Last updated 2026-07-09

TL;DR
The FTC's Telemarketing Sales Rule (TSR) saw its biggest overhaul in years in 2024-2025. Key changes include a ban on unauthenticated robocalls, expanded recordkeeping to five years, new restrictions on business-to-business calls, and an open proceeding on AI-generated voice calls. Civil penalties now reach $51,744 per violation. Every outbound team needs to audit their tech stack against the amended rule.
What is the FTC Telemarketing Sales Rule and why does it matter right now?
The Telemarketing Sales Rule (TSR) is the Federal Trade Commission's main regulation for outbound telephone sales. It lives at 16 C.F.R. Part 310 and has been on the books since 1995, after Congress passed the Telemarketing and Consumer Fraud and Abuse Prevention Act [8]. If you make outbound calls to sell anything, the TSR almost certainly applies to you, full stop.
The rule sets out what you can and can't say, when you can call, how you must identify yourself, what disclosures you owe consumers, and what records you have to keep. Violations aren't civil infractions you negotiate away. They are federal civil penalties, and the FTC raises the per-violation cap every year with inflation adjustments. As of 2024, that number sits at $51,744 per violation [2].
The TSR is in the news for a simple reason. The FTC finalized significant amendments in 2024 and, at the same time, opened a new rulemaking focused on AI-generated calls and texts. Finalized rules plus an active proceeding means the regulatory floor is moving under outbound teams faster than at any point since the Do Not Call registry launched in 2003.
What did the FTC actually change in its 2024 TSR amendments?
The FTC published its final TSR amendments in 2024 after a rulemaking that started with an advance notice in 2022 [3]. The changes are substantial. Here are the ones that hit outbound teams hardest.
Unauthenticated robocalls are now explicitly banned. The amended rule prohibits any outbound call delivering a prerecorded message unless the call uses authenticated technology. In plain English: if your dialer can't prove to the network that the caller ID you're sending is actually yours, that call breaks the TSR. This tracks STIR/SHAKEN, the FCC's call authentication framework, and it puts teams sending spoofed or unverified caller IDs in double jeopardy. FCC enforcement under the Communications Act. FTC enforcement under the TSR.
Recordkeeping expanded to five years. The prior rule required you to keep records for 24 months. The amended rule stretches that to five years for most categories, including call records, consent documentation, and transaction records [3]. If you're not logging who consented, when, through what channel, and with what language, you're already behind.
Business-to-business call exemptions got narrower. The TSR's B2B exemption has always been a gray area, and the 2024 amendments tightened it. Calls to businesses are no longer automatically exempt if the call is primarily for personal benefit or if the business is a sole proprietorship. Outbound teams selling to small business owners need to verify actual entity status before assuming the exemption applies.
Inbound calls triggered by outbound advertising. The amendments clarified that if a consumer calls in response to an outbound ad (a TV spot, a mailer, a digital ad), certain TSR provisions attach to that inbound call. This catches a lot of teams that assumed inbound calls were safe ground.
The effective dates for different provisions were staggered. Teams that haven't read the actual Federal Register notice [3] are guessing.
What is the FTC's current proceeding on AI calls and what could change?
In late 2023 and into 2024, the FTC opened a supplemental rulemaking specifically addressing AI-generated voice technology in telemarketing [4]. This is separate from the 2024 amendments. It's an active proceeding, so final rules aren't published yet, but the direction is clear.
The FTC's core worry is that AI voice cloning makes it trivially cheap to impersonate a real person or a trusted brand on a phone call. The agency has already used its Section 5 unfair or deceptive acts authority to bring actions against AI voice fraud. The rulemaking would write specific TSR prohibitions into the rule instead of relying on case-by-case enforcement.
What's likely to land in any final AI rule, based on the notice and public comments: a requirement to affirmatively disclose that a call uses an AI-generated voice, a prohibition on AI voice impersonating government agencies or financial institutions, and possibly a consent requirement specific to AI calls that goes beyond what generic telemarketing consent demands.
For teams using AI cold calling tools, including AI voice agents for appointment setting or lead qualification, the message is plain. Document your disclosure language now, before rules are final, because the FTC has made clear it will pursue deception claims under existing authority even without an AI-specific rule on the books.
The FTC also issued guidance in February 2024 stating that using AI to generate fake voices to impersonate individuals is an unfair or deceptive practice under Section 5 of the FTC Act, full stop [4]. That's not a proposed rule. That's current enforcement posture.
How do TSR penalties compare to TCPA penalties, and which is the bigger risk?
This is one of the most common questions outbound teams ask, and the honest answer is: it depends on your volume and your failure mode.
The TCPA (47 U.S.C. § 227) gives consumers a private right of action, meaning any consumer can sue you directly for $500 per negligent violation or $1,500 per willful violation [5]. No agency involved. Class actions under the TCPA are common and can be existential for small teams. If you sent 50,000 texts without proper consent, a class plaintiff's attorney can run that math in about 30 seconds.
The TSR is enforced only by the FTC and state attorneys general. No private right of action under the TSR itself. Civil penalties reach $51,744 per violation [2]. The FTC can also seek equitable relief, including disgorgement of profits and injunctions that shut your calling program down entirely.
In practice, TCPA class actions are the more immediate financial threat for most small outbound teams. They're faster, they're cheaper for plaintiffs to bring, and the plaintiffs' bar is extremely active. TSR enforcement tends to surface in larger cases where the FTC has built a record of systematic violations.
That said, the TSR and TCPA frequently overlap on the same conduct. A single robocall campaign without consent can trigger TCPA liability (private lawsuit), TSR liability (FTC enforcement), and state law liability all at once. These aren't mutually exclusive.
| Statute | Max per-violation penalty | Who enforces | Private lawsuit? |
|---|---|---|---|
| TSR (16 C.F.R. 310) | $51,744 (2024) | FTC, state AGs | No |
| TCPA (47 U.S.C. 227) | $1,500 (willful) | FCC, state AGs | Yes (class actions) |
| State mini-TCPA laws | Varies ($500-$25,000) | State AGs | Some states yes |
What does the TSR require for consent and disclosures on outbound calls?
The TSR's disclosure requirements are specific and non-negotiable. Within the first 30 seconds of an outbound telemarketing call, your agent has to clearly state the seller's name, that the purpose of the call is to sell something, and the nature of the goods or services [1]. Burying the pitch or leading with small talk to run out the first 30 seconds without a disclosure is a violation.
For robocalls specifically, the rule requires express written consent from the consumer before you deliver a prerecorded message. The FTC's standard for express written consent matches what the FCC requires under the TCPA: the consumer must have signed or electronically agreed to receive calls, the agreement must clearly describe what they're consenting to, and the consent can't be bundled as a condition of purchase [1].
This is where most teams get into trouble. Consent from a lead-gen form that says something vague like "by submitting this form you agree to be contacted" is probably not enough for either the TSR or the TCPA. The consent has to name the seller or the category of sellers. If you bought a lead list where the consumer ticked a box authorizing contact from "marketing partners," you don't have TSR-compliant consent for a robocall.
Understanding the full scope of cold calling rules under both the TSR and TCPA, including what counts as valid consent, comes first, before you run any outbound campaign.
How does the TSR interact with the National Do Not Call Registry?
The TSR created the National Do Not Call Registry in 2003, and the duty to honor it is a TSR requirement more than a TCPA one [1]. This surprises people who think of the DNC registry purely as an FCC/TCPA issue. The FTC runs the registry. You break the TSR if you call a number on the registry without an applicable exemption, whether or not you also broke the TCPA.
The main exemptions are three. The consumer gave you express written permission to call them despite being on the DNC list. You have an established business relationship with the consumer (a transaction or inquiry within the past 18 months, or the consumer's own inquiry within the past 3 months). Or the call isn't covered by the TSR at all (certain political, charitable, and survey calls don't trigger TSR requirements, though they may still face state-level restrictions).
The established business relationship exemption is narrower than most teams assume. It applies to the specific seller the consumer transacted with, not to affiliates or lead buyers. If a consumer bought something from Company A, Company B can't lean on that relationship to call the consumer.
Scrubbing your call lists against the DNC registry is legally required, and the FTC has made the access mechanism straightforward through telemarketing.donotcall.gov. The registry fee as of 2024 is $79 per area code per year, capped at $19,682 for access to all area codes [6].
What calling hours and frequency limits does the TSR set?
The TSR bans telemarketing calls before 8 a.m. or after 9 p.m. local time at the consumer's location [1]. Not the caller's time zone. The consumer's. If you run a call center in Phoenix and dial consumers in New York, New York's clock applies.
The TSR doesn't set a hard call frequency cap the way some state laws do. California's regulations, for example, impose stricter limits under the state's equivalent rules. But the TSR's ban on abusive telemarketing practices, which includes causing a phone to ring or engaging any person in conversation repeatedly or continuously with intent to annoy or harass, effectively creates a frequency limit through enforcement discretion [1].
Some state laws are more specific. Florida limits calls to three times per day to a given number. Maryland has similar restrictions. If you operate nationally, you play to the strictest applicable standard, not the federal floor.
For teams building cold calling scripts and call cadences, the hour restriction generates the most accidental violations, usually from automated dialers that don't account for multi-timezone lists.
Has the FTC brought recent enforcement actions under the TSR that outbound teams should know about?
Yes, and the pattern of recent cases tells you exactly where the FTC is aiming.
In 2023 and 2024, the FTC brought multiple actions against companies using ringless voicemail and prerecorded message drops without consent. The agency's position is that a ringless voicemail delivered to a consumer's voicemail box is a call under the TSR and requires the same consent as any other robocall. Courts have generally agreed with this reading, though litigation is ongoing in some circuits.
The FTC also went after several lead generation companies for facilitating TSR violations, holding them jointly liable with the downstream telemarketers who used their leads. That's a big shift. If you're buying leads, the FTC's posture says you can't just claim "we bought these from a reputable vendor." You need to know how consent was obtained.
The FTC v. Benefytt Technologies case, settled in 2023, resulted in a $100 million judgment against a health plan telemarketer for TSR violations including misrepresentations and ignoring do-not-call requests [7]. That case confirmed corporate officers can be held personally liable for TSR violations if they knew about the practices and had the authority to stop them.
Personal liability for owners and managers is real. The FTC has collected judgments from individual officers who argued they were just employees. If you're the compliance owner at a small team reading this, that's you.
What records do you actually need to keep to comply with the amended TSR?
The 2024 amendments pushed the recordkeeping requirement to five years for most categories [3]. Here's what you're legally required to keep.
Advertising and promotional materials: every script, email, landing page, or other material used to solicit calls or generate leads. Call records: the date, time, number called, and identity of the telemarketer. Consent records: proof a consumer gave express written consent for robocalls or DNC-override permission, including the specific consent language they agreed to, the timestamp, and the source. Transaction records: every purchase, the amount, the payment method, and the goods or services sold. Employee records: the names, addresses, and phone numbers of all employees involved in telemarketing.
For most teams, consent documentation is the hardest to get right. A spreadsheet with a name and a check-in date isn't consent documentation. You need the actual language the consumer agreed to, evidence they saw it (a form submission timestamp, a session ID, a recording of the verbal agreement), and a way to reproduce that proof on demand if the FTC or a plaintiff's attorney asks.
LeadCompliant's free consent checker walks you through what fields your consent records actually need, which is a useful starting point before you build or audit your CRM setup.
One more thing on records: the five-year rule means data you thought you could delete after two years is now legally yours to keep. That has privacy implications under CCPA and CPRA if you call California consumers. Talk to your privacy counsel before assuming retention and privacy obligations can coexist without a policy.
What are the current FTC rules on abandoned calls and call abandonment rates?
The TSR limits call abandonment to 3% of all calls answered by a live person per day per campaign [1]. An abandoned call is one where the telemarketer fails to connect the consumer to a sales agent within 2 seconds of the consumer saying hello.
When you abandon a call, you have to play a recorded message that states the name and telephone number of the seller and tells the consumer they won't be charged. You can't just hang up. And you can't use the abandoned call as a qualifier to drop them onto another list.
The 3% cap sounds lenient, but it catches teams running aggressive power-dialing ratios. If your dialer is set to a 3:1 or 4:1 dial ratio because you want agents always on a call, your abandonment rate will routinely blow past 3% on busy days. Predictive dialers need configuring, monitoring, and logging against this threshold every day, more than at setup.
If you're new to what is cold calling in sales from a compliance angle, the abandonment rule is one of the first things you need to configure in any auto-dialer setup.
What should outbound teams do right now to stay ahead of the TSR changes?
A few concrete steps, in order of urgency.
First, audit your caller ID practices. If your dialer sends a number that isn't yours or isn't STIR/SHAKEN authenticated, fix that before anything else. This is where TSR and FCC enforcement overlap and where penalties stack fastest.
Second, pull your consent documentation and ask the hard question. Can you prove, for every number on your active call list, that the specific consumer agreed to receive calls from you specifically, with language that meets the TSR standard? If the answer is no for a real chunk of your list, stop calling those records until you clean the consent chain.
Third, update your recordkeeping to the five-year standard. This is mechanical but it matters. Update your CRM retention settings, archive policies, and backup schedules.
Fourth, if you use AI voice technology for any outbound calls or texts, add a disclosure. The FTC's current posture treats undisclosed AI voice as deceptive. A simple "this message was created using AI" disclosure isn't mandated yet by a final rule, but it's the clearest way to head off a deception theory.
Fifth, subscribe directly to FTC rulemaking updates at ftc.gov so you hear about final rules when they publish, not six months later through trade press. The AI voice rulemaking could finalize within the next 12 to 18 months based on typical FTC timelines, and the effective dates will matter.
LeadCompliant's one-time compliance kit includes a TSR audit checklist mapped to the 2024 amendments, which can save you a few hours of cross-referencing the Federal Register.
For teams thinking about cold call scripts and disclosure language, make sure every script includes the seller name and sale purpose disclosure within the first 30 seconds. That's not a script preference. It's a legal requirement.
How does the TSR apply to text messages and SMS outreach?
The TSR's text message coverage is more limited than its phone call coverage, and that creates real confusion. The TSR was written around voice calls and doesn't regulate SMS the way the TCPA does. The TCPA and the FCC's implementing rules under 47 U.S.C. § 227 are the primary federal framework for text messages [5].
Even so, the FTC has taken the position that certain TSR provisions, including the ban on deceptive solicitations, reach text messages that are part of a telemarketing campaign. If an SMS is used to generate a callback for a telemarketing sale, the TSR's disclosure requirements attach to the call that follows. And if the SMS itself carries a sales solicitation, the FTC can pursue it as an unfair or deceptive practice under Section 5 of the FTC Act even outside the TSR's explicit text.
The practical answer for outbound teams: treat SMS outbound marketing as subject to TCPA requirements (express written consent, opt-out honoring, time restrictions) and treat any call generated by that SMS as subject to full TSR requirements. Don't try to route around the rules by using texts to pull inbound calls from consumers who don't know they're being solicited.
The FTC's 2024 amendments didn't meaningfully expand explicit TSR coverage to text messages. The AI voice proceeding does include some discussion of AI-generated text, but final rules aren't out yet.
Frequently asked questions
What is the FTC Telemarketing Sales Rule?
The FTC Telemarketing Sales Rule (TSR), at 16 C.F.R. Part 310, governs outbound telephone sales. It requires specific disclosures within the first 30 seconds of a call, prohibits calls to numbers on the National Do Not Call Registry, limits robocalls to consumers who've given express written consent, restricts calling hours to 8 a.m. to 9 p.m. local time, and sets civil penalties of up to $51,744 per violation for violations the FTC pursues.
What are the most recent FTC telemarketing rule updates?
The FTC finalized significant TSR amendments in 2024 that ban unauthenticated robocalls, extend recordkeeping requirements from 24 months to five years, narrow the B2B exemption, and clarify that inbound calls triggered by outbound advertising can trigger TSR obligations. Separately, the FTC opened an active rulemaking proceeding in 2023-2024 focused on AI-generated voice calls, which has not yet produced a final rule.
How much is the FTC TSR penalty per violation?
As of 2024, the FTC can seek civil penalties of up to $51,744 per TSR violation. The FTC adjusts this cap annually for inflation under the Federal Civil Penalties Inflation Adjustment Act. Each individual call, each individual misrepresentation, and each individual recordkeeping failure can count as a separate violation, so penalties in enforcement actions accumulate quickly.
Do the FTC telemarketing rules apply to B2B calls?
The 2024 TSR amendments narrowed the B2B exemption. Calls to incorporated businesses with employees who handle purchasing decisions remain largely exempt. But calls to sole proprietors or business owners where the product primarily benefits them personally now get less protection. Teams selling to small business owners should verify actual entity structure before assuming the B2B exemption applies and should not rely on job title alone.
What is the difference between the TSR and the TCPA?
The TSR is an FTC rule enforced only by the FTC and state AGs, with penalties up to $51,744 per violation and no private right of action. The TCPA is a federal statute (47 U.S.C. 227) enforced by the FCC, state AGs, and individual consumers through private lawsuits, including class actions. Both often apply to the same conduct. TCPA class actions are typically the bigger immediate financial risk for small teams because any consumer can sue directly.
Does the FTC TSR cover text messages and SMS?
Not directly in the same way it covers voice calls. The TCPA and FCC rules are the primary framework for SMS. However, the FTC can apply Section 5 of the FTC Act to deceptive or unfair SMS solicitations, and TSR requirements attach to any voice call that results from a text solicitation. Treat outbound SMS under TCPA standards and treat generated calls under full TSR standards.
What does the FTC require for robocall consent under the TSR?
The TSR requires express written consent before delivering a prerecorded message to a consumer. The consent must clearly identify who the consumer is agreeing to receive calls from, describe the nature of the calls, and cannot be bundled as a mandatory condition of purchase. Vague lead-gen form language like 'agree to be contacted by partners' is unlikely to meet this standard for a prerecorded telemarketing call.
How does the FTC's new AI voice rule affect outbound calling?
No final AI-specific TSR rule exists yet as of mid-2025, but the FTC's February 2024 guidance states that using AI-generated voice to impersonate individuals is an unfair or deceptive practice under Section 5 of the FTC Act. An active rulemaking proceeding is considering mandatory AI disclosure requirements and prohibitions on AI impersonation of government agencies. Teams using AI voice agents should add explicit AI disclosures now, before any final rule.
What is the TSR call abandonment rate limit?
The TSR limits abandoned calls to 3% of all calls answered by a live person per day per campaign. An abandoned call is one where the consumer answers but isn't connected to an agent within 2 seconds. When abandoning a call, the telemarketer must play a recorded message with the seller's name and phone number. Teams running aggressive predictive dialing ratios routinely breach this threshold without monitoring it daily.
What records do I need to keep to comply with the TSR?
The 2024 TSR amendments require five-year retention of advertising materials, call records (date, time, number, agent), consent documentation including the exact language agreed to and a timestamped source, transaction records, and employee telemarketing records. The hardest category in practice is consent documentation: you need proof of the specific language, the timestamp, and the consumer's affirmative agreement, reproducible on demand if the FTC or a plaintiff requests it.
Can corporate officers be held personally liable for TSR violations?
Yes. The FTC has pursued personal liability against company officers in TSR cases where the officer knew about violating practices and had the authority to stop them. The FTC v. Benefytt Technologies settlement in 2023 included personal liability findings against individual executives. Compliance owners and founders at small outbound teams are not insulated from personal liability by operating through a corporate entity.
What calling hours does the TSR allow?
The TSR prohibits telemarketing calls before 8 a.m. or after 9 p.m. local time at the consumer's location, not the caller's location. A call center in a Pacific time zone calling consumers in the Eastern time zone must use Eastern time to determine compliance. Many states have stricter windows. If you call nationally, configure your dialer to the consumer's time zone for every number, not a single nationwide cutoff.
How often does the FTC update the Telemarketing Sales Rule?
The TSR has been amended several times since its 1995 enactment, with major updates in 2003 (DNC registry), 2010 (payment method restrictions), 2012 (robocall consent), and 2024 (unauthenticated robocalls, recordkeeping, B2B scope). The FTC typically signals future changes through advance notices of proposed rulemaking, which appear in the Federal Register and on ftc.gov well before final rules. Monitoring ftc.gov's rulemaking page is the most reliable early warning.
Does the TSR apply to nonprofit fundraising calls?
Generally no. Calls made by or on behalf of tax-exempt nonprofit organizations to solicit charitable contributions are exempt from most TSR provisions, including the DNC registry requirement for the nonprofit's own donors. However, if a for-profit telemarketing firm makes calls on a nonprofit's behalf using its own employees and keeps a percentage of proceeds, the for-profit firm may still have TSR obligations. The exemption is for the nonprofit, not its vendors.
Sources
- FTC, Telemarketing Sales Rule 16 C.F.R. Part 310: TSR requires seller name and purpose disclosure within first 30 seconds, prohibits calls before 8 a.m. or after 9 p.m. local consumer time, limits abandoned calls to 3% per day per campaign, and requires express written consent for prerecorded calls
- FTC, Civil Penalty Adjustments 2024: FTC civil penalty cap adjusted to $51,744 per violation as of 2024 under the Federal Civil Penalties Inflation Adjustment Act
- Federal Register, FTC TSR Amendments Final Rule 2024: 2024 TSR amendments ban unauthenticated robocalls, extend recordkeeping from 24 months to five years, and narrow B2B exemptions
- FTC, Voice Cloning and Impersonation Guidance 2024: FTC February 2024 guidance states using AI-generated voice to impersonate individuals is an unfair or deceptive practice under Section 5 of the FTC Act; active rulemaking proceeding open on AI voice telemarketing
- U.S. Code, 47 U.S.C. 227 (TCPA): TCPA provides private right of action for $500 per negligent violation and $1,500 per willful violation; applies to text messages and voice calls
- FTC, National Do Not Call Registry fees: DNC registry access fee is $79 per area code per year as of 2024, capped at $19,682 for all area codes
- FTC, FTC v. Benefytt Technologies enforcement action 2023: FTC v. Benefytt Technologies resulted in a $100 million judgment against health plan telemarketer for TSR violations including misrepresentations; individual officers held personally liable
- FTC, Telemarketing and Consumer Fraud and Abuse Prevention Act: TSR was authorized by Congress through the Telemarketing and Consumer Fraud and Abuse Prevention Act, enacted 1994, giving FTC authority to regulate outbound telemarketing
- FTC, Complying with the Telemarketing Sales Rule guidance: FTC guidance document on TSR compliance covering disclosure requirements, DNC registry obligations, consent standards, and recordkeeping