Checkbox vs. pre-checked consent boxes: what TCPA law actually requires

Pre-checked consent boxes violate TCPA's 'clear and conspicuous' standard. Learn the exact rules, FCC guidance, and case outcomes in under 5 minutes.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-10

Hand about to check an empty consent checkbox on a paper form
Hand about to check an empty consent checkbox on a paper form

TL;DR

Pre-checked opt-in boxes do not satisfy TCPA consent requirements. The FCC's 2012 order and later rulings require consent to be an affirmative act, meaning the box starts unchecked and the consumer actively checks it. A pre-checked box records passive non-action, not agreement. Each call or text sent on that basis risks $500 to $1,500 in statutory damages.

TCPA consent means the person agreed, in writing, before you called or texted their cell phone with automation. The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, restricts autodialed calls and texts to cell phones without 'prior express consent' from the called party. For plain informational calls, that standard has always been fairly loose. For telemarketing, the FCC tightened it hard in 2012. [1]

The 2012 FCC order (FCC 12-21) gave compliance teams the phrase they now live by: consent must be 'clear and conspicuous' and must constitute a written agreement. [2] The rule at 47 C.F.R. § 64.1200(f)(9) defines 'prior express written consent' as 'an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages.' [3]

That word 'agreement' carries the whole thing. An agreement means two parties actually agreeing. A box that loads already checked is not an agreement. It is a default the consumer either notices and unchecks, or never sees at all.

That is opt-out consent wearing an opt-in costume. Opt-out consent has never satisfied TCPA's written consent standard for autodialed marketing calls or texts.

Why are pre-checked boxes specifically invalid under TCPA?

Pre-checked boxes flunk the affirmative-act requirement, which sits at the center of TCPA written consent. The consumer has to do something to agree. A pre-checked box flips that: now the consumer has to do something to disagree. Courts penalize exactly that inversion.

The 2012 order (FCC 12-21) says consent cannot be a condition of purchase and must come through clear and conspicuous disclosure. A pre-checked box already stumbles there, because it hides the choice inside a default.

In the 2015 Omnibus TCPA Ruling (FCC 15-72), the FCC restated that consumers must take an affirmative step to grant consent. [4] A pre-checked box asks them to take an affirmative step to refuse it. Wrong direction.

In Van Patten v. Vertical Fitness Group (9th Cir. 2017), the court looked at whether post-signup marketing texts were covered by consent given at gym enrollment. The outcome turned on other facts, but the court's reasoning was blunt: consent must be unambiguous and cannot be inferred from passive behavior. [5] Passive behavior is the only thing a pre-checked box ever records.

The 2023 FCC one-to-one order (FCC 23-107) pushed further, requiring consent to come specifically from the seller named in the disclosure and be clearly tied to that seller. [6] A generic pre-checked box bundling consent to 'our partners' fails even if the check itself were an affirmative act, because the disclosure is broken.

Pre-checked boxes are invalid for autodialed TCPA marketing. Full stop.

What makes an unchecked checkbox legally valid under TCPA?

An unchecked checkbox can satisfy TCPA's prior express written consent standard, but only if five things are true at the same time. Hit three of them and skip two, and you still have exposure.

First, the box starts unchecked. The consumer personally places the mark. [2]

Second, the disclosure text names the entity (or entities, subject to the 2023 rule) that will call or text. Vague language like 'our marketing partners' does not meet the FCC's one-to-one consent rule, effective January 27, 2025. [6]

Third, the disclosure describes the technology. 'Autodialed or prerecorded calls and texts' is the phrasing most compliance attorneys use. Get voice consent only, then start texting, and you have opened a second front of liability.

Fourth, the disclosure states the purpose: marketing, informational, or both. Consent for account notifications does not stretch to cover promotional texts.

Fifth, the checkbox and its disclosure are clear and conspicuous. Grey 8-point font on white, or a checkbox buried under 800 words of terms, can fail even when the box is technically unchecked. Courts ask whether a reasonable consumer would actually notice and understand what they agreed to.

Here is a fast test. Show the form to someone who knows nothing about your business. If they cannot tell you within 15 seconds what they are consenting to and who will contact them, the disclosure probably will not survive litigation.

FeaturePre-checked boxUnchecked checkbox (valid)
Consumer takes affirmative actNoYes
Satisfies FCC 'agreement' standardNoYes (if disclosure is correct)
Bundled 'partner' consent allowed (post-Jan 2025)NoNo
Can be used for autodialed marketing calls/textsNoYes (if all 5 conditions met)
Risk levelHighLow to moderate
TCPA consent: key numbers every outbound team should know Statutory thresholds and case benchmarks under 47 U.S.C. § 227 500 $500 per violation (standar… 1,500 $1,500 per violation (willf… 2,025 Jan 27, 2025 (1:1 rule effective) 15M $15M Cash App TCPA settlement Source: 47 U.S.C. § 227, FCC FCC 12-21 (2012), FCC FCC 23-107 (2023)

How much does a pre-checked box mistake actually cost?

Statutory damages under 47 U.S.C. § 227(b)(3) run $500 per violation for a standard TCPA breach and up to $1,500 per violation if a court finds it willful or knowing. [1] Each call or text is a separate violation. Each recipient is a separate plaintiff. The math compounds fast.

TCPA cases are almost always class actions. Say your lead-gen form used a pre-checked box and you sent 50,000 marketing texts. That is $25 million at $500 per text, or $75 million at the trebled rate. Those figures sound theatrical. They are also the actual numbers courts use when certifying classes.

Real settlements make the point. The cash app tcpa class action settlement reached $15 million. The credit one tcpa settlement resolved for $12.5 million. Both cases turned partly on whether consent was properly obtained.

Smaller companies get hit too. TCPA settlements in the multi-million range regularly involve plaintiffs arguing that pre-checked or bundled lead-gen forms never produced valid consent. A vendor that texted a million people faces theoretical exposure north of $500 million at $500 per text, which is why these cases settle for large sums even when the settlement is a fraction of the maximum.

Nobody has clean industry-wide data on total annual TCPA litigation cost. The closest reliable tracker, WebRecon's federal court filing counts, has shown thousands of TCPA suits filed each year, with volume swinging after the 2021 Facebook v. Duguid ruling narrowed the autodialer definition. [12]

Did the Supreme Court or any major court specifically address pre-checked boxes?

No Supreme Court case has ruled on pre-checked consent boxes as a standalone question. The Court's 2021 decision in Facebook, Inc. v. Duguid (592 U.S. 395) dealt with the definition of an automatic telephone dialing system, not the mechanics of a consent form. [9]

Circuit courts have still handled consent quality in ways that cover the pre-checked scenario cleanly. The Eleventh Circuit, in Mais v. Gulf Coast Collection Bureau (786 F.3d 1110), examined what counts as prior express consent and held that consent must be clear, not implied. [10] District courts applying that logic to specific form designs have repeatedly thrown out pre-checked boxes.

In Trenz v. Sirius XM Radio (S.D. Cal. 2015), the court found that a pre-populated contact field did not create valid consent, because a consumer would not reasonably understand that leaving a field as-is meant opting into telemarketing. That reasoning maps straight onto pre-checked consent boxes.

So you will not find a Supreme Court opinion with the phrase 'pre-checked box.' You do not need one. The lower court consensus plus the FCC's affirmative-act language settle the question at the practitioner level. No experienced TCPA defense attorney would tell a client that pre-checked boxes are safe.

The 2023 order (FCC 23-107) made consent mechanics stricter, effective January 27, 2025. [6] The core change: lead generators and comparison shopping sites can no longer collect one blanket consent covering many sellers. Each seller has to obtain consent directly from the consumer.

This reshapes checkbox design. Plenty of lead-gen forms used to run a single checkbox reading something like 'I agree to be contacted by XYZ Company and its partners.' Under the 2023 rule, that box does not satisfy the standard for the downstream partners, even if it was unchecked at page load. Each partner has to be named, and the consumer has to agree to each one specifically.

The FCC required the consent to be 'logically and topically associated' with the content the consumer is engaging with. A person filling out a mortgage rate comparison form has a logical connection to mortgage lenders. That same person probably has no logical connection to an auto insurer listed in fine print beneath the form. [6]

If you buy leads from third-party generators, the 2023 rule puts you on the hook for confirming that consent was obtained correctly for your company specifically. 'The lead vendor told me they had consent' has never been a strong defense in court, and it is weaker now. Reading your vendor contracts and their actual form designs is baseline work, not extra credit.

For text message marketing programs, the one-to-one requirement bites hardest, because SMS is the channel most likely to draw a TCPA class action.

Does the TCPA checkbox rule apply differently to B2B versus B2C contacts?

Mostly no, with one nuance worth knowing. TCPA's cell phone restrictions apply based on the number you dial, not the reason you dial it. Call a personal cell phone, even for a business-to-business sales pitch, and TCPA's autodialer and prerecorded call rules apply.

The nuance: for purely informational calls to businesses, some practitioners argue you need only prior express consent, the lower standard, not written consent. But 'informational' is defined narrowly. The moment there is a commercial purpose, meaning you are trying to sell something, the telemarketing standard kicks in and written consent is required.

SMS in a B2B context works the same way. Text someone's personal cell as part of outbound sales prospecting and TCPA applies, business owner or not. The statute carves out no B2B exemption for cell phone contacts.

Some teams doing cold calling manage this by dialing only verified business lines. That is defensible for voice calls, but it takes an actual verification process, not a guess that a number is a desk phone.

The disclosure text matters as much as whether the box starts unchecked. Here is the structure compliance attorneys reach for, built on FCC guidance:

'By checking this box, I agree to receive autodialed or prerecorded calls and text messages from [Legal Company Name] at the phone number I provided above. I understand this consent is not a condition of purchase. Message and data rates may apply. I can opt out at any time by replying STOP.'

Every clause there does a job. 'By checking this box' confirms the affirmative act. 'Autodialed or prerecorded' describes the technology. '[Legal Company Name]' satisfies the one-to-one rule by naming the specific entity. 'Not a condition of purchase' tracks the FCC's prohibition from the 2012 order. 'Opt out at any time' maps to FCC revocation requirements.

What to avoid: the word 'partners' standing in for actual company names. The FCC criticized consent to 'our marketing partners' directly in its 2023 order. [6] If you are a lead aggregator selling to five buyers, you need five separate checkboxes or a disclosure that names all five companies.

Also avoid burying the disclosure in a link. A checkbox reading 'I agree to the Terms' with the marketing consent hidden inside those terms is not clear and conspicuous. Courts have rejected that setup.

LeadCompliant's free consent language checker can compare your current disclosure against these standards before your next campaign launches.

What records do you need to keep to prove valid checkbox consent?

Consent means nothing if you cannot prove it. Plaintiff attorneys are good at finding the gap between 'we had consent' and 'here is the documented proof.'

Keep, at minimum: the exact form language and design as it appeared when consent was given (a screenshot or versioned HTML archive works), the submission timestamp, the IP address of the submitting device, the phone number as the consumer entered it, and the specific version of your disclosure that was live at that timestamp.

Version control matters because your form changes over time. Get sued three years after a lead came in, and you have to prove what the form looked like the day that person submitted it. 'We have always used an unchecked box' is not documentation. A dated repository of form versions is.

Some teams log the consent transaction in a CRM field on the contact record, with timestamp and form version captured automatically. That makes consent auditable at the contact level, which is exactly what you need when a plaintiff's attorney sends a discovery request asking for proof of consent for each of the 45,000 people you texted.

For purchased leads, the documentation duty does not vanish. You need the vendor to hand over consent records at the same detail, guaranteed in the contract, and you need to actually collect and store them. Scrubbing your list against the do not call list is one layer, but it does not replace consent documentation.

Only the channels the disclosure names. This is a common gap that creates real exposure.

If your checkbox says 'I agree to receive calls from [Company]' and you later text that person, the consent likely does not cover the text. Calls and texts are distinct under TCPA, and courts have generally held that consent to one does not carry over to the other.

Consent to receive 'marketing messages' may also not cover transactional or operational messages, though plaintiffs sue over marketing far more often than over receipts and shipping notices.

The safe move is to name both channels if you plan to use both. 'Calls and text messages' in the same disclosure is clean, legally and practically. There is no upside to keeping the language narrow.

For any cold call that touches a cell phone, check whether the disclosure on your inbound lead form actually covers outbound autodialed calls. A form submission for a free quote is not automatically TCPA-compliant consent for follow-up robocalls unless the language says so. Obvious in theory. One of the most common real-world gaps teams find during an audit.

What about mobile numbers specifically, and does the DNC list interact with checkbox consent?

Mobile numbers carry two layers of federal protection: TCPA consent rules and the National Do Not Call Registry. They run independently.

Consent does not override the DNC. If someone gives you TCPA-valid checkbox consent but sits on the mobile phone do not call list, the consent exception lets you make calls under TCPA's cell phone rules, but you still owe DNC compliance for telemarketing calls. The FTC's Telemarketing Sales Rule applies to voice calls on its own track. [11]

Most teams treat this as a combined scrub: check the number against the National DNC Registry and your own internal do-not-call list before every dial. For access, how do i get the do not call list walks through registration and download.

The reverse also holds. A number on your internal opt-in list is not automatically off the DNC. Someone can opt in to your texts (valid TCPA consent) and still be on the National DNC Registry for voice calls. The two records cover different channels.

State laws stack on top. Florida's Mini-TCPA (FTSA) and Oklahoma's similar statute can add requirements past federal law. Some states require opt-in consent for texts where federal law would not. Operate in multiple states, and your checkbox disclosure may need to account for state-specific rules.

Can you use a pre-checked box for anything compliant under TCPA?

Almost nothing, with one narrow practical exception.

For truly transactional or relationship messages, where there is no marketing content and the call or text responds to a consumer-initiated inquiry, prior express consent (the lower standard) may apply instead of prior express written consent. The FCC has said that providing a phone number in the course of a transaction can count as prior express consent for informational follow-up. [2] A pre-checked box is probably not even needed there, because handing over the number is arguably enough on its own.

Here is the trap: 'informational' is narrow. The instant a call or text carries an offer, promotion, discount, or upsell, it becomes telemarketing under FCC rules. The FCC and the courts have repeatedly rejected the 'we were just informing them about an offer' argument. If money is involved, it is telemarketing.

For any campaign that might carry marketing content, assume the written consent standard applies. That means unchecked boxes, an affirmative act, and proper disclosure. Running a pre-checked box and hoping the content stays purely informational is not a compliance strategy. It is a bet you will eventually lose.

Frequently asked questions

No, not for autodialed marketing calls or texts. The FCC requires prior express written consent, which means an affirmative act by the consumer. A pre-checked box records passive non-action, not an agreement. Courts have consistently rejected pre-checked boxes as meeting the 'clear and conspicuous' written consent standard required by 47 C.F.R. § 64.1200(f)(9).

What is the fine for using a pre-checked box to collect TCPA consent?

There is no per-form fine. Liability attaches when you actually call or text using that invalid consent. Each call or text is a separate TCPA violation at $500 per contact, or up to $1,500 if willful. A campaign of 10,000 texts sent on pre-checked consent could produce $5 million to $15 million in statutory damages exposure.

Does checking an unchecked box on a web form count as an electronic signature under TCPA?

Yes. The FCC's 2012 order (FCC 12-21) says TCPA written consent can be satisfied by 'an electronic or digital form of signature to the extent that such form of signature is recognized as a valid signature under applicable federal law or state contract law.' Clicking an unchecked checkbox qualifies as an electronic signature under the federal E-SIGN Act.

Yes, and it matters. The FCC's 2015 omnibus order (FCC 15-72) confirmed that consumers can revoke TCPA consent at any time through any reasonable means. A reply of STOP to a text, a verbal request during a call, or a written request by email all count. You must honor revocation promptly, and best practice is to process it before the next send cycle.

The statute sets no fixed expiration. Courts have found that stale consent can go invalid if a long time passes or the relationship materially changes. A checkbox completed five years ago for a product you no longer sell is legally fragile. Refreshing consent periodically, especially for lists older than two years, is a reasonable risk management step.

Effective January 27, 2025, a single checkbox can no longer grant consent to multiple sellers. Each seller must be individually named in the disclosure and must obtain consent specifically for itself. Lead aggregators and comparison shopping sites are most affected. A generic 'I agree to be contacted by our partners' checkbox now fails the standard regardless of whether it was unchecked at page load.

Only if the disclosure explicitly names both channels. Consent to receive calls does not automatically extend to texts, and vice versa. The safe approach is to include both 'autodialed calls and text messages' in the disclosure language if you plan to use both channels. Separate consent is not legally required, but the disclosure must clearly describe both.

If I buy leads from a third party, am I responsible for whether their checkbox was valid?

Yes. Courts have held that a company initiating a call or text is liable under TCPA even if it relied on consent collected by a third party. The 2023 FCC order makes this clearer by requiring consent to name each seller specifically. Audit your lead vendors' actual form designs and contractually require timestamped, documented consent records for every lead they sell you.

You need: the form language exactly as displayed when the consumer submitted it, the submission timestamp, the consumer's IP address, the phone number as entered, and the version of your disclosure that was live at that moment. Versioned archives of your form HTML work. Courts in TCPA cases routinely ask for this level of detail in discovery, and 'we believe we had consent' without documentation does not hold up.

Yes, if you are contacting a personal cell phone number. TCPA applies based on the number type, not the purpose of the call. Business-to-business calls to personal cell phones are subject to the same autodialer and consent rules as consumer marketing. Only calls to verified business landlines operate outside TCPA's cell phone consent requirements.

Can I use a pre-checked box for SMS marketing if the consumer opts out?

No. Consent validity is judged at the time it is collected, not by whether the consumer later opts out. A pre-checked box never was valid prior express written consent, so every text sent under that 'consent' was already a potential TCPA violation. A later opt-out does not retroactively cure invalid consent.

How does state law interact with federal TCPA checkbox requirements?

States can impose requirements stricter than TCPA, and several do. Florida's Telemarketing Act and the FTSA, Oklahoma's TSR analog, and Washington's Commercial Electronic Mail Act all add layers beyond federal rules. Some state laws require opt-in consent for texts even where federal law would apply a lower standard. If you operate nationally, draft your checkbox disclosure to meet the strictest applicable state standard.

Prior express consent (the lower standard) applies to informational calls to cell phones and covers situations like a consumer providing their number during a transaction. Prior express written consent is required for autodialed or prerecorded telemarketing calls and texts. It must be in writing, describe the technology and sender, and come from an affirmative act. A pre-checked box fails the written consent standard, and arguably the basic express consent standard too, because it reflects no clear affirmative act.

Sources

  1. U.S. House of Representatives, 47 U.S.C. § 227 (TCPA statute text): Statutory damages of $500 per violation, up to $1,500 if willful, for each call or text in violation of TCPA
  2. FCC / Code of Federal Regulations, 47 C.F.R. § 64.1200(f)(9): Definition of prior express written consent requiring a written agreement bearing the signature of the called party authorizing delivery of telemarketing messages
  3. U.S. Court of Appeals, Ninth Circuit, Van Patten v. Vertical Fitness Group, 847 F.3d 1037 (9th Cir. 2017): Ninth Circuit analysis requiring TCPA consent to be unambiguous and not inferred from passive consumer behavior
  4. PACER / District Court records, Cash App TCPA Class Action Settlement: Cash App TCPA class action settled for $15 million
  5. PACER / District Court records, Credit One TCPA Settlement: Credit One TCPA settlement resolved for $12.5 million, case involved consent adequacy questions
  6. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court 2021 ruling narrowed the ATDS definition under TCPA; primary focus was on autodialer definition, not consent form mechanics
  7. U.S. Court of Appeals, Eleventh Circuit, Mais v. Gulf Coast Collection Bureau, 786 F.3d 1110 (11th Cir. 2015): Eleventh Circuit examined prior express consent standard and emphasized that consent must be clear and not implied from ambiguous circumstances
  8. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: FTC Telemarketing Sales Rule applies to voice telemarketing calls independently of TCPA, including National DNC Registry requirements
  9. WebRecon LLC, TCPA Federal Lawsuit Filing Statistics: Thousands of TCPA suits filed per year in recent years based on federal court filing tracking, with volume shifting after Facebook v. Duguid

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit