TCPA 1:1 consent: what it means and how to comply

TCPA 1:1 consent took effect Jan 27, 2025. Learn exactly what the FCC rule requires, who it affects, and how to avoid costly TCPA lawsuits.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-10

Person reviewing compliance forms at a desk, representing TCPA 1:1 consent requirements
Person reviewing compliance forms at a desk, representing TCPA 1:1 consent requirements

TL;DR

The FCC's 1:1 consent rule, effective January 27, 2025, requires that any written consent for autodialed or prerecorded calls and texts be tied to one seller at a time. A consumer checking a box that covers dozens of marketing partners no longer satisfies the TCPA. Each company contacting a consumer must obtain its own separate express written consent before dialing or texting.

TCPA 1:1 consent is the informal name for an FCC rule that closed what regulators called the "lead generator loophole." Before January 27, 2025, a consumer could fill out a single web form, check one pre-written box, and unknowingly authorize dozens of companies to call or text them with autodialing equipment or prerecorded messages. The 1:1 rule ended that.

Under the amended rule, written consent has to name one specifically identified seller. The consumer must agree to receive calls or texts from that seller by name, not from a generic pool of "marketing partners" or "affiliated companies." If your company was not named in the consent language the consumer actually saw and agreed to, you cannot legally reach them with regulated technology. Full stop.

The legal foundation is 47 U.S.C. § 227, the Telephone Consumer Protection Act [1]. The FCC's authority to tighten the consent standard comes straight from that statute. The specific 1:1 rule was adopted in the FCC's December 2023 Report and Order (FCC 23-107) [2], with compliance required starting January 27, 2025.

This is not a minor clarification. It rewrites how lead generation works at a structural level.

What changed on January 27, 2025?

Before the rule changed, TCPA consent for telemarketing could be bundled. One disclosure block might read "I agree to be contacted by this site and its marketing partners." Courts and the FCC tolerated that structure for years, even as plaintiffs' lawyers argued it produced consent consumers never truly gave.

The December 2023 order rejected the bundled model. Covered consent now has to name one seller, and the relationship between the consumer's consent and that seller must be "logically and topically associated" with the page or service the consumer is actually using [2]. Both requirements matter.

Logical and topical association is the second change, and it gets less attention. If a consumer fills out a mortgage refinance quote form, that form cannot carry consent language authorizing a solar panel company to call them. The product the consumer is engaging with has to match the type of call they're agreeing to receive.

So starting January 27, 2025, every outbound sales team using leads from third-party web forms had a choice. Confirm each lead came with valid 1:1 consent naming them specifically, or stop using those leads for autodialed calls and texts until they could. Many teams were not ready.

The rule applies to any person or company making telemarketing calls or sending telemarketing texts using an automatic telephone dialing system (ATDS) or a prerecorded voice [1]. That covers a broad operational footprint.

Run a sales floor that dials leads from a power dialer, a predictive dialer, or any system that stores and dials numbers automatically? You're in scope. Send promotional SMS or MMS through a platform? In scope. Buy leads that come with consent documentation? That consent now has to name your company specifically to be usable at all.

Sole proprietors calling manually on a smartphone, by themselves, with no automation, sit generally outside the ATDS definition, though that definition has been fought over in court for years [3]. If you're not sure whether your dialing equipment qualifies as an ATDS, that's a real legal question worth asking a TCPA attorney. Don't guess. Per-call statutory damages run $500 to $1,500 [1], and the math gets ugly fast.

Insurance agents, solar companies, home services outfits, financial services firms, and real estate teams show up most often in post-2025 TCPA litigation, because they historically leaned on shared lead pools. But the rule is industry-neutral. Nobody is exempt because of what they sell.

TCPA 1:1 consent: key numbers to know Thresholds, deadlines, and damages under the 2025 rules 500 $500 per call/text (base TCPA damages) 1,500 $1,500 per call/text (willf… violations) Source: 47 U.S.C. § 227; FCC 23-107 (2023); 28 U.S.C. § 1658

Valid 1:1 consent has to name your company, disclose the automated technology, state that consent is not a condition of purchase, and capture an affirmative action from the consumer. The FCC's rule requires that prior express written consent include a clear and conspicuous disclosure that the consumer agrees to receive autodialed or prerecorded calls or texts from a specific seller [2].

Compliant language for your company might read: "By clicking Submit, I agree that [Your Company Name] may contact me at the phone number above using automated technology, including autodialed calls and text messages, about [product/service]. I understand that consent is not required to make a purchase."

Every word in that structure is doing work. The company name has to be there. The technology type (automated, autodialed, prerecorded) has to be disclosed. The "not required to purchase" line has to be there. And the consumer has to take an affirmative action, like clicking a checkbox or a button, that shows agreement. Pre-checked boxes do not clear the affirmative action bar under FTC consent guidance [10].

The topical association requirement means form context matters too. The consent should sit on or directly next to the form the consumer is filling out, and the product category should match. A disclosure buried in a privacy policy or terms of service page, away from the point of data collection, is legally risky.

Keep records. If you're ever challenged, you need to produce the consent evidence: the exact language the consumer saw, the date and time, the IP address, and the phone number entered.

This is where small outbound teams feel the rule most sharply. The traditional co-registration model, where one consumer fills out one form and that data gets sold to five, ten, or twenty buyers at once, is incompatible with the 1:1 rule as written.

Buy leads from a third-party generator? Ask three specific questions before you use those leads for automated outreach. Was your company named in the consent disclosure the consumer saw? Was the consent gathered on a page topically related to what you sell? Can the vendor produce a timestamped record of the exact consent language shown to that specific consumer?

If the answer to any of those is "no" or "we're not sure," you have a problem. Using leads with defective consent exposes you to per-call TCPA liability. Class actions built on shared-lead consent failures have produced multi-million dollar settlements for reasons that look a lot like what the 1:1 rule is now trying to prevent structurally.

Some lead generators moved fast to build individual seller consent into their forms, running separate consent flows for each buyer in the network. That works if it's implemented correctly. Others use real-time verification tools that ping each seller's consent endpoint at the moment of form submission. Both approaches can be compliant. The thing that saves you is documentation.

For text message marketing, the consent stakes are the same whether the message is an SMS or an MMS. Plenty of teams learned this the hard way before 2025, and those lessons bite harder now.

The TCPA's base statutory damages are $500 per violation, which in practice usually means $500 per call or text [1]. If a court finds the violation was willful or knowing, that figure triples to $1,500 per call or text. There's no damages cap, so a class of a few thousand consumers can produce a liability number in the millions before you add attorney's fees.

The FCC can also pursue its own enforcement actions. State attorneys general have authority to bring TCPA claims on behalf of residents, and many states have layered their own laws on top of the federal baseline [5].

Recent settlements give you a sense of real exposure. UnitedHealthcare paid $2.5 million to resolve TCPA allegations. Truist Bank settled a class action over similar automated contact claims. These aren't outlier numbers for mid-sized companies. The per-message math escalates fast once you pair a large call or text volume with a consent defect.

The consent defect doesn't have to be intentional to cost you. Courts have generally held that good-faith reliance on a lead vendor's representations about consent is not a complete defense, though it may soften settlement talks. The safer position is to verify consent provenance yourself instead of trusting a vendor's assurance.

For teams watching TCPA news closely, plaintiff-side attorneys have already cited the 1:1 rule in post-January 2025 demand letters, using the new standard to argue pre-rule consent practices were defective all along.

Start with your own web properties. If you have any form that collects a phone number and feeds outbound automated contact, audit its consent language today. The disclosure should be visible, not buried. It should name your company specifically, describe the technology type, and include the "not a condition of purchase" line. The consumer has to take an affirmative action to agree.

For leads you buy, write a vendor checklist. Ask for a sample of the exact disclosure shown at data collection, confirmation your company name was included, the topical category of the page where consent was gathered, and the vendor's record retention policy for consent evidence. If a vendor can't give clear answers, treat those leads as non-compliant. Suppress them from automated outreach or run a separate opt-in before calling.

Many compliance teams add a verification step before first contact. For new leads, a brief manual call or a single non-automated outreach to confirm interest, before switching to automated follow-up, creates an additional documented interaction. This doesn't replace valid initial consent. It builds a paper trail on top of it.

LeadCompliant's free TCPA compliance kit includes consent language templates and a vendor due-diligence checklist built around the 1:1 rule, if you want a starting framework instead of building from scratch.

Bake record retention into your process now, not after a demand letter lands. Store consent timestamps, IP addresses, form versions, and the exact language shown for at least four years, which covers the longest TCPA limitations period courts have applied [4].

Does the 1:1 rule apply to text messages the same way it applies to calls?

Yes. The TCPA's consent requirements apply equally to autodialed or prerecorded calls and to text messages sent through automated systems [1]. The FCC has treated texts as calls under the statute since its 2003 and 2012 rulings [6], and the 1:1 consent rule applies to both channels identically.

This matters operationally. Many teams use different platforms for calls versus texts and run different consent workflows for each. If your SMS platform sends promotional messages, those messages need the same 1:1 prior express written consent as an autodialed phone call. No shortcut for texts.

For text messaging marketing programs, the topical association requirement adds another layer. A consumer who signed up for shipping notifications did not thereby consent to promotional SMS about unrelated products. The consent scope has to match the message type.

So audit your SMS subscriber lists under the same framework you use for your call lists. Any subscriber added through a co-registration form before January 27, 2025 under a bundled arrangement may need a fresh 1:1 compliant opt-in before you send further automated promotional messages.

Is there a grandfather clause for leads collected before January 27, 2025?

No. The FCC did not include a formal grandfather provision in FCC 23-107 [2]. Industry lobbied hard for one, and the FCC acknowledged the transition challenge, but the rule as adopted requires compliant consent with no explicit safe harbor for pre-existing lead inventories.

The open question is how courts will treat pre-rule leads going forward. Some TCPA defense attorneys argue that consent obtained in good faith under the prior framework should be judged against the standards in place when it was collected, not measured retroactively against the 1:1 rule. That argument may hold up, but it hasn't been tested much in post-January 2025 cases yet.

The conservative approach, and the one most compliance counsel recommend, is to treat any lead collected under a bundled consent flow as unverified for 1:1 purposes. Run a re-consent campaign before making automated contact, or suppress those leads from autodialed and prerecorded outreach. The litigation risk of using old leads without re-consent is real and measurable. The cost of a re-consent campaign is annoying but finite.

Got a big database of pre-2025 leads? Prioritize them for manual (human-initiated, non-ATDS) outreach while you run re-consent flows. That keeps some revenue alive without triggering the same consent liability.

What is the "logically and topically associated" requirement?

This phrase comes straight from FCC 23-107 [2], and it's the part of the 1:1 rule that gets underexplained. The FCC demanded more than consent that names one seller. The consent also has to be "logically and topically associated" with the website or form where the consumer handed over their information.

In plain terms: the product marketed through the call or text has to make sense given where the consumer gave their number. Someone filling out a form for a free credit report quote can reasonably expect to hear from credit-related services. They have no reasonable expectation of a call from a gym equipment company because the consent page hid a third-party seller list.

The FCC used a comparison shopping site as its example. A consumer visits an auto insurance comparison site and fills out a form. Consent to be contacted by auto insurers listed there is logically associated with the transaction. Consent to be contacted by home security companies, bundled into the seller list by someone hoping nobody would notice, is not.

For your own forms, document the topical category of each consent flow. For purchased leads, ask what product vertical the originating form served. If you're a solar company buying leads from a form that was mostly mortgage-focused, that's a topical mismatch you have to resolve before you dial.

This prong is going to generate a lot of litigation over what "logically and topically associated" means at the edges. Watch for FCC guidance and early court decisions on it.

Courts weighing TCPA consent disputes ask a few core questions. Did the consumer actually see the disclosure? Did they take an affirmative action to agree? Was the disclosing company specifically named? And can the defendant prove all of it with contemporaneous records?

The burden of proving consent generally falls on the caller, not the plaintiff [3]. So if you get sued and can't produce the consent record, you're in a hard spot even if you're sure the consumer agreed. Documentation isn't housekeeping. It's your defense.

Cases like Snyder v. Credit One Bank show how courts pick apart the details of consent language and whether the specific disclosures given actually authorized the contacts at issue. The pattern across TCPA case law is consistent: vague or generic consent fails, while specific, named, documented consent survives. The Eleventh Circuit's ruling in Cordoba v. DIRECTV is one example of a court parsing exactly who was named in a consent disclosure [12].

Post-January 2025, expect courts to use the 1:1 standard as the interpretive baseline when weighing whether consent was adequate. Plaintiffs' attorneys will cite FCC 23-107 directly in complaints. Judges already tracking the evolution of the consent requirement will likely treat the new standard as persuasive even where the underlying conduct predates the rule.

The Albertsons/Safeway TCPA settlement and similar corporate actions make the point. No company is too small to get a demand letter, and none is too large to face a class.

What should you do right now if you're not sure you're compliant?

Start with an honest audit of your lead sources. Map every channel feeding your outbound dialing or SMS program and ask where the consent came from for each one. For each source, decide whether the consent names your company specifically and whether the form context is topically appropriate.

Pause any source where you can't answer those questions with confidence. Pausing a lead source for two weeks while you verify documentation has a real revenue cost, but it's recoverable. A TCPA class action is not.

Then look at your technology stack. If you run a predictive dialer, a power dialer, or a third-party SMS platform, confirm the vendor logs consent data at the contact level. Some platforms built consent verification into the workflow. Others make you manage it externally.

If you buy leads, add contract language with your vendors that creates a warranty and indemnification around consent compliance. When a vendor refuses to sign a consent warranty, that refusal tells you plenty about the quality of their consent practices.

LeadCompliant also offers free tools to check phone numbers against the national DNC registry and to verify basic compliance hygiene, a useful starting point before you tackle the harder 1:1 consent documentation work. The FTC's Telemarketing Sales Rule sets the DNC framework those tools check against [9].

Get familiar with your state's laws. California, Florida, Oklahoma, and Washington all have state-level restrictions that stack on top of the TCPA [5]. The 1:1 federal rule is the floor, not the ceiling.

Frequently asked questions

The FCC adopted the 1:1 consent rule in its December 2023 Report and Order (FCC 23-107). The compliance deadline was January 27, 2025. Any company making autodialed or prerecorded calls or texts for telemarketing purposes was required to have 1:1 compliant consent processes in place by that date.

Can I still use leads I bought before January 27, 2025?

The FCC did not create a formal grandfather clause. The conservative position is to treat pre-rule leads collected under bundled consent flows as unverified for 1:1 purposes and either run a re-consent campaign or restrict those leads to non-automated outreach. Some defense attorneys argue prior-law good faith may be relevant in litigation, but that argument is untested post-2025.

Lead generators can no longer sell a single consent to multiple buyers at once. Each buyer in their network must be named in the consent disclosure the consumer sees, or the consent does not cover that buyer. Generators are adapting by running separate consent flows per buyer, by using real-time consent APIs, or by limiting how many buyers can be named on a single form to a manageable number.

Does the 1:1 rule apply to B2B calls?

TCPA consent requirements turn on the type of technology used and whether the number reached is a residential or mobile phone, not strictly on whether the call is B2B. Calls to mobile phones of business contacts using an ATDS generally require consent under the TCPA regardless of the business context. B2B calls to landline business numbers have more flexibility, but mobile is the risk area.

What counts as an automatic telephone dialing system (ATDS) under the TCPA?

The Supreme Court's 2021 Facebook v. Duguid decision narrowed the ATDS definition to systems that use a random or sequential number generator to store or produce phone numbers to be called. Systems that simply dial from a stored list without random or sequential generation may not qualify, though the practical boundaries remain contested in courts.

The TCPA has a four-year federal statute of limitations under 28 U.S.C. § 1658, though some state TCPA analogs run on different periods. The practical standard most compliance teams use is retaining consent records, including the specific language shown, timestamp, IP address, and phone number, for at least four years from the date of collection.

Yes. The FCC has long held that consumers can revoke consent at any time through any reasonable means. The 2024 FCC revocation rules (effective April 2025) require companies to honor revocation requests within 10 business days and restrict them from sending more than one additional confirmation message after a stop request is received.

Ringless voicemails, sometimes called "ringless drops" or "direct-to-voicemail" messages, are an area of ongoing FCC debate. The FCC proposed in 2022 to classify them as calls under the TCPA. No final rule had issued as of mid-2025, but several courts have held that ringless voicemails fall under TCPA prerecorded message rules, meaning 1:1 consent standards would apply if that view prevails.

What is the penalty for each TCPA violation in 2025?

The TCPA sets statutory damages at $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations. Each call or text is typically treated as one violation. There is no per-plaintiff cap, so class actions involving thousands of contacts can produce liability in the millions. The FCC can also impose separate civil forfeitures.

Old bundled consent let a single form authorize contact from unrelated companies across different product categories. Logically and topically associated consent requires the marketing subject matter to match the context of the form. A mortgage form can carry consent for mortgage-related contacts. It cannot carry consent for solar, insurance, or gym memberships without a topical relationship to the consumer's activity.

The TCPA treats texts as calls, so legally the same prior express written consent covers both if the disclosure language includes both communication types. Still, your consent language should explicitly mention texts and calls (or automated messages generally) to kill any ambiguity. If your disclosure only mentions phone calls, a court may not extend that consent to cover SMS messages.

What is the topical association requirement for comparison shopping sites?

The FCC specifically addressed comparison shopping sites in FCC 23-107. A consumer using an auto insurance comparison site can be shown consent for auto insurers listed there, because contact from those insurers is logically associated with the consumer's activity. But that same form cannot carry consent for unrelated sellers from other verticals without violating the topical association requirement.

Verbal consent can satisfy the standard for informational or non-telemarketing calls, but telemarketing calls and texts using an ATDS or prerecorded voice require prior express written consent under the TCPA. Verbal consent recorded during a live call does not meet the written consent requirement for future automated telemarketing contact. Written or electronic consent, with a signature or affirmative click, is required.

Sources

  1. U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA statutory damages are $500 per violation, trebled to $1,500 for willful violations; applies to ATDS calls and texts
  2. FCC, Report and Order FCC 23-107, December 2023 (closing the lead generator loophole): FCC 1:1 consent rule adopted December 2023, effective January 27, 2025; requires consent logically and topically associated with the originating website
  3. Supreme Court of the United States, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Narrows ATDS definition to systems using random or sequential number generators; burden of proving consent in TCPA cases generally falls on the defendant
  4. U.S. Code, 28 U.S.C. § 1658, General federal statute of limitations: Four-year federal statute of limitations applies to TCPA claims brought under 47 U.S.C. § 227
  5. National Conference of State Legislatures, State Telemarketing Laws: Multiple states including California, Florida, Oklahoma, and Washington have telemarketing laws that stack additional requirements on top of federal TCPA requirements
  6. FCC, 2012 TCPA Order, CG Docket No. 02-278: FCC has treated text messages as calls under TCPA since its 2003 and 2012 rulings, requiring the same consent standards
  7. Federal Trade Commission, Telemarketing Sales Rule, 16 CFR Part 310: FTC Telemarketing Sales Rule establishes Do Not Call registry requirements that operate alongside TCPA consent requirements for outbound telemarketing
  8. Federal Trade Commission, business guidance on affirmative consent and pre-checked boxes: Consent obtained through pre-checked boxes does not satisfy the affirmative action standard required under telemarketing consent rules
  9. Federal Communications Commission, robocall and unwanted-call consumer resources: Consumer harm from unwanted telemarketing contacts is documented in the FCC record supporting the 1:1 consent rule
  10. U.S. Court of Appeals, Eleventh Circuit, Cordoba v. DIRECTV LLC, 942 F.3d 1259 (2019): Court examined specificity of consent disclosures in a TCPA class action; illustrates how courts review whether named parties in consent language were actually disclosed to consumers

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit