How to get express written consent for autodialed calls before first contact

TCPA requires express written consent before autodialed calls to cell phones. Learn exactly what counts, how to capture it, and how to avoid $500, $1,500/call fines.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Hands completing a consent form on a desk beside a smartphone
Hands completing a consent form on a desk beside a smartphone

TL;DR

Under 47 U.S.C. § 227 and the FCC's 2012 rules, you need prior express written consent before any autodialed or prerecorded marketing call or text to a cell phone. That consent has to be signed, clear about who will call, and never bundled as a condition of purchase. Get it wrong and each call carries $500 to $1,500 in statutory damages.

Express written consent is a defined legal term, not a vibe. The FCC's 2012 TCPA rules (codified at 47 C.F.R. § 64.1200) require a written agreement showing the consumer authorized a named seller to contact them with an autodialer or prerecorded voice at a specific number. The statute, 47 U.S.C. § 227(b)(1)(A), bars autodialed calls to cell phones 'without the prior express consent of the called party,' and the FCC's 2012 order raised that bar to 'prior express written consent' for any call that includes or introduces an advertisement or counts as telemarketing. [1][9]

The writing does not have to be paper. The FCC defines it broadly enough to cover electronic records: an email opt-in, a web form checkbox, a text-message reply. What matters is the record showing three things. A clear, conspicuous disclosure that autodialed or prerecorded calls may be made. The name of the seller who will call. A real signature, which can be an e-signature under the E-SIGN Act. [3]

Here is the part teams miss. The consent cannot be a condition of purchase. The FCC order says so directly. If someone has to opt into robocalls just to buy your product, that consent is dead on arrival. [9]

So the checklist before a single call goes out looks like this: specific disclosure, seller named, phone number confirmed, signature captured, nothing required in exchange. All five, or you do not have express written consent.

Why does this matter before first contact specifically?

'Prior' is the whole game. The consent has to exist before the call or text happens. No grace period. No 'we'll get consent later.' No 'they gave us their number, so they must be fine with it.' [1]

The number alone means nothing. Courts keep rejecting the argument that someone who typed a phone number into a form for one reason (a product question, say) somehow agreed to autodialed marketing. That line of reasoning traces back to the FCC's 2012 order, and plaintiff attorneys know it cold. The credit one tcpa settlement and the cash app tcpa class action settlement both show what happens when big call volumes go out without airtight prior-consent records.

Cold calling is harder still. With zero prior relationship, you cannot autodial a cell phone for marketing on consent you did not collect first. Full stop. Your only outs are to dial manually with genuine human initiation (no predictive or autodialed sequencing), or to stick to landlines under the business relationship exception, which the FCC narrowed hard in 2012. [9]

That is why the consent has to live inside your lead-generation flow, captured before your outbound team ever sees a number. It is the only architecture that holds up at scale.

The FCC's 2012 order lists them. A valid prior express written consent for an autodialed telemarketing call has to include every one of these.

ElementWhat it requires
Clear and conspicuous disclosureThe consumer sees and understands they are agreeing to autodialed/prerecorded calls
Caller identifiedThe specific seller (or named affiliates) who will call is disclosed
Telephone number providedThe consumer gives the number to be called
SignatureWritten or electronic, under E-SIGN
Not a purchase conditionAgreeing to calls cannot be required to complete a transaction

'Clear and conspicuous' is not fine print stuffed at the bottom of a form. Courts and the FCC both ask whether a reasonable consumer would actually notice and understand what they agreed to. Font size, placement, and plain language all matter. [9]

The FCC's 2024 one-to-one consent rule, effective January 2025, stacked on another layer. You can no longer collect consent for multiple sellers through a single checkbox. Each seller who will contact the consumer has to be named and consented to individually. [4] That killed the consent-farm model, where one lead-gen landing page claimed to grant consent to dozens of buyers at once.

Buying leads from a third party? This is your exposure point. You have to be named on the consent form the lead actually saw, and you have to be able to prove it.

TCPA autodialed call violations: key numbers Statutory damages, enforcement, and rule timeline under 47 U.S.C. § 227 and FCC orders 500 $500 per call 1,500 $1,500 per call (willful) 6M $6M FCC forfeiture (2024) 2,025 Jan 27, 2025: one-to-one rule effective Source: 47 U.S.C. § 227 [1]; FCC 2024 Enforcement [6]; FCC 23-107 [4]

The mechanics are simple. The details are where companies blow it. Here is what a compliant web form capture looks like in practice.

The opt-in language sits directly above or next to the submit button, in a font at least as large as the surrounding text. A typical disclosure reads something like: 'By submitting this form, you agree that [Company Name] may contact you at the phone number above using an automated telephone dialing system or prerecorded voice, even if the number is on a national or state Do Not Call registry. This consent is not required to make a purchase.' [9]

Drop the pre-checked box. The FCC's 2012 order and later guidance are openly skeptical that a pre-checked box shows genuine affirmative consent. The clean move is an unchecked box the user actively clicks, kept separate from the form submission itself. [9]

Log everything. Your record should capture the timestamp, the IP address, the exact form language shown, the phone number entered, and whether the box was checked before the submit click. This is your defense exhibit if a claim ever lands.

Under the 2025 one-to-one rule, if you collect leads and sell them to multiple buyers, name every buyer. A generic 'marketing partners' line is no longer enough. [4]

SMS adds its own layer. The CTIA and the carriers want keyword handling (STOP, HELP), message-frequency disclosure, and carrier identification. Those requirements sit on top of TCPA, not in place of it. The text message marketing rules follow the same written-consent standard. [10]

Yes, with caveats. A text reply can count as a written signature under the E-SIGN Act if you build the flow right. The common approach is a double opt-in: you send an initial message (which itself has to comply with TCPA if that first send needed prior consent), the consumer replies with a keyword like YES, and you log that reply as written consent for future autodialed contact. [3]

A phone call cannot cleanly generate written consent for future autodialed calls to that same person. Think about the loop. If you call someone to ask permission to call them, the call you are making is the exact call you needed permission for. Oral consent works for informational calls. It does not work for marketing calls placed with an autodialer or prerecorded voice. [1][9]

One scenario breaks the loop. If the first call goes out through a live agent dialing manually (no autodialer) and it is not telemarketing, and the consumer then signs a written consent afterward by email or text, you have valid consent for future autodialed marketing. Some teams run this 'live agent first, consent second' workflow for cold outreach to cell phones.

For the manual-versus-autodialed line, the cold calling and cold call guides walk through the autodialer definition in more detail.

Does an existing business relationship replace express written consent?

No. The FCC's 2012 order eliminated the established business relationship (EBR) exception for autodialed or prerecorded telemarketing calls to cell phones. Before 2012, an EBR could stand in for prior express consent. That door is shut. [9]

EBR still matters in one narrow spot: prerecorded telemarketing calls to residential landlines. That category is small and shrinking. For cell phones, where almost all contested TCPA litigation lives, no relationship, however deep, removes the need for prior express written consent for autodialed marketing. [1]

This burns companies trying to re-engage old customers. You sold someone something two years ago and now you want to autodial them about a new offer. You need written consent for that, even though they bought from you willingly. The old transaction does not carry consent forward.

The one clean path: an express written consent already on file from a prior transaction that has not been revoked. But 'on file' means documented, retrievable, timestamped. 'We think they probably agreed' is not on file.

Buying leads is where TCPA liability moves from the lead generator onto you, and courts have not been kind to buyers pleading ignorance. The FCC's 2023 order and the 2025 one-to-one rule together make third-party consent stricter than ever. [4]

Under the 2025 rule, the lead's consent form has to name you specifically. A blanket line granting consent to 'up to 100 marketing partners' or 'companies in our network' is not valid for any single buyer. Your company name, or a named affiliate list you control, has to appear on the form the consumer saw at the moment of consent. [4]

Practically, you have two options. Run your own lead generation where you own the form and the language. Or contract with vendors who will put your name on their consent forms and hand you consent records with timestamp, IP, form version, and the exact disclosure text.

Before dialing any purchased list, you should be able to answer yes to all of these. Was our company named on the form? Can we see the exact consent language? Do we have the timestamp and IP? Was the number on the form the number we are calling? Has the consumer revoked since then?

Run any purchased list against the do not call list and any applicable state registries before you dial. Consent and DNC scrubbing are separate jobs. Consent lets you autodial. DNC registration tells you whether you can call at all. The mobile phone do not call list covers the cell phone DNC landscape. [11]

The FCC's 2015 Declaratory Ruling confirmed that consumers can revoke consent at any time through any reasonable means. [5] 'Any reasonable means' is broad. Telling your agent 'don't call me again' revokes it. Replying STOP to a text revokes it. An email asking to be removed revokes it. Even a public post saying they want you to stop, if you see it, can build a revocation argument.

So your agents have to log revocation requests in real time, and that log has to feed your dialer suppression list fast. The FCC has not fixed an hour-count for processing revocations, but courts have found that calling someone back the same day they revoked is indefensible.

For SMS, both the TCPA rules and CTIA guidelines want STOP requests honored quickly. Industry practice is immediate suppression on receipt. One extra marketing text after a STOP is a separate TCPA violation, each carrying $500 to $1,500 in exposure. [1][10]

Keep opt-out records at least as long as you are marketing to anyone on the list the opt-out came from. TCPA's limitations period runs four years, so your opt-out records should reach back at least that far.

What are the penalties if you make autodialed calls without proper consent?

Statutory damages under 47 U.S.C. § 227(b)(3) run $500 per violation for negligent violations and $1,500 per violation for willful or knowing ones. [1] A violation is generally each call or text. Send 10,000 texts without consent and you are staring at $5 million to $15 million in statutory damages before any class multiplier.

TCPA cases get certified as class actions more often than almost anything in federal court. The class is easy to define (everyone you called off the same list) and damages are fixed by statute, so there is little individual inquiry. The tcpa article breaks down how certification works.

The FCC also issues its own forfeitures, and the numbers get large fast. The agency's 2024 enforcement actions against unwanted calls and texts included multimillion-dollar proposed forfeitures against individual robocall operations. [6]

State attorneys general have independent authority under 47 U.S.C. § 227(g) to bring TCPA suits for their residents, and several state laws (Florida, Texas, Washington, Oklahoma) pile additional per-call damages on top of federal exposure. [7][12]

The math punishes small teams. A team placing 500 autodialed calls a day to a list without proper consent, for one week, hits 3,500 potential violations. At $500 each, that is $1.75 million in exposure before the plaintiff's attorney fees show up.

Documentation is the line between winning and settling. Most TCPA defendants who settle do it not because they lacked consent but because they could not prove they had it.

At minimum, your consent records need the consumer's name, the phone number they consented to, the date and time of consent, the source (which form, landing page, or interaction), the exact disclosure language they saw, their IP address if collected online, and whether the opt-in was affirmative or pre-checked. [9]

Store these in a system that is immutable or at least audit-logged. If someone tries to delete a record after a suit is filed, there has to be a trail. A spreadsheet anyone can edit is a discovery problem waiting to happen.

Link the records straight to your dialer or CRM so you can pull up, for any number you called, the exact consent event that authorized it. 'We have a general process for getting consent' is not a defense. 'Here is the timestamped record showing Jane Smith consented at 2:14 PM on March 3, 2025, using form version 12B, plus a screenshot of that form' is a defense.

LeadCompliant's free compliance kit includes a consent record template and a pre-call checklist built around these requirements, if you want a starting point instead of building from scratch.

Retention: keep consent records at least four years from the last call to that number, matching the TCPA limitations period. Some practitioners keep them longer given how discovery timelines stretch.

Are there any exemptions where you don't need express written consent?

A few narrow ones exist, and teams misapply them constantly, so read closely.

The biggest is purely informational, non-marketing calls. Calling a customer about a transaction they started, a fraud alert, a delivery confirmation, or a public safety message may fall outside the marketing-consent requirement, though you still need prior express consent (the lower oral standard) for autodialed informational calls to cell phones. [1][9] The instant the call slips in promotional content, that exemption evaporates.

Marketing calls to landlines from sellers with an established business relationship are treated differently from cell phone calls, though that distinction shrinks every year as landlines die off.

Truly manual dialing (a human presses a button to start each individual call, no predictive or automatic sequencing) to cell phones for marketing does not require written consent under the TCPA. The consent trigger is the automatic telephone dialing system (ATDS) element. But the ATDS definition has been litigated to death. The Supreme Court's 2021 decision in Facebook v. Duguid narrowed it, holding that a device qualifies only if it uses 'a random or sequential number generator' to store or produce numbers. Not every predictive dialer escapes. [8]

Government calls, emergency calls, and calls by or for political organizations get separate treatment. If you sit in one of those buckets, run a separate analysis.

The FCC's December 2023 order, effective January 27, 2025, rewired how prior express written consent works in lead generation. [4] It added two requirements that did not exist before.

First, consent has to be one-to-one. Each seller who will contact the consumer is named and consented to individually. No consent for 'affiliated partners' or a 'network of companies.' The consumer sees your name.

Second, the consent has to be 'logically and topically associated' with the website or interaction where it was collected. Someone shopping for auto insurance cannot be signed up for calls from a home security company through that same form. The FCC's order ties the consent to the company whose website the consumer is actually visiting. [4]

The practical effect: the bulk lead-gen industry, built on capturing one consent and reselling it to dozens of buyers, has to rebuild. For direct marketers the news is mostly good. Your leads should be more exclusive and more genuinely consented. But verify that your vendors actually comply with the new rule before you dial.

Courts and the FCC are still working through the enforcement mechanics. Nobody has clean answers on every edge case yet. The safe posture is your own name on the consent form, full stop.

Frequently asked questions

The TCPA sets no hard expiration on consent. But consent can be revoked anytime, and very old records may be challenged on the grounds that the consumer's expectations changed or the disclosure no longer describes your practices. Most compliance practitioners treat consent as stale after 18 to 24 months and re-obtain it for dormant contacts. Courts have not settled on a fixed timeframe.

Oral consent satisfies the TCPA for informational autodialed calls, not for autodialed marketing calls. Marketing calls need prior express written consent, meaning the writing has to exist before the call. A verbal agreement followed by a written confirmation works only if your marketing calls come after the written consent is signed. The record cannot be backdated or applied retroactively.

Express consent (oral or written) covers non-marketing autodialed calls to cell phones. Express written consent is the higher standard for autodialed or prerecorded marketing calls to cell phones. The FCC's 2012 order created this two-tier system. Getting the lower standard when you needed the higher one is a common source of TCPA exposure for marketing teams.

Does a consumer giving me their cell number on a contact form count as consent?

No. Providing a phone number is not the same as consenting to autodialed marketing calls at that number. Courts have rejected this argument consistently. Consent requires an explicit disclosure that autodialed calls will be made and an affirmative agreement to receive them. Filling a number field with no consent disclosure does not meet the TCPA standard.

If you use a true manual dialer where a human individually starts each call with no automation, the TCPA's autodialer prohibition does not technically apply. But 'manual' has a narrow legal meaning. Predictive dialers, progressive dialers, and click-to-call systems that automatically sequence through lists may still qualify as ATDSs. The Supreme Court's 2021 Facebook v. Duguid decision narrowed the ATDS definition but did not erase it.

You can rely on third-party consent only if you were specifically named on the form the consumer saw, the consent met the FCC's 2025 one-to-one rule, and you can produce the record in discovery. If any of those are missing, you may be liable for calls to that number. 'We bought the lead in good faith' has generally not worked as a TCPA defense.

TCPA covers both autodialed calls and texts to cell phones. A single form can cover both, but the disclosure has to mention both channels. If your form says 'calls' only and you then send marketing texts, your text consent is arguably invalid. Be explicit: list both 'calls' and 'text messages' in your disclosure.

The FCC has not set a specific hour limit, but its 2015 ruling says revocation must be honored promptly. Industry practice and most compliance guidance treat same business day as the floor, with real-time suppression as the standard for text opt-outs. Calling someone back the same day they told you to stop is very hard to defend.

Your consent record should include the consumer's name, the phone number, the date and time of consent, the source URL or interaction, the exact disclosure text they saw, their IP address if web-based, and confirmation the opt-in was affirmative. Store these in an immutable or audit-logged system and link them to your CRM so you can retrieve the record for any specific call you made.

Does the FCC's 2025 one-to-one rule affect my existing lead lists?

The one-to-one rule took effect January 27, 2025, and applies to new consent collected from that date forward. Consent collected earlier under the old rules may still be valid for calls to those consumers, but if you are refreshing or expanding lists, new consent has to meet the stricter standard. Consult a TCPA attorney about your specific legacy list situation.

Are there state laws that add requirements on top of TCPA for autodialed calls?

Yes. Florida's FTSA, Washington's CEMA, Texas's Business and Commerce Code, and Oklahoma's Telephone Solicitation Act all add state-level requirements that can be stricter than federal TCPA rules. Some impose higher per-call damages or broader ATDS definitions. If you call consumers in these states, you have to comply with both federal and state rules, and the stricter one controls.

What is the safest way to structure a lead generation landing page for TCPA compliance?

Put the consent disclosure directly above or next to the submit button in readable font. Use an unchecked checkbox requiring affirmative action. Name every seller who will contact the consumer (per the 2025 one-to-one rule). State explicitly that an autodialer or prerecorded voice may be used. Say consent is not required to purchase. Log the timestamp, IP, form version, and exact disclosure text for every submission.

Potentially. If you materially expand your marketing practices, call frequency, or the products you promote well beyond what your consent form described, a court could find the original consent no longer covers the new conduct. Your form should describe your practices broadly enough to cover foreseeable future uses, yet specific enough to stay clear and conspicuous to the consumer.

What is the risk of using a pre-checked checkbox for TCPA consent?

High. The FCC has expressed skepticism about pre-checked boxes as genuine affirmative consent, since the consumer never actively chose to opt in. Courts have found pre-checked boxes insufficient in multiple cases. The safe practice is an unchecked box requiring an active click. If you currently use pre-checked boxes for consent to autodialed marketing, that is a meaningful compliance gap.

Sources

  1. Cornell Legal Information Institute, 47 U.S.C. § 227 (TCPA statute text): Statutory basis for $500/$1,500 per-violation damages and the prohibition on autodialed calls to cell phones without prior express consent
  2. Cornell Legal Information Institute, 47 U.S.C. § 227(b)(3), private right of action and damages: $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations
  3. Cornell Legal Information Institute, E-SIGN Act, 15 U.S.C. § 7001: Electronic signatures satisfy the written consent requirement under the E-SIGN Act
  4. Cornell Legal Information Institute, 47 U.S.C. § 227(g), state attorney general enforcement authority: State attorneys general have independent authority to bring TCPA suits on behalf of state residents
  5. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Narrowed the definition of ATDS: a device must use a random or sequential number generator to store or produce numbers to qualify; manually maintained lists may fall outside the definition
  6. Electronic Code of Federal Regulations, 47 C.F.R. § 64.1200 (TCPA implementing regulations): Regulatory definition of prior express written consent, its required elements, and the prohibition on consent as a purchase condition
  7. FTC, Federal Trade Commission homepage (Telemarketing Sales Rule): FTC Telemarketing Sales Rule runs parallel to TCPA for telemarketing practices including consent and DNC requirements
  8. Florida Senate, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida's FTSA adds state-level autodialer restrictions and damages that can exceed federal TCPA standards

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit