Federal trade commission telemarketing sales rule: what outbound teams must know

The FTC's Telemarketing Sales Rule carries fines up to $51,744 per violation. Here's what it covers, who it applies to, and how to stay compliant.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-09

Person reviewing telemarketing compliance documents at a desk with a phone nearby
Person reviewing telemarketing compliance documents at a desk with a phone nearby

TL;DR

The Federal Trade Commission's Telemarketing Sales Rule (TSR), codified at 16 CFR Part 310, governs most outbound telemarketing calls and texts in the U.S. It bans deceptive practices, requires specific disclosures, limits calling hours, and mandates Do Not Call list scrubbing. Violations cost up to $51,744 per call. Both B2C and some B2B calls are covered.

What is the FTC Telemarketing Sales Rule and what does it actually cover?

The Federal Trade Commission wrote the Telemarketing Sales Rule under authority Congress gave it in the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994 [1]. The rule lives at 16 CFR Part 310. Its job is to set a federal floor for how sellers and telemarketers behave on outbound calls and, after a 2003 amendment, on some inbound calls too.

The TSR covers any plan, program, or campaign to sell goods or services through interstate telephone calls. Live agents count. Prerecorded messages (robocalls) count. So do upsells that happen during an inbound call the consumer started, which catches a lot of teams off guard. If you call someone to sell something and that call crosses a state line, you are almost certainly under the TSR.

B2B calls get a partial exemption. The rule generally does not apply when the buyer is a business purchasing for the business, not for personal or household use [2]. That exemption is narrow. If your list is anything but clean commercial accounts, do not assume B2B status protects you.

The TSR and the FCC's TCPA rules (47 U.S.C. § 227) overlap constantly, but they come from different agencies with different teeth. The FTC enforces the TSR through civil penalties and injunctions. The FCC enforces TCPA through its own orders, and TCPA also lets consumers sue you directly. You can trip one without tripping the other. The riskiest conduct usually trips both.

What are the core prohibited practices under the TSR?

The prohibited practices sections (16 CFR § 310.3 and § 310.4) are the list your reps actually need to know. Here is what the rule bans outright.

Deceptive acts top the list. You cannot misrepresent the total cost of what you are selling, any material restrictions or conditions, or your refund policies [2]. You cannot lie about your identity or pretend to be affiliated with a government agency. That last one shows up often in debt-relief and credit-repair telemarketing.

Abusive calling practices get their own ban. The TSR prohibits calling before 8 a.m. or after 9 p.m. local time at the consumer's location [2]. It also bans threats, intimidation, and obscene language. Obvious stuff, and yet it lands in enforcement actions because rogue reps and poorly supervised call centers push the line.

Abandoned calls are a technical trap. If you run a predictive dialer and no live agent picks up within two seconds of the consumer answering, the call counts as abandoned. You can abandon no more than three percent of answered calls per campaign, measured over any 30-day period [2]. Go over that, and every abandoned call becomes a potential violation.

Unauthorized billing is flatly banned. You cannot charge a consumer without express informed consent, and you cannot use billing information from a third party without the consumer's authorization [2]. This provision drives most of the negative-option enforcement covered in its own section below.

The rule also prohibits credit card laundering (running a transaction for a seller through another merchant's account) and transmitting false caller ID information. That second one overlaps with the Truth in Caller ID Act, so faking your caller ID draws fire from more than one federal direction at once.

What disclosures does the TSR require on every call?

Under 16 CFR § 310.4(d), a telemarketer must tell the consumer four things before the sales pitch: the seller's identity, that the call's purpose is to sell goods or services, the nature of those goods or services, and (for a prize promotion) that no purchase is necessary to win [2].

Before the pitch means early. Before you collect information. Before you qualify. A lot of scripts bury the disclosure behind several qualifying questions, and that ordering is a problem.

For upsells triggered during an inbound call the consumer started, you still owe the required disclosures before the upsell pitch begins. The fact that the consumer called you does not let you skip the disclosures on what is functionally an outbound sales attempt stapled to the end of a service call.

If your campaign involves negative-option features (more on those below), the disclosures expand. You must clearly and conspicuously disclose the costs, the fact that the consumer's account will be charged, and the exact steps to cancel, before you take any billing information [2].

One underrated move: record your calls and audit a random sample every week against the disclosure checklist. It costs almost nothing. It is the fastest way to catch a rep who has drifted from the approved script. If you are building cold calling scripts internally, put the required TSR disclosures at the top as your first substantive element, not in a footnote nobody reads.

Key TSR compliance thresholds at a glance Numbers your team needs to know before dialing 52k Max penalty per violation 3 Abandoned call threshold (% per 30 days) 31 DNC scrub frequency (days) 24 Record retention requiremen… Source: FTC, 16 CFR Part 310 and 2023 Civil Penalty Adjustment

How does the TSR's Do Not Call list requirement work?

The TSR built the National Do Not Call Registry framework, and sellers now have to scrub their lists against that registry before they call consumers [3]. You register with the FTC to access it. You scrub at least every 31 days [3]. Miss that window and your safe harbor gets shaky fast.

The safe harbor under 16 CFR § 310.4(b)(3) protects you from a DNC violation if you can show three things: you scrubbed within 31 days, you have written DNC policies and training procedures, and the violation was a good-faith error [2]. That safe harbor carries real weight in enforcement talks. It only works if you have the paper trail to prove it.

Beyond the national registry, you have to keep your own company-specific Do Not Call list. When a consumer asks not to be called again during a TSR-covered call, you honor that immediately and add them to your internal list. That request sticks indefinitely, more than for 31 days.

Calling someone on the national registry costs up to $51,744 per call as of the FTC's 2023 civil penalty adjustment [4]. The FTC bumps that figure most years under the Federal Civil Penalties Inflation Adjustment Act, so pull the current number from FTC.gov before you assume you know it.

For the wider picture of what cold calling looks like under the combined rules, DNC scrubbing is the first thing to get right and the first thing an investigator asks about.

What calling hours and abandoned call rules apply under the TSR?

Hours are simple: 8 a.m. to 9 p.m. local time at the consumer's location. Not your location. Theirs [2]. If your call center sits in Dallas and you are dialing Los Angeles, you cannot start at 8 a.m. Dallas time when it is still 6 a.m. in LA. Automated dialers make this mistake when the timezone logic is wrong.

The abandoned call rule trips predictive dialer users constantly. Here is how it plays out. Your dialer fires multiple lines at once because your agents are busy. Sometimes a consumer picks up before any agent is free. If no agent connects within two seconds of the answer, that call is abandoned. Abandoned calls above three percent of all answered calls in a rolling 30-day window are violations [2].

On every abandoned call, you also have to play a prerecorded message identifying the seller and giving a callback number. That message does not cure the violation if you are over the three-percent threshold. It is still required on each abandoned call regardless.

Many teams assume their dialer vendor handles this automatically. Some do. Some do not. The settings often ship configured wrong. Pull your abandonment rate report every month and keep it. If the FTC ever investigates, that report is evidence you tried to comply in good faith.

If you are testing AI cold calling systems, the abandoned call math shifts, because an AI-handled call may not trigger the two-second rule the way live-agent predictive dialing does. The FTC has not issued definitive guidance on AI voice agents under the TSR as of mid-2025. Conservative compliance teams treat them as subject to the same limits until it does.

What is the FTC's Telemarketing Sales Rule negative option rule and why does it matter so much?

The negative option provisions of the FTC's Telemarketing Sales Rule are the most aggressively enforced part of the rule right now. A negative-option feature is any arrangement where the consumer's silence, inaction, or failure to cancel gets treated as consent to be charged [5]. Free trials that roll into paid subscriptions are the textbook case.

Under 16 CFR § 310.2(w) and § 310.3(a)(1)(vii), if your offer has a negative-option feature, you must clearly and conspicuously disclose all material terms before you take billing information [2]. The cost. The frequency of charges. The deadline to cancel. Exactly how to cancel.

In 2023, the FTC finalized a standalone Negative Option Rule at 16 CFR Part 425 that reaches further than the TSR alone [5]. It requires cancellation to be as easy as sign-up, a standard the FTC calls "click to cancel." If a consumer signed up online, they must be able to cancel online without getting routed through a retention agent. A violation of the standalone rule often counts as a TSR violation too.

Enforcement here is real and expensive. The FTC's 2020 action against Age of Learning (ABCmouse) ended in a $10 million settlement over negative-option enrollment practices [6]. Its 2022 case against Vonage produced a $100 million settlement tied in part to cancellation obstruction, though that case swept in conduct beyond negative-option issues [7].

If your sales motion includes any free trial, auto-renewing subscription, or continuity program, the negative option provisions of both the TSR and the standalone rule apply to you. Treat them as two separate checklists, not one.

Who enforces the TSR and what are the actual penalties?

The FTC is the primary enforcer. It can bring civil actions in federal court and seek civil penalties up to $51,744 per violation as of 2023 [4]. In telemarketing cases, each violating call usually counts as its own violation. Call 10,000 people on the DNC list and you are staring at penalties calculated on 10,000 calls.

State attorneys general enforce the TSR too, under Section 6 of the Telemarketing and Consumer Fraud and Abuse Prevention Act. State AGs have brought their own TSR actions, sometimes jointly with the FTC and sometimes alone.

The FTC does not sue over a single accidental call. Enforcement cases run on patterns: large volumes of DNC calls, systematic deception, repeat offenders. Do not read that as comfort. The FTC uses civil investigative demands (CIDs) to run pre-suit investigations, and answering a CID is expensive and disruptive even when no case ever gets filed.

Unlike TCPA (47 U.S.C. § 227), the TSR gives consumers no private right to sue. That is one meaningful difference between the two frameworks. Under TCPA, a consumer can file suit for $500 to $1,500 per call [8]. Under the TSR alone, only the FTC and state AGs can bring claims. In practice, most bad telemarketing conduct violates both, so the private-suit risk is still live through the TCPA angle.

See the table below for how these penalty numbers stack up against the other TSR thresholds you have to track.

How does the TSR interact with the TCPA (47 U.S.C. § 227)?

The TCPA and the TSR are parallel federal frameworks. They overlap. They do not replace each other [8]. The TCPA is the FCC's turf. The TSR is the FTC's. Complying with one does not get you compliance with the other.

The biggest practical overlap is the Do Not Call list. The national DNC Registry started under the TSR and is now administered on the government side across agencies. Calling a number on the registry can violate both the TSR and the TCPA, which means FTC civil penalties and consumer lawsuits at the same time.

On robocalls, the TCPA generally requires prior express written consent before you call a wireless number with an autodialer or a prerecorded message [8]. The TSR has its own version: telemarketing robocalls require the consumer's prior express written consent, and the message must carry an interactive opt-out that works immediately [2].

Here is where they split. The TSR's abandoned call rule applies to live-agent predictive dialers even when no prerecorded message is involved. The TCPA's autodialer rules lean heavily on equipment type, a definition the FCC has rewritten several times after litigation. Following the D.C. Circuit's 2018 ACA International decision and the FCC's later rules, the TCPA autodialer definition is narrower than it once was, but the TSR's limit on predictive dialer abandonment applies no matter how you classify the equipment [9].

The short version: run a TSR checklist and a TCPA checklist separately. They are not duplicates. What passes one can still fail the other.

What exemptions exist under the TSR, and are you actually exempt?

The TSR lists its exemptions at 16 CFR § 310.6. Here are the ones that actually matter for outbound sales teams.

Calls to a consumer you have an existing business relationship (EBR) with are partly exempt from the DNC restrictions, but not from the rest of the TSR. Disclosure rules still apply. Hours restrictions still apply. Abandoned call limits still apply [2].

Calls to consumers who gave prior express written consent are also partly exempt from the DNC registry requirement. Again, the other TSR provisions hold. Consent is not a blanket waiver.

B2B calls, as noted earlier, are generally exempt. So are calls by non-profit organizations. Financial institutions regulated by federal banking regulators get a partial carve-out. Catalog sales get limited exemptions.

Here is where teams go wrong. They hear "B2B is exempt" and decide all their outbound prospecting is covered. But if you are calling individuals who happen to own businesses, at their personal cell numbers, you are in a gray zone. The exemption applies when the call is to a business and the buyer is purchasing for business purposes. The moment you are dialing personal cell phones with a pitch that could benefit the person individually, the exemption gets shaky.

The safer default for any outbound team: apply TSR compliance across the board and claim an exemption only when you can document, campaign by campaign, exactly why it applies.

What does a TSR-compliant outbound process actually look like?

A TSR-compliant outbound process has five moving parts.

First, list hygiene. Scrub against the national DNC Registry no more than 31 days before calling. Scrub against your internal DNC list before every dial. Log when each scrub happened. This is the most auditable piece of your program and the first thing the FTC asks for.

Second, caller ID. Transmit a real, working number where consumers can call back to ask off the list. The number has to stay valid for at least 15 minutes after the call [2]. Spoofing or blocking caller ID on a TSR-covered call is a violation.

Third, script review. Every script needs the required upfront disclosures, and no claim can contradict your actual offer terms. Have someone other than the script's author read it against the 16 CFR § 310.3 and § 310.4 checklists before launch. If you are building cold call scripts from scratch, start with the disclosure requirements as your opening structure.

Fourth, dialer configuration. Set your abandoned call alarm below three percent. Log abandonment rates monthly and keep the logs for at least 24 months. Configure timezone rules so no call ever fires before 8 a.m. or after 9 p.m. at the consumer's local time.

Fifth, training and documentation. The safe harbor for unintentional violations requires written DNC policies and training [2]. So you need a written policy, evidence that reps were trained on it, and a way to catch reps who drift. Annual training is the floor. Quarterly is better for high-volume teams.

LeadCompliant's free compliance kit walks each of these checkpoints with template policy documents you can adapt, useful if you are building from scratch and want a structure before you loop in legal counsel.

How has FTC TSR enforcement actually played out in recent cases?

Real enforcement actions tell you where the FTC actually spends its attention.

The Dish Network case is the one most people cite. In 2017, a federal court ordered Dish to pay $280 million for calling millions of consumers on the DNC Registry and for calls made by its authorized dealers [10]. The court held Dish liable for its own calls and for dealer calls it had reason to know were breaking the TSR. That dealer-liability theory matters to anyone using third-party lead generation or outsourced calling.

In 2022, the FTC and a coalition of state partners sued Avid Telecom and its owner for routing billions of illegal robocalls, including calls impersonating government agencies [11]. That case shows how the TSR's bans on caller ID spoofing and impersonation reach the infrastructure providers, not only the sellers.

The FTC's periodic sweeps, like Operation Stop Scams, bring simultaneous actions against multiple telemarketers at once. These usually target warranty scams, debt relief fraud, and imposter schemes. They also make clear the agency treats pattern enforcement as the priority over chasing single bad actors.

What you take from all this: the FTC targets high-volume systematic violations, deceptive scripts, and sellers who know (or should know) their vendors are cutting corners. If your monthly call volume runs under 5,000 and your DNC scrubbing is clean, you are not the primary target. You are also not immune. State AGs file smaller cases, and TCPA private suits run on a much smaller scale than federal FTC enforcement.

What records do you need to keep to prove TSR compliance?

The recordkeeping requirements sit at 16 CFR § 310.5. Sellers must keep these records for 24 months [2].

Advertising and promotional materials. Copies of every script, recorded message, and promotional offer used in any TSR-covered campaign.

Prize promotion records, if you run them. Names, addresses, and prize values for anyone who received a prize.

Sales records. The name and last known address of each purchaser, the goods or services purchased, and the amount paid.

Employee records. Names and last known addresses of all current and former employees directly involved in telephone sales. This one surprises people. If the FTC investigates and your reps were independent contractors, you still need records identifying them.

Do Not Call records. A copy of your internal DNC list, records showing the date the list was last updated, and records of every consumer request not to be called.

Complaint records. All customer complaints, whether they came to you directly or through a third party like the BBB.

Keeping these is not optional, and it is not burdensome once you set it up as a system instead of scrambling during an investigation. Most CRMs handle call logs, complaint notes, and purchaser records fine. The pieces that fall through the cracks are script version history and DNC scrub logs. Keep those in a folder structure organized by campaign and date, and do not delete them for at least two years after the campaign ends.

Frequently asked questions

Does the FTC Telemarketing Sales Rule apply to text message marketing?

The TSR was written around telephone calls and does not explicitly cover SMS the way it covers voice. Text messages used to solicit sales may still fall under its definition of a telephone solicitation depending on use, and they are clearly covered by TCPA. For outbound SMS, TCPA is usually the framework to worry about first. Do not assume SMS is a TSR-free zone.

What is the difference between the FTC Telemarketing Sales Rule and the FCC's TCPA?

The TSR is an FTC rule at 16 CFR Part 310, enforced through FTC civil actions and state AG suits. TCPA is a federal statute at 47 U.S.C. § 227, enforced by the FCC and through private lawsuits by individual consumers. They overlap on Do Not Call requirements and robocall rules but use different equipment definitions, consent standards, and penalty structures. You can violate one without violating the other.

How often do I have to scrub my call list against the Do Not Call Registry?

The TSR requires you to scrub at least every 31 days. If you call a number added to the registry after your last scrub but within that 31-day window, the scrub timing generally protects you. Scrub more often if your list is large or you add new numbers regularly, since more frequent scrubs shrink your exposure window.

What is the maximum penalty for violating the TSR?

As of the FTC's 2023 civil penalty adjustment, the maximum is $51,744 per violation, and each violating call is usually treated as a separate violation. The FTC updates this figure most years under the Federal Civil Penalties Inflation Adjustment Act of 2015, so check the current amount at FTC.gov before you assume you know it.

Are B2B telemarketing calls exempt from the Telemarketing Sales Rule?

Generally yes, when the call is to a business and the purchase is for business purposes. The exemption is narrow. Calls to individual business owners at personal numbers, calls about products that benefit the person individually, or calls to businesses that might resell to consumers can fall outside it. Apply TSR rules as your default and document clearly why any B2B exemption applies.

What does the TSR require for prerecorded telemarketing calls (robocalls)?

The TSR requires prior express written consent before a prerecorded telemarketing call. The call must also provide an interactive opt-out mechanism that works immediately, usually a keypress option. These requirements sit on top of TCPA's consent requirements for robocalls to cell phones, which also require prior express written consent.

What is the TSR's abandoned call rule and how does the three percent threshold work?

When a predictive dialer connects a call but no live agent is available within two seconds of the consumer answering, that call is abandoned. You may not abandon more than three percent of answered calls per campaign in any 30-day period. Every abandoned call beyond that threshold is a potential TSR violation. Your dialer should report abandonment monthly, and you should keep those reports for at least 24 months.

Does the TSR cover inbound calls that consumers make to a seller?

Purely inbound calls are generally exempt from many TSR provisions. If the inbound call results from a telemarketing solicitation (a direct mail piece with a phone number, for example), some provisions apply. More important, if your agents use inbound calls to pitch additional products, that upsell is treated like an outbound telemarketing call for TSR purposes, including the required disclosures.

What is the FTC's negative option rule and how does it relate to the TSR?

The TSR has always required clear disclosure of negative-option terms (free trials that convert to paid subscriptions, auto-renewing charges) before collecting billing information. In 2023, the FTC finalized a separate standalone Negative Option Rule at 16 CFR Part 425 that adds a click-to-cancel requirement: cancellation must be as easy as sign-up. Violating the standalone rule often violates the TSR at the same time.

Can I be held liable for TSR violations committed by my telemarketing vendor or lead generation partner?

Yes. The Dish Network case established that a seller can be liable for violations by its authorized dealers or vendors if the seller had reason to know the vendor was breaking the TSR. Due diligence on vendors, written compliance representations in contracts, and auditing vendor call records are not optional. Outsourcing the calls does not outsource the liability.

What records does the TSR require me to keep and for how long?

Under 16 CFR § 310.5, you must keep advertising materials, sales records, employee records, Do Not Call records, and customer complaint records for 24 months. That includes every version of every script used in a campaign, DNC scrub logs with dates, and records identifying each person who made calls on your behalf. Most teams fall short on script version history and DNC log retention.

What calling hours does the TSR allow for telemarketing?

The TSR permits calls between 8 a.m. and 9 p.m. local time at the consumer's location. That is the consumer's timezone, not yours. Autodialers must be configured with timezone logic tied to the number's location, not the call center's. Calls outside these hours are a per-call violation.

Does the TSR apply to my fundraising calls for a non-profit?

Non-profit organizations calling on behalf of the non-profit itself are generally exempt from the TSR. But if a for-profit telemarketing firm makes calls on behalf of a charity, that firm is covered even though the charity is exempt. The for-profit vendor must follow TSR rules, including Do Not Call requirements and required disclosures.

Sources

  1. FTC.gov, Telemarketing and Consumer Fraud and Abuse Prevention Act (15 U.S.C. § 6101 et seq.): The FTC promulgated the Telemarketing Sales Rule under authority granted by the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994.
  2. FTC.gov, 16 CFR Part 310 – Telemarketing Sales Rule (full rule text): Core TSR requirements: calling hours (8 a.m. to 9 p.m. local), abandoned call threshold (3% per 30 days), required upfront disclosures, prohibited practices, negative-option disclosure requirements, B2B exemption, EBR provisions, safe harbor conditions, and 24-month recordkeeping requirement.
  3. FTC.gov, National Do Not Call Registry (donotcall.gov): Sellers must scrub call lists against the National Do Not Call Registry at least every 31 days and must register with the FTC to access the registry.
  4. FTC.gov, Enforcement (civil penalty inflation adjustments): The maximum civil penalty per TSR violation is $51,744 as adjusted in 2023 under the Federal Civil Penalties Inflation Adjustment Act.
  5. FTC.gov, Negative Option Rule (16 CFR Part 425), finalized 2023: The FTC finalized a standalone Negative Option Rule in 2023 adding click-to-cancel requirements and mandating that cancellation be as easy as sign-up.
  6. FTC.gov, Press Releases (Age of Learning / ABCmouse settlement, 2020): The FTC reached a $10 million settlement with Age of Learning (ABCmouse) in 2020 over negative-option enrollment and cancellation practices.
  7. FTC.gov, Press Releases (Vonage settlement, 2022): The FTC secured a $100 million settlement against Vonage in 2022 related in part to cancellation obstruction practices.
  8. FTC.gov, Legal Library (United States v. Dish Network LLC, Final Judgment 2017): A federal court ordered Dish Network to pay $280 million for calling millions of consumers on the DNC Registry, including liability for calls made by authorized dealers.
  9. FTC.gov, Press Releases (FTC and state partners v. Avid Telecom, 2022): The FTC filed suit against Avid Telecom in 2022 for routing billions of illegal robocalls including calls impersonating government agencies.
  10. Congress.gov, Telemarketing and Consumer Fraud and Abuse Prevention Act, Pub. L. 103-297: The Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994 is the statutory authority under which the FTC promulgated the TSR.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit