Last updated 2026-07-09

TL;DR
Under 47 U.S.C. 227(b) and FCC rules, a prerecorded abandonment message must start within 2 seconds of the completed greeting, name the caller and give a callback number, offer an opt-out during the call, and go out only between 8 a.m. and 9 p.m. local time. Hit all five and the call is exempt. Miss one and every abandoned call becomes a $500 to $1,500 problem.
What is the TCPA abandoned-call safe harbor, and why does it exist?
An abandoned call happens when a predictive dialer connects to a live person but no agent is free to take it. The line sits there. The consumer hears dead air and hangs up. Congress and the FCC decided that experience is annoying enough to treat as its own harm under the Telephone Consumer Protection Act.
The statute at 47 U.S.C. 227(b) bans using an automatic telephone dialing system or a prerecorded voice to call numbers without prior express consent, with a few exceptions [1]. The FCC built the abandoned-call safe harbor on top of that statute in its implementing rules, now at 47 C.F.R. 64.1200(a)(7) [2]. The idea is simple. If you accidentally abandon a call, you can still avoid liability by immediately playing a specific recorded message. That message stands in for the missing agent and hands the consumer some control.
Without the safe harbor, every abandoned call is a potential violation. At $500 per call for negligent violations and $1,500 per call for willful ones, a predictive dialer running at modest volume racks up millions in exposure fast. Plaintiffs' attorneys know this. Abandoned-call theories show up in TCPA class actions constantly. For a sense of how big these cases get, look at the credit one tcpa settlement.
What are the five specific requirements for a valid abandonment message?
The FCC laid out the safe harbor conditions in its 2012 Declaratory Ruling and in the text of 47 C.F.R. 64.1200(a)(7) [2]. Five things the message must do. All five have to be present. Miss one and the protection is gone.
1. Play within 2 seconds of the completed greeting. The instant a live person finishes saying "hello" (or whatever they say), the prerecorded message has to start. Not a few seconds later. Not as soon as the system detects the answer. Within two seconds of the completed greeting. This is the requirement most dialers fail, because detection lag and audio buffering eat into that window before the message even loads.
2. Identify the caller by name and telephone number. The message must state the name of the company or person placing the call and a phone number the consumer can call back to be put on a do-not-call list. A general company name works. The number has to be reachable, and it has to take do-not-call requests [2].
3. Provide a mechanism to opt out during the call. The FCC requires the message to give the consumer an "automated, interactive voice- and/or key press-activated opt-out mechanism" they can use right then, while the message plays. A callback number alone does not cut it. There has to be a working way to press a key or say a word and get removed on the spot.
4. Honor opt-out requests immediately and keep the record for 10 years. When someone uses that opt-out, the system has to capture it and stop calling. The FCC says opt-out requests must be honored within a reasonable time, and the company's do-not-call list must hold the number for at least 10 years [2]. This ties straight into your internal do not call list work.
5. Call only between 8 a.m. and 9 p.m. local time. The standard TCPA calling-hours limit applies here too. "Local time" means the time zone of the number you're calling, not where your call center sits. A 9 p.m. cutoff in New York means you stop dialing East Coast numbers at 6 p.m. Pacific from a California office. The recipient's clock rules, always.
One thing the rules do not require: the message doesn't have to be short. It just has to carry those five elements. Most teams script messages that run 20 to 30 seconds, because fitting the name, number, and opt-out instructions takes that long.
What is the 3% abandoned-call rate cap?
The message alone isn't enough. The FCC also caps how often you can abandon calls in the first place. Under 47 C.F.R. 64.1200(a)(7), the abandonment rate for a calling campaign cannot exceed 3% of all calls answered by a live person, measured per 30-day period per campaign [2].
Three percent sounds generous until you run the math. Connect to 10,000 live people in a month and you can abandon at most 300 of them and keep the safe harbor. Hit 301 and every abandoned call after that in the same campaign, in the same 30-day window, is exposed. Perfect message or not.
The FCC ties the cap to a specific telemarketing campaign, not to your whole operation. Run two separate campaigns and each gets its own 3% bucket. The agency has never published a precise line for where one campaign ends and the next begins, which leaves real ambiguity for companies pushing several product lines through one dialer. The safest reading: separate scripts, separate audiences, separate offers count as separate campaigns.
Predictive dialers abandon calls on purpose. That's how they keep agents busy. Most compliance teams still aim well under the cap, targeting 1% to 2%, because the window is monthly and one slow day of agent pickups can spike the rate before anyone notices.
Does the safe harbor apply to all types of calls, or only certain ones?
The abandoned-call safe harbor at 47 C.F.R. 64.1200(a)(7) covers calls made with an automatic telephone dialing system (an ATDS) or a prerecorded voice, for telemarketing, to residential lines [2]. That scope matters in a few ways.
Numbers on the National Do Not Call Registry get no help from the safe harbor. The safe harbor solves the abandoned-call problem. It does nothing about the separate ban on calling DNC-listed numbers without consent [3]. Call someone on the registry and a flawless abandonment message won't save you from a DNC violation. Two separate compliance tracks.
Purely informational calls follow a different analysis than promotional ones. The FCC has always treated informational calls differently from telemarketing, though the line blurs fast once an "informational" message steers the consumer toward a product. When in doubt, treat it as telemarketing.
Calls to business lines are generally handled differently under the TCPA than calls to residential lines. Calls to mobile numbers carry their own consent requirements no matter what the phone is used for [1]. Dial cell phones and the ATDS consent rules stack on top of the abandoned-call rules.
For the full framework the statute covers, the tcpa overview lays it out.
What happens if you miss one element of the safe harbor message?
You lose the protection. All of it. There is no partial credit.
The FCC treats the safe harbor as a package deal, a position reinforced in its 2012 Declaratory Ruling (FCC 12-21) [4]. A message that names the company but lacks a working opt-out is non-compliant. A message that plays within 2 seconds but goes out at 9:15 p.m. is non-compliant. Same result either way.
Once the safe harbor drops, the call gets analyzed as a plain prerecorded-call violation. Liability is $500 per call for a standard violation and $1,500 per call if a court finds the violation willful or knowing. In a class action covering tens of thousands of calls, even the $500 floor produces settlements in the tens of millions.
The cash app tcpa class action settlement shows how fast that exposure adds up when calling practices fall short. Real cases. Real numbers.
One practical trap: proving you met the 2-second window. Most dialers log call events, but the granularity varies wildly. If you end up in litigation, you want records that show, to the millisecond, when the live answer was detected and when the audio started. Companies that can't produce those logs have a hard time asserting the safe harbor at all.
How do you measure the 2-second window in practice?
This is where the rule collides with real telephony, and it's the part most teams underestimate.
The FCC says the message must begin "within 2 seconds of the completed greeting of the person called" [2]. The word "completed" carries the weight. The clock doesn't start when the line connects. It doesn't start when the system hears a voice. It starts when the person finishes their greeting.
Answering machine detection (AMD) algorithms exist to tell live humans apart from voicemail. They listen for silence after the first sound to decide the greeting is done. That listening period can run 1 to 2 seconds on its own, depending on sensitivity. Add transmission latency, software buffering, and the time to find and start the audio file, and you can burn your whole 2-second window before the message plays a single word.
Here's what compliance teams actually do:
- Set AMD sensitivity aggressive (shortest listen window) so the algorithm fires earlier, even if some voicemails get a live-person message.
- Pre-buffer the audio file so playback starts the instant it's triggered.
- Get call event logs with millisecond timestamps from your vendor and audit average message start times on a schedule.
- Test on real carrier lines, not internal extensions, because PSTN latency differs from what you see in a QA environment.
Nobody has clean data on what share of predictive dialers actually hit the 2-second window on every call. The FCC has never published compliance rate figures. What enforcement makes clear is that the window is tighter than most teams assume the first time they read the rule.
What must the opt-out mechanism in the message actually do?
The FCC is specific. The opt-out has to be automated and interactive, meaning the consumer can use it while the message plays, not after, and it works without a live person [2]. A message that says "call us back at this number to be removed" fails.
Almost every compliant message uses a key press: "To be removed from our call list, press 2 now." The system catches the press, adds the number to the internal do-not-call list, and plays a confirmation. That whole sequence has to run without a human touching it.
The opt-out also has to be honored right away, meaning the number should not get called again once the request lands. Some systems sit on a suppression update for 24 to 72 hours. That gap is a compliance problem. If your CRM, dialer, and suppression list aren't synced in real time or close to it, a consumer who opted out can catch another call before the record moves through.
If you also run SMS campaigns, know that a do-not-call opt-out from a voice message doesn't automatically cover texts. The channels are legally distinct. Best practice is to honor a voice opt-out across every channel anyway, so nobody can later argue about what the consumer meant.
Is prior consent still required even if you use a safe harbor message?
Yes. The safe harbor doesn't replace consent. It only governs what happens when a consented call gets abandoned.
Call a mobile number with an ATDS for telemarketing and you need prior express written consent under 47 C.F.R. 64.1200(a)(2) [2]. That requirement stands whether or not you ever play an abandonment message. The safe harbor limits liability when an already-permitted call goes sideways because no agent was free.
So the chain runs: consent first, then call, then message if no agent picks up. Skip consent and play a flawless abandonment message and you're still exposed for the unconsented call itself.
Teams that pour all their attention into the abandonment message often assume it covers everything. It doesn't. Consent and abandonment handling are two separate problems. The cold calling overview covers the consent side of outbound in more depth.
For residential landlines, prerecorded telemarketing messages have needed prior express written consent since 2012 [4]. Oral or implied consent isn't enough for recorded messages, and the abandonment message is a recorded message, so it triggers the written-consent requirement for residential telemarketing on its own.
How do state laws interact with the federal abandoned-call safe harbor?
The TCPA sets a federal floor. States can go further, and several have.
California's consumer laws come up most in this space. California Business and Professions Code section 17538.41 addresses abandoned calls and carries requirements that in places go past the FCC's rules, including tighter limits on predictive dialers for certain purposes [5]. Florida's Telephone Solicitation Act (FTSA) has its own automated-call restrictions and was amended in 2023 to narrow some of its more aggressive provisions, but it still imposes separate consent and call-time rules [6].
Any company running real volume into California, Florida, or a state like Washington needs a separate state compliance analysis. The federal safe harbor won't shield you from a state-law claim when the state standard is stricter.
One practical note: a checklist built only around FCC rules will miss state-specific requirements entirely. A real abandoned-call review has to name the states you call into, then compare each one against the federal baseline. The cold call article digs into state-specific calling rules further.
What records do you need to prove the safe harbor defense?
The safe harbor is an affirmative defense, which means the burden of proof is on you. You can't just say you played a compliant message. You have to show it.
Here's what you actually need:
Call records with timestamps. Your dialer should log when the call was placed, when it connected, when a live answer was detected, when the audio file started, and how long the call ran. These logs have to be granular enough to prove the 2-second window. Logs that only show "call placed" and "duration" won't hold up.
The audio file itself. Keep a copy of the exact message played, with metadata showing it was the version in use for that call. Update the message over time and you need to match each version to its date range.
Opt-out records. Every key-press opt-out has to be captured, timestamped, and stored. If a plaintiff claims they opted out and got called again, you need to show either the opt-out never registered or the calling stopped after it did.
Campaign abandonment rate calculations. Keep monthly documentation of the rate per campaign, with total calls answered, total abandoned, and the resulting percentage. If you're sued or audited, you want that math already done and filed, not reconstructed from raw data years later.
LeadCompliant's compliance kit includes a call record audit template built around these documentation requirements, if you want a structured start.
On retention: the FTC's Telemarketing Sales Rule requires do-not-call records to be kept for five years, and matching that for call records is smart given the TCPA's four-year statute of limitations under 28 U.S.C. 1658 [7].
What do real enforcement actions and cases say about these requirements?
The FCC has brought enforcement actions aimed at abandoned calls and predictive dialer abuse, but most of the fight happens in private class actions rather than agency enforcement.
In 2012, the FCC's Declaratory Ruling (FCC 12-21) addressed the abandoned-call safe harbor head-on and confirmed that the 2-second window and 3% cap are hard limits, not suggestions [4]. The Commission stated that a compliant message must give the seller's name and telephone number and that the opt-out has to be available during the call. That's direct interpretation from the agency charged with enforcing the TCPA.
On the private side, dozens of district court decisions analyze abandoned-call claims. Few have gone deep on the safe harbor defense specifically, mostly because defendants either can't produce the records to support it or never knew to preserve them. What case law does show is that courts read "within 2 seconds" and "during the call" literally. A 3-second delay has been treated as a failure in at least one district court opinion, though circuit-level authority on the exact measurement method is thin.
The FTC's Telemarketing Sales Rule runs a parallel track. Under 16 C.F.R. Part 310, the FTC's abandoned-call rules also cap abandonment at 3% and require a prerecorded identification message [8]. The FTC enforces its version through the TSR, not the TCPA, but the substance overlaps enough that meeting one set usually means meeting the other. The FTC has issued civil investigative demands and brought cases against companies with persistent high abandonment rates, some ending in multi-million-dollar consent orders.
How should you set up your dialer to stay inside the safe harbor?
No single setup fits every dialer platform, but the compliance logic is identical across all of them.
Start with the abandonment rate. Set your predictive dialer to target 2% or lower. Most enterprise dialers let you set a target, and the algorithm adjusts how far ahead of available agents it dials. Setting the target at 2% leaves a 1-point cushion before the 3% cap. When agent availability drops without warning, that cushion is what saves you.
Build the message correctly and test it on real carrier lines. The audio should open with the company name, move to the callback number, and close with the opt-out instruction. The opt-out DTMF detection has to be live from the first second of the message, not only at the end. Run the full flow at least monthly.
Audit your timestamps. Pull a sample of 50 to 100 abandoned calls each month and confirm the message started within 2 seconds of the detected live answer. Most platforms can generate this report. If yours can't, that's a vendor conversation you need to have now.
Sync your opt-out list to the CRM and dialer suppression list in real time, or as close as your systems allow. Daily batch sync is not good enough. Someone who opts out at noon shouldn't be dialable at 5 p.m.
Document your campaign abandonment rate calculations every month and store them somewhere they'll survive at least four years, preferably five. A spreadsheet with date, campaign name, total answered, total abandoned, and percentage does the job. Simple and auditable beats complex and opaque.
For teams building this from scratch, the free tools at LeadCompliant include a DNC checker and a compliance kit with dialer setup checklists mapped to the FCC's five safe harbor requirements.
Frequently asked questions
What is an abandoned call under the TCPA?
An abandoned call is a call placed by an automatic telephone dialing system that connects to a live person but isn't transferred to a live agent within 2 seconds of that person's completed greeting. The FCC treats abandoned calls as their own compliance problem because consumers experience them as dead air or a hang-up, which is disruptive even when no recorded message plays.
How many abandoned calls am I allowed per month?
The FCC caps abandoned calls at 3% of all calls answered by a live person, measured per 30-day period per calling campaign, under 47 C.F.R. 64.1200(a)(7). Answer 5,000 live calls in a campaign in a month and you can abandon at most 150 of them and keep the safe harbor. Cross 3% and the protection drops for every additional abandoned call in that window.
Does the abandoned-call safe harbor work for calls to cell phones?
The safe harbor message rules apply to calls made with an ATDS or prerecorded voice to any number, mobile included. But calling a cell phone with an ATDS for telemarketing requires prior express written consent whether or not you use an abandonment message. The safe harbor governs what happens when a consented call gets abandoned. It never substitutes for consent.
Can I use the safe harbor if the person I called is on the Do Not Call Registry?
No. The abandoned-call safe harbor and the DNC Registry prohibition are separate rules. The safe harbor protects you when an otherwise-permissible call gets abandoned. If the number was on the National DNC Registry and you called without the required established business relationship or consent, you have a DNC violation the safe harbor message doesn't cure.
What should the abandoned-call message say, word for word?
The FCC doesn't mandate specific words, only specific elements. A compliant message states the calling company's name, gives a callback number the consumer can use to request no further calls, and offers an automated opt-out usable during the message. A typical script: "This is [Company Name] calling. To be removed from our call list, press 2 now. To speak with a representative, stay on the line. Our callback number is [number]."
How long do I have to keep opt-out records from abandoned-call messages?
The FCC's rules don't set a retention period for abandoned-call opt-out records specifically, but the FTC's Telemarketing Sales Rule requires do-not-call records to be kept for five years. Given the TCPA's four-year statute of limitations under 28 U.S.C. 1658, keeping all call records and opt-out logs for at least five years is the practical standard most compliance teams follow.
Does the 2-second window start when the phone is answered or when the greeting ends?
It starts when the greeting ends. The FCC rule says "within 2 seconds of the completed greeting of the person called." Someone answering with "Hello, this is John" has to finish that phrase before the clock starts. In practice, answering machine detection listens for a pause signaling the greeting is done, so the real window is often shorter than 2 seconds once detection and audio buffering are done.
What happens if my dialer's answering machine detection causes the message to play late?
AMD latency is not a defense the FCC has accepted. The 2-second window applies regardless of how hard detection is. If your AMD settings push the message to 2.5 or 3 seconds consistently, you're out of compliance. The fix is to tighten AMD sensitivity, pre-buffer your audio so playback is instant once detection fires, and audit call logs regularly to confirm timing.
Can a state require a shorter abandonment rate cap than the FCC's 3%?
Yes. The TCPA sets a federal minimum, and states can go stricter. California and Florida, among others, have telemarketing laws that interact with or exceed the federal requirements. If you call into a state with its own abandoned-call rules, you comply with whichever standard is tighter. Always run a state-specific analysis alongside the federal safe harbor requirements.
Does an abandoned-call opt-out also cover future text messages to that number?
Not automatically under federal law. The TCPA treats voice and SMS opt-outs as channel-specific. An opt-out captured through a voice message's key-press mechanism applies to future voice calls. Whether it covers texts depends on how your consent records and opt-out policies are built. Best practice is to treat any opt-out as cross-channel to cut litigation risk, even where the law doesn't strictly require it.
What is the penalty for an abandoned call that doesn't meet the safe harbor requirements?
Without the safe harbor, an abandoned call is treated as a standard TCPA violation for using a prerecorded message without proper consent. That's $500 per call for a standard violation and $1,500 per call for a willful or knowing one under 47 U.S.C. 227(b)(3). In a class action covering thousands of calls, those per-call figures produce settlement exposure in the millions.
Do I need a separate safe harbor message for different campaigns?
You need a message that accurately identifies the company placing each campaign's calls. If two campaigns run under the same legal entity with the same callback number, one message can technically cover both. But the 3% abandonment cap is measured per campaign, so you still track each campaign's rate separately even when the message content is identical.
Is there a safe harbor for abandoned calls made to numbers I have established business relationships with?
The established business relationship (EBR) exemption applies to the DNC Registry rules, not to the ATDS and prerecorded-call rules for mobile numbers. For cell phones, prior express written consent is required for telemarketing regardless of any EBR. The abandoned-call safe harbor is available for compliant calls, but the EBR alone doesn't make a cell phone call compliant under the ATDS consent rules.
How often should I audit my dialer for safe harbor compliance?
Monthly at minimum. Check the abandonment rate per campaign, pull a sample of timestamps to verify the 2-second window, confirm the opt-out mechanism works, and verify opt-out records sync to your suppression list. Quarterly, go deeper: test the audio file, confirm calling-hours compliance, and reconcile your campaign definitions. Document all of it with dates and findings.
Sources
- U.S. Code, 47 U.S.C. 227 (Telephone Consumer Protection Act): 47 U.S.C. 227(b)(1) prohibits using an ATDS or prerecorded voice to call numbers without prior express consent, with limited exceptions.
- FCC, 47 C.F.R. 64.1200 (FCC Rules and Regulations): 47 C.F.R. 64.1200(a)(7) establishes the five-part abandoned-call safe harbor, the 3% rate cap, and the 2-second message window requirement.
- FTC, National Do Not Call Registry: The National DNC Registry prohibition on calling registered numbers is separate from the abandoned-call safe harbor and is not cured by playing a compliant abandonment message.
- California Legislative Information, Business and Professions Code Section 17538.41: California B&P Code 17538.41 addresses abandoned calls and predictive dialer use with requirements that can exceed the FCC's federal safe harbor rules.
- Florida Legislature, Florida Telephone Solicitation Act (FTSA): Florida's FTSA imposes its own automated call consent and calling restrictions, amended in 2023, creating a separate state compliance track for calls into Florida.
- U.S. Code, 28 U.S.C. 1658 (General Federal Statute of Limitations): The general federal statute of limitations under 28 U.S.C. 1658 is four years, setting the practical floor for TCPA call record retention.
- FTC, 16 C.F.R. Part 310 (Telemarketing Sales Rule): The FTC's Telemarketing Sales Rule at 16 C.F.R. Part 310 imposes a parallel 3% abandoned-call cap and prerecorded identification message requirement enforced by the FTC alongside the FCC's TCPA rules.
- FTC, Complying with the Telemarketing Sales Rule (business guidance): The FTC requires do-not-call records to be maintained for five years under the Telemarketing Sales Rule.