Last updated 2026-07-10

TL;DR
U.S. telemarketing is governed by two federal laws (the TCPA and the FTC's Telemarketing Sales Rule), the National Do Not Call Registry, and a growing stack of state laws. Violations can cost up to $51,744 per call or text under the TSR, and $500 to $1,500 per call under the TCPA. Consent rules, calling hours, and AI-voice requirements tightened sharply between 2023 and 2025.
What are the main telemarketing laws in the USA?
Two federal laws do most of the heavy lifting.
The first is the Telephone Consumer Protection Act (TCPA), codified at 47 U.S.C. § 227. Congress passed it in 1991 to stop the flood of unsolicited calls to residential lines. The FCC enforces it and issues implementing rules. It covers calls and texts to cell phones, calls to residential landlines, and any use of an automatic telephone dialing system (ATDS) or a prerecorded voice. [1]
The second is the FTC's Telemarketing Sales Rule (TSR), 16 C.F.R. Part 310. The FTC issued the original TSR in 1995 under the Telemarketing and Consumer Fraud and Abuse Prevention Act. The TSR covers outbound telemarketing calls that offer, sell, or promote goods or services. It sets calling hours, bans certain deceptive practices, requires specific disclosures, and mandates registry scrubbing. [2]
Those two laws overlap in many places. A single call can violate both at once, triggering enforcement from the FCC, the FTC, state attorneys general, and private plaintiffs at the same time.
Beyond federal law, most states have their own telemarketing statutes and mini-DNC lists. Florida's FTSA, for example, is often stricter than the TCPA on autodialing. Texas, Oklahoma, and Indiana maintain state DNC registries you have to scrub separately from the federal list. [3]
If you want the foundational overview of what a cold call actually is and where the line between legal and illegal sits, that's worth reading before you go further into the rules.
What hours can telemarketers legally call?
Both federal laws set the same window: 8 a.m. to 9 p.m. in the called party's local time zone. Miss it by one time zone and you're already breaking the rule. [2]
The TSR language at 16 C.F.R. § 310.4(c) prohibits calls "before 8 a.m. or after 9 p.m. local time at the called party's location." The TCPA implementing rules at 47 C.F.R. § 64.1200(c)(1) echo the same restriction for residential lines.
For texting, the FCC has treated SMS as functionally equivalent to calls for TCPA purposes, so the same 8-to-9 window applies. Some compliance officers cut off outbound texts at 8 p.m. to build in margin. That's not legally required, but it's a reasonable buffer.
State laws can tighten this. Louisiana restricts solicitation calls to 9 a.m. to 8 p.m. Several states ban calls on Sundays or federal holidays. Before you set your dialer schedule, run a state-by-state check for every state where your leads live, more than where your office sits.
The FTC Telemarketing Sales Rule 8 a.m. to 9 p.m. local time rule breaks down exactly how to map time zones for distributed contact lists, which is trickier than it sounds when one campaign has leads from a dozen states.
What is the National Do Not Call Registry and who has to follow it?
The National Do Not Call Registry (NDNCR) is run by the FTC. Consumers register their residential and wireless numbers to stop most unsolicited sales calls. More than 248 million phone numbers sit on the registry as of recent FTC reporting. [4]
Any telemarketer covered by the TSR has to scrub its call lists against the registry before dialing. The rule is blunt: you cannot call a number that has been on the registry for more than 31 days, and you have to access and scrub against it at least every 31 days for numbers in your calling area. [2]
The TCPA adds an independent DNC obligation. Under 47 C.F.R. § 64.1200(d), every company that makes telephone solicitations has to keep its own internal DNC list, honor opt-out requests within 30 days, and retain those records for five years. [11] Two separate obligations, then: the national registry and your company's internal list.
Exemptions exist, but they're narrower than most callers assume. You can call a registered number if you have an established business relationship (EBR) with that person, but the EBR expires 18 months after the last purchase or transaction and 3 months after a consumer inquiry. You can also call with prior express written consent. That's it for the main ones. Charities, political calls, and survey calls get separate treatment under the TSR.
For the full breakdown of how to scrub lists and manage state registries alongside the federal one, the DNC lists guide is the right next read.
What consent do you need before calling or texting someone?
The consent standard depends entirely on the kind of call you're making, and this is where small teams get burned.
For non-automated calls to landlines, you don't need prior consent under the TCPA as long as the number isn't on the DNC registry and you meet the TSR's other requirements. That's a real exception for traditional live-agent sales teams.
For calls or texts to cell phones using an ATDS or prerecorded voice, you need prior express consent at minimum, and prior express written consent if the call is for advertising or telemarketing. The FCC defined "prior express written consent" in its 2012 Report and Order as "an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller" to make such calls, and the agreement has to include the phone number to which calls may be delivered. [1]
In February 2024, the FCC issued a rule, effective January 27, 2025, that closed the "lead generator loophole." Under the old interpretation, a consumer could consent once and that consent could be shared across dozens of sellers. The 2024 order requires consent be obtained from "one seller at a time," so a single form cannot authorize an unlimited list of third-party callers. [5]
For AI-generated voices, the FCC ruled in February 2024 that they count as "artificial" voices under the TCPA, meaning prior express consent is required even for calls that use no traditional prerecorded file. [6]
The honest practical answer: if your team uses any autodialer, any ringless voicemail, any prerecorded message, or any AI voice, get written consent and keep the records. A consent log without the actual opt-in text and timestamp is nearly worthless in litigation.
For a detailed look at what written consent must contain, how to structure opt-in flows, and what counts as revocation, the consent and opt-in guide covers all of it.
What disclosures does the TSR require at the start of a call?
The TSR at 16 C.F.R. § 310.4(d) requires telemarketers to disclose four things promptly and clearly at the start of every sales call:
1. The identity of the seller. 2. That the purpose of the call is to sell goods or services. 3. The nature of the goods or services. 4. If the offer involves a prize promotion, that no purchase is necessary to win.
These disclosures have to come before any sales pitch. Burying the company name at the end of a two-minute opener is a TSR violation. Scripts that open with a vague "just a quick question" hook before identifying the seller are a common enforcement target.
The TCPA adds its own requirement for prerecorded messages. The message has to state the business identity at the start and, during or after the message, give a phone number (not a 900 number) the person can call to be added to the company's internal DNC list. [1]
For teams building outbound scripts that stay compliant, the cold calling scripts guide walks through compliant opener structures in detail.
What are the penalties for violating telemarketing laws?
High enough to kill a small company on a single campaign if you're running volume.
Under the TSR, the FTC can seek civil penalties of up to $51,744 per violation, and each illegal call is a separate violation. A campaign that dials 10,000 numbers on the DNC registry without scrubbing is theoretically a $517,440,000 exposure. FTC settlements land lower in practice, but they're still company-ending for small operators. [7]
Under the TCPA, the statute creates a private right of action: $500 per violation (each call or text), trebled to $1,500 if the court finds the violation was willful or knowing. [1] There's no cap per lawsuit, and TCPA class actions are one of the most active areas of consumer litigation in the country. WebRecon tracked thousands of TCPA suits filed in federal court in 2023 alone.
State penalties stack on top. Florida's FTSA allows $500 per call, the same trebling, and Florida courts have been aggressive. Illinois, Texas, and Washington have similar private rights of action under state law.
The FCC can also revoke authorization to use certain dialing technologies, and the FTC can seek injunctive relief that bars a company from telemarketing entirely.
One practical note. TCPA plaintiffs' lawyers work on contingency and actively recruit named plaintiffs. Your customer-facing number, your marketing campaigns, and even an employee's personal cell used for outbound can all be the start of a claim. Ignorance of the rules is not a defense, and courts have repeatedly held that strict liability applies to most TCPA claims.
For a deeper look at how lawsuits play out and what settlements look like, the penalties and lawsuits guide has real case outcomes.
What penalties per violation look like across the major rules
The table below maps the main liability exposure for common violations. These figures are the real statutory and regulatory maxima. Actual FTC settlement amounts vary and run lower for first-time violators who cooperate.
| Violation | Law | Max per violation | Who can sue |
|---|---|---|---|
| Calling DNC-registered number | TSR / TCPA | $51,744 (TSR FTC) / $500-$1,500 (TCPA private) | FTC + private plaintiffs |
| Using ATDS/prerecorded voice without consent | TCPA | $500-$1,500 | Private plaintiffs, FCC |
| Calling outside 8am-9pm | TSR / TCPA | $51,744 (TSR) / $500-$1,500 (TCPA) | FTC + private plaintiffs |
| AI voice without express consent | TCPA (2024 FCC ruling) | $500-$1,500 | Private plaintiffs, FCC |
| Failure to maintain internal DNC list | TCPA | $500-$1,500 per request ignored | Private plaintiffs |
| Missing required TSR disclosures | TSR | $51,744 | FTC |
| Abandoned call rate over 3% | TSR | $51,744 | FTC |
Sources: 47 U.S.C. § 227 [1], 16 C.F.R. Part 310 [2], FTC civil penalty adjustments [7]
Do the rules apply to B2B telemarketing?
Yes, with meaningful differences.
The TCPA's ban on ATDS and prerecorded calls applies to every call to a cell phone, whether the recipient is a consumer or a business person. A VP of sales still carries a personal cell. If your autodialer hits that number, the TCPA applies regardless of the business context. [1]
The TSR has a partial B2B exemption. Calls between a telemarketer and a business are generally excluded from the TSR's DNC requirements, but the exemption doesn't cover every TSR rule. Deceptive practices, the abandoned call rate limit, and required disclosures still apply in most B2B scenarios. [2]
The national DNC registry only covers residential and wireless numbers registered by consumers. Business landlines aren't on it. But if a prospect gives you a personal cell as their contact number, that number may be registered, and you still have to scrub it.
Most B2B teams take the same practical approach: scrub all numbers against the NDNCR and your internal DNC list, skip autodialers on cell phones without written consent, and use live-agent manual dialing for prospecting. That doesn't guarantee zero exposure, but it addresses the highest-risk scenarios.
For a full treatment of where the lines sit in B2B outbound, B2B cold calling rules covers the TCPA carve-outs, the TSR exemptions, and what "manual dialing" actually means after recent court decisions.
What rules apply to AI voice calls and robotexts?
This area moved fast in 2024 and the rules are now materially stricter.
In February 2024, the FCC issued a Declaratory Ruling that AI-generated voices are "artificial" voices under 47 U.S.C. § 227(b)(1)(A). Any call using an AI-generated voice to a cell phone now requires prior express consent, exactly like a prerecorded robocall. [6] The ruling was a direct response to AI voice cloning showing up in political calls.
For texts (SMS and MMS), the TCPA has long treated texts as "calls" under the statute, and the FCC has confirmed this in multiple orders. Sending marketing texts via an ATDS to cell phones without prior express written consent is a TCPA violation, period.
The January 2025 one-to-one consent rule hits AI voice and text campaigns hard. If you're sourcing leads from a third-party lead generator, you can't lean on a blanket consent form that listed dozens of potential callers. Each caller needs individual, named consent from the consumer. [5]
In practice, consent flows for AI-voice and SMS campaigns have to name your company, describe the message types, and capture a genuine affirmative opt-in. Pre-checked boxes, disclosures buried in terms of service, and "oral consent" for autodialed campaigns all create serious exposure.
For teams weighing AI calling tools, AI cold calling compliance breaks down which platforms handle consent management and which leave it entirely to you.
What is the abandoned call rule and how does it affect dialers?
The TSR's abandoned call rule is one volume dialers routinely underestimate.
Under 16 C.F.R. § 310.4(b)(1)(iv), a telemarketer cannot abandon more than 3% of all calls answered by a live person in any single 30-day campaign. An "abandoned" call is one where no sales representative is available to speak within two seconds of the person answering. Run a predictive dialer while your agents fall behind on connection rates, and you'll cross that threshold.
When a call is abandoned, the rule requires it either play a recorded message identifying the seller and giving a call-back number, or simply hang up. The recorded message option is common, but even that has requirements: it has to name the seller, include a phone number, and state that the call was for telemarketing.
The FTC usually enforces the abandoned call rule alongside other TSR violations. It's rarely a standalone case, but it adds penalty exposure to any enforcement action.
Aggressive predictive dialer ratios are the main culprit. Compliance-minded teams run conservatively (closer to 1.2:1 agent-to-line rather than 3:1) and watch abandonment rates in real time. If your dialer doesn't show live abandonment rates, that's a gap worth fixing.
How do state telemarketing laws differ from federal rules?
The federal floor is not always the ceiling. Several states are much stricter.
Florida passed the Florida Telephone Solicitation Act (FTSA) in 2021 and amended it in 2023. The 2021 version set off mass litigation because it applied to any "automated system" for dialing, which Florida courts read more broadly than the federal ATDS definition. The 2023 amendments narrowed it, but Florida is still one of the highest-litigation states for telemarketing claims. [3]
California has the California Consumer Privacy Act (CCPA) and the California Invasion of Privacy Act (CIPA), both of which can apply to outbound calling and texting in ways that overlap with, and sometimes exceed, the TCPA.
Texas keeps its own DNC list (the Texas No-Call List) through the Texas PUC. Indiana, Wyoming, and Oklahoma run state registries too. Scrubbing only the federal list is not enough when you call into those states.
Washington State passed a telemarketing law that mirrors the TSR in places but adds state-specific registration requirements for telemarketers soliciting Washington residents.
The pattern across states is consistent: stricter consent requirements, broader autodialer definitions, and state-maintained DNC lists. National outbound campaigns need a state-by-state compliance review, more than federal compliance. [3]
The state telemarketing laws hub maps the specific rules for the highest-risk states and tracks recent legislative changes.
What records do you have to keep for telemarketing compliance?
Record-keeping is where enforcement cases are won and lost. If you can't prove compliance, you're in the same spot as someone who wasn't compliant.
The TSR at 16 C.F.R. § 310.5 requires sellers and telemarketers to keep records for 24 months (two years) from the date the record is produced. Required records include advertising and promotional materials, records of prize recipients, sales records, employee records (names, roles, any complaints), and any verifiable authorizations for charges. [12]
The TCPA doesn't name an exact retention period in the statute, but the FCC's rules and litigation practice strongly point to keeping consent records for at least four to five years. TCPA class actions can be certified years after the calls were made, and consent records are your main defense.
What you need to keep: the original consent document or electronic record, the timestamp, the IP address (for web-based consent), the exact language of the consent disclosure, and evidence the number was on your consent list when you dialed it. You also need records of every internal DNC request and the date you honored it (30 days is the TCPA standard).
If you use third-party lead vendors, keep the contract provisions that require the vendor to provide and indemnify consent records. When a plaintiff's lawyer asks where a consumer consented and your answer is "our lead vendor said they did," that's a very uncomfortable place to sit without a paper trail.
Where can I find free tools to check TCPA and DNC compliance?
A few genuinely useful free resources exist, and they're worth knowing.
The FTC's NDNCR access portal at donotcall.gov lets consumers register numbers and lets businesses register to access the registry for scrubbing. Business access to scrub large lists takes a subscription paid to the FTC (currently $75 per area code per year, capped around $18,000 for all U.S. area codes), but the first five area codes are free. [10]
The FCC's consumer complaint database is public and searchable. Looking up your own company name or phone numbers there is a quick gut-check on whether complaints have been filed.
LeadCompliant offers a free TCPA compliance checker and a one-time compliance kit with consent language templates, DNC scrubbing checklists, and calling-hour rules by state. Tools like that don't replace legal counsel for complex campaigns, but they give small teams a structured start without paying a consultant for every campaign.
For live-agent teams doing traditional cold calling, the process is simpler than for autodialer campaigns, though it still requires DNC scrubbing, proper disclosures, and an internal opt-out system. The what is cold calling in sales guide explains the mechanics alongside the legal requirements.
What should a telemarketing compliance checklist include?
If you're building a compliance program from scratch, these are the non-negotiable items. Missing any one of them is enough to generate liability.
Before any campaign launches:
- Scrub all numbers against the NDNCR (no older than 31 days).
- Scrub against applicable state DNC lists for every state in your call list.
- Scrub against your internal DNC list.
- Confirm consent type for every number: verbal, written, or none needed (live agent, non-autodialed landline to non-DNC number).
- Set calling hours to the called party's time zone, not your office's.
- Confirm your scripts carry all required TSR disclosures at the start of the call.
For autodialed or prerecorded campaigns:
- Confirm prior express written consent for every number.
- Log consent records with timestamp, IP, and exact disclosure language.
- Confirm AI voice calls have explicit consent under the 2024 FCC ruling.
- Turn on abandoned call rate monitoring with an alert at 2.5% (buffer before the 3% TSR limit).
Ongoing:
- Process internal DNC requests within 30 days (TCPA) or sooner.
- Retain all consent and DNC records for at least four years.
- Re-scrub active lists against the NDNCR every 31 days.
- Train every agent on disclosure requirements and DNC request handling.
- Review state law changes quarterly (Florida, California, and Texas move often).
For a pre-built version with state-specific rows and consent language templates, the LeadCompliant compliance kit has a downloadable version that covers all of these categories.
For the TCPA quiet hours specifics, including what to do when a contact's time zone is unknown, that guide covers the conservative approach most compliance counsel recommend.
Frequently asked questions
Can I call cell phones for sales without consent?
Not with an autodialer or prerecorded message. Live agent calls to cell phones that aren't on the DNC registry don't require prior consent under the TCPA, but the moment you use an ATDS, a robocall, or an AI voice, you need prior express written consent for any marketing call. Many compliance lawyers now advise getting written consent for all cell phone outreach regardless of dialing method, because the ATDS definition remains litigated.
How do I legally cold call someone on the National DNC Registry?
You need either prior express written consent or a qualifying established business relationship (EBR). The EBR window is 18 months from a purchase or 3 months from an inquiry. Outside those windows, you cannot call a registered number for sales purposes under the TSR. Some exemptions exist for charities, political organizations, and surveys, but those are narrow and don't apply to most sales calls.
What counts as an automatic telephone dialing system (ATDS) under the TCPA?
This has been litigated heavily. The Supreme Court in Facebook v. Duguid (2021) narrowed the ATDS definition to systems that use a random or sequential number generator to store or produce numbers to be called. That ruling eliminated some predictive dialer claims, but many state laws use broader definitions. If your system dials from a list automatically, consult counsel before assuming Duguid protects you.
Are text messages covered by the TCPA?
Yes. The FCC and federal courts have consistently held that SMS and MMS messages are "calls" under 47 U.S.C. § 227. Sending marketing texts via an automated system to a cell phone without prior express written consent is a TCPA violation. The same $500 to $1,500 per-message penalty applies. The 8 a.m. to 9 p.m. local time restriction covers marketing texts too.
What is the difference between the TCPA and the Telemarketing Sales Rule?
The TCPA (FCC-enforced, 47 U.S.C. § 227) focuses on the technology used: autodialers, prerecorded voices, and fax machines. It creates a private right of action. The TSR (FTC-enforced, 16 C.F.R. Part 310) focuses on the sales transaction: disclosures, deceptive practices, calling hours, and DNC compliance. Both can apply to the same call. The TCPA allows individual and class action lawsuits; the TSR is primarily enforced by the FTC.
How often do I have to re-scrub my call list against the DNC registry?
The TSR requires you to scrub against the NDNCR no more than 31 days before each call. A list you scrubbed 32 days ago is already non-compliant for new calls. Most compliance programs run scrubbing on a rolling 28-day cycle to keep a buffer. You also have to scrub your internal DNC list before every campaign, and that list has no time limit. It's permanent until a consumer revokes their opt-out.
Does the TSR apply to B2B calls?
Partially. The TSR excludes calls between a telemarketer and a business from the DNC requirements, but the exemption is not blanket. Deceptive practices, the 3% abandoned call rate cap, and some disclosure requirements still apply in many B2B scenarios. The TCPA's ATDS restrictions apply to cell phones regardless of whether the call is B2B or B2C. Dial a businessperson's cell phone with an autodialer and you need consent.
What are ringless voicemails and are they legal?
Ringless voicemails (RVMs) are audio messages dropped straight into a voicemail box without ringing the phone. The FCC ruled in 2023 that RVMs are covered under the TCPA as "calls," so autodialed or prerecorded RVMs to cell phones need prior express written consent for marketing. Some RVM providers still pitch them as a gray area, but that position got much harder to defend after the 2023 ruling.
How long do I have to honor a Do Not Call request?
Under the TCPA's implementing rules at 47 C.F.R. § 64.1200(d)(3), you have to honor a consumer's request to be added to your internal DNC list within 30 days. After that window, calling the number is a violation. The TSR imposes a similar requirement. In practice, most compliant systems process DNC requests within 24 to 48 hours to eliminate any gap risk.
What is the one-to-one consent rule the FCC adopted in 2024?
The FCC's December 2023 Report and Order (effective January 27, 2025) requires that prior express written consent for autodialed marketing calls and texts be given to one specific seller at a time. A single opt-in that granted consent to an entire list of companies is no longer valid. Each seller has to obtain its own named consent from the consumer. This closed the lead generator loophole and reshapes anyone buying leads with bundled consent.
Can I use a prerecorded message if I get consent?
Yes, with written consent. If you hold valid prior express written consent that specifically authorizes prerecorded calls from your company to that number, you can use a prerecorded message for marketing calls to cell phones. For residential landlines, FCC rules also require prior express written consent for prerecorded telemarketing calls. The message itself has to include the caller's identity and a number the recipient can call to opt out.
What records do I need to keep to defend a TCPA lawsuit?
At minimum: the original consent record with timestamp and IP address, the exact consent disclosure language the consumer agreed to, evidence the number was on your consent list at the time of the call, your DNC scrub records showing the list was scrubbed within 31 days, and records of any opt-out requests and when you honored them. Keep these for at least four to five years. Courts see cases filed years after campaigns ended.
Are there telemarketing rules specific to financial services or healthcare?
Yes. Healthcare outreach to patients carries added restrictions under HIPAA when protected health information is involved. Financial services calls can implicate CFPB guidance and state consumer protection laws on top of the TCPA and TSR. Debt collection calls fall under the FDCPA separately from general telemarketing rules. If you're in either sector, TCPA and TSR compliance is the floor, not the ceiling.
How does the TSR's 3 percent abandoned call rate work in practice?
The TSR measures abandoned call rate as a percentage of all calls answered by a live person in a 30-day campaign. If 100 people answer and 4 are abandoned because no agent was free within two seconds, your rate is 4%, which is a violation. Most predictive dialers track this in real time. Set an alert at 2.5% to give yourself a buffer. Campaigns that run hot ratios to maximize agent talk time routinely cross this line.
Sources
- U.S. Congress, Telephone Consumer Protection Act, 47 U.S.C. § 227: The TCPA prohibits autodialed and prerecorded calls to cell phones without prior express consent and provides for $500 to $1,500 per violation in private suits.
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: The TSR sets calling hours (8 a.m. to 9 p.m. local time), the 3% abandoned call limit, required disclosures, and DNC scrubbing obligations; civil penalties up to $51,744 per violation.
- National Conference of State Legislatures, State Telemarketing Laws: Multiple states including Florida, Texas, and Indiana have telemarketing statutes and DNC registries stricter than federal minimums.
- FTC, National Do Not Call Registry, donotcall.gov: More than 248 million phone numbers are registered on the National Do Not Call Registry; businesses must scrub lists against it at least every 31 days.
- FTC, Civil Penalty Adjustments for Inflation (2024): The maximum TSR civil penalty is $51,744 per violation as adjusted for inflation under the Federal Civil Penalties Inflation Adjustment Act.
- FTC, Complying with the Telemarketing Sales Rule: Businesses must access and scrub call lists against the NDNCR at least every 31 days; scrubbing access costs $75 per area code per year with the first five area codes free.
- FCC, Implementing Rules under TCPA, 47 C.F.R. § 64.1200: FCC rules require companies to maintain internal DNC lists, honor requests within 30 days, and keep those records for five years.
- FTC, Record Retention Requirements under TSR, 16 C.F.R. § 310.5: The TSR requires telemarketers to retain sales records, employee records, consent records, and advertising materials for 24 months from date of production.