B2B cold calling rules: what's legal, what's not, and what to do

B2B cold calling has fewer TCPA restrictions than B2C, but it's not a free-for-all. Here's the exact federal and state law every outbound team needs to know.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-09

Sales professional making a B2B cold call at a well-lit office desk
Sales professional making a B2B cold call at a well-lit office desk

TL;DR

B2B cold calling sits in a legal gray zone. The TCPA's residential-phone protections don't reach calls to business landlines, but cell phones, autodialers, and state laws change the picture fast. The federal Do Not Call registry exempts B2B calls, yet several states run their own B2B DNC rules. Getting this wrong costs $500 to $1,500 per call in statutory damages.

What exactly is B2B cold calling, and how is it different from B2C?

A B2B cold call is an unsolicited phone call from one business to a person at another business, usually to book a meeting or pitch a product. The caller has no prior relationship with the specific person being called. That's the cold calling definition that matters legally.

The big legal difference from B2C is this: the Telephone Consumer Protection Act (47 U.S.C. § 227) was written to protect residential subscribers from unwanted calls to their homes. [1] Business-to-business calls to a company's main office line have historically gotten lighter treatment under that statute. That doesn't mean no rules apply. It means the rules are different, and missing them is expensive.

See what is cold calling in sales for a fuller breakdown of how the practice works before we get into the legal layer.

Does the TCPA apply to B2B cold calls?

Yes, but selectively. The TCPA's restrictions on automated and prerecorded calls apply to "any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service, or any service for which the called party is charged for the call." [1] That language covers cell phones, full stop, no matter whether the owner uses that phone for business.

So the cell phone in a prospect's pocket is covered by the TCPA even if that prospect runs sales for a Fortune 500. Use an autodialer or drop a prerecorded voicemail to that mobile number without prior express consent, and you've potentially broken the law. Statutory damages run $500 per violation for negligent violations and $1,500 per violation for willful ones. [2]

The carve-out most people cite is for business landlines. Calls to a company's main phone number, answered by a human (or a standard business voicemail) and placed without an autodialer, generally don't trigger TCPA liability. The FCC has treated such calls as outside the residential-consumer protection scope. [3]

The practical rule is short. Dial a desk phone at a company and you're mostly clear under federal law (state law still matters, covered below). Dial a cell number and the TCPA applies the same way it would for a consumer.

Does the national Do Not Call registry cover B2B numbers?

No. The FTC's national DNC registry, run under 16 C.F.R. Part 310, exempts business-to-business calls. [4] The registry protects residential telephone subscribers. A number registered to a business entity is not covered.

That exemption is real and broad. You don't need to scrub your B2B prospect list against the federal DNC registry before a campaign that targets business lines.

Here's the catch most teams miss. Some states run their own telemarketing laws that reach business-to-business solicitation. Indiana, for one, has a commercial telephone seller law that can apply to B2B calls under certain conditions. Wyoming and a handful of other states have similar provisions. Check state-specific rules before you assume the federal B2B exemption gives you full cover. [5]

For how DNC rules interact with your outbound campaigns, the cold calling overview covers the national DNC mechanics in plain terms.

TCPA statutory damages by violation type Per-call exposure for B2B outbound teams under 47 U.S.C. § 227(b)(3) Negligent violation (per call) $500 Willful/knowing violation (per ca… $1,500 10,000-call campaign, negligent $5M 10,000-call campaign, willful $15M Source: U.S. Government, 47 U.S.C. § 227(b)(3)

What about autodialers and AI calling tools for B2B outreach?

This is where most modern teams get into trouble. An autodialer (technically an "automatic telephone dialing system" or ATDS under 47 U.S.C. § 227(a)(1)) used to call cell phones without prior express consent is a TCPA violation, whether the person on the other end is a consumer or a VP on their mobile. [1]

The Supreme Court's 2021 ruling in Facebook v. Duguid (592 U.S. 395) narrowed the ATDS definition: a system has to use a random or sequential number generator to qualify. [6] That took some predictive dialers out of the strict definition. But the FCC's 2015 Omnibus Order and later guidance keep many modern dialing systems inside the autodialer category depending on how they store or produce numbers. [3]

AI calling tools add another layer. If an AI places calls on its own without a live human starting each one, and it dials cell numbers, it almost certainly qualifies as an autodialer under the remaining definition. The FCC's February 2024 declaratory ruling found that AI-generated voices in calls count as an "artificial or prerecorded voice" under the TCPA, which triggers the same consent rules as robocalls. [7] See the ai cold calling article for how that ruling changes your tech stack.

Bottom line: use human-initiated, manual or semi-manual dialing for any B2B cell number campaign. Power dialers that make a human click to dial each number are generally safer than predictive or AI-initiated systems, though even those carry some FCC interpretive risk depending on configuration.

Which states have stricter B2B cold calling rules than federal law?

Several. Federal law sets a floor, not a ceiling. State attorneys general and plaintiffs' attorneys have used state telemarketing statutes to go after B2B campaigns that were fully TCPA-compliant.

StateRelevant LawKey B2B Consideration
IndianaIndiana Telephone Privacy LawHas a commercial DNC list; some B2B exemptions apply but not universally
WyomingWyoming Telephone Solicitation ActCovers calls to businesses in some contexts
FloridaFlorida Telephone Solicitation Act (§ 501.059 F.S.)Since 2021, covers calls using ATDS to any number, including business; prior express written consent required
WashingtonCommercial Electronic Mail Act + CPABroad consumer protection statute used against aggressive outbound
TexasTexas Business & Commerce Code § 305Covers telephone solicitations; some B2B exemptions, but vague

Florida deserves special attention. The Florida Telephone Solicitation Act was amended in 2021 and now requires prior express written consent for automated calls or texts to any telephone number, not only residential lines. [8] Dial Florida cell numbers in a B2B campaign with any dialer technology and you need written consent. Many compliance teams missed this when it passed. There's active plaintiff litigation around it.

The safest approach for any multi-state B2B campaign: treat California, Florida, and any state with a private right of action under its telemarketing statute as if the recipients were consumers, and get documented consent for cell number outreach.

What does a legally safe B2B cold calling process actually look like?

Here's what a defensible outbound program looks like in practice, not in theory.

Segment your dial list by number type first. Business landlines get one workflow. Cell numbers (including those tied to business contacts) get a stricter one. Tools like Twilio Lookup or Numverify can identify number type at dial time for a few cents per lookup. [9] That's cheap next to $500 per violation.

For cell number outreach, get prior express consent in writing before you use any automated or semi-automated dialing. The easiest path is an inbound web form where the prospect submits their number and a clear disclosure says they agree to receive calls. Without that, manual dialing by a live agent is your cleanest option.

Maintain an internal do-not-call list. The national DNC registry doesn't cover B2B, but the FTC's Telemarketing Sales Rule (16 C.F.R. Part 310) requires every seller or telemarketer to keep an internal DNC list and honor opt-out requests. [4] Someone at a business who says "don't call me" has to come off your list within a reasonable time, treated in practice as 30 days or fewer.

Train your team on calling hours. The TCPA restricts calls to before 8 a.m. or after 9 p.m. in the recipient's local time zone. [1] That rule was written for residential calls, but it's a safe standard to apply everywhere. Several states set tighter windows.

Keep records. Log when you called, who called, what number, and whether the prospect asked to opt out. In litigation, a documented compliance process is often the difference between a settlement and a judgment.

A well-built b2b cold calling script matters here too. Scripts that clearly identify who's calling, what company they're from, and how to opt out lower your legal exposure and lift conversion. The TSR requires callers to identify themselves and the business they're calling for promptly. [4]

What has the FCC actually said about B2B calls specifically?

The FCC's core TCPA guidance centers on residential and cellular protection, but several orders touch B2B directly.

The FCC's 2015 Omnibus TCPA Order (FCC 15-72) confirmed that the ban on autodialed or prerecorded calls applies to cell phones no matter whether the subscriber is a consumer or a business. [3] That's the binding authority for why B2B cell number autodials are still covered.

In December 2023, the FCC adopted a one-to-one consent rule tightening what counts as prior express written consent, aimed at lead generation where a contact gives their number to one company but gets called by another. Consent has to be obtained specifically for the company placing the call, not bundled across many sellers. [7] (Note: the rule's effective date shifted, and a January 2025 court ruling vacated part of it, so track the current status before you rely on it.)

The FCC has never created a blanket B2B exemption from the TCPA's cell phone protections. The agency treats cellular protection as separate from residential protection, and the cellular protection applies in B2B contexts.

One line from the statute itself is worth memorizing. The TCPA prohibits making "any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice... to any telephone number assigned to a... cellular telephone service." [1] The word "any" takes in business contacts on cell phones.

How much does a TCPA violation actually cost in a B2B context?

Statutory damages under 47 U.S.C. § 227(b)(3) are $500 per violation, trebled to $1,500 if a court finds the violation was willful or knowing. [2] Each call counts as a separate violation. A campaign that dialed 10,000 B2B cell numbers with an autodialer and no consent carries roughly $5 million to $15 million in exposure before any class action multiplier.

Class actions are the real risk. TCPA class settlements swing widely, from about $1 million to $76 million, with mid-size cases often landing in the $6 million to $8 million range according to WebRecon's TCPA litigation tracking. [10] Per-plaintiff recovery is often a few hundred dollars, but attorneys' fees push settlements much higher.

For a small outbound team dialing hundreds of contacts a day, the math gets uncomfortable fast. A single plaintiff who documents 20 autodialed calls to their cell without consent holds a $10,000 to $30,000 claim, and these cases draw plaintiff attorneys on contingency because the fee math works.

LeadCompliant's free TCPA tools (including the cell number checker) help you spot risk before a campaign goes out. That beats post-lawsuit cleanup.

See the cold call guide for how call-level decisions add up to compliance or liability.

What records should B2B outbound teams keep to defend against TCPA claims?

Documentation is your best defense. Courts have reduced or dismissed TCPA claims where the defendant showed a documented compliance program, even an imperfect one.

Keep these records for at least four years, which matches the federal statute of limitations for TCPA claims:

  • Consent records: date, method of consent, the exact language the prospect saw, and the number they gave.
  • Call logs: timestamp, number dialed, agent ID, call outcome, and any opt-out request plus when you honored it.
  • DNC scrub logs: date of each scrub, which lists you checked (federal DNC for any consumer-facing numbers, your internal list, any applicable state lists), and the vendor or tool used.
  • Dialing system configuration: proof your system is human-initiated, not ATDS-configured, for cell number campaigns.
  • Script versions with dates: so you can show what disclosures agents made during any period in dispute.

Cloud CRMs with call logging (Salesforce, HubSpot, most outbound-focused tools) can generate most of this automatically when configured right. The usual problem isn't the software. It's teams forgetting to turn the logging features on before a campaign starts.

Yes, though maybe not the way you'd expect. The FTC's Telemarketing Sales Rule requires any telemarketer, B2B or B2C, to identify themselves and the company they're calling for promptly at the start of the call. [4] That's a hard requirement either way.

For B2C calls, the TCPA requires prerecorded messages to carry an opt-out mechanism inside the message itself. For B2B calls to landlines, that specific requirement doesn't apply the same way, but you should still train agents to offer an opt-out and honor it, because the TSR's internal DNC rules apply regardless of call type.

A good cold call script for B2B includes your full name, your company name, the reason for the call stated clearly in the first 15 seconds, and a clear offer to remove the prospect from your list on request. That's more than good manners. It's what the TSR requires, and it helps you in a dispute.

Scripts should never include deceptive claims about the relationship you have with the prospect, false urgency, or misleading representations about pricing or the product. The FTC's Section 5 authority reaches deceptive practices in B2B solicitation calls even where the TCPA doesn't fully apply. See cold calling scripts for how to build a compliant script structure.

What's the safest tech stack for a B2B cold calling team?

The risk gradient runs from safest to riskiest like this:

1. Human agent, manual dial, business landline: lowest risk, no realistic TCPA exposure under current law. 2. Human agent, power dialer (click-to-dial, one call at a time), business landline: still low risk. 3. Human agent, power dialer, cell numbers: moderate risk, depends on how the dialer is built. If a human starts each call and the system doesn't store or generate numbers randomly or sequentially, most courts post-Facebook v. Duguid have found this outside the ATDS definition. [6] 4. Predictive dialer, any number type: higher risk. Predictive dialers that fire calls before an agent is available and use algorithmic sequencing have drawn ATDS classification from multiple courts. 5. AI-initiated calls or voicemail drops to cell numbers without consent: highest risk. The FCC's February 2024 AI voice ruling makes this almost certainly a violation. [7]

For most small B2B teams, a power dialer like Outreach, Salesloft, or Apollo's built-in dialer (where a human clicks each call) hits the right balance of speed and safety on cell numbers. Skip predictive or agentless AI calling on mobile numbers unless you have documented prior express written consent for every number in the campaign.

Frequently asked questions

Are B2B cold calls exempt from the TCPA?

Calls to business landlines made by a live human without an autodialer sit largely outside the TCPA's residential protection scope, so yes, mostly exempt in that narrow case. Calls to cell phones are not exempt, even in B2B. The ban on autodialed or prerecorded calls to cellular numbers applies whether the recipient is a consumer or a business professional. State laws may also apply.

Do I need to check the national Do Not Call registry for B2B outreach?

No, for purely B2B calls to business phone numbers. The FTC's national DNC registry covers residential subscribers, not business lines. You must still keep your own internal do-not-call list and honor opt-out requests under the Telemarketing Sales Rule. Some states, notably Indiana and Florida, have extra rules that can require additional DNC scrubbing even for B2B campaigns.

Can I use a predictive dialer for B2B cold calling?

For business landlines, a predictive dialer carries lower TCPA risk. For cell numbers, even those owned by business contacts, a predictive dialer that uses algorithmic sequencing has been found to qualify as an automatic telephone dialing system by multiple courts. Post-Facebook v. Duguid the definition narrowed but didn't vanish. If you're hitting business cell numbers, use a click-to-dial power dialer instead and document that setup.

What time of day can I legally call business contacts?

The TCPA prohibits calls before 8 a.m. or after 9 p.m. in the recipient's local time zone. That rule was written for residential calls, but it's the standard most compliance programs adopt for all outbound. Some states set tighter windows. California, for one, has state law provisions enforcement agencies have applied broadly. Calling during business hours, 9 a.m. to 5 p.m. local, is the safest window regardless of federal minimums.

Does the FTC's Telemarketing Sales Rule apply to B2B calls?

Mostly yes. The Telemarketing Sales Rule (16 C.F.R. Part 310) exempts calls where the recipient is a business and the call isn't meant to induce a retail purchase by that business. But TSR requirements for prompt caller identification, the ban on deceptive representations, and internal DNC list maintenance apply broadly. Most B2B outbound sales calls fall inside TSR scope when the goal is to sell a product or service.

Does Florida's Telephone Solicitation Act apply to B2B calls?

Yes, and this catches a lot of teams off guard. Florida's 2021 amendments to the Florida Telephone Solicitation Act (Fla. Stat. § 501.059) require prior express written consent for automated calls or texts to any telephone number in the state, with no residential-only carve-out. If you're calling Florida-based business contacts on cell numbers using any automated dialing system, you need documented consent. There's been active plaintiff litigation since the amendment took effect.

How do I handle a B2B prospect who says 'don't call me again'?

Honor it right away and document it. Add the number and the contact to your internal do-not-call list within 30 days at the latest (many programs treat that window as the ceiling, not the target). The FTC's Telemarketing Sales Rule requires maintaining and honoring an internal DNC list regardless of whether the national DNC registry applies to your calls. Ignoring opt-out requests is one of the clearest ways to create liability.

What happened in Facebook v. Duguid and why does it matter for B2B calling?

In Facebook v. Duguid (2021), the Supreme Court narrowed the TCPA's definition of an automatic telephone dialing system to systems that use a random or sequential number generator to produce or store numbers. That ruling pulled some auto-dialers out of ATDS classification, giving B2B teams using CRM-based power dialers more room. But predictive dialers and AI-initiated calling systems can still qualify as ATDS under the narrowed definition depending on technical configuration.

Can I leave an AI-generated voicemail on a business prospect's cell phone?

Not safely without prior express consent. The FCC's February 2024 declaratory ruling found that AI-generated voices in calls and voicemails count as artificial or prerecorded voice messages under the TCPA. That triggers the same consent requirements as traditional robocalls. Dropping an AI voicemail to a business contact's cell phone without consent carries the same legal risk as a consumer robocall, with the same $500 to $1,500 per-violation exposure.

What should every B2B cold calling script include to be legally safe?

At minimum: your full name, the company name you're calling for, the purpose of the call stated within the first 15 to 20 seconds, and an offer to remove the prospect from your list if they ask. The FTC's Telemarketing Sales Rule requires prompt, honest identification. Scripts should avoid any false claim of a prior relationship, deceptive urgency, or misleading product claims. Keep a dated copy of each script version so you're protected if a specific call is disputed later.

Is there a statute of limitations on TCPA claims from B2B calls?

Yes. The federal statute of limitations for TCPA claims is four years under 28 U.S.C. § 1658, the general federal catch-all period. State-law telemarketing claims may have different windows; California's Unfair Competition Law claims, for example, can run three or four years depending on how they're pled. A call you make today could generate a lawsuit in 2029. Keep call records and consent documentation for at least four years from each campaign.

Do B2B cold calling rules differ if I'm calling a sole proprietor?

Yes, and this is an underappreciated gray area. Sole proprietors often use a personal cell phone as their business number. Courts and the FCC have generally treated sole proprietors closer to residential subscribers than corporations, especially for cell phone protections. If you're calling a freelancer, independent contractor, or solo business owner on a number that's also their personal phone, apply the full TCPA consumer protections. The B2B exemption is strongest when a clearly separate corporate entity is on the receiving end.

What's the difference between a power dialer and a predictive dialer for TCPA purposes?

A power dialer needs a human agent to start each call, usually with a click, so the system dials one number per agent action. Most courts post-Facebook v. Duguid have found click-to-dial systems don't qualify as ATDS. A predictive dialer dials multiple numbers at once using an algorithm to predict agent availability, connecting calls when answered. Predictive dialers carry much higher ATDS classification risk and shouldn't be used for B2B cell number campaigns without consent.

Sources

  1. U.S. Government, 47 U.S.C. § 227, Telephone Consumer Protection Act (via Cornell Legal Information Institute): The TCPA prohibits autodialed or prerecorded calls to any cellular telephone service number; calling hours restricted to 8 a.m. to 9 p.m. local time of the called party
  2. U.S. Government, 47 U.S.C. § 227(b)(3), TCPA statutory damages (via Cornell Legal Information Institute): Statutory damages of $500 per violation, trebled to $1,500 for willful or knowing violations
  3. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR requires sellers and telemarketers to maintain an internal DNC list, identify themselves promptly on calls, and honor opt-out requests; national DNC registry covers residential subscribers only and exempts B2B calls
  4. Indiana Attorney General, Consumer Protection Division: Indiana maintains a commercial DNC list with specific provisions that can apply to certain business-to-business solicitation calls
  5. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition to systems that use random or sequential number generator to store or produce numbers dialed, limiting TCPA exposure for some dialing technologies
  6. Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059 (2021 amendments): Florida's 2021 FTSA amendments require prior express written consent for automated calls or texts to any telephone number in Florida, without a residential-only limitation
  7. Twilio, Lookup product documentation: Third-party tools like Twilio Lookup can identify whether a phone number is a landline or cell number at the time of dialing, supporting number-type segmentation for compliance
  8. WebRecon LLC, TCPA Lawsuit & Complaint Statistics: TCPA class action settlements have frequently ranged from $1 million to $76 million based on reviewed settlement data; median settlements for mid-size campaigns often fall in the $6 million to $8 million range
  9. FTC, National Do Not Call Registry: The national DNC registry does not apply to business-to-business calls; it covers residential subscribers
  10. U.S. Government, 28 U.S.C. § 1658, federal statute of limitations (via Cornell Legal Information Institute): Four-year federal statute of limitations applies to TCPA claims as a general federal catch-all period

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit