Business to business telemarketing rules: what actually applies to you

B2B telemarketing has real legal exposure: TCPA, TSR, and state laws all apply in different ways. Here's exactly what rules govern your outbound calls.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-09

Business professional making an outbound telemarketing call at an office desk
Business professional making an outbound telemarketing call at an office desk

TL;DR

B2B telemarketing is not exempt from federal law. The TCPA's robocall and autodialer restrictions apply to business numbers, and the FTC's Telemarketing Sales Rule covers most commercial calls. The national Do Not Call registry generally skips business lines, but state laws and industry rules add layers. TCPA penalties run $500 to $1,500 per call.

Does federal telemarketing law actually apply to business-to-business calls?

Yes. This is the most misunderstood point in B2B outbound. Sales teams assume that calling a company instead of a consumer puts them outside the law. It does not.

The TCPA (47 U.S.C. § 227) applies to any call or text to a telephone number, business or residential, when that call uses an automatic telephone dialing system (ATDS) or a prerecorded voice [1]. The statute's text carves out nothing for business lines under the ATDS restriction. So if your dialer is touching a business's phone number and it qualifies as an ATDS under the statute, you need consent or a recognized exemption. Sole proprietor or Fortune 500 makes no difference.

The FTC's Telemarketing Sales Rule (TSR), 16 C.F.R. Part 310, is a separate federal framework [2]. The TSR covers "telemarketing" broadly, and its business-to-business exemption is narrower than most people think. The rule exempts calls where a seller pitches another business goods or services that the business will resell or use in its own operations. But calls to businesses that also look like consumer transactions (think a one-person LLC whose owner is also the household decision-maker) can lose that exemption. Does the Telemarketing Sales Rule apply to businesses? Yes, as the caller. As the called party, businesses get thinner protections than consumers, but the seller's obligations under the TSR do not vanish.

"B2B" is not a safe harbor. It changes which rules apply, not whether rules apply.

Does the national Do Not Call registry protect business phone numbers?

No, with one exception that bites people constantly. The national DNC registry maintained by the FTC under the TSR covers "residential telephone subscribers" [2]. A dedicated business line registered only in the company's name is not a residential subscriber and gets no registry protection.

The exception is real. If a sole proprietor or small business owner uses a personal cell phone or a home line for business, that number IS a residential line and IS on the DNC registry if they registered it. Call that number to pitch B2B services and you can trigger DNC violations even when you honestly believed you were making a business call [3].

Separate from the federal list, some states run their own Do Not Call registries that cover business lines outright. Texas and Indiana are two examples with scope different from the federal registry (see the state law section below). Check the specific state before you assume business lines are clear.

Your internal do-not-call list is not optional. The TSR requires you to keep one and honor requests within 30 days [2]. That obligation holds whether you're calling consumers or businesses.

What are the TCPA rules for autodialers calling business lines?

The autodialer restriction is where B2B teams get into the deepest trouble. Under 47 U.S.C. § 227(b)(1), it is unlawful to make a call using an ATDS or an artificial or prerecorded voice to any telephone number without the prior express consent of the called party [1]. The called party does not have to be a consumer. A call to a business's main line using a predictive dialer that qualifies as an ATDS requires consent.

What counts as an ATDS is contested. The Supreme Court's 2021 decision in Facebook v. Duguid narrowed the definition. The Court held that a system must have "the capacity to store or produce telephone numbers using a random or sequential number generator" and then dial them [4]. That narrowing helped some B2B callers whose dialers pull from a fixed list rather than generating numbers randomly. But the line stays murky for many modern predictive dialers, and plaintiffs' lawyers push broader readings in some circuits.

Prerecorded or artificial voice calls to business lines are cleaner to analyze. They require prior express consent under the TCPA, full stop, unless a specific statutory exemption applies (emergency calls, calls the FCC has exempted, and the like).

If your sales team runs cold calling with a human dialing manually, the ATDS risk drops way down. Manual one-by-one dialing by a person generally sits outside the ATDS definition after Facebook v. Duguid. But if your software auto-paces, auto-progresses, or auto-launches calls, get a legal review before you assume you're clear.

The penalty for a TCPA violation is $500 per call, trebled to $1,500 per call for willful violations [1]. A few hundred B2B robocalls can build real litigation exposure fast.

Key B2B telemarketing legal thresholds Federal statutory figures every outbound team needs to know $500 TCPA penalty per call (negligent) $1,500 TCPA penalty per call (willful) $52k TSR civil penalty per violation (max) $1,500 Florida FTSA penalty per call (max) Source: 47 U.S.C. § 227 (TCPA); 16 C.F.R. Part 310 (TSR); Fla. Stat. § 501.059 (FTSA)

How does the Telemarketing Sales Rule apply to B2B outbound teams?

The TSR governs telemarketing broadly, and your B2B team is almost certainly a covered "telemarketer" or "seller" under it [2]. These rules apply whether you call consumers or businesses:

  • You must transmit accurate caller ID. The TSR requires you to send your telephone number and, when possible, your name to the recipient's caller ID [2]. Spoofing or blocking that transmission is a violation.
  • You must keep an internal do-not-call list and honor opt-outs within 30 days.
  • You must disclose the seller's identity and the purpose of the call promptly.
  • You cannot make false or misleading statements.

The B2B exemption in the TSR (16 C.F.R. § 310.6(b)(7)) exempts calls from a seller to another business when the goods or services are meant for resale or for use in that business's own operations [2]. It does not cover all B2B calls. If you sell software subscriptions to small businesses and some of those buyers are one-person shops that look a lot like residential consumers, be careful. The FTC has room to interpret who qualifies.

The FTC can seek civil penalties up to $51,744 per violation under the TSR as of recent inflation adjustments [2]. State attorneys general can bring TSR-based actions too.

For teams writing out their cold calling scripts and training reps, the TSR disclosures need to be baked into the script. This is not optional.

Which state laws add rules on top of federal B2B telemarketing requirements?

State law is where things get genuinely complicated, and where a lot of B2B teams have blind spots. Several states run telemarketing statutes that go past federal law. Some cover business subscribers outright.

Here is how the key states compare:

StateBusiness lines covered?Key rulePenalty per violation
FloridaYes (FTSA covers any number, including VoIP)Requires prior express written consent for ATDS calls/texts to any number$500 to $1,500 per call/text [5]
CaliforniaMostly consumer-focused (CPUC rules), but CCPA adds data obligationsDo-not-call rules apply to residential; CCPA affects lead data handlingVaries by statute
TexasBusiness DNC registry exists for certain solicitation callsMust honor Texas DNC list even for business lines in some contextsUp to $5,000 per violation [6]
IndianaState DNC list can include business numbersCallers must scrub Indiana DNC regardless of B2B intentUp to $10,000 per violation
New YorkAttorney General active on TSR-based enforcementState consumer protection law applied to business solicitation in some casesVaries

Florida's Telephone Solicitation Act (FTSA) is the most aggressive right now. It applies to any telephone number assigned to a Florida resident or business, and it allows a private right of action, so individual businesses can sue on their own without waiting for the state AG [5]. If you call Florida business numbers with an ATDS or prerecorded voice, you need consent.

California's laws sit more on the consumer side at the telemarketing level. But the CCPA/CPRA rules on how you collect, store, and use contact data for B2B leads matter a lot when the contact is a natural person, which most B2B contacts are [7].

Tracking all 50 states is a full-time job. That's the honest answer. Prioritize the states where you call most often and where statutory penalties and private rights of action cut sharpest.

Do B2B texts and SMS campaigns face different rules than voice calls?

Mostly no, and teams get caught off guard by this. The TCPA's ATDS restrictions apply to texts sent to any telephone number, including business lines [1]. The FCC has treated SMS as a "call" under the TCPA for years. So if your platform fires automated texts at a list of business prospects, the same ATDS analysis applies.

The consent question for B2B SMS is the same one you ask for voice: did the business, and specifically the individual whose phone you're texting, give prior express consent? A business buying your software does not automatically consent to marketing texts on behalf of every employee's phone number.

One practical difference. Truly manual, one-at-a-time texts from a personal phone generally sit outside ATDS territory, the same logic that covers calls. But any texting platform that sends in bulk, schedules messages, or uses a short code almost certainly qualifies as an ATDS.

For AI cold calling tools that also send follow-up texts on their own, you need consent documentation for each channel separately. Consent to call is not consent to text under the TCPA.

Building a B2B outbound motion that runs calls and SMS together? Treat the SMS layer with exactly the caution you apply to your dialer.

Consent analysis for B2B tracks consumer consent, with a few differences in how courts and the FCC have applied it.

For non-ATDS, non-prerecorded calls to business lines, no advance consent is required under the TCPA. A human agent dialing a business number by hand and speaking live does not trigger the TCPA's consent requirements.

For ATDS calls or prerecorded voice calls, you need prior express consent. For B2B marketing, the FCC has not demanded "prior express written consent" in the same explicit way it does for consumer marketing calls to cell phones. Business-to-business prior express consent can be oral or implied from a business relationship in some circumstances. But the standards keep shifting, and carriers and courts are not consistent about it.

Practically, written consent is the only kind you can actually prove. A signed form, a checked box, an email confirmation. Oral consent is nearly impossible to document at scale.

Implied consent from a business card, a trade show badge scan, a public website listing, or a LinkedIn message has been argued in litigation. Courts have not been kind to the idea that posting a phone number on a website counts as consent to receive autodialed calls. Do not rely on it.

For what is cold calling in sales, the clearest path stays human-to-human manual dialing where consent is not a legal requirement. The moment you automate, consent becomes the question you have to answer.

Document what consent you have, when you got it, and from whom. This is the single most useful thing you can do to cut litigation risk.

What are the calling time and identification rules for B2B outbound?

The TSR and some state laws set hours. Under the TSR, telemarketing calls are prohibited before 8 a.m. or after 9 p.m. local time of the called party [2]. This covers consumer calls and, depending on interpretation, B2B calls that miss the TSR's B2B exemption.

Calls that do qualify for the exemption are technically outside the hours restriction. But calling a business at 6 a.m. or 10 p.m. is both useless and a state-law risk if that state runs its own hours rules.

Caller ID is non-negotiable. The Truth in Caller ID Act (part of 47 U.S.C. § 227(e)) prohibits caller ID spoofing with the intent to defraud, cause harm, or wrongfully obtain anything of value [8]. This applies to every call, B2B or consumer. Displaying a fake number, or a number that does not ring back to your organization, is illegal. The FCC has issued multi-million dollar forfeitures under this statute.

You also have to display a number that answers on callback, or at minimum a number where someone can process do-not-call requests. That's a TSR requirement [2].

The FCC's STIR/SHAKEN framework requires carriers to authenticate caller ID, and it's now broadly deployed [9]. Calls that fail authentication get labeled "Spam Likely" or blocked by carriers. For B2B outbound, that means your caller ID has to be properly registered and authenticated, or your answer rates crater no matter how clean your legal compliance is.

What are the real penalties for B2B telemarketing violations?

Federal TCPA penalties are $500 per call for negligent violations and $1,500 per call for willful or knowing violations [1]. These are statutory damages, so no actual harm needs proving. A plaintiff can sue in small claims court or federal court. Class actions that fold thousands of B2B calls into one lawsuit are the biggest risk.

The TSR exposes you to FTC civil penalties up to $51,744 per violation as of the latest adjustment [2]. State AG enforcement under state telemarketing laws stacks on top. Florida's FTSA lets private plaintiffs sue for $500 to $1,500 per call or text, roughly matching TCPA exposure [5].

One case for scale. In 2023 the FCC issued a $300 million forfeiture against a robocall operation, though that was a consumer-facing scheme at massive volume [9]. For smaller B2B operations, FTC enforcement actions against individual companies for TSR violations have settled in the hundreds of thousands to low millions of dollars. The FTC's action against Dish Network (consumer-facing, but instructive on damage scale) produced a judgment of roughly $280 million across combined federal and state claims [10].

Run the math. A B2B team making 1,000 automated calls to business lines without proper consent faces $500,000 in exposure at $500 per call. Willful violations triple that to $1.5 million. That's why small outbound teams have to treat compliance seriously even when they only call other businesses.

LeadCompliant's free TCPA compliance kit walks the documentation checklist you want on hand before a demand letter lands. Having your consent records and scrubbing logs in order is the one thing that actually cuts your exposure when a plaintiff's lawyer sends that letter.

How should B2B outbound teams build a compliant telemarketing process?

Start with an honest audit of your dialing technology. Figure out whether your system qualifies as an ATDS under Facebook v. Duguid [4]. If it does, build a consent collection and storage process before you dial another number. If it does not, document why not, in writing, reviewed by counsel.

Scrub your calling lists against the national DNC registry anyway, even though B2B calls to business lines are generally exempt. Here's why. Your list always holds some personal cell phones and home-office numbers, and those are residential lines with full DNC protection. List scrubbing costs almost nothing. Calling a DNC-registered personal phone costs a lot.

Build an internal do-not-call list. The TSR requires it. Honor opt-outs within 30 days [2]. Train every rep on how to record a do-not-call request.

For caller ID, work with your carrier or VoIP provider so STIR/SHAKEN authentication is in place. Register your outbound numbers. Do not rotate through numbers fast in ways that read like spoofing to carrier analytics.

Know your states. Map which states your list touches and research each one's specific rules. Florida, Texas, Indiana, and Oklahoma (which has its own state telemarketing act) all deserve attention.

For your cold call script, make the opening identify your company and the purpose of the call in the first few seconds. That's a TSR requirement and a plain good habit.

If you use any AI-driven tools for outreach, run LeadCompliant's free checkers to flag number types and consent status before your dialer touches them. Catching a problem before a call costs nothing. Catching it after 500 calls costs a lawyer and maybe a settlement.

Review your process at least once a year. The FCC issues declaratory rulings that move the ground under you, and state legislatures have been busy. Compliance is not a one-time setup.

Are there specific industries with extra B2B telemarketing rules?

Yes. Some industries carry federal overlay rules that add to TCPA and TSR requirements.

Financial services firms answer to FINRA and SEC rules on outbound solicitation. FINRA Rule 3230 governs telemarketing by broker-dealers, requires specific disclosures, bans calls before 8 a.m. or after 9 p.m. local time, and mandates internal do-not-call list compliance [11]. This holds even when you're calling business prospects in an institutional context.

Healthcare and insurance. Calls to individual agents or small practice owners that blur the consumer/business line draw scrutiny under HIPAA in some contexts, though HIPAA does not directly regulate outbound telemarketing. State insurance department rules in many states govern how insurers can solicit business policyholders.

Mortgage and real estate. The TSR's mortgage-related rules (which banned advance fees for loan modifications, among other things) are consumer-focused. But B2B mortgage brokers calling commercial real estate offices still operate under TSR identity and disclosure requirements.

Energy and utilities. Some state public utility commission rules regulate solicitation calls from energy providers to commercial accounts. Texas PUC rules, for one, carry specific provisions on commercial energy solicitation.

If your business sits in one of these sectors, stack your industry-specific rules on top of TCPA and TSR. Do not treat them as alternatives.

What records do B2B telemarketers need to keep?

The TSR requires sellers and telemarketers to keep records for 24 months [2]. Specifically:

  • Advertising and promotional materials used in telemarketing.
  • Information about prizes offered or given.
  • Sales records showing name, address, phone number, amounts paid, and items purchased.
  • Employee names and addresses (or those of independent contractors) involved in telemarketing.
  • All verifiable authorizations or records of express informed consent or express agreements.

For TCPA compliance, consent records are the document that matters most. You need to show who gave consent, when, on what platform, through what mechanism, and for what specific type of contact. A vague "they agreed to our terms" does not hold up in litigation.

DNC scrubbing logs matter too. If someone claims you called after they opted out, your only defense is a documented record showing their number was on your internal DNC list and your dialer got scrubbed against it before the call went out.

Store these records somewhere redundant and export-ready. When a demand letter arrives, you need to pull the records fast. A lawyer's clock runs faster than your IT team's ticket queue.

For a growing team, a simple spreadsheet is a start. But purpose-built CRM fields or a compliance platform pay for themselves the first time you answer a subpoena or demand letter with actual documentation.

Frequently asked questions

Does the TCPA apply to calls made to business phone numbers?

Yes. The TCPA's autodialer and prerecorded voice restrictions apply to all telephone numbers, not only residential ones. If you use an ATDS or play a prerecorded message, you need prior express consent whether the recipient is a business or a consumer. Manual, live calls to business lines generally sit outside the TCPA's ATDS restrictions under Facebook v. Duguid (2021).

Are businesses protected by the national Do Not Call registry?

Generally no. The national DNC registry covers residential telephone subscribers. A dedicated business line is not covered. The key exception is sole proprietors or small business owners who use personal or home lines for business. Those lines are residential and fully DNC-protected. Some states, including Texas and Indiana, run separate business-line DNC protections.

What is the TSR's business-to-business exemption?

Under 16 C.F.R. § 310.6(b)(7), the TSR exempts calls between businesses where the goods or services sold will be resold or used in the business's operations. This exemption does not remove all TSR obligations. Caller ID, internal do-not-call list, and honest disclosure requirements still apply to the seller. Calls that blur the consumer/business line can lose the exemption entirely.

A live human call to a cell phone used for business does not require TCPA consent if you dial it manually. But if you use an autodialer or a prerecorded message, the number's status as a 'business' phone does not remove the consent requirement under 47 U.S.C. § 227. Cell phones get no more favorable treatment than landlines under the ATDS provisions.

What time of day can I call businesses for telemarketing?

For calls subject to the TSR without the B2B exemption, calls are prohibited before 8 a.m. or after 9 p.m. local time at the called party's location. Calls that qualify for the TSR B2B exemption are technically outside the hours restriction, but state laws may set their own time limits. Practically and reputationally, calling outside normal business hours is a bad idea regardless.

Does Florida's Telephone Solicitation Act apply to B2B calls?

Yes. Florida's FTSA applies to any telephone number assigned to a Florida resident or business, business lines included. It requires prior express written consent for calls or texts using an ATDS or autodialer and allows a private right of action for $500 to $1,500 per violation. That makes Florida one of the highest-risk states for B2B outbound teams using automated dialing.

Do I need to honor an opt-out request from a business contact?

Yes. The TSR requires every telemarketer to keep an internal do-not-call list and honor opt-out requests within 30 days. This applies whether the person opting out is a consumer or a business contact. Once someone at a company asks not to be called, you must add them to your internal DNC list and scrub your dialer against it before your next call cycle.

Can I use a prerecorded voice message to call a business?

Only with prior express consent under the TCPA, no matter whether the recipient is a business. Prerecorded or artificial voice messages to any number, business or residential, require consent unless a specific FCC exemption applies. The TSR also restricts prerecorded messages used for telemarketing. This is one of the clearest areas of B2B telemarketing law: no consent, no prerecorded calls.

How does STIR/SHAKEN affect B2B outbound calling?

STIR/SHAKEN is the FCC-mandated caller ID authentication framework that carriers now broadly deploy. Calls that fail authentication get labeled as spam or blocked before they connect. For B2B outbound teams, that means your outbound numbers must be properly registered and authenticated with your carrier. High-volume calling from unregistered numbers gets suppressed by carrier analytics, killing answer rates regardless of legal compliance.

What records do I need to keep for B2B telemarketing compliance?

The TSR requires keeping records for 24 months, including sales records, promotional materials, consent records, and employee information. For TCPA compliance, you need documented consent showing who consented, when, how, and for what contact type. Internal DNC scrubbing logs matter too. If you face a demand letter, these records are your only defense. Store them somewhere you can access and export quickly.

Are there extra rules for financial services firms doing B2B telemarketing?

Yes. FINRA Rule 3230 governs telemarketing by broker-dealers, requires specific disclosures, bans calls before 8 a.m. or after 9 p.m. local time, and mandates internal DNC compliance. This applies even when soliciting institutional or business clients. Financial services, insurance, and energy sectors all carry industry-specific overlay rules on top of the base TCPA and TSR requirements.

What is the penalty for a B2B TCPA violation?

The TCPA provides $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations. There is no cap per lawsuit, and class actions can aggregate thousands of calls. For a team making 1,000 automated calls without proper consent, the minimum exposure is $500,000. The FTC's TSR penalties reach $51,744 per violation. State laws like Florida's FTSA add parallel exposure.

Does the TSR's business-to-business exemption cover all my disclosures?

No. Even when your call qualifies for the TSR B2B exemption and skips hours restrictions and DNC-registry obligations, you still have to transmit accurate caller ID, keep and honor your internal do-not-call list, identify your company promptly on the call, and avoid false or misleading statements. The exemption removes some requirements, not all.

Almost certainly no. Courts have not accepted public posting of a phone number as consent to receive autodialed calls or texts. Consent under the TCPA must come from the called party. A business listing its number on a website or LinkedIn is signaling availability for communication, not consenting to automated marketing messages. Rely on documented opt-in consent, not consent inferred from public listings.

Sources

  1. Cornell Legal Information Institute, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA restricts ATDS and prerecorded voice calls to any telephone number; penalties are $500 per violation trebled to $1,500 for willful violations
  2. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR covers most commercial telemarketing, requires caller ID transmission, internal DNC list, 24-month record retention, and prohibits calls before 8 a.m. or after 9 p.m.; B2B exemption at § 310.6(b)(7); civil penalties up to $51,744 per violation
  3. FTC, National Do Not Call Registry: National DNC registry covers residential telephone subscribers; sole proprietors using personal lines for business retain residential protections
  4. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition: a system must use a random or sequential number generator to store or produce telephone numbers; pulling from a fixed list may not qualify
  5. Florida Senate, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: FTSA applies to any telephone number assigned to a Florida resident or business, requires prior express written consent for ATDS calls/texts, allows private right of action for $500 to $1,500 per violation
  6. Texas Attorney General, consumer protection resources: Texas maintains a state no-call registry applicable to certain solicitation calls including business lines in some contexts, with civil penalties under state law
  7. California Privacy Protection Agency, California Consumer Privacy Act / CPRA: CCPA/CPRA imposes data handling obligations when B2B contact data involves natural persons, affecting how B2B lead data is collected, stored, and used
  8. U.S. Department of Justice, U.S. and states v. Dish Network settlement announcement: Federal and state action against Dish Network produced a judgment of roughly $280 million illustrating scale of damages for systematic telemarketing violations
  9. FINRA, Rule 3230 Telemarketing: FINRA Rule 3230 requires specific disclosures, prohibits calls before 8 a.m. or after 9 p.m. local time, and mandates internal DNC compliance for broker-dealer telemarketing including institutional calls
  10. FTC, business guidance on telemarketing: FTC business guidance confirms 24-month record retention requirement and scope of seller and telemarketer obligations under 16 C.F.R. Part 310

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit