are born. If a list pre-dates your current consent process, retire it.

Document your platform’s defaults. Many marketing platforms ship with consent assumptions baked in. If those assumptions don’t match your actual lead flow, you’re carrying the risk, not the platform.

If you run an outbound calling or texting program, the cheapest insurance against any of this is screening your dial list before you hit send. TCPALitigatorList.com maintains a continuously updated database of known TCPA plaintiffs and serial litigators so operators can scrub their files and quietly remove the numbers most likely to turn a routine campaign into a class action. A few minutes of list hygiene beats a few months of discovery every time.

Bottom line

The RVM industry spent a decade selling a workaround that the FCC and the courts have now explicitly rejected. Operators who continue to rely on the workaround are betting against settled regulatory and judicial positions. The NRS $6.5M settlement and the GoHighLevel class certification are the two numbers that should end the bet.

Sources

National Law Review: Ringless Voicemail Triggers $6.5M TCPA Settlement for NRS
TCPAWorld: GoHighLevel Realtor TCPA Class Action
FCC Declaratory Ruling on Ringless Voicemail

If you run outbound calling or texting programs that touch Tennessee residents, mark a date on your wall: July 1, 2026. That’s when Tennessee’s new automated-telemarketing oversight law — HB 2408 / SB 2659 — takes effect, and it’s going to change the day-to-day mechanics of how you operate in the state.

The bill cleared both chambers without a single dissenting vote (94-0 in the House on April 6, 33-0 in the Senate on April 21), was signed by the Speaker on April 30, and was transmitted to Governor Lee on May 7. If he signs it — and there’s no political reason to think he won’t — the amendment applies to conduct occurring on or after July 1, 2026.

What actually changed

The bill amends Tennessee’s existing telephone and text-message solicitation framework by bolting on a new oversight mechanism aimed squarely at large-scale automated campaigns. The headline practical changes are new reporting requirements, expanded recordkeeping obligations, and tighter solicitation limits for any business running automated dialers or mass-text platforms into Tennessee numbers.

The key word is oversight. Tennessee already has TCPA-style consent and DNC rules on the books. What was missing was visibility — the state regulator had no clean way to see who was running large automated campaigns into the state. The amendment fixes that by requiring covered callers to file reports and retain records that the regulator can pull on demand.

Why this matters operationally

The federal TCPA gets the attention, but state-level enforcement is where most operators actually get caught. State regulators have shorter ramps to enforcement, can act on a complaint without a class plaintiff, and increasingly coordinate with sister states under the 51-AG Anti-Robocall Task Force. Tennessee adding a reporting regime is a textbook case of the state-level squeeze that’s been building all year.

For operators, the practical to-do list before July 1 is short but real:

1. Inventory your Tennessee traffic. Pull the last 12 months of dialer and SMS logs and segment by state. If Tennessee is a meaningful slice, you are in scope.

2. Audit your consent records. The reporting regime won’t be friendly to operators who can’t produce a clean, time-stamped consent record for each number. Now is the time to fix gaps in lead documentation.

3. Pin down your vendor stack. If you use third-party dialers, SMS aggregators, or lead vendors, your recordkeeping is only as good as theirs. Get contractual commitments in writing that they’ll preserve and produce records on the timelines the new law demands.

4. Rethink your suppression process. Reporting obligations mean every preventable violation becomes a visible one. Front-loading suppression — DNC scrubs, internal-DNC propagation, litigator screening — is the cheapest risk reduction you can do.

If you run an outbound calling or texting program, the cheapest insurance against any of this is screening your dial list before you hit send. TCPALitigatorList.com maintains a continuously updated database of known TCPA plaintiffs and serial litigators so operators can scrub their files and quietly remove the numbers most likely to turn a routine campaign into a class action. A few minutes of list hygiene beats a few months of discovery every time.

The bigger picture

Tennessee is not an outlier. New York raised its DNC fine ceiling to $20,000 per violation. Mississippi shifted its no-call enforcement to the AG. The pattern is clear: while the FCC is loosening at the federal level, states are tightening, and the tightening comes with real teeth.

Operators who treat TCPA compliance as a single federal program are going to keep getting surprised. The compliance map is now a 50-state patchwork, and Tennessee just added another patch with a deadline.

Sources

TCPAWorld: Tennessee’s New Solicitation Oversight Law
Receivables Info: Tennessee Legislature Approves New Automated Telemarketing Restrictions
LegiScan: Tennessee HB 2408

SiriusXM’s $28 million TCPA settlement hit its final approval hearing on May 11, 2026, in the Central District of Illinois. The case — Campbell v. SiriusXM Radio, Inc., No. 2:22-cv-2261 — covers consumers who received more than one telemarketing call from SiriusXM within a 12-month period between April 27, 2019, and October 31, 2025, despite either being on the National Do Not Call Registry or having asked to be added to SiriusXM’s internal Do Not Call list. The operational lesson buried inside the case is more important than the headline number.

The “internal DNC” failure mode

The National DNC Registry is a known compliance surface. Most callers scrub against it. But the internal DNC list — the list of consumers who have specifically asked your company to stop calling them — is where SiriusXM (and most large outbound callers) repeatedly bleeds. The plaintiffs in Campbell were able to assemble a class because the company couldn’t reliably honor its own internal opt-out requests across a six-year window. That’s an operational data problem, not a legal one.

The TCPA requires that an internal DNC request be honored within a reasonable time — typically construed as 30 days — and that the request persist indefinitely once made. For any large outbound calling operation, this means an internal DNC list has to: (1) capture every opt-out across every channel (phone, web, text reply, email, mail), (2) propagate that opt-out to every system that initiates contact, and (3) survive every data migration, vendor switch, and platform consolidation that happens over the years.

Where it breaks

The places SiriusXM almost certainly broke down are the places most operators break down:

Channel fragmentation. Customer asks an inbound rep to stop calling. That rep notes it in the support CRM. The outbound dialer reads from a different system. The opt-out doesn’t propagate. Next call goes out two weeks later.

Vendor and platform changes. Migration from one telephony platform to another, or one CRM to another, frequently drops the historical DNC flag. Suddenly a number that’s been opted out for three years is “fresh” again from the dialer’s perspective.

Reassigned numbers. The number that opted out belongs to one person. Two years later, the number belongs to someone else. Your DNC list still has the opt-out. Now you’re not calling the person who asked you to stop — but the rules around this are nuanced and have moved repeatedly in recent years.

Affiliate and partner calls. Calls placed by partners, resellers, or acquisition targets on your behalf. The opt-out you captured doesn’t make it into their dialers. The customer experiences these as calls from you.

The class-action economics

Per the settlement framework, SiriusXM’s $28 million covers a class spanning roughly six and a half years. Per-claimant payouts are capped (claim deadline was March 21, 2026), but the structural cost — attorney’s fees, claims administration, ongoing class-counsel oversight — is significant. The settlement also triggers internal remediation obligations: SiriusXM’s internal DNC processes will be under heightened scrutiny going forward, and any future violation in this area carries dramatically increased exposure.

For operators, the math to internalize: the $28M number is the visible cost. The invisible cost is the ongoing operational discipline required to keep this from happening again. Most companies eat that invisible cost only after the visible one materializes.

One operational hedge worth building into your dialing stack: scrub every outbound list against known TCPA plaintiffs before you launch. TCPALitigatorList.com maintains a continuously updated database of numbers tied to professional plaintiffs and frequent TCPA filers, and a five-minute suppression pass against that file is a lot cheaper than a single class certification fight.

An operator’s audit checklist

Five things to verify about your internal DNC infrastructure this week:

First, every channel where a customer can request to stop being contacted feeds into a single source-of-truth opt-out table. Second, that table is read by every system that initiates outbound contact, with a documented SLA on propagation (24 hours is reasonable; 30 days is the legal ceiling, not the operational target). Third, opt-outs persist through every data migration, with explicit reconciliation steps in the migration playbook. Fourth, partner and affiliate calling is governed by a contractual requirement that your DNC list be shared and honored. Fifth, you have a quarterly audit process that picks 25 random opt-outs and verifies that no contact has gone out since the opt-out date. If you can’t pass that audit cleanly, you’re a Campbell defendant waiting to happen.

Sources

Campbell v. SiriusXM Radio, Inc., No. 2:22-cv-2261 (C.D. Ill.); settlement website sxmtcpasettlement.com; Inside Radio and TopClassActions reporting.

If you run any kind of distributed sales force — independent agents, 1099 reps, franchisees, partners — the eXp Realty saga is the case study you cannot afford to ignore. In early May 2026, the U.S. District Court for the Western District of Washington denied eXp’s motion to stay the certified TCPA class action in Usanovic v. eXp Realty, pushing the case toward trial. This follows a March 2026 class certification covering unsolicited calls placed by eXp agents using Mojo and Vulcan7 dialers from May 2019 through September 2023. The exposure is massive, and the operational lesson is brutal.

The legal posture

eXp tried the usual stall: requesting a stay pending appeal, hoping to extract a more favorable settlement posture before trial. The court refused. That means the case proceeds with a certified class, with eXp facing potential statutory damages of $500 to $1,500 per call across an unquantified but very large class period.

The structural problem for eXp is that the courts have already held — in a prior phase of this litigation — that eXp can be directly liable for calls made by its independent agents. That holding is the part of this case that should be keeping operators of agent-based businesses awake at night. The “they’re independent contractors, not employees” defense did not save eXp. The agency relationship — the brand, the training, the lead provisioning, the platform — was enough to expose the parent.

What this means operationally

If your business model involves any version of “we provide the platform, they make the calls,” you have an eXp problem in latent form. The question isn’t whether your agents are technically independent contractors. The question is whether a court can find enough connective tissue — co-branded training materials, lead lists you provide, a script you wrote, a dialer you pay for — to attribute their TCPA violations to you.

The practical hedges every operator running a distributed sales force should be implementing right now:

Lead provenance auditing. The Usanovic court honed in on the fact that lead vendors testified they did not have consent on the leads they sold to eXp agents. If you provide leads — or facilitate lead purchases — you need vendor reps in writing attesting to consent capture, with the underlying documentation available on demand.

Dialer governance. If your platform integrates with or pays for dialer software your agents use (Mojo, Vulcan7, PhoneBurner, etc.), you may be inheriting a control relationship that supports vicarious liability. At minimum, document that the agents — not you — make the dialing decisions, and require dialer-level compliance training as a condition of access.

Training records. The training you provide to agents about TCPA compliance is now plaintiff-discoverable evidence, in both directions. If your training is thin, that’s a problem. If your training is robust but agents ignored it, that’s actually evidence that supports a “we did our part” defense. Document everything.

The wider implication

Real estate, insurance, financial services, MLM, home services — any industry built on a 1099 sales force and a corporate brand is in the blast radius of the eXp ruling’s logic. The defense playbook of “they’re independent, don’t blame us” is collapsing under courts that are willing to look at the actual operational relationship. If you’re running an agent network and you haven’t stress-tested your structure against a vicarious-liability TCPA theory, that work should start this quarter, not next.

Note the timing of the existing eXp Realty settlement history: a separate $26.9 million settlement is already on the books. The Usanovic case is in addition to that. Operators sometimes mentally categorize TCPA exposure as a one-time settlement event. eXp is the reminder that it can be a recurring, multi-year, multi-case bleed.

One operational hedge worth building into your dialing stack: scrub every outbound list against known TCPA plaintiffs before you launch. TCPALitigatorList.com maintains a continuously updated database of numbers tied to professional plaintiffs and frequent TCPA filers, and a five-minute suppression pass against that file is a lot cheaper than a single class certification fight.

What to do this week

Pull your agent agreements. Specifically check the indemnification language: are your agents indemnifying you for TCPA violations, or are you indemnifying them? If it’s the latter, that’s not just a contractual issue — it’s a signal to plaintiffs’ counsel about who controls the calling behavior. Then audit your lead provisioning: do you provide, recommend, or facilitate access to the leads your agents call? Each of those words carries different exposure. Document accordingly.

Sources

Usanovic v. eXp Realty, 2026 WL 864633 (W.D. Wash. March 30, 2026); stay denial reporting from TCPAWorld (May 1, 2026); National Law Review coverage of direct-liability holding.

A federal judge in the Eastern District of Tennessee just handed TCPA defendants a rare procedural win — and it should reframe how operators think about lead documentation. On May 11, 2026, U.S. District Judge Katherine A. Crytzer denied the plaintiff’s Rule 56(d) request in Brockington v. Hume Health, LLC, refusing to defer summary judgment so the plaintiff could fish for more discovery on her consent claim. The decision (2026 WL 1284850) is the kind of small, technical ruling that quietly changes the math on whether a TCPA class action is worth bringing in the first place.

What actually happened

Sheri Butler Brockington sued Hume Health alleging it called and texted her in violation of the TCPA and the National Do Not Call Registry rules. Hume Health moved for summary judgment, attaching its evidence of consent: a Facebook lead form Brockington had filled out, complete with the “SIGN UP” click that allegedly authorized the contact. Instead of opposing the motion on its merits, the plaintiff asked the court to delay summary judgment under Rule 56(d), claiming she needed more discovery to challenge the lead’s authenticity.

Judge Crytzer wasn’t having it. She held that Brockington failed to identify specific facts she expected to find or explain how additional discovery would actually defeat the consent defense. Bare assertions that “more discovery might reveal something” don’t clear the Rule 56(d) bar. The court will now decide the summary judgment motion on the existing record — a record that includes Hume Health’s lead documentation.

Why this matters for operators

For anyone running outbound calling or texting off paid lead sources, the practical lesson is brutal and useful: the quality of your consent record at the moment of capture determines whether a TCPA case lives or dies. Hume Health is in this position because it has a screenshot, a timestamp, an IP address, and a clean audit trail tying Brockington’s number to the form submission. That documentation is what flipped a class action from “discovery nightmare” to “summary judgment in 90 days.”

If your lead capture pipeline can’t produce that artifact on demand for any phone number on any list, you’re a Rule 56(d) request away from being on the wrong side of this ruling. Operators should be auditing three things this week: (1) whether their lead vendors retain raw form-submission data with full metadata, (2) whether that data is retrievable per-number on a one-day SLA, and (3) whether the disclosure language above the submit button actually clears Reyes v. Lincoln Automotive Financial Services and the broader “clear and conspicuous” standard.

The Rule 56(d) angle is the real signal

What’s notable about Brockington isn’t the consent fight itself — that’s still pending. It’s that the court refused to let a TCPA plaintiff use discovery as leverage to extract a settlement. Rule 56(d) fishing expeditions have been one of the most reliable tools in the professional plaintiff playbook: file a thin complaint, survive the motion to dismiss, demand discovery, and let the defense costs do the rest. A court willing to deny that move on a clear record changes the calculus for both sides.

Expect more defendants to push for early summary judgment on consent when they have the receipts. And expect plaintiffs’ counsel to scrutinize lead provenance harder before filing — because the cases where lead data is clean and dated are now the cases that end fastest.

What to do Monday morning

Three concrete actions for operators reading this: First, pull a random sample of 25 phone numbers off your most recent dialer list and try to produce the underlying consent artifact (form, source URL, timestamp, IP, disclosure text shown at submit). If you can’t, escalate to the lead vendor today. Second, get your lead-storage retention policy in writing — many vendors quietly delete raw submission data after 90 days, which is exactly when you need it most. Third, make sure your dialer’s “do not contact” logic is wired to the same source-of-truth that holds consent records, so a revocation request actually propagates.

One operational hedge worth building into your dialing stack: scrub every outbound list against known TCPA plaintiffs before you launch. TCPALitigatorList.com maintains a continuously updated database of numbers tied to professional plaintiffs and frequent TCPA filers, and a five-minute suppression pass against that file is a lot cheaper than a single class certification fight.

Sources

Brockington v. Hume Health, LLC, 2026 WL 1284850 (E.D. Tenn. May 11, 2026); coverage at National Law Review and LitNews.ai.