TCPA consent language that actually holds up in court (2024)

Exact TCPA consent language requirements for 2024, including the FCC's new one-to-one consent rule taking effect Jan 27, 2025. What to write, what fails, what courts reject.

LeadCompliant Team
26 min read
In This Article

Last updated 2026-07-10

Hand about to check a consent checkbox on a paper form in natural light
Hand about to check a consent checkbox on a paper form in natural light

TL;DR

Valid TCPA consent for autodialed or prerecorded calls and texts to cell phones requires a clear, written disclosure naming the specific seller, describing the autodialer or prerecorded message technology, and stating that consent is not a condition of purchase. Starting January 27, 2025, one consent form cannot cover multiple sellers. Courts reject vague, bundled, or buried disclosures every time.

TCPA consent for a marketing call or text to a cell phone has to be written, name the specific company doing the contacting, describe the autodialer or prerecorded voice tech, and state that consent is not a condition of buying anything. Miss any one of those and courts treat the consent as defective.

The Telephone Consumer Protection Act, 47 U.S.C. § 227, bans autodialed or prerecorded calls and texts to cell phones without "prior express written consent" when the contact is telemarketing or advertising. [1] That phrase is a defined term, not a mood. The FCC's rules at 47 C.F.R. § 64.1200 spell out exactly what has to appear in a consent disclosure for it to count. [2]

Written consent for telemarketing has to include four things:

1. A clear and conspicuous disclosure that the person is authorizing calls or texts made using an automatic telephone dialing system or an artificial or prerecorded voice. 2. The name of the specific company that will do the calling or texting. 3. A phone number or other contact for that company. 4. An explicit acknowledgment that consent is not required as a condition of buying anything.

That last point trips up a lot of teams.

If your form says "by submitting this form you agree to our terms" and the marketing consent lives inside those terms, courts have repeatedly killed that setup for failing the "clear and conspicuous" test. The FCC's 2012 omnibus TCPA order made the "not a condition of purchase" language mandatory, not a nice-to-have. [10]

Courts also look at whether the consumer actually saw and agreed to the disclosure. A pre-checked box, a link to a terms page that hides the disclosure three screens down, a consent paragraph in 6-point font below the submit button: all of these have lost in litigation. "Clear and conspicuous" means the average person reading the form notices it without hunting for it.

The biggest TCPA shift in years is the FCC's December 2023 Report and Order, FCC 23-107, which closed what the Commission called the "lead generator loophole." [3] Starting January 27, 2025, one consent form can name only one seller. The days of a single opt-in getting sold to dozens of callers are over.

Before this order, a single consent disclosure could name one website or partner, and that consent could legally get sold or shared to dozens of downstream callers.

Under the new rule, each consent has to be "one-to-one." The consumer grants consent to one named seller at a time, and that consent cannot be bundled with consents to other companies. The order requires that consent come "from a single web page, application, or in a single conversation" and identify the specific seller placing the calls. [3]

Here is what that means in practice. Run a lead-gen form that feeds three insurance carriers, and each carrier now needs its own consent disclosure, with the consumer affirmatively agreeing to each one. A single checkbox that says "I agree to be contacted by our partners" is dead after January 27, 2025. It was shaky before too. Now the FCC has made it flat-out unlawful.

The order also tightens the "logically and topically associated" standard. Consent captured on a mortgage website cannot be handed to an auto insurance company even if both are listed as partners. The consumer's consent has to connect directly to whatever they came to the site for.

For teams running cold calling or SMS outreach through purchased lists, this is the one rule change to absorb before any 2025 campaign goes live. A call placed on a lead consented under a pre-2025 bundled form is now legally exposed.

There is no government-approved template. But courts and FCC orders give you enough to build one that survives. The disclosure names the exact company, spells out the dialing tech, states the not-a-condition line, and requires an affirmative click or check. Here is what those elements look like assembled into a real block.

---

Example disclosure (adapt with real company name and number):

"By clicking [Submit / checkbox text], I authorize [Company Legal Name], reachable at [phone number], to contact me at the phone number I provided above using an automatic telephone dialing system or prerecorded or artificial voice messages for marketing purposes. I understand that my consent is not a condition of any purchase."

---

Notice a few things. The company is named specifically, not fudged as "our partners." The technology (autodialer, prerecorded voice) is spelled out. The "not a condition of purchase" language appears verbatim, not paraphrased. And the consent is affirmative: the person clicks or checks something, rather than getting told that submitting the form implies consent.

For SMS-specific consent, the FCC and CTIA guidance also expect you to describe the type of messages (say, "recurring marketing texts"), the frequency if you know it, and a note that message and data rates may apply. [4] SMS consent has its own layer on top of TCPA consent. Carriers can suspend short codes or 10DLC registrations when the opt-in language does not meet CTIA standards.

Courts have found consent disclosures defective for reasons like these: the checkbox was optional and plenty of users skipped it (so nobody could tell who consented), the disclosure used vague language like "may contact" without naming the technology, or the consent page only showed up in a mobile pop-up that users swiped away. If you cannot prove the specific consumer saw and agreed to the specific language, you will probably lose the TCPA case even when your form looks clean on paper.

TCPA: key numbers every outbound team needs to know Statutory thresholds, damages, and 2025 rule change dates under 47 U.S.C. § 227 and FCC 23-107 500 $500 per violation (neglige… 1,500 $1,500 per violation (willf… Source: 47 U.S.C. § 227 [1]; FCC 23-107 [3]

The consent language that loses in court follows a short list of patterns: pre-checked boxes, consent buried in terms of service, generic "partner" language, oral-only consent for marketing, and consent collected after the call already happened. Reading actual TCPA litigation is the fastest way to learn what not to write. [5]

Pre-checked boxes. If the consent box is checked by default and the user has to uncheck it to refuse, courts treat that as no consent at all. The FCC requires an affirmative opt-in. A pre-checked box is not affirmative.

Buried terms-of-service consent. Defendants love to point at a line in their 40-page terms of service saying users consent to marketing contacts. Courts, including the Ninth Circuit in cases interpreting § 227, have found that terms-of-service consent flunks the "clear and conspicuous" standard when a consumer would have to scroll through unrelated legal text to find it.

"You and our partners." Generic partner language has been rejected in multiple cases. The FCC's 2023 order codified what courts were already saying: naming a category of possible callers instead of a specific company is not consent. [3]

Oral-only consent for telemarketing. For informational (non-telemarketing) calls or texts, oral consent can be enough. But any call or text that carries an advertisement or pushes a purchase needs written consent. A verbal opt-in captured on a recording does not satisfy the written-consent rule for marketing contacts to cell phones. [1]

Consent collected after the fact. Consent has to come before the call or text. Some teams try to grab consent during an initial call made under some other pretext, then reuse it for later marketing calls. Courts have shredded this because the initial contact was itself potentially unlawful.

The money is real.

TCPA statutory damages run $500 per violation for negligent violations, up to $1,500 per call or text for willful ones. [1] Class actions have settled in the tens and sometimes hundreds of millions of dollars. The Cash App TCPA class action settlement and the Credit One TCPA settlement show how fast exposure scales when a defective consent form gets used across a big contact list.

You prove it with a record, not a memory. For each contact you need the exact text of the disclosure shown, the timestamp, the IP address, the page URL, and the phone number entered. The burden sits on you, the caller. Good language with no audit trail loses cases it should win.

Winning a TCPA case takes more than the right words. You have to prove the specific plaintiff agreed to the specific language at a specific time. Your record-keeping has to be as careful as your wording.

At minimum, store this per contact record: the full text of the consent disclosure that was shown (the actual text, not a version number), the timestamp of when consent was given, the IP address of the device that submitted the form, the URL of the page where consent was collected, and the specific phone number entered. When your form changes, you need to know which version each contact saw.

Some defendants have lost cases they should have won because they could not produce this paperwork. Courts can draw adverse inferences from missing records, so gorgeous consent language sitting on top of an empty file is almost as bad as no consent at all.

Session replay tools, form submission logs, and CRM fields that capture consent metadata are all worth the modest cost. If your current stack does not capture this automatically, close that gap before your next campaign. LeadCompliant's free consent audit checklist walks through the exact fields your records need, which saves time when you are checking whether your system logs what matters.

One thing worth knowing: the burden of proving consent in a TCPA case typically sits on the defendant (the caller), not the plaintiff. [6] You have to prove consent existed. The plaintiff does not have to prove it did not.

Yes on both counts. Consumers can revoke consent by any reasonable means, and the FCC expects you to honor it promptly. The statute sets no hard expiration date, but stale consent tied to an old product will not save you. Treat consent as campaign-specific and product-specific.

The 2023 FCC order affirmed that consumers can revoke consent by any reasonable means: replying STOP to a text, asking verbally on a call, or submitting a web opt-out. [3] Once someone revokes, you have a reasonable time (the FCC has signaled this means within a single business day for most practical purposes) to stop.

On expiration, the statute sets no hard date. But courts and regulators look at whether the consent is still "logically and topically associated" with the current contact. If someone consented to hear about a mortgage loan in 2019 and your team calls them in 2025 about a different product, that old consent almost certainly will not save you. The link between the original purpose and the current contact matters.

The practical answer for most teams: treat consent as campaign-specific and product-specific, not an all-purpose license. Re-consent is cheap next to a class action.

For contacts on your list, check their do not call list status separately. TCPA consent and DNC registration are different legal layers. A person can consent to your calls and still sit on the National Do Not Call Registry, and depending on the call, you may need to honor both. [7]

Yes, with some texture. The TCPA covers both calls and texts sent to cell phones using an autodialer, and the "prior express written consent" requirement for marketing applies to both. [1] Texts carry an extra carrier-level layer through CTIA and 10DLC. Consent collected for calls does not automatically cover texts.

The practical differences come from how carriers and the CTIA police consent on top of the FCC's rules. For text message marketing, the CTIA's Messaging Principles and Best Practices add requirements: explicit opt-in confirmation messages, clear sender identification, and specific opt-out instructions. Carriers enforce these through the 10DLC registration process, and they can suspend your campaigns when your opt-in flow misses their bar, even when it technically satisfies the TCPA.

For calls, particularly cold calls to cell phones, the autodialer question is its own headache. After Facebook v. Duguid (2021), the Supreme Court narrowed the definition of an ATDS (automatic telephone dialing system). But the standard is still actively litigated at the circuit level, and callers using any predictive or automated dialing tech should still be collecting written consent for marketing calls to cell phones. [8]

Calls and texts split in one place. Calls to landlines for non-commercial purposes need only prior express consent (not written), while telemarketing calls to landlines using prerecorded messages need written consent. Marketing calls and texts to cell phones always need written consent. Get the channel-and-purpose matrix right before you build your consent flow, and you save yourself a pile of re-work.

Contact typeTechnologyPurposeConsent required
Cell phoneAutodialer or prerecordedMarketingPrior express written consent
Cell phoneAutodialer or prerecordedInformationalPrior express consent (oral OK)
LandlinePrerecordedMarketingPrior express written consent
LandlinePrerecordedInformationalPrior express consent (oral OK)
Cell or landlineLive agent, manual dialAnyNo TCPA consent required (DNC rules still apply)

"Prior express consent" (no "written") covers non-telemarketing calls and texts. Hand over your cell number in a transaction and you have consented to be contacted about that transaction. "Prior express written consent" is the higher bar for any marketing contact, and it needs a signature: a checked box, a digital signature, or a text opt-in. A spoken statement never counts as written.

If someone hands you their cell number in connection with a transaction, courts and the FCC have found that creates consent to be contacted about that transaction or related matters. [2]

Written means the consumer signed or electronically signed an agreement: a checked box, a digital signature, a text-message opt-in reply, or another verifiable affirmative action. A spoken statement does not satisfy "written."

The distinction matters because many teams smear this line when they build their contact flows.

If your outbound call carries any promotional element, even a throwaway line like "and by the way, we have a promotion this month," the call becomes telemarketing and the written consent standard applies to the whole call. Plan the call as informational, collect only oral consent, and that one promotional sentence can sink your consent.

The safer practice: assume written consent is required for any outbound contact where your team might mention a product, price, promotion, or service. That covers most real sales and marketing work.

Lead generators and their buyers feel FCC 23-107 the hardest. [3] The old model, where one form sells to ten buyers who each claim consent, is gone after January 27, 2025. Every buyer now needs its own named disclosure and its own affirmative opt-in from the consumer.

For lead generators, each buyer has to be individually named on the consent form the consumer sees, and the consumer has to individually check a box or take an equivalent affirmative action for each buyer. Twenty buyers means twenty disclosed consents. That reshapes form design, page load, and user experience in a big way.

For buyers of leads, you now need to audit your lead vendors and know exactly what consent language got shown and when. Buying a lead collected under pre-2025 bundled consent does not shield you from TCPA liability. The FCC is clear that both the lead generator and the downstream caller can be on the hook. [3]

One practical move: require your lead vendors to pass through the full consent record with each lead (the exact disclosure text, timestamp, IP, URL) and have your counsel confirm it meets the post-January 2025 standard. Vendors who cannot or will not hand over that documentation are a red flag.

For internal compliance, the do not call telemarketer list and internal DNC scrubbing are still required on top of all this. Consent and DNC compliance run in parallel. They are not substitutes for each other.

B2B does not get you a free pass. The TCPA's written consent rules apply to autodialed or prerecorded calls and texts to any cell phone, business contact or not. A live agent dialing a business landline sits outside the TCPA, but most B2B teams are dialing mobiles, which pulls them right back in. [1]

B2B calling to business landlines using a live agent does not need TCPA consent. The TCPA's restriction on autodialers and prerecorded messages protects the "residential telephone subscriber," and courts have found business numbers are not residential, so dialing a company's main switchboard with a live agent generally sits outside the TCPA's direct-to-cell restrictions.

Here is the wrinkle. Most B2B sales teams are dialing cell phones. A prospect's cell is their cell whether they use it for work or not. If your CRM holds someone's mobile number and you use any predictive or automated dialing to reach them with a commercial message, collect written consent or dial by hand.

For B2B email lists that feed into SMS campaigns, the consent problem gets sharper. Someone handing you their business email does not mean they consented to marketing texts on their cell. You need separate, specific consent for that channel.

The answer for most small outbound teams: use manual dialing (one by one, no predictive dialer) for B2B cold outreach to cells, and save your automated tools for contacts who have opted in. That keeps you clear of the autodialer question while you build a properly consented list.

A consent flow is the sequence a contact moves through from first touch to a recorded, retrievable opt-in. Good language is only step one. You need the disclosure placed right, the record captured automatically, the record tied to the CRM contact, and an opt-out that fires suppression the same day.

Start with the form or touchpoint. The consent disclosure has to appear above the submit button or right next to the checkbox, not below it, not in a separate modal that auto-closes. The disclosure font should read without zooming. The checkbox (if you use one) starts unchecked by default and has to be required to submit.

Next, capture and store the consent record automatically. Your form infrastructure should log the consent text version, timestamp, IP address, and the phone number entered. If you use a third-party form tool, confirm it stores this data in a format you can export and hand to a court.

Then connect the consent record to your CRM contact so it travels with the lead. If a lead changes status, gets reassigned, or gets re-contacted months later, the consent record has to be retrievable in seconds. Courts do not accept "we had a consent process" as a defense. They want the specific record for the specific plaintiff.

Finally, build an opt-out workflow that fires an immediate suppression when someone replies STOP, says stop on a call, or submits a web opt-out. That suppression should flow back to your dialer and any list you share with vendors the same day.

LeadCompliant's compliance kit includes a consent record field map and an opt-out workflow checklist that teams have used to audit existing CRM setups without hiring outside counsel for the first pass.

If you buy leads, check the mobile phone do not call list requirements and how they intersect with your consent records. A consented number that later registers on the DNC creates its own compliance question, and that needs a written policy answer.

TCPA statutory damages are $500 per call or text, trebled to $1,500 per call or text when the violation is willful or knowing. [1] There is no cap per plaintiff, and the statute allows class actions, which is why TCPA cases settle for large sums even when a single violation looks small.

Do the math on a campaign that sends 50,000 texts under a defective consent form. Potential exposure hits $25 million at $500 per text, or $75 million if the violation is found willful. Real settlements do not always reach the statutory maximum, but they land in the seven or eight figures for mid-sized campaigns often enough.

The FCC also carries its own enforcement authority and has issued civil penalties for TCPA violations separate from private litigation. State attorneys general can bring TCPA enforcement actions too, and several states (Florida, Oklahoma, and Washington among them) have passed their own mini-TCPA statutes with extra requirements and sometimes extra penalties. [9]

Willfulness matters a lot here. Get a cease-and-desist letter, a prior lawsuit, or an FCC notice, keep using the same defective consent language, and courts have found that willful, tripling the damages. Ignorance is a defense that weakens every year as TCPA litigation and FCC orders pile up in public view.

The risk picture for a 10-person sales team running a 5,000-contact campaign with a bad consent form: the class-action exposure has nothing to do with the size of the business. Plaintiffs' attorneys take TCPA cases on contingency precisely because the math favors them. Getting the consent language right before the campaign is orders of magnitude cheaper than settling after.

Frequently asked questions

Does a terms-of-service checkbox count as TCPA written consent?

Almost always no. The FCC requires consent to be "clear and conspicuous," which courts have repeatedly read to mean the consumer must see the specific marketing consent disclosure and agree to it specifically. Consent buried in a terms-of-service document that users accept by creating an account does not meet this standard for telemarketing calls or texts to cell phones.

Not after January 27, 2025. The FCC's 2023 one-to-one consent rule (FCC 23-107) requires that consent identify a single named seller per consent disclosure, with the consumer affirmatively consenting to each one. Bundled partner consent covering multiple downstream callers is no longer valid for new leads collected after that effective date.

The statute sets no specific expiration period, but consent has to stay "logically and topically associated" with the contact being made. Courts have rejected years-old consent used for new products or campaigns. A practical rule: treat consent as specific to the campaign and product it was collected for, and re-consent for materially different offers or after multi-year gaps.

You have to stop contacting them promptly. The FCC has said consumers can revoke consent by any reasonable means, including texting STOP, asking verbally on a call, or using a web opt-out form. Continued contact after revocation is a willful violation, which triples statutory damages to $1,500 per message or call. Build an opt-out workflow that triggers suppression the same day revocation happens.

No. For calls or texts that carry advertising or marketing content, the TCPA requires prior express written consent. Verbal consent on a recorded call does not satisfy the written-consent requirement for telemarketing contacts to cell phones. Written consent here means a signed or electronically signed document, including a checked form checkbox or a text-message STOP/START reply.

Yes, if you use an autodialer or prerecorded message. The TCPA applies to calls and texts to cell phones no matter whether the number belongs to a business contact or a consumer. B2B calls to business landlines using a live agent generally sit outside the TCPA's scope, but most B2B outbound teams are calling cell phones, which pulls the TCPA back in.

At minimum: the exact text of the consent disclosure shown to the consumer, the timestamp of when consent was given, the IP address of the submitting device, the URL of the consent page, and the specific phone number entered. The burden of proving consent falls on the caller, not the plaintiff. Missing any of these records badly weakens your defense even when your consent language was correct.

Yes. The TCPA's prior express written consent requirement for marketing applies to both autodialed texts and autodialed or prerecorded calls to cell phones. Text messages also carry carrier-level CTIA requirements on top of the TCPA, including explicit opt-in flows and opt-out instructions. Consent collected for calls does not automatically extend to texts unless the disclosure specifically covers both channels.

What is the "not a condition of purchase" requirement in TCPA consent?

The FCC's 2012 TCPA order made it mandatory that any written consent for telemarketing calls or texts explicitly state that consent is not required as a condition of buying any goods or services. The exact phrasing can vary but the substance has to be there. Missing this statement is a standalone defect that can void otherwise good consent language.

No. The FCC requires an affirmative opt-in, which means the consumer must take a deliberate action to grant consent. A pre-checked checkbox that the consumer has to uncheck to refuse does not count as affirmative consent under the TCPA. Courts have consistently found pre-checked boxes fail the written-consent standard. The box must start unchecked and get checked by the consumer.

How does the TCPA interact with state telemarketing laws on consent?

State laws can be stricter than the TCPA and sometimes are. Florida's mini-TCPA (FTSA), Oklahoma's Telephone Solicitation Act, and Washington's law carry different or additional consent requirements and sometimes lower thresholds for what counts as an autodialer. TCPA compliance is the federal floor. You also need to check the law in each state where your contacts are located.

The FCC and courts use "clear and conspicuous" to mean the disclosure is noticeable to an average person reading the form without special effort. In practice: the disclosure should sit near the submit button or checkbox, in readable font size, not hidden in a scroll box or linked out to a separate page, and written in plain language that describes what the consumer is actually agreeing to.

If I buy leads, am I liable for the lead generator's defective consent?

Yes, you can be. The FCC's 2023 one-to-one consent order explicitly addressed downstream caller liability. If you call or text someone using a lead where the consent was defective, you face TCPA liability even if you did not build the consent form. This is why auditing vendor consent practices and requiring documentation of the specific consent language and records is essential before buying leads.

This one is genuinely unsettled. The FCC has not issued a definitive ruling on whether ringless voicemails are "calls" under the TCPA, though several courts and the FCC have signaled they likely are. The safest practice is to treat ringless voicemails as prerecorded calls and apply the same prior express written consent standard you would use for any other automated marketing contact to a cell phone.

Sources

  1. Cornell Law School Legal Information Institute, 47 U.S.C. § 227 (TCPA statute text): TCPA prohibits autodialed or prerecorded calls to cell phones without prior express written consent; damages are $500 per violation, up to $1,500 for willful violations
  2. FCC, 47 C.F.R. § 64.1200 (implementing regulations for TCPA, including written consent and not-a-condition-of-purchase requirements): FCC regulations define prior express written consent requirements, including the mandatory not-a-condition-of-purchase statement and clear and conspicuous disclosure standard
  3. FCC, Report and Order FCC 23-107 (one-to-one consent rule, December 2023), available via the Federal Register: FCC 23-107 requires one-to-one consent naming a specific seller, effective January 27, 2025, and eliminates bundled partner consent in lead generation
  4. FTC, Complying with the Telemarketing Sales Rule (burden of proof on caller for consent in telemarketing context): The burden of demonstrating that a consumer consented to a marketing contact falls on the telemarketer, not the consumer
  5. FTC, National Do Not Call Registry (DNC registration and telemarketer requirements): Consumers can register cell and landline numbers on the National Do Not Call Registry; telemarketers must scrub lists against the registry independently of TCPA consent
  6. Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): The Supreme Court narrowed the ATDS definition in 2021, but automated dialing technology remains subject to TCPA written consent requirements for marketing contacts
  7. Florida Senate, Florida Telephone Solicitation Act (FTSA), Section 501.059, Florida Statutes: Florida's mini-TCPA (FTSA) imposes additional consent and autodialer restrictions beyond the federal TCPA, including a broader definition of automated dialing
  8. FCC, 2012 TCPA Omnibus Order (FCC 12-21), available via the Federal Register: FCC 12-21 made prior express written consent and the not-a-condition-of-purchase disclosure mandatory for telemarketing calls using autodialers or prerecorded messages
  9. Federal Trade Commission, main site (civil penalties and enforcement history for telemarketing violations): Federal regulators have issued civil penalties for telemarketing and robocall violations separately from private litigation, and state AGs have independent enforcement authority

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit