Key Point: In a significant win for electronic communication providers that utilize artificial intelligence (AI) as part of their core functions, the Northern District of Illinois held that a defendant’s AI transcription and analytics service operated in the ordinary course of its electronic communications business and therefore did not violate the Electronic Communications Privacy Act (ECPA). The ruling may provide a powerful defense to federal and state law wiretap claims targeting AI call technologies.

On January 13, 2026, the U.S. District Court for the Northern District of Illinois entered an order granting motions to dismiss ECPA claims filed against defendants Heartland Dental, LLC and RingCentral, Inc. The claims alleged that RingCentral’s use of artificial intelligence (AI) software to transcribe and provide real-time analyses of phone calls directed to its clients constituted an unlawful interception of a communication in violation of Title I of the ECPA, which is often referred to as the Wiretap Act. The court rejected this argument. It ruled that the alleged interception of the plaintiff’s phone calls did not state a cognizable ECPA claim because the interception was done in the ordinary course of the defendants’ electronic communication business, which the ECPA excepts from liability.

Background

On July 3, 2025, plaintiff Megan Lisota filed a single-count putative class action complaint against defendants Heartland Dental, LLC and RingCentral, Inc., alleging that the defendants violated the ECPA.[1] The plaintiff alleged her dentist, who was not named as a defendant, contracted with Heartland to provide administrative, nonclinical services, including after-hours and overflow call center services. Heartland, in turn, allegedly contracted with RingCentral for its cloud-based telephone services, which included AI transcription and analysis functionalities. The AI transcription and analysis functionalities were alleged to include real-time voice transcription, automated call summaries, and sentiment voice analysis.

The plaintiff claimed RingCentral violated the ECPA by eavesdropping on and analyzing her calls, during which she provided both personally identifiable information (PII) and protected health information (PHI). She further alleged that Heartland violated the ECPA by procuring RingCentral’s services.

Defendants’ Motions to Dismiss

Both defendants filed separate but similar motions to dismiss the complaint. Although the ECPA imposes liability on anyone who “intentionally intercepts . . . any wire, oral, or electronic communication,” it excepts interceptions by: (1) a provider of wire or electronic communication service in the ordinary course of its business; and (2) a party to the communication, or where one of the parties to the communication has given prior consent to such interception, unless the interception was done “for the purpose of committing any criminal or tortious act.”  The defendants argued the first exception applied.[2]  Heartland also argued the second exception applied because it was a party to the communications and therefore could not violate the ECPA.

The court dismissed the ECPA claim after finding the ordinary course of business exception applied and held it did not need to resolve the defendants’ other arguments.[3]  In reaching this conclusion, the court found the ordinary course of business exception to ECPA liability arises from the ECPA’s definitions of “intercept” and “electronic, mechanical, or other device.” [4] The court explained the definition of “intercept” includes the acquisition of a communication through any “electronic, mechanical, or other device.” The court went on to explain that the definition of “electronic, mechanical, or other device” does not include a device “used by a provider of wire or electronic communication service in the ordinary course of its business.” [5]

Armed with these definitions, the court focused its analysis on whether RingCentral’s AI software was necessary to its core services.  In finding it was, the court noted that RingCentral “explicitly offers businesses a product that ‘power[s] every interaction with AI that integrates seamlessly across your calls, messages, meetings, and contact center,’” and it markets its ability to provide “real-time insights, and create effortless workflows.” Further, the court found RingCentral “explicitly bills its phone system as an ‘AI-powered business communications platform’” which does “more than simply facilitate the making and receiving of calls.”

The court ultimately dismissed the complaint as to RingCentral, holding that RingCentral’s alleged interception of a communication fits within the ordinary course of business exception, and therefore it cannot be liable for an ECPA claim. Likewise, the court dismissed the ECPA claim against Heartland because Heartland cannot be liable for procuring RingCentral’s services.

Concluding its decision, the court rejected the plaintiff’s argument that RingCentral had two distinct business objectives unrelated to its core business: (1) increasing the number of appointments, and (2) training and improving its AI algorithms. The court held that efforts to increase appointment bookings reflected the integration of AI functionality into RingCentral’s telephone services, rather than a separate business purpose. It further held that any improvement to the AI software was incidental to the provision of AI transcription services and did not transform the use of the technology outside the ordinary course of business exception. [6]

Practical Takeaways for AI and Communications

The court’s decision is a welcome outcome for businesses that provide electronic communication services and rely on AI software to provide real-time services, including transcription, voice analyses, and call summaries. It provides further explanation of the ordinary course of business exception to the Wiretap Act. The decision also supports the continued use of AI tools that provide much-needed efficiencies to businesses in all sectors. Businesses that currently utilize AI technologies to transcribe, analyze, and summarize calls should take note of this decision, which may provide an additional arrow in the quiver of defenses to wiretap liability.

[1] Lisota v. Heartland Dental, LLC and RingCentral, Inc., No. 25-cv-7518 (N.D. Ill. July 3, 2025).

[2] The ordinary course of business exception is applicable only to a business that provides an “electronic communication service” in the ordinary course of its business. 18 U.S.C. § 2510(5)(a). Plaintiff did not dispute that RingCentral is “an internet-based telephone provider” and therefore provides an “electronic communication service” in the ordinary course of its business.

[3] The defendants also argued the plaintiff lacked Article III standing because she failed to allege that she suffered a concrete injury. Heartland also argued the plaintiff failed to allege her communication was intercepted while “in transit,” which is a required element for an ECPA claim.  The court rejected the defendants’ standing argument and declined to resolve Heartland’s interception argument because it had already found the ECPA’s “ordinary course of business” exception disposed of the plaintiff’s claim.

[4] 18 U.S.C. § 2510(4)

[5] 18 U.S.C. § 2510(5)(a).

[6] The Court also ruled that plaintiff had standing to assert the ECPA violation, ruling that plaintiff’s allegation that she was harmed by RingCentral’s “eavesdropping” on her call closely resembled the type of harm associated with intrusion upon seclusion. As for Heartland’s argument that it was a party to the communication, the Court declined to rule having already found the ordinary course of business exception was dispositive but did note the complexity the issue could present depending on the path of the call.