What the telemarketing sales rule prohibits: a plain-language guide

The FTC's Telemarketing Sales Rule bans calls to DNC-registered numbers, robocalls without consent, and more. Penalties reach $51,744 per violation. Read the full guide.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Landline telephone on office desk with printed call logs, illustrating telemarketing compliance rules
Landline telephone on office desk with printed call logs, illustrating telemarketing compliance rules

TL;DR

The Telemarketing Sales Rule (TSR), enforced by the FTC, prohibits telemarketing calls to numbers on the National Do Not Call Registry, calls before 8 a.m. or after 9 p.m., robocalls without written consent, deceptive or abusive calling practices, and calls that abandon consumers. Civil penalties reach $51,744 per violation.

What is the Telemarketing Sales Rule and who does it cover?

The Telemarketing Sales Rule is a federal regulation the FTC first issued in 1995 under the Telemarketing and Consumer Fraud and Abuse Prevention Act (15 U.S.C. § 6101 et seq.) [1]. It applies to any "plan, program, or campaign" that uses telephone calls to induce purchases of goods or services, or charitable contributions, where those calls cross state lines [2].

That scope is broad. It covers inbound calls if they're triggered by ads that mention an 800 number, outbound sales calls of almost any kind, and prize promotions or investment pitches delivered by phone. It does not cover purely intrastate calls (calls where the caller and consumer are both in the same state), though many states have parallel rules that fill that gap.

Businesses that use vendors or third-party lead generators are also on the hook. The TSR holds sellers liable for violations committed by their telemarketers, so if you hired a lead gen firm that called someone it shouldn't have, you share the exposure [1]. That vicarious liability piece surprises a lot of small teams who assume the vendor absorbs the risk.

What does the Telemarketing Sales Rule prohibit, specifically?

The TSR's core prohibitions fall into a handful of buckets. Here's what the rule actually bans.

Calls to the National Do Not Call Registry. Telemarketers cannot call numbers registered on the National Do Not Call Registry unless the consumer gave written permission or has an established business relationship (EBR) with the seller. The EBR window is 18 months from the most recent purchase and 3 months from the most recent inquiry [2].

Calls outside permitted hours. Outbound telemarketing calls are prohibited before 8 a.m. or after 9 p.m. local time at the consumer's location [2]. "Local time" means the consumer's time zone, not yours.

Abandoned calls. If you use a predictive dialer and the call connects but no agent is available within two seconds of the consumer's greeting, that's an abandoned call. The TSR limits abandonment to no more than 3 percent of answered calls per campaign per day [2]. Exceeding that rate is a per-call violation.

Robocalls without prior express written consent. Since 2012, the TSR has required prior express written consent before delivering a prerecorded telemarketing message to any number. Consent must be unambiguous, and the consumer must get a clear disclosure that they're agreeing to receive prerecorded calls [3].

Deceptive and abusive practices. The TSR bars misrepresenting the cost, nature, or terms of a product; threatening or intimidating consumers; calling repeatedly with the intent to harass; and failing to disclose the seller's identity, the sales purpose of the call, and the nature of the goods or services being offered [2].

Billing without authorization. Obtaining or submitting payment information without the consumer's express verifiable authorization is flatly prohibited [2].

Prohibited payment methods for certain offers. For specific high-risk offer types (free-to-pay conversions, negative option features, debt relief services, credit repair), the TSR bans payment via remotely created checks, cash-to-cash money transfers, and similar instruments [2].

A clean summary of the main prohibitions and the thresholds that trigger a violation is in the table below.

What are the TSR's calling hour and frequency rules?

The hours rule is simple on its face: no calls before 8 a.m. or after 9 p.m. at the called party's location [2]. The wrinkle is time-zone ambiguity. If a consumer's area code is 520 (Arizona), and Arizona doesn't observe daylight saving time, your dialer needs to know that. Using a generic time zone map without DST adjustments has burned teams during the spring and fall clock changes.

Frequency isn't capped by a hard daily number the way call hours are, but the TSR's anti-harassment clause effectively creates a limit. Calling someone repeatedly or continuously to annoy, abuse, or harass them is prohibited. The FTC has brought cases based on patterns of multiple calls per day to the same number. There's no bright-line rule that says "three calls is fine, four is harassment," but the FTC has cited situations involving 10 or more daily calls in enforcement actions.

For abandoned-call compliance, the 3 percent daily abandonment rate applies per campaign. You're also required to play a recorded message when a call is abandoned, and that message must include the seller's name, phone number, and a statement that the call was for telemarketing purposes [2].

Key TSR thresholds and penalty figures Numbers every outbound team should have posted on the wall 52k Max civil penalty per TSR violation (2024) 3 Abandoned call rate limit (% per campaign per 18 EBR window from last purchase (months) 13 Permitted calling hours win… (hours) Source: FTC, Telemarketing Sales Rule (16 C.F.R. Part 310) and FTC Civil Penalty Adjustments, 2024

Does the TSR cover text messages and SMS?

This is where the TSR and the TCPA (47 U.S.C. § 227) overlap and diverge [4]. The TCPA, enforced by the FCC, explicitly covers text messages sent using an automatic telephone dialing system (ATDS) or artificial/prerecorded voice. The TSR's plain text speaks to "telephone calls," and the FTC's official guidance has historically focused on voice calls.

That said, the FTC has stated in advisory guidance that the TSR can apply to text messages that are part of a telemarketing plan or program, particularly for deceptive practices and payment authorization rules. In practice, most legal teams treat SMS telemarketing as governed primarily by the TCPA for consent and delivery requirements, and by the TSR for the underlying deceptive/abusive conduct prohibitions.

If you're running an SMS outbound program, assume both laws apply. Check TCPA consent requirements separately. The overlap means a single bad text campaign can expose you to FTC action under the TSR and FCC action (or private lawsuits) under the TCPA. For a deeper look at cold calling compliance and how calls vs. texts are treated differently, that distinction matters a lot in building your compliance workflow.

How does the TSR's Do Not Call list rule actually work?

The National Do Not Call Registry is maintained by the FTC at donotcall.gov [5]. Consumers register their numbers there for free. Telemarketers are required to access the registry and scrub their call lists against it before calling.

Here's how the access requirement works in practice. You must subscribe to the registry's data through the FTC's official data access system. You can query by area code. The subscription is free for organizations that access five or fewer area codes. For six or more area codes, annual fees apply (as of 2024 the FTC charges roughly $70 per area code per year, capped at about $18,044 for access to all area codes, though fees are adjusted periodically) [5].

The "safe harbor" for TSR DNC violations is narrow. It requires: (1) you have written procedures for DNC compliance; (2) you train personnel on those procedures; (3) you don't call a number more than 31 days after it appears in the registry you accessed; (4) you honor company-specific DNC requests within a reasonable time not to exceed 30 days; and (5) the call was made in error [2].

The EBR exception lets you call existing customers even if they're on the registry, but only within the 18-month window from last purchase, and only if they haven't placed themselves on your internal DNC list. Once someone tells you directly to stop calling, that overrides any EBR, period.

For a broader look at what running a compliant cold call program looks like day-to-day, scrubbing cadence and registry access timing are usually the first things teams get wrong.

What disclosures does the TSR require at the start of a call?

The TSR's prompt oral disclosure requirements are specific. At the beginning of an outbound call, before any sales pitch, the telemarketer must disclose [2]:

1. The identity of the seller. 2. That the call is a sales call. 3. The nature of the goods or services being offered.

These disclosures have to come before any substantive pitch begins. Scripts that bury the identity of the caller after a few seconds of engaging small talk are technically non-compliant.

For upsell calls, where an agent calls a customer about one product and then pivots to an unrelated offer, the rule requires a fresh disclosure of the new offer's nature and the seller's identity if it's a different entity.

Written disclosures are also required before a consumer pays or agrees to pay for certain high-risk products (prize promotions, investment advice, credit repair, debt relief). Those disclosures must cover total costs, key restrictions, and refund policies [2].

If you're building or revising cold calling scripts, the opening 15 seconds of any outbound script should be drafted to satisfy these TSR disclosure requirements before the value proposition starts.

What are the TSR penalties per violation and how does the FTC calculate them?

Each violation of the TSR can result in a civil penalty of up to $51,744 as of 2024 [6]. The FTC adjusts this figure annually for inflation under the Federal Civil Penalties Inflation Adjustment Act. The original statutory cap was $10,000 per violation when the law passed in 1994; decades of inflation adjustments have pushed it to its current level.

Each call to a DNC-registered number counts as a separate violation. A campaign that makes 100,000 prohibited calls is not treated as one violation. The FTC has extracted nine-figure settlements in large enforcement actions. In 2020, the FTC obtained a judgment against a Florida-based robocall operation for over $120 million [7].

The FTC also has authority to seek injunctions, asset freezes, and disgorgement of ill-gotten gains under 15 U.S.C. § 6104. In the most serious cases, criminal referrals to the DOJ are possible for defendants who knowingly violate an FTC order.

State attorneys general can also bring TSR enforcement actions, which means a single campaign can trigger parallel state and federal proceedings. Fourteen states have their own mini-TSR statutes with independent penalty structures.

For teams worried about exposure, the honest math is this: a company that made 10,000 prohibited calls faces potential statutory exposure of up to $517 million. The FTC rarely pursues the maximum, but it uses the threat of per-call penalties as its main point of pressure in settlement negotiations.

How is the TSR different from the TCPA?

People often treat these two laws as interchangeable. They're not.

FactorTSR (FTC)TCPA (FCC)
Enforcing agencyFTCFCC + private right of action
Statute15 U.S.C. § 610147 U.S.C. § 227 [4]
Private lawsuits allowed?No (FTC/AG only)Yes, $500-$1,500 per call
Covers inbound calls?SometimesYes (if ATDS used)
Base penaltyUp to $51,744/violation$500 per violation
Consent for robocallsPrior express written consentPrior express written consent
Call hour limits8 a.m. to 9 p.m.No federal time limit (FCC defers to TSR)

The biggest practical difference is private lawsuits. The TSR has no private right of action. Consumers can't sue you directly under the TSR. They complain to the FTC, which decides whether to act. The TCPA is the opposite: every consumer can sue on their own, and plaintiffs' attorneys have built an entire cottage industry around it. TCPA class actions are the ones that generate the nine-figure settlements you read about.

For most small outbound teams, TCPA exposure is more immediate because of private litigation risk. TSR exposure is more likely to come from FTC investigations triggered by consumer complaint patterns. Both need to be managed. They're not redundant.

For a grounded look at what what is cold calling in sales means from a legal standpoint, the TSR/TCPA distinction is one of the first things worth understanding.

Are there any exemptions from the TSR?

Yes, and some are significant.

The TSR exempts calls to businesses in most contexts. The rule is primarily designed to protect residential consumers, and B2B telemarketing is largely outside its scope, with one important exception: the DNC Registry provisions and some deceptive practice rules still apply to business-to-business calls in certain circumstances [2].

Non-profit organizations are exempt from the TSR when they're soliciting for themselves, but they're NOT exempt when they hire a for-profit telemarketer to do the calling on their behalf.

Political calls and survey calls don't trigger the TSR's full requirements. The rule requires a "purchase" or "charitable contribution" as the goal of the call. Pure advocacy or information-gathering calls don't fit that definition, though state laws often do regulate political robocalls separately.

Intrastate calls are exempt at the federal level. If your call center, the seller, and the consumer are all in the same state, federal TSR rules technically don't apply. But again, most states have their own telemarketing rules that closely mirror the federal TSR.

Banks, federal credit unions, and common carriers are partially exempt because they're regulated by other federal agencies. The FTC has no jurisdiction over those entities.

None of these exemptions eliminate TCPA obligations. A B2B robocall to a cell phone still requires TCPA-compliant consent even if the TSR doesn't strictly apply.

What do FTC enforcement actions actually look like?

The FTC doesn't go after every small violation. It looks for patterns: high call volumes, consumer complaint spikes, and defendants with prior violations or prior orders.

Typically, an FTC investigation starts with complaint data from the National Do Not Call Registry and the FTC's Consumer Sentinel database [8]. When a phone number or company accumulates a significant complaint volume, the FTC can subpoena call records, dialer logs, and contracts with lead vendors. From there, if the evidence supports it, the FTC files a complaint in federal district court seeking injunctive relief and civil penalties.

Historical enforcement patterns show the FTC prioritizes robocall operations, extended warranty scams, debt relief schemes, and businesses that ignore prior cease orders. In 2022 and 2023, the FTC's robocall enforcement actions targeted prerecorded calls delivering fake government benefit offers and fraudulent auto warranty pitches [7].

Smaller operations aren't immune. The FTC has settled with companies making fewer than a million calls where the conduct was egregious (calling DNC numbers knowingly, spoofing caller ID, ignoring consumer opt-outs).

If you want to run a compliant outbound program using AI cold calling tools or predictive dialers, document your scrubbing practices, retain your consent records, and build a written DNC policy. Those three things are often the difference between a warning letter and a consent decree.

How should a small outbound team build a TSR-compliant calling process?

Start with the basics you control directly.

First, access the National Do Not Call Registry and scrub your lists against it before calling. Build that scrub into every list import, more than quarterly. Numbers get added to the registry continuously, and the 31-day safe harbor window runs from the date of your last scrub, not the date you built the list [2].

Second, maintain a company-specific internal DNC list. Anyone who says "don't call me" gets added the same business day. Honor those requests for at least five years. The TSR requires a minimum of five years for record retention on DNC requests [2].

Third, record your outbound calls if your state allows single-party consent, and retain those recordings. If a complaint arises, recordings are your primary defense.

Fourth, document consent for any prerecorded or robocall campaigns. Written consent records should be retained for the life of the customer relationship plus some buffer. The FTC doesn't specify a retention period for consent records in the TSR, but matching the FCC's guidance of five years is reasonable.

Fifth, train every agent on the required disclosures, the call hour rules, and what to do when a consumer says stop. If an agent says "we don't have a DNC list" in a recorded call, that recording will be used against you.

LeadCompliant's free compliance checklist covers many of these workflow steps and can help teams spot gaps before they become complaint patterns.

For teams building out calling processes from scratch, cold calling definition resources can help newer team members understand the legal landscape before they ever pick up a phone, and cold call script templates can be built to include the required TSR disclosures from the start.

What records does the TSR require sellers and telemarketers to keep?

The TSR's recordkeeping rules are in 16 C.F.R. § 310.5 and they're more detailed than most teams realize [2].

Sellers and telemarketers must keep the following for 24 months from the date created or the date the last telemarketing call using those records was made, whichever is later:

  • Advertising and promotional materials.
  • Sales records (name, address, telephone number, dollar amount paid, description of goods or services).
  • Employee records (names, any fictitious names used, last known home addresses, telephone numbers).
  • All verifiable authorization records for unencrypted payment information.
  • All call scripts used during the covered period.

For company-specific DNC requests, the retention period is five years from the date of the request [2].

If you're using a third-party dialer platform, confirm contractually who owns the call records and whether they can be retrieved for a TSR records request. Several enforcement cases have involved sellers who couldn't produce records because they let a vendor relationship lapse and lost access to the data.

Note that this is general information about what the TSR requires. It is not legal advice. If you're facing an FTC inquiry or structuring a compliance program for a regulated industry, work with counsel.

Frequently asked questions

What calls are prohibited under the Telemarketing Sales Rule?

The TSR prohibits calls to numbers on the National Do Not Call Registry (unless an exemption applies), calls before 8 a.m. or after 9 p.m. local time, robocalls without prior express written consent, calls that abandon consumers at a rate above 3 percent per campaign per day, and calls that are deceptive, abusive, or fail to disclose the seller's identity and sales purpose at the outset.

Does the TSR apply to B2B telemarketing calls?

Mostly no. The TSR is designed for consumer protection and largely exempts business-to-business calls. The main exception: the deceptive and abusive practice provisions, and in some interpretations the DNC rules, can still apply to B2B calls. Also, if an individual at a business happens to be on the National DNC Registry (for their personal number used for business), calling it can still create risk.

What is the difference between the TSR and the TCPA?

The TSR is an FTC rule; the TCPA is an FCC statute (47 U.S.C. § 227). The TCPA allows private lawsuits at $500 to $1,500 per call, making it far more dangerous for small businesses from a litigation standpoint. The TSR is enforced only by the FTC and state attorneys general. Both require prior express written consent for robocalls, and both restrict calls to DNC-registered numbers.

How much is the penalty for calling someone on the Do Not Call list?

Each call to a DNC-registered number can result in a civil penalty of up to $51,744 as of 2024, adjusted annually for inflation by the FTC. The penalty applies per call, not per campaign. A company that makes 50,000 prohibited calls faces potential exposure exceeding $2.5 billion in statutory maximums, though the FTC typically negotiates settlements well below the theoretical maximum.

Does the TSR cover robocalls and prerecorded messages?

Yes. Since a 2012 amendment, the TSR requires prior express written consent before delivering any prerecorded telemarketing message. The consent must be clear, and the consumer must receive a disclosure that they're agreeing to prerecorded calls. Without that written consent, a single prerecorded outbound call is a TSR violation.

Can a consumer sue a company for violating the TSR?

No. The TSR has no private right of action. Only the FTC and state attorneys general can bring enforcement actions. Consumers who want legal recourse for unwanted telemarketing calls typically sue under the TCPA, which does allow private suits. Many class-action telemarketing lawsuits cite TCPA violations, not TSR violations, for exactly this reason.

What is an established business relationship and does it exempt you from DNC rules?

An established business relationship (EBR) exists when a consumer has made a purchase from or made an inquiry to the seller within specific timeframes: 18 months from the most recent transaction or 3 months from the most recent inquiry. An EBR lets you call a consumer even if they're on the National DNC Registry, but it doesn't override a consumer's direct request to stop calling them.

How do you access the National Do Not Call Registry?

You register at donotcall.gov through the FTC's telemarketer access portal. Access to five or fewer area codes is free. Subscribing to additional area codes costs roughly $70 per area code per year, capped at about $18,044 for the full national file (fees are updated periodically). You query the registry and scrub your call lists against the downloaded data before each calling campaign.

What disclosures are required at the start of a TSR-covered call?

Before any sales pitch begins, the caller must disclose: (1) the identity of the seller, (2) that the purpose of the call is a sales call, and (3) the nature of the goods or services being offered. These prompt oral disclosures must come before substantive selling begins. Burying them after an opening hook or after a consumer has engaged with the pitch is non-compliant.

Does the TSR apply to text messages?

The TSR's text focuses on voice calls, but the FTC has indicated the rule's deceptive and abusive practice provisions can apply to texts that are part of a telemarketing plan. In practice, SMS telemarketing is regulated mainly under the TCPA for consent and delivery requirements. Teams should treat both laws as applicable to commercial text campaigns to avoid gaps in their compliance posture.

How long do you have to honor a Do Not Call request?

You must honor a consumer's specific do-not-call request within a reasonable time not to exceed 30 days. After that, the number must stay on your internal DNC list for at least five years. Once someone requests to be removed from your calling list, no EBR or other exception lets you restart outbound calls to them.

What is the TSR's abandoned call rule?

The TSR allows no more than 3 percent of answered calls to be abandoned per campaign per day. A call is abandoned when it connects but no agent is available within two seconds of the consumer's completed greeting. When a call is abandoned, you must play a message with the seller's name, phone number, and notice that the call was for telemarketing. Exceeding the 3 percent rate is a per-call violation.

What records does the TSR require telemarketers to keep?

The TSR (16 C.F.R. § 310.5) requires retention of advertising materials, sales records, employee records, payment authorization records, and call scripts for 24 months. Company-specific do-not-call requests must be retained for five years. These records must be available for FTC inspection on demand. Losing access to vendor-held records after a contract ends has been a problem in several enforcement cases.

Are non-profit organizations exempt from the Telemarketing Sales Rule?

Non-profits are exempt when their own employees or volunteers make solicitation calls on behalf of the organization. That exemption disappears when the non-profit hires a for-profit telemarketing firm to make calls for them. In that case, the for-profit telemarketer must comply with the full TSR, including DNC registration scrubbing and all disclosure requirements.

Sources

  1. FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): The TSR was first issued in 1995 under the Telemarketing and Consumer Fraud and Abuse Prevention Act; sellers are liable for TSR violations committed by their telemarketers.
  2. FTC, Complying with the Telemarketing Sales Rule: TSR prohibitions on DNC calls, call hours (8 a.m. to 9 p.m.), abandoned call cap (3%), required prompt disclosures, prohibited payment methods, and recordkeeping requirements (24 months general, 5 years for DNC requests).
  3. Cornell LII, 47 U.S.C. § 227 (TCPA): The TCPA (47 U.S.C. § 227) is enforced by the FCC, covers automatic telephone dialing systems and prerecorded voice calls, and provides a private right of action at $500 to $1,500 per violation.
  4. FTC, National Do Not Call Registry: Consumers register numbers at donotcall.gov; telemarketers must access and scrub against the registry; access to five or fewer area codes is free.
  5. FTC, Civil Penalty Adjustments (FTC penalty amounts): Civil penalties under the TSR can reach $51,744 per violation as of 2024, adjusted annually under the Federal Civil Penalties Inflation Adjustment Act.
  6. FTC, Enforcement Actions database: FTC obtained a judgment exceeding $120 million against a Florida-based robocall operation in 2020; recent enforcement has targeted auto warranty and government benefit robocalls.
  7. FTC, Consumer Sentinel Network: FTC investigations often begin with complaint data from the National DNC Registry and the Consumer Sentinel database, with complaint patterns triggering subpoenas for call records.
  8. Cornell LII, 15 U.S.C. § 6101 (Telemarketing and Consumer Fraud and Abuse Prevention Act): The statutory authority for the TSR; defines 'telemarketing' as a plan, program, or campaign using telephone calls to induce purchases or charitable contributions across state lines.
  9. FTC, Telemarketing Sales Rule 16 C.F.R. § 310.5 (Recordkeeping): 16 C.F.R. § 310.5 specifies 24-month retention for sales and advertising records and 5-year retention for company-specific DNC requests.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit