Skip to main content
Do You Need Consent to Record Calls? One-Party vs. Two-Party States

Do You Need Consent to Record Calls? One-Party vs. Two-Party States

May 31, 2026

6

min read

Compliance

By IdentityCall AI Team | Compliance | 6 min read

Whether you need consent to record a call depends on where the parties are located. Some jurisdictions require only one party to consent, others require everyone on the call to consent. This post explains the distinction and how teams handle it in practice. It is general information, not legal advice; confirm your obligations with qualified counsel.

One-party vs. all-party consent

In a one-party consent jurisdiction, a call can be recorded as long as at least one participant, which can be you, agrees. In an all-party consent jurisdiction, often called two-party consent, every participant must consent before recording.

Which rule applies can depend on where each party is located, not just where your business sits. A call that crosses jurisdictions can be subject to the stricter rule, which is why many organizations default to the most conservative approach.

The all-party consent states

In the United States, a number of states are commonly cited as requiring all-party consent, including California, Florida, Illinois, Pennsylvania, and Washington, among others. The exact list, and how each law is interpreted, changes over time and varies by situation. Treat any list, including this one, as a starting point to confirm with counsel rather than a definitive ruling.

The practical answer: disclose every time

Because the rules are inconsistent and calls cross borders, most teams adopt a simple operating standard: disclose that the call is being recorded at the start of every call, and capture consent where required. A clear, consistent disclosure sidesteps a lot of ambiguity.

The harder part is proving it. A policy that says "we always disclose" is not evidence. What auditors and regulators want is proof that the disclosure was actually given on a specific call.

Proving disclosure on every call

This is where automated disclosure detection earns its place. Instead of spot-checking a sample, a system analyzes every call for the disclosure language you require and flags any call where it appears to be missing. That turns compliance from a periodic audit into continuous evidence, and surfaces gaps in time to fix them.

Pair that with automated retention, so recordings are kept only as long as your policy allows, and an audit trail you can export, and you can demonstrate compliance rather than describe it.

Retention and access

Consent is only part of the picture. Keeping recordings too long, or in the wrong place, is its own risk. A defensible approach configures retention rules that purge recordings automatically, restricts access, and logs sensitive actions, so you can answer a data subject access request without a fire drill.

See how IdentityCall supports this on the compliance page.

Key takeaways

  • One-party consent needs one participant to agree; all-party consent needs everyone.
  • Cross-jurisdiction calls can be subject to the stricter rule.
  • Disclosing on every call is the common operating standard.
  • Detecting the disclosure on every call turns policy into provable evidence.
  • This is general information, not legal advice.

Tags:

ComplianceCall RecordingConsentPrivacy

Subscribe for updates