TCPA compliance guide – rules for phone calls and text messages under the Telephone Consumer Protection Act in the United States

Every business using phone calls, texts, or telemarketing to communicate with consumers must follow the Telephone Consumer Protection Act (TCPA). It is a federal law enacted to protect consumers from unsolicited and intrusive communications. It is a critical legal framework that governs how businesses can use telephones and automated systems to reach customers.

TCPA stands for the Telephone Consumer Protection Act, formally known as 47 U.S.C. § 227. It restricts the use of automated dialing systems (ATDS), artificial or prerecorded voice messages, and unsolicited fax advertisements. Without strict adherence to TCPA regulations, companies risk significant penalties, including massive fines and costly class-action lawsuits.

This guide provides a comprehensive overview of TCPA law, its requirements, and the latest updates you need to know.

What is the TCPA

The TCPA is based on core principles designed to give consumers control over the communications they receive. The law applies to any person or business within the United States, as well as any entity outside the U.S. if the recipient is in the U.S.

The act’s rules apply to:

  • Telemarketing Calls: Live calls for sales purposes.
  • Automated Calls: Calls using an ATDS.
  • Prerecorded Messages: Automated calls with a recorded voice.
  • Ringless Voicemails (RVMs): The FCC considers these “calls” under the TCPA, meaning they require consent.
  • SMS Text Messages: TCPA rules apply to texts sent for marketing or promotional purposes.
  • Unsolicited Faxes: Advertisements sent via fax without consent.

What is an Automatic Telephone Dialing System (ATDS)?

The definition of an ATDS has been at the center of TCPA litigation for years. In the landmark 2021 Supreme Court case, Facebook v. Duguid, the Court narrowed the definition. An ATDS is now defined as a device that can “store or produce telephone numbers to be called, using a random or sequential number generator.”

This decision significantly changed the TCPA landscape. While it has lowered the risk for informational calls made with automated systems, it is not a “get out of jail free” card. The risk remains high for calls made with prerecorded or artificial voices, which still require consent regardless of the dialing method.

What are TCPA Consent Requirements

Consent is the foundation of TCPA compliance. Without proper consent, your business is exposed to legal and financial risk. The type of consent required depends on the method of communication and its purpose.

Prior Express Written Consent (PEWC)

PEWC is the highest standard of consent and is a critical requirement for most modern marketing campaigns. You must have PEWC if you use an automated dialing system or an artificial/prerecorded voice to contact a consumer’s wireless phone number for marketing purposes.

What constitutes PEWC? It is more than a simple checkbox. PEWC must be:

  • Written: It must be a written agreement, which can be electronic (e.g., a web form).
  • Clear and Conspicuous: The disclosure language must be easy to read and understand, typically located near the button that the consumer clicks to submit their information.
  • Specific: The consent must explicitly state that the consumer is agreeing to receive marketing calls and/or texts using automated technology.
  • Not a Condition of Purchase: The consumer’s consent cannot be required as a condition of buying goods or services.
  • Auditable: You must be able to prove that you obtained consent. This includes documenting the date, time, IP address, and the exact language of the disclosure the consumer saw.

Many businesses use third-party services to capture and verify consent with a “Certificate of Authenticity” or “session replay,” which provides an auditable record of the consumer’s interaction with the web form.

TCPA Exemptions: When Consent Is Not Required

While consent is paramount, the TCPA does provide some exemptions under specific circumstances. Understanding these nuances is key to a comprehensive compliance strategy.

  • Non-Profit Organizations: Tax-exempt non-profits are generally exempt from the TCPA; however, they must still comply with the National Do Not Call Registry.
  • Informational Calls: Calls that are purely informational and do not contain any marketing or sales content (e.g., a flight cancellation alert or a fraud alert) generally do not require express consent, as long as they are made for the purpose for which the number was originally provided.
  • Established Business Relationship (EBR): An EBR exemption allows you to contact a consumer without prior express written consent for a limited time, even if they are on the Do Not Call Registry. There are two types of EBR:
    • Purchase-Based EBR: You can call or text a consumer for up to 18 months after their last purchase, payment, or delivery.
    • Inquiry-Based EBR: You can contact a consumer for up to 3 months after they have made an inquiry or submitted an application.

It is vital to note that even with an EBR, if a consumer makes a specific request not to be contacted, you must honor their request immediately. The EBR only applies to the Do Not Call Registry rules, not the consent requirements for autodialed or prerecorded calls.

Exploring 2025 TCPA Updates

TCPA regulations are continuously evolving, with the FCC issuing new rules to strengthen consumer protection. Staying informed about these changes is crucial for compliance.

  • Flexible Revocation of Consent: As of April 11, 2025, consumers can revoke consent in “any reasonable manner.” This rule prevents businesses from requiring consumers to use a specific keyword, such as “STOP.” Your systems must be able to recognize and process various opt-out requests, such as “quit,” “unsubscribe,” “end,” or even “please stop.”
  • Shortened Compliance Window: When a consumer revokes consent, you must honor that request within 10 business days.
  • One-Time Confirmation Messages: After a consumer opts out, you are permitted to send a single, one-time confirmation text to acknowledge the request. This message must be sent within five minutes of the request and contain absolutely no promotional content.
  • Vacated One-to-One Consent Rule: The FCC’s proposed rule requiring “one-to-one” consent for each individual seller was vacated by a court in early 2025. This means businesses can continue to use single consent forms that cover multiple sellers, as long as each seller is identified. The consent is “logically and topically” related to the consumer’s original inquiry.

Common TCPA Violations and Penalties

What is a TCPA violation? It is any action that violates the act’s rules. The most common violations include:

  • Using an autodialer to call or text a mobile phone without PEWC.
  • Failing to honor a consumer’s opt-out request.
  • Contacting a consumer on the National Do Not Call Registry.
  • Calling outside of the 8 a.m. to 9 p.m. time window.

What is a possible consequence for violating the TCPA? The penalties are severe:

  • Statutory Fines: Fines range from $500 to $1,500 per violation. For a large-scale campaign, these fines can quickly reach millions of dollars.
  • Class-Action Lawsuits: Individuals can file lawsuits on behalf of a large group of consumers, leading to multi-million dollar TCPA settlements.

In addition to legal consequences, non-compliance can lead to carrier-level call blocking. Phone carriers now use analytics to identify and block suspicious calling patterns (e.g., high volume, low call duration), preventing your legitimate calls from ever reaching your customers.

Best Practices and TCPA Compliance Checklist

To protect your business and build consumer trust, adopt a proactive compliance strategy.

  1. Audit Your Processes: Regularly conduct internal audits to ensure you are properly obtaining and documenting consent. Review your lead generation forms and ensure the language is clear, conspicuous, and up-to-date.
  2. Maintain Do-Not-Call Lists: Scrub your call lists against the National Do Not Call Registry at least every 31 days. Maintain an internal do-not-call list and honor all opt-out requests for a minimum of five years.
  3. Choose the Right Technology: Use compliance software that automates cell phone scrubs, records consent, and processes opt-out requests promptly.
  4. Train Your Team: Implement mandatory, recurring training for all employees who regularly interact with customers. Ensure they know how to handle consent revocation requests and other consumer inquiries properly.
  5. Use Manual Dialers Where Necessary: For high-risk calls or those without documented PEWC, use a manual dialing system. This requires a human to manually dial each number, which can exempt the call from certain ATDS-related restrictions.

Following these practices will help you avoid legal issues and build a foundation of trust with your consumers, which is essential for long-term business success.

Bilgy Sales is a fully functional TCPA-compliant AI solution provider for businesses and call centers. Contact us if you plan to make numerous calls and send bulk SMS messages to promote your services/products, and avoid any penalties or lawsuits. 

FAQs

What is the difference between informational and marketing calls under the TCPA?

An informational call is a non-commercial communication that is directly related to a prior transaction, such as an appointment reminder, a fraud alert, or a product delivery update. A marketing call, on the other hand, contains promotional content, an advertisement, or a solicitation for a product or service. Marketing calls have much stricter consent requirements.

What is the STIR/SHAKEN framework?

STIR/SHAKEN is a technology framework designed to combat illegal robocalls and caller ID spoofing. It verifies the caller’s identity and assigns an “attestation” score (A, B, or C) to the call, which helps phone carriers determine if the call is legitimate. While not a direct TCPA rule, a low attestation score can cause a legitimate call to be labeled as “SPAM” or blocked by a carrier.

What is the legal risk of buying lead lists?

The biggest risk of buying a lead list is the inability to prove that a consumer gave a valid PEWC to be contacted by your specific company. You cannot simply rely on the lead seller’s promise. You must be able to prove that the consent was given with your company’s name displayed in the consent language.

What is the Telemarketing Sales Rule (TSR) and how does it relate to the TCPA?

The Telemarketing Sales Rule is a separate but related law enforced by the FTC that governs telemarketing. It prohibits misrepresentations, requires specific disclosures, and imposes additional restrictions on telemarketing calls, including a ban on calling on Sundays and a requirement to provide an internal do-not-call option—the TSR and TCPA work in tandem to protect consumers from abusive telemarketing practices.

What is a TCPA complaint?

A TCPA complaint is a formal report filed by a consumer with a regulatory body, such as the FCC or FTC, or a private lawsuit, alleging that a business has violated the TCPA by making an unwanted call or sending an illegal text.

What does TCPA compliant mean?

TCPA compliant means that all of a business’s communication practices—including calls, texts, and other forms of outreach—strictly adhere to the rules and regulations of the TCPA, particularly regarding consent and consumer privacy.

Does TCPA apply to emails?

No, the TCPA does not apply to emails. That falls under a separate law, the CAN-SPAM Act, which has its own set of rules and requirements for commercial electronic messages.

What is a possible consequence for violating the TCPA?

Consequences include fines of $500 to $1,500 per violation, exposure to expensive class-action lawsuits, and damage to the brand’s reputation.

What is a TCPA settlement?

A TCPA settlement is a legal resolution in which a business agrees to pay a sum of money to a group of affected consumers to settle a class-action lawsuit, typically to avoid a lengthy and potentially more expensive trial.

Luke Benjamin is an SEO content writer for Bigly Sales. He started writing for the company a few months ago focusing on unique, engaging content that includes AI, emails, marketing, and sales messaging.

More for You

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.