Last updated 2026-07-10

TL;DR
The FTC's Telemarketing Sales Rule requires outbound sellers to check the National Do Not Call Registry before calling consumers, honor company-specific do not call requests within 30 days, and keep scrubbed call lists for 24 months. Violations cost up to $53,088 per call. The TSR applies to most commercial telemarketing and works alongside, but separately from, the TCPA.
What is the TSR and who has to follow it?
The Telemarketing Sales Rule is a federal regulation issued by the Federal Trade Commission under the Telemarketing and Consumer Fraud and Abuse Prevention Act, 15 U.S.C. §§ 6101-6108. [1] It covers any plan, program, or campaign to sell goods or services through interstate telephone calls. If your team dials consumers across state lines to pitch a product, close a sale, or generate a lead that feeds a sales call, you are almost certainly covered.
The rule applies to sellers and telemarketers. The FTC draws a line between the two: a seller is the company whose goods or services are being sold; a telemarketer is the person or company that makes the calls on the seller's behalf. Both can be held liable. So if you outsource your dialing to a call center, you are still on the hook if that center breaks the TSR's do not call rules. [1]
Some calls are exempt. Calls to businesses sit mostly outside the TSR's consumer-protection provisions, though business-to-business telemarketing carries some narrower rules of its own. Inbound calls responding to a general ad, calls a consumer started, and calls under an existing business relationship in specific circumstances get different treatment too. But "we're B2B" is not a blanket escape. If you are calling a person at a home number to pitch a business product, the consumer protections apply.
The TSR is separate from the TCPA, which the FCC enforces and which lives at 47 U.S.C. § 227. [2] Both sets of rules can apply to the same call. Think of them as two referees watching the same game. You can read more about the broader TCPA framework separately, because the consent and autodialer rules there stack another compliance layer on top of what we cover here.
What does the TSR's do not call rule actually require?
The core requirement sits in 16 C.F.R. § 310.4(b). [3] Telemarketers cannot call a person whose number is on the National Do Not Call Registry, and cannot call anyone who has already asked the seller to stop. Those are two separate obligations. Teams mess up the second one constantly.
Here is what the regulation actually says about the company-specific list: "It is an abusive telemarketing act or practice and a violation of this Rule for a telemarketer to... call any person who has previously stated that he or she does not wish to receive outgoing telephone calls made by or on behalf of the seller whose goods or services are being offered." [3] That previous statement is the opt-out, and you have to honor it.
The mechanics break down into four operational duties:
1. Check the National Do Not Call Registry before calling. The FTC requires scrub data no older than 31 days for any call. [3] In practice, most compliant teams pull a fresh scrub monthly.
2. Maintain your own internal do not call list. When a consumer says stop calling, that number goes on your company-specific list right away.
3. Honor those internal opt-outs within 30 days of the request. The clock starts the moment the consumer speaks, not when your CRM catches up.
4. Train everyone who places calls. The rule requires any seller or telemarketer that receives a do not call request to train its personnel in the existence and use of the internal list. [3]
The 31-day scrub window trips people up. It does not mean you check the registry once a month and you are done. It means the registry data you compare against cannot be more than 31 calendar days old at the moment of the call. A team that pulls data quarterly is out of compliance even if the numbers on their lists technically appeared on the registry before the download.
How do you access the National Do Not Call Registry under the TSR?
The FTC runs the registry at donotcall.gov. [4] Telemarketers register, pay an annual fee, and download area code data before they can scrub against it. As of 2024, the fee is $79 per area code per year, capped at $17,421 for access to all U.S. area codes. [4] The first five area codes are free, which helps a hyper-local operation and means nothing if you call nationally.
You can read more in our separate walkthrough on how to get the do not call list, but the short version: create an account at donotcall.gov, certify you are accessing the data for compliance purposes, pay, and download. You get a text file of registered numbers for each area code you bought.
Scrubbing compares your outbound calling list against the registry numbers. Any match gets removed before dialing. Most CRMs and dialer platforms offer DNC scrubbing as a built-in feature or add-on, but verify that the integration is actually pulling fresh data on schedule. "We have a DNC scrub" is not the same claim as "our DNC scrub runs data no older than 31 days."
The registry also covers mobile phone do not call list numbers. Cell numbers register just like landlines, and callers get no special pass for dialing a mobile number that sits on the registry. A common myth says wireless numbers are only protected by the TCPA. They are protected by both.
What is the established business relationship (EBR) exception?
The TSR lets a seller call a consumer whose number is on the registry when an established business relationship (EBR) exists. An EBR is defined in 16 C.F.R. § 310.2(o) as a relationship based on the consumer's purchase, rental, or lease of goods or services from the seller within 18 months before the call, OR the consumer's inquiry or application about products or services within 3 months before the call. [3]
There is a hard limit. Even with a valid EBR, if the consumer has told you directly to stop calling, the EBR does not save you. The explicit opt-out overrides the relationship exception. This is one of the most expensive misunderstandings in outbound sales. Teams keep dialing past customers who opted out because "they're existing customers." The law does not care about the relationship once the consumer has said stop.
The EBR is specific to the seller, not the telemarketer. If you are a call center calling for a client, your client's EBR with the consumer is what counts, not yours.
Inquiry-based EBRs (the 3-month window) start when a consumer calls in, fills out a form, or takes some other action showing interest in your offerings. The clock starts on the date of that inquiry, not the date you first called back. After 90 days, the inquiry-based EBR expires, and if the number is on the registry, you cannot legally call without fresh consent or a purchase-based relationship.
What are the penalties for TSR do not call violations?
Each TSR violation can bring a civil penalty of up to $53,088. [5] That figure adjusts periodically for inflation under the Federal Civil Penalties Inflation Adjustment Act, so check the current number at the FTC's penalty page, but it has sat above $50,000 per violation since 2021. [10]
The word that matters is "per violation." In telemarketing enforcement, the FTC typically counts each illegal call as its own violation. An operation that made 500,000 calls to registered numbers is looking at theoretical exposure in the billions. The FTC rarely collects the maximum on every count in a settlement, but the per-violation figure is what they hold over you in negotiations, and courts have upheld large aggregate penalties in contested cases.
Beyond civil penalties, the FTC can seek injunctive relief (a court order that stops your operations), consumer redress, and disgorgement of profits. In severe cases tied to fraud or repeated violations, the DOJ can bring criminal charges.
State attorneys general can bring TSR enforcement actions too, and many states run parallel telemarketing laws with their own penalty structures. [6] Getting hit by federal and state enforcement at once is not hypothetical. Several large actions have involved the FTC and multiple state AGs filing together.
Class action risk under the TSR is lower than under the TCPA, because the TSR has no private right of action. Individual consumers cannot sue you directly for TSR violations. The TCPA does give them that right, which is why TCPA class action settlements draw so much attention. A call that breaks both laws hands you FTC exposure on one side and the plaintiff's bar on the other.
How do TSR do not call rules compare to TCPA rules?
The two regimes overlap a lot, but they are not the same. Here is a side-by-side look at the key differences:
| Dimension | TSR (FTC) | TCPA (FCC) |
|---|---|---|
| Governing law | 15 U.S.C. §§ 6101-6108; 16 C.F.R. § 310 | 47 U.S.C. § 227; 47 C.F.R. § 64.1200 |
| DNC registry obligation | Yes, 31-day scrub window | Yes, shared registry |
| Company-specific DNC | Required, honor within 30 days | Required |
| Autodialer rules | Limits on abandonment rates, prerecorded calls | Extensive consent requirements for ATDS |
| Private right of action | No (FTC/state AG enforcement only) | Yes ($500-$1,500 per call, class actions possible) |
| Max penalty per violation | $53,088 [5] | $500 statutory, up to $1,500 trebled [2] |
| EBR exception | Yes, 18 months / 3 months | More limited under current FCC rules |
| Covers text messages | No (TSR is voice calls only) | Yes |
The missing private right of action under the TSR matters for litigation risk, but it does not make TSR violations low-stakes. The FTC has brought some of the largest telemarketing penalties in history using TSR authority. [5]
For teams doing cold calling at scale, the practical read is simple. The TCPA drives your lawyer's anxiety. The TSR drives your FTC enforcement risk. Both are real. Neither is optional.
What records do you have to keep under the TSR?
The TSR sets specific recordkeeping rules in 16 C.F.R. § 310.5. [3] Sellers and telemarketers keep the following for 24 months from the date the records are produced:
Advertising and promotional materials. Scripts, call guides, and pitch decks all count.
The names and last known addresses of all prize recipients and the prizes they got, if you run promotional offers.
All express written agreements with consumers, including verifiable authorizations for payment.
All purchase information: name, address, phone, dollar amount, date, goods or services purchased.
All subscriber lists you used for calling, and the date each list was last updated against the registry.
That last point matters most for DNC compliance. If the FTC investigates, they want evidence that your calling lists were scrubbed against current registry data before each campaign. If you cannot produce scrub logs showing dates, the list you used, and the registry data version, you lose the benefit of the doubt.
Two years feels long, but investigations often open well after the alleged violation. A complaint filed in 2025 can reach conduct from 2023. Keep records accordingly.
For teams building out compliance documentation, LeadCompliant's free compliance kit includes a TSR recordkeeping checklist that maps straight to these 16 C.F.R. § 310.5 requirements. [8]
What are the TSR rules on call abandonment and prerecorded messages?
Do not call compliance is only part of what the TSR governs. Two other requirements bite outbound teams constantly: abandonment rate limits and prerecorded message restrictions.
Abandonment rate. If you use a predictive dialer, the TSR requires you to connect answered calls to a live agent within 2 seconds of the consumer's greeting. [3] If you cannot connect in time and the call drops ("abandons"), that counts against your abandonment limit. The cap is 3% of answered calls per campaign per day. You also have to play a recorded message when a call abandons, giving the seller's name and a phone number the consumer can call back.
Prerecorded messages. Under the TSR, you generally cannot deliver a prerecorded sales message without the consumer's express written agreement to receive such calls. [3] That standard is nearly as strict as the TCPA's consent rule for robocalls. Blasting prerecorded pitches to cold lists is over from a federal compliance standpoint. One narrow exception covers prerecorded messages delivering purely informational content to existing customers, but the line between informational and sales is thin, and the FTC reads it narrowly.
If your cold call strategy uses any automated dialing technology, the abandonment rules and the prerecorded message rules layer on top of the DNC requirements. Complying with one set does not give you a pass on the others.
How should a small outbound team set up a TSR-compliant do not call process?
Here is what I would actually build if I ran compliance for a 10-person outbound sales team.
Start with the registry. Buy area codes for every market you call and set a calendar reminder to refresh your download every 28 days. Thirty-one days is the legal maximum. Do not cut it that close. The fee is worth it.
Build an internal DNC list from day one. Every CRM has a way to tag or flag records. Create a "Do Not Call" tag or field, define the workflow for adding a number the moment anyone receives an opt-out request, and make it someone's specific job to maintain it. The workflow has to survive employee turnover.
Scrub both lists before every campaign. The national registry is not enough. Your internal list has to run too. If someone called in last quarter and asked to be removed, and your salesperson added the tag, that number cannot show up in next month's campaign export.
Document everything. Keep a log of each scrub run: date, list used, registry data version, number of records removed. This log is your defense if you are ever investigated.
Train the team on opt-out handling. Every rep needs to know exactly what to say and do when a consumer asks not to be called. "I'll take you off the list" means nothing if there is no process behind it. The 30-day honor window starts when the consumer speaks those words, not when the CRM updates.
You can use the free DNC number checker at LeadCompliant.com to spot-check specific numbers before campaigns go out. It is not a substitute for full-list scrubbing, but it catches manual errors when you load a small batch.
For teams managing larger lists or existing do not call telemarketer list obligations, third-party scrubbing services automate the work and build audit logs for you. The cost is usually a fraction of what one penalty costs.
Does the TSR apply to B2B telemarketing?
Mostly no, but the caveats matter. The TSR's do not call and consumer-protection provisions target calls to residential consumers. Business-to-business calls are generally exempt from the DNC registry requirement. [1]
But "B2B" is defined by who you actually reach, not by who you meant to reach. If you call a small business owner's personal cell or a home-based business at a residential number, the consumer protections likely apply. The FTC looks at the nature of the call and the number dialed more than the stated purpose.
The TSR still reaches B2B calls in some respects. The prohibitions on fraud, misrepresentation, and deceptive practices in 16 C.F.R. § 310.3 cover every telemarketing call, business or consumer. [3] You cannot lie to a business on the phone just because the consumer DNC protections do not apply.
A practical test: if the number you are calling could also serve the person's personal use, treat it as consumer-protected. That is the conservative position, and it keeps you out of the regulatory gray zone.
What TSR changes should outbound teams watch for?
The FTC updates the TSR periodically. The most recent significant amendment cycle came in 2023, when the FTC finalized changes to rules on business opportunity and government grant telemarketing fraud, and reaffirmed the existing DNC requirements. [1]
Pending and potential changes worth watching include expanded prerecorded call restrictions and possible updates to the EBR exception. The FTC has signaled interest in tightening what counts as an established business relationship, especially for third-party lead generation, where consumers fill out one form and then get calls from multiple sellers they never named.
The TCPA side has more active rulemaking right now. The FCC's one-to-one consent rule requires consent for autodialed or prerecorded calls to be specific to the caller rather than blanket coverage for a whole marketing network. [9] That rule does not amend the TSR directly, but it shapes how lead generation feeds outbound programs that must satisfy both laws.
State law is moving faster than federal law in many areas. Florida, Oklahoma, and Texas have passed or expanded telemarketing statutes with stricter consent requirements, shorter opt-out windows, and higher per-violation penalties than the TSR provides. [6] Teams calling into those states need to layer state requirements on top of the federal baseline.
Subscribe to FTC rulemaking notices at ftc.gov and FCC rulemaking at fcc.gov. Both agencies publish proposed rules with comment periods before they take effect. A 60-day heads-up on a rule change beats finding out from a complaint.
Frequently asked questions
How often do I need to scrub my calling list against the National Do Not Call Registry?
The TSR requires your list to be compared against registry data no older than 31 days at the time of any call. In practice, most compliant teams pull a fresh download every 28 days to stay safely inside the window. Quarterly scrubbing is not compliant. Per 16 C.F.R. § 310.4(b)(3), stale data does not protect you even if the number appeared on the registry before your download date.
What happens if a consumer asks us not to call and we call them again?
Each repeat call after an opt-out request is a separate TSR violation, subject to a civil penalty of up to $53,088 per call. The TSR requires you to honor company-specific do not call requests within 30 days. That 30-day window is the outer limit; the FTC expects prompt action, not a wait to the deadline. If the number is also on the National Do Not Call Registry, you have a registry violation stacked on top.
Does the TSR cover text messages or only phone calls?
The TSR covers telephone calls, not text messages. Text message compliance falls under the TCPA, enforced by the FCC, which has separate consent and opt-out requirements for SMS marketing. However, if a text campaign is used to generate calls, the resulting calls are covered by the TSR. Teams running both phone and text outreach need to comply with both regimes.
Are there any exemptions from the TSR's do not call requirements?
Yes. Calls to consumers with an established business relationship (purchase within 18 months or inquiry within 3 months) are exempt from the national registry requirement, unless that consumer has specifically told you to stop calling. Calls to businesses, calls the consumer started, and some nonprofit and political calls also sit outside the TSR's consumer do not call provisions. Each exemption comes with specific conditions.
What is the difference between the TSR do not call rules and the TCPA do not call rules?
The TSR is enforced by the FTC with civil penalties up to $53,088 per violation and no private right of action for consumers. The TCPA is enforced by the FCC and allows private lawsuits for $500 to $1,500 per call, which makes class actions common. Both laws share the National Do Not Call Registry. A single call can violate both, creating parallel exposure from regulators and plaintiff attorneys at once.
How long do I have to keep do not call compliance records under the TSR?
The TSR requires sellers and telemarketers to keep compliance records for 24 months from the date they are created. This includes calling lists, scrub logs showing the date and registry version used, internal do not call lists, and records of express agreements with consumers. Keep two years of records even after a campaign ends, because FTC investigations frequently reach conduct from prior periods.
Can the FTC fine us for TSR violations even if we use a third-party call center?
Yes. The TSR holds sellers liable for violations by telemarketers acting on their behalf. If you hire a call center and it fails to scrub against the Do Not Call Registry, you as the seller face the same penalties as the call center. Contracts that shift liability to the vendor do not protect you from FTC enforcement. Sellers are expected to supervise and audit the telemarketers they retain.
What is a "safe harbor" under the TSR and how do I qualify?
The TSR provides a safe harbor from national registry violations if you can show written procedures for DNC compliance, employee training, use of registry data no older than 31 days, and that the call was a mistake despite those procedures. The safe harbor does not cover calls to consumers who made a company-specific opt-out request. It is a narrow defense, not a blanket excuse for bad data hygiene.
Does the established business relationship exception apply to leads we purchased from a third party?
No. The EBR must run between your company and the consumer. If a lead generation company sold you a list of people who filled out forms for some other vendor, no EBR exists between you and those consumers. Calling registered numbers in that scenario is a TSR violation. The FTC has pursued enforcement specifically targeting lead-based calling programs where sellers relied on fabricated or misrepresented EBRs.
What is the TSR's abandonment rate rule and how does it affect predictive dialers?
The TSR limits call abandonment to 3% of answered calls per campaign per day. An abandoned call happens when a consumer answers but no live agent is available within 2 seconds of their greeting. Predictive dialers that dial aggressively to keep agents busy can easily blow past this threshold. When a call abandons, the TSR also requires playing a recorded message with the seller's name and a callback number.
Do TSR do not call requirements apply to B2B sales calls?
The TSR's DNC registry and consumer-protection provisions generally do not apply to genuine business-to-business calls. But calls to a business owner's personal cell or a home-based business at a residential line can trigger consumer protections depending on the circumstances. The TSR's prohibitions on fraud and misrepresentation apply to B2B calls. "We only call businesses" is not a safe blanket position without careful attention to the numbers actually dialed.
How do state do not call laws interact with the federal TSR?
State laws add requirements on top of the TSR, they do not replace it. Several states run their own do not call registries and impose stricter consent requirements, shorter opt-out windows, and higher per-violation penalties. Florida, for one, adds restrictions on calls to residents beyond what the TSR requires. You must comply with both the federal TSR and any state law that reaches the consumer's location.
What should I do if my team receives a do not call request during a live call?
The rep should confirm the request out loud, note the date and time, and add the number to your internal do not call list before the end of that business day. The TSR requires the request be honored within 30 days, but best practice is immediate processing. If your CRM allows real-time flagging, do it before the call ends. Train every rep on this workflow, because the 30-day clock starts the moment the consumer speaks.
Sources
- FTC, Telemarketing Sales Rule overview and 16 C.F.R. Part 310: The TSR covers plans, programs, or campaigns to sell goods or services through interstate telephone calls; both sellers and telemarketers are covered and can be held liable.
- FTC, 16 C.F.R. Part 310 full regulatory text: TSR requires scrub data no older than 31 days, company-specific DNC honored within 30 days, 3% abandonment cap, prerecorded message consent requirement, and 24-month recordkeeping; statute text quoted from § 310.4(b).
- FTC, National Do Not Call Registry information for telemarketers: Registry access costs $79 per area code per year with a cap of $17,421 for all U.S. area codes; first five area codes are free.
- FTC, Enforcement and Penalty Offenses overview: Maximum civil penalty per TSR violation is $53,088; the FTC has obtained large telemarketing judgments using TSR authority.
- National Conference of State Legislatures, telemarketing and do not call laws: Multiple states including Florida, Oklahoma, and Texas have telemarketing statutes with requirements stricter than the federal TSR baseline; state AGs can bring independent enforcement actions.
- FTC, National Do Not Call Registry consumer information page: The National Do Not Call Registry was established by the 2003 TSR amendment and opened to consumer registration in June 2003.
- FTC, business guidance on complying with the Telemarketing Sales Rule: Sellers are responsible for TSR compliance by telemarketers acting on their behalf; EBR definition and safe harbor conditions described in agency guidance.
- Federal Register, FTC Civil Penalties Inflation Adjustment 2024: The $53,088 per-violation TSR penalty figure reflects the 2024 inflation adjustment under the Federal Civil Penalties Inflation Adjustment Act.