TL;DR
- Yes, you can be liable for calls you never placed. Under federal common-law agency, a brand is vicariously liable for TCPA violations by the call centers and lead vendors acting on its behalf. The FCC's 2013 Dish Network ruling set out three routes: formal agency, apparent authority, and ratification.
- A contract won't save you. An indemnification clause does not stop the lawsuit. It gives you a reimbursement claim against a vendor that is usually judgment-proof by the time you have paid the settlement.
- The number is real. In Krakauer v. Dish Network, the Fourth Circuit affirmed a $61 million judgment for calls Dish's retailer placed on its behalf, $400 per call across 51,119 calls, trebled for willfulness.
- A 2% audit can't defend you. Manual QA listens to 1 to 2 percent of calls. You cannot require, or prove, compliance on the 98 percent you never hear.
- The fix is a Klariqo Call Record. Require a signed, tamper-evident, independently verifiable record of every vendor call. It is easy to demand, because the vendor just adds it on the dialer they already run.
- This is not legal advice. Consult qualified counsel for your campaigns.
A brand hires a call center to make calls. The call center breaks the TCPA. Who gets sued?
Both of you. And the deep pocket, the brand, is the one plaintiffs' lawyers want.
A brand can be held vicariously liable under the TCPA for calls placed by the call centers and lead vendors it hires, under the ordinary common-law principles of agency. You do not have to touch the dialer to be on the hook for what comes out of it.
Disclaimer: this is operational guidance for buyers of call-center services, not legal advice. The TCPA landscape shifts. Consult your own counsel for your specific programs.
The short answer: yes, and your contract won't save you
Most general counsel believe a strong indemnification clause is a shield. It is not.
An indemnification clause does not prevent you from being named, sued, and found liable. It only gives you a reimbursement claim against your vendor after the fact. When the judgment is a multi-million-dollar class settlement and your vendor is a call center with a thin balance sheet, that claim is worth close to nothing. You pay. You then get to sue a company that cannot pay you back.
The liability itself flows from agency law. Under the FCC's 2013 Dish Network declaratory ruling (FCC 13-54), a seller does not "initiate" a call its vendor places, so it is not directly liable. But it can be vicariously liable under federal common-law agency through any of three routes:
- Formal agency , the vendor acts under your control.
- Apparent authority , the vendor looks, to the person on the phone, like it is acting for you: your brand name, your scripts, your product, your lead lists.
- Ratification , you learn what the vendor is doing, and you keep the benefit anyway.
If your call center uses your name and pitches your product, a plaintiff has a straightforward apparent-authority argument that its calls are your calls.
$61 million for calls it never placed
This is not hypothetical. It is the most expensive TCPA class verdict on record for exactly this fact pattern.
In Krakauer v. Dish Network, a jury found that Dish's retailer, SSN, acted as Dish's agent when it made illegal telemarketing calls. The Fourth Circuit affirmed in 2019. The math:
- 51,119 calls to numbers on the Do Not Call registry.
- $400 per call, for a jury award of roughly $20.47 million.
- Trebled by the trial judge for willful violation, to a $61 million judgment.
The appeals court was direct: the TCPA permits liability against a company "for calls made on its behalf, even if not placed by the company directly."
What tipped it from a defense to a $61M loss was oversight. The court pointed to evidence that Dish "failed to respond in any serious way" to complaints that SSN was ignoring instructions, and that Dish "profited handsomely" from those sales anyway. Passive did not mean protected. Passive meant liable, and then trebled.
Contrast that with Thomas v. Taco Bell, where the Ninth Circuit applied the same agency principles and found Taco Bell not liable, because the party that sent the messages was not shown to be its agent. That is the point: liability is fact-specific, and it turns on control and knowledge. The difference between a dismissal and a $61 million judgment is whether you can show what your vendor actually did, and that you acted on it.
You cannot show what you cannot see.
"We audit our vendors" is not the same as proving it
Every enterprise with an outsourced call program says it audits its vendors. Almost none can prove what was said on a specific call.
Traditional call-center QA samples roughly 1 to 2 percent of calls. A supervisor listens to a handful, scores a rubric, files it. That model has a 98% blind spot, and the blind spot is exactly where the violation lives. The call a plaintiff sues over is never the one your QA team happened to pull.
So when the demand letter arrives and asks you to produce the call, you have three bad options: a raw recording that anyone could have edited, a QA note that does not cover that call, or nothing. None of them prove what your agent said, that the recording is unaltered, and when it happened. That gap is where settlements come from.
The fix is not "audit harder." It is to change what your vendors are required to produce.
What to require from your call vendors
The move that ends this exposure is the same move that made web-form consent certificates standard in lead generation: you make a provable record a condition of doing business. No record, no payment.
For calls, the artifact is a Klariqo Call Record (KCR). Written into a vendor agreement, the clause is simple:
That one line converts your compliance program from "we trust our vendor" to "we can check every call." It closes the 98% blind spot. And it is trivial to demand, because it does not ask your vendor to rip out anything. The record is generated on the dialer they already run, VICIdial included.
Here is the division of duty, stated plainly, so no one oversells what a record can do:
| The caller / brand owns | The Klariqo Call Record proves | |
|---|---|---|
| Consent | Obtaining and holding valid consent to call | That a call happened, and its contents are unaltered |
| Script | What the agent is instructed to say | The exact words the agent actually said |
| Timing | Calling within legal hours | The timestamp the call took place |
| Defense | The legal argument and burden of proof | Tamper-evident, independently verifiable evidence to meet that burden |
A KCR does not make you compliant, and no vendor should tell you it does. Compliance is your program. What the record gives you is the one thing manual QA cannot: audit-ready, independently verifiable evidence of what actually happened on 100% of the calls made in your name.
Why a KCR is checkable by anyone
A recording proves nothing on its own, because a file can be edited. What turns a record into evidence is that a neutral party can confirm it was not altered.
A Klariqo Call Record is checked against math, not against a vendor's word. The audio is fingerprinted with a SHA-512 cryptographic hash and the record is digitally signed, so any change to the audio breaks the check. A KCR's fingerprint can also be anchored to a public ledger Klariqo does not control, so the timestamp cannot be backdated and anyone can confirm integrity in a browser, with no login and no account.
That is what "independently verifiable" means here: you are not asking anyone to take your word. The record verifies itself.
FAQ
Am I liable for my call center's TCPA violations? You can be. A brand is not directly liable for calls its vendor places, but it can be vicariously liable under common-law agency, formal agency, apparent authority, or ratification, per the FCC's 2013 Dish Network ruling and the courts that apply it. If the vendor calls using your name, scripts, and leads, plaintiffs will argue its calls are yours.
Doesn't my indemnification clause protect me? It protects your cash flow only if your vendor can actually pay. The clause does not stop you from being sued or found liable. It gives you a reimbursement claim, which is worth little against a call center that cannot cover a multi-million-dollar judgment. In Krakauer v. Dish Network, the affirmed judgment was $61 million.
What is a Klariqo Call Record (KCR)? Klariqo's signed, tamper-evident record of a single call containing the audio's cryptographic hash, a timestamp, the transcript, and a digital signature, that anyone can independently verify was not altered. It is the call-event equivalent of a web-form consent certificate, and the artifact a brand can require from every call vendor.
How do I audit a call vendor without listening to every call? You require a Klariqo Call Record for every call and audit the records, not the audio. Because each record is signed and independently verifiable, you can confirm integrity across 100% of calls without a QA team listening to 10,000 hours of recordings.
Is a call recording enough evidence? Usually not. A raw recording can be edited, and nothing in the file proves it wasn't. Evidence requires integrity and provenance: proof the recording is unaltered and a trustworthy record of when it happened. That is what a Klariqo Call Record adds on top of the audio.
Does Klariqo make me compliant? No, and be wary of any vendor that says it does. Compliance is your program: your consent, your scripts, your calling hours. Klariqo generates the audit-ready, independently verifiable evidence that proves what happened on the call, so you can meet your burden of proof if you are challenged.
Stop trusting. Start verifying.
You are already liable for what your call vendors say in your name. The only question is whether you can prove what they said when it matters.
Require a Klariqo Call Record from every vendor, on the dialer they already run. See how it works, and verify a real call yourself, at klariqo.com/try.
By the Klariqo team. Last updated: July 9, 2026. This article is operational guidance for buyers of call-center services and is not legal advice. Consult qualified counsel about vicarious liability and TCPA compliance for your specific programs.