TCPA consent required fields for written consent documents

Every field a valid TCPA written consent form needs, per 47 U.S.C. 227 and FCC rules. Miss one and your consent is worthless in court. 160-char guide.

LeadCompliant Team
26 min read
In This Article

Last updated 2026-07-09

Hand about to submit a digital consent form on a laptop at a desk
Hand about to submit a digital consent form on a laptop at a desk

TL;DR

A valid TCPA written consent document must include: the consumer's signature (electronic counts), the specific phone number being consented to, the identity of each seller who may call or text, a clear disclosure that autodialed and prerecorded calls or texts may result, and a statement that consent is not a condition of purchase. Missing any single element can void the consent entirely under 47 U.S.C. 227(b).

The Telephone Consumer Protection Act, 47 U.S.C. 227, prohibits making autodialed or prerecorded calls to cell phones without prior express consent, and requires prior express written consent for telemarketing calls or texts. That second tier, written consent, is what most outbound sales teams need because they are making calls or sending texts with a commercial purpose.

The FCC codified the written consent standard in its 2012 omnibus TCPA order, effective October 16, 2013. The relevant implementing rule sits at 47 C.F.R. 64.1200(f)(9), which defines "prior express written consent" as "an agreement, in writing, bearing the signature of the person called that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice." [1]

That single sentence packs in four distinct requirements. The agreement must be in writing. It must bear a signature. It must clearly identify the seller. And it must describe the type of calls or messages being authorized. The FCC added a fifth requirement on top of that: the agreement must state that the person is not required to sign as a condition of purchasing any property, goods, or services. [1]

So the floor is five elements. Courts read them broadly, but a gap in any one has sunk defendants in TCPA litigation. Treat each element as a hard checkbox, not a suggestion.

Six fields belong on any written consent document you want to hold up in court: an affirmative signature, the phone number, the named seller, an ATDS or prerecorded voice disclosure, a no-condition-of-purchase statement, and a telemarketing purpose. Miss one and the whole consent is at risk. Here is the field-by-field breakdown.

1. Signature The consent must bear a signature. Under the E-Sign Act (15 U.S.C. 7001), an electronic signature, a checkbox, a typed name, or any other electronic symbol executed with the intent to sign counts. [2] What does not count is a pre-checked box the consumer never affirmatively selected. Courts, including the Ninth Circuit in Van Patten v. Vertical Fitness Group, have required that the consumer take an affirmative step. [3]

2. The phone number being consented to The form must reflect or clearly capture the specific number the consumer is providing for contact. Usually you handle this by having the consumer enter their mobile number in the same form. If the number is not tied to the consent record, you have no way to prove which number was covered.

3. Clear identification of each seller The regulation says the agreement must identify "the seller" whose calls or texts are authorized. The FCC's 2023 one-to-one consent order, released December 2023 and originally set to take effect January 27, 2025 (later stayed pending further review), would have tightened this to require that consent name each seller individually. [4] Even without that rule in full force, post-2013 case law consistently holds that vague language like "our marketing partners" is insufficient. Name the company. If multiple companies are sharing the lead, each one that plans to call needs to be named.

4. Description of the call/text type (ATDS or prerecorded voice) The agreement must state that the consumer is authorizing calls or texts made using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice. Generic language like "we may contact you" does not satisfy this. Plaintiffs' attorneys look for this gap first. The form should say something like: "I agree that [Company Name] may contact me at the number provided using automated dialing systems and/or prerecorded messages."

5. No-condition-of-purchase statement 47 C.F.R. 64.1200(f)(9) explicitly requires that the agreement include a statement that signing is not a condition of purchasing any goods or services. [1] This language is often buried or absent on lead-gen forms, and its absence is a clean TCPA violation standing alone.

6. The purpose of the communications (telemarketing) The form should make clear that the calls or texts will be for advertising or telemarketing purposes. Consent to receive informational messages does not extend to marketing messages. Courts treat these as legally distinct channels.

Here is a quick reference table:

Required FieldRegulatory SourceCommon Failure Mode
Consumer signature (affirmative)47 C.F.R. 64.1200(f)(9)Pre-checked box, no action required
Phone number being consented toFCC 2012 Order (27 FCC Rcd 1830)Number captured separately from consent
Named seller(s)47 C.F.R. 64.1200(f)(9)"Our partners" or blank
ATDS / prerecorded voice disclosure47 C.F.R. 64.1200(f)(9)Generic "contact you" language
No-condition-of-purchase statement47 C.F.R. 64.1200(f)(9)Omitted entirely
Telemarketing / advertising purposeFCC 2012 OrderConsent drafted as informational only

Yes, with conditions. The E-Sign Act, 15 U.S.C. 7001, states that a contract or signature may not be denied legal effect solely because it is in electronic form. [2] The FCC confirmed in its 2012 TCPA order that electronic signatures satisfy the written consent standard. [1]

The practical conditions are these. The electronic signature must be an affirmative act. A checkbox the consumer checks themselves, a typed name in a signature field, a click-to-agree button, or a reply of "YES" to an SMS confirmation message all work. What does not work is a checkbox that appears pre-selected, or a consent form buried so deep in terms and conditions that a reasonable person would never see it.

For web-based consent forms, you also need to capture and store the metadata: timestamp, IP address, user agent string, form URL, and the exact consent language shown at the moment of submission. If you get sued and cannot produce that record, the consent is worthless. Courts in TCPA cases regularly grant summary judgment against defendants who had a form but could not produce the actual record of a specific consumer's submission.

SMS-based double opt-in, where the consumer texts a keyword and then replies to a confirmation, creates a very clean audit trail. It is widely viewed as best practice for text message marketing campaigns. [/articles/tcpa-basics/text-message-marketing]

TCPA written consent: key figures Thresholds, damages, and deadlines that define consent compliance 500 $500 per call/text (neglige… TCPA violation) 1,500 $1,500 per call/text (willf… violation) 4 4-year statute of limitatio… (years) 6 6 required consent elements (fields) Source: 47 U.S.C. 227 (damages); FCC 2012 Omnibus Order (effective date); 28 U.S.C. 1658 (statute of limitations); FCC 2023 one-to-one order (rulemaking date)

The consent is likely void, and you are exposed to TCPA liability as if you had no consent at all. There is no partial credit here.

TCPA statutory damages run $500 per violation for negligent violations and up to $1,500 per violation for knowing or willful violations. [5] One "violation" is generally one call or one text to one number. If you sent 10,000 texts using a defective consent form, your exposure starts at $5 million on the low end. Plaintiffs almost always plead willful violations.

Class actions are the real risk. A defective consent form used across a campaign creates a common question, which is exactly what plaintiffs need to certify a class. Cases like the Cash App TCPA class action settlement [/articles/tcpa-basics/cash-app-tcpa-class-action-settlement] and the Credit One TCPA settlement [/articles/tcpa-basics/credit-one-tcpa-settlement] show what large-scale consent failures cost: settlements in the tens of millions of dollars.

The FCC does not offer a meaningful "substantial compliance" safe harbor for written consent. Either the elements are present or they are not. Some courts have shown limited flexibility on minor technical defects where the consumer's intent was unmistakably clear. That is not something you want to bet a class-action defense on.

How specific does the seller identification need to be?

Specific enough that the consumer saw your company's name, more than the publisher's. This is where a lot of lead-generation operations run into trouble. If you buy leads from a lead-gen publisher, the consumer who filled out a form on that publisher's site needs to have seen your name.

The FCC's 2023 one-to-one consent order, adopted December 13, 2023, aimed directly at this problem. It stated that "comparison shopping websites and lead generators" must obtain consent that "logically and topically" relates to the website where consent is given, and each seller must be named individually. [4] The Eleventh Circuit stayed the rule in Insurance Marketing Coalition v. FCC in January 2025, and its ultimate fate remains in litigation. The underlying principle it codifies reflects how courts have already been ruling for years.

So, if you buy leads, ask your lead source for a copy of the exact consent language and form shown to the consumer. If you cannot get it, or if it says something like "up to 10 partners may contact you," you are carrying real risk. The safer path is to require your lead source to name your company explicitly, or to run your own consent collection.

For companies doing their own outreach, the form should say your legal entity name, the name consumers would recognize, or both. "XYZ Corp., doing business as ABC Sales" is fine. A DBA without the legal name is fine too, as long as it is the name attached to your actual calls.

No, not for telemarketing calls or texts to cell phones using an ATDS or prerecorded voice. The word "written" in the rule is not decoration.

The TCPA draws a clear line between two consent tiers. For non-telemarketing calls to cell phones using an ATDS, "prior express consent" (oral or implied) is sufficient. [5] For telemarketing, the standard jumps to "prior express written consent." The FCC made this mandatory in 2012 precisely to close the loophole where telemarketers claimed consumers gave verbal consent during a previous call.

Some companies try to upgrade oral consent by sending a follow-up text asking the consumer to reply YES to confirm. That reply, if properly documented, can constitute written consent. The text confirmation works. The original verbal interaction does not satisfy written consent on its own. You need the confirmatory written record.

For landlines, the rules differ. Prerecorded telemarketing calls to residential landlines require prior express written consent under the same standard. [1] Manually dialed calls to landlines without a prerecorded message fall under the National Do Not Call Registry rules rather than the written-consent requirement. Check the do not call list rules separately if landlines are part of your outreach.

The TCPA does not set an explicit expiration date for written consent. The FCC has not issued a rule that says consent expires after 12 months or any other period. So technically, consent obtained in 2020 is still valid in 2026, assuming nothing has changed.

The catch is revocation. Consumers have an absolute right to revoke consent at any time, through any reasonable means. The FCC confirmed this in its 2015 Omnibus Order. [6] If a consumer texts "STOP," calls in and says to remove them, emails you, or submits a form on your website, that revocation is effective. You must honor it within a reasonable time, which the FCC treats as promptly as possible. One more text after a STOP reply is a TCPA violation.

Consent also implicitly ends when the consumer cancels service, if the consent was tied to that service relationship. And consent tied to a specific phone number does not transfer if that number is reassigned to a new subscriber. The FCC issued rules on reassigned numbers in 2021, creating a Reassigned Numbers Database you can query to check whether a number has been reassigned before dialing. [7]

For your cold calling and cold call [/articles/cold-calling-rules/cold-call] operations, best practice is to re-confirm consent that is more than 18 months old, even though no rule strictly requires it. Staleness matters to juries.

You need enough to reconstruct any single consumer's consent on demand, and you need it going back at least four years. The FCC does not specify a minimum retention period in the TCPA rules themselves, but the TCPA's statute of limitations is four years under 28 U.S.C. 1658. Some practitioners recommend five years as a buffer.

For each consent record you need to produce: the exact text of the consent disclosure shown to the consumer, the date and time of consent (in the consumer's time zone if possible), the phone number provided, the IP address of the submission, the URL of the page where consent was collected, and any confirmation message sent or received. If consent came in over the phone, you need a recording or a third-party verification record.

Store these records in a format you can actually search. A flat CSV with 2 million rows and no index is technically a record but practically useless in litigation. TCPA defendants regularly lose motions because they cannot produce consent records for specific plaintiffs within the timeframes courts impose. Plaintiffs' lawyers know this and use discovery requests for consent records as a primary tactic.

LeadCompliant's compliance kit includes a consent record template and a storage checklist if you want a pre-built starting point. Beyond that, whatever system you use, run a test quarterly: pick five random numbers from your call list and try to pull the full consent record for each. If you cannot do it in under a minute, your system needs work.

Also maintain a do-not-call list [/articles/dnc-lists/do-not-call-telemarketer-list] internally. Consent and DNC suppression are separate obligations, and both need records.

The legal standard is the same: prior express written consent for ATDS-sent telemarketing messages, whether those messages are voice calls or SMS texts. The consent elements described above apply equally to both.

In practice, text campaigns often face stricter scrutiny because texts are easier to document (carriers log them) and easier to prove were sent without consent. Plaintiffs in SMS cases have a simpler path to establishing the basic facts of the violation.

A few SMS-specific considerations. Peer-to-peer texting platforms that require human action for each message may fall outside the ATDS definition depending on their technical architecture. After the Supreme Court's decision in Facebook v. Duguid (2021), the ATDS definition turned on whether the system has the capacity to generate numbers using a random or sequential number generator. [8] Platforms that send from a fixed list without random generation may not be ATDSs under that definition, though lower courts are still working out the edges.

Carrier-level rules (specifically, CTIA guidelines and carrier codes of conduct) layer additional requirements on top of the TCPA for SMS. These include required opt-out keywords (STOP, CANCEL, UNSUBSCRIBE), required HELP keywords, and message frequency disclosures. These carrier rules are not TCPA requirements, but violating them can get your short code or long code suspended, which is a different kind of pain.

If you run TCPA compliance across SMS campaigns, the TCPA rules page covers SMS-specific obligations in more depth.

Here is example language that hits all the required fields. This is illustrative, not legal advice, and you should have an attorney review any form before you deploy it.

--- "By submitting this form and providing my phone number, I give [Your Company Legal Name] my prior express written consent to contact me at the number provided, including my mobile number, using automated telephone dialing systems, artificial voices, or prerecorded messages, for advertising and telemarketing purposes. I understand that my consent is not a condition of purchasing any goods or services. I can revoke my consent at any time by texting STOP or calling [your opt-out number]." ---

Breaking down how that hits each requirement:

  • Signature: the act of submitting the form, combined with a checkbox or click-to-agree button the consumer affirmatively selects.
  • Phone number: captured in the form field, linked to the consent record.
  • Named seller: "[Your Company Legal Name]" must be your actual company name.
  • ATDS and prerecorded voice disclosure: "automated telephone dialing systems, artificial voices, or prerecorded messages."
  • No-condition-of-purchase: "my consent is not a condition of purchasing any goods or services."
  • Telemarketing purpose: "for advertising and telemarketing purposes."

If you share leads with other companies, each company's name needs to appear. If there are five buyers, all five names go in. That makes the form longer, but it is the only legally defensible approach while the one-to-one consent rule remains unsettled. [4]

Place the consent language immediately next to the submit button, not buried in a footer or a linked Terms of Service page. Courts have found consent invalid when the disclosure was not conspicuous enough to put a reasonable consumer on notice.

Yes. Several states have layered additional requirements on top of federal TCPA standards, and in some cases they are stricter.

California's Automatic Renewal Law and the California Consumer Privacy Act (CCPA) add consent and disclosure requirements for California residents. Florida's Telephone Solicitation Act (FTSA), amended in 2021, requires prior express written consent for calls and texts to Florida residents made using an auto-dialer, with a definition of auto-dialer broader than the post-Duguid federal definition. [9] Florida allows a private right of action with $500 per call, mirroring TCPA damages.

Washington, Oklahoma, and several other states have their own telephone consumer protection statutes with varying requirements. Some require disclosures in the call itself in addition to prior consent. State attorneys general also have independent authority to bring TCPA enforcement actions under 47 U.S.C. 227(g).

The practical implication: your consent form needs to satisfy the strictest applicable standard across all the states where your prospects live. If you call nationally, build to the strictest state standard. Florida is usually that benchmark for phone and text marketing right now.

State-level variations are one reason the mobile phone do not call list and state DNC rules matter independently of your consent records. Consent does not override a DNC registration in every context.

The FCC's December 2023 one-to-one consent order would have added two new requirements on top of the existing written consent standard.

First, consent must identify each seller individually. General language authorizing "marketing partners" or "companies in our network" would no longer work. If your lead-gen form feeds leads to 15 insurance companies, all 15 need to be named.

Second, the consent must be "logically and topically related" to the website or context where it is obtained. A consumer filling out a form to get a car insurance quote could not simultaneously be consenting to receive calls from a mortgage lender. The consent scope is bounded by the page context. [4]

The Eleventh Circuit stayed the rule in January 2025 in Insurance Marketing Coalition v. FCC, so it is not currently in force. [11] But the underlying policy goal, narrowing consent to specific named sellers and related topics, reflects how courts have already interpreted existing rules. Relying on broad, multi-party consent language because the one-to-one rule is stayed is a gamble. Courts evaluating pre-stay consent practices have still applied a named-seller standard in many circuits.

Watch for further FCC rulemaking or a circuit court decision on the merits. The outcome of this rule will define how lead-gen operations must structure consent for years.

Frequently asked questions

It can be embedded in other documents, but the consent language must be conspicuous, meaning a reasonable person would actually see it and understand they are agreeing to receive marketing calls or texts. Courts have voided consent buried in general terms. Best practice is to place the consent disclosure immediately next to the submit button, in text large and clear enough to read without scrolling to a separate page.

Not directly. Verbal agreement on a phone call does not satisfy "prior express written consent." You can follow up a verbal conversation with a text asking the consumer to reply YES to confirm, and that reply can constitute written consent if the confirmation message includes all required disclosures. The verbal call alone is insufficient for telemarketing under 47 C.F.R. 64.1200(f)(9).

How specific does the ATDS disclosure need to be in the consent language?

It needs to clearly state that an automatic telephone dialing system or prerecorded/artificial voice may be used. Terms like "automated means," "automated dialing systems," or "ATDS" are generally accepted. Generic phrases like "we may call or text you" have been found insufficient by several courts because they do not put the consumer on notice that automated technology is involved.

No federal rule sets an expiration date on TCPA consent. Consent remains valid until revoked by the consumer or until circumstances change, such as the phone number being reassigned. That said, many compliance attorneys recommend re-confirming consent older than 18 to 24 months for active campaigns, because stale consent creates credibility problems with juries even if it is technically still valid.

If I buy leads, whose responsibility is it to ensure the consent is valid?

Yours. Under the TCPA, the company that places the call or sends the text is the liable party. If you bought leads using a defective consent form, you are the defendant, not your lead vendor. You can pursue indemnification from the vendor if your contract requires it, but courts will hold you responsible for the calls you made. Always obtain and review the actual consent form language before using purchased leads.

Yes. The FCC's 2015 Omnibus Order confirmed consumers can revoke consent at any time through any reasonable method, including texting STOP, calling your opt-out line, emailing, or submitting a web form. You must honor revocations promptly. One additional marketing message after a confirmed revocation is a TCPA violation. Document every revocation with a timestamp and update your suppression list immediately.

Yes. The TCPA protects the subscriber of the telephone number, not the nature of the call. A call to an employee's company-issued cell phone using an ATDS or prerecorded voice still requires prior express written consent for telemarketing. The FCC has not created a blanket B2B exemption for cell phones. Some courts have recognized implied consent in narrow B2B contexts, but relying on that is risky.

What is the 'no condition of purchase' requirement, and why does it matter?

47 C.F.R. 64.1200(f)(9) requires that the consent agreement state that signing is not a condition of buying any goods or services. Its purpose is to prevent companies from coercing consent. If your checkout flow places the ATDS consent checkbox next to a required "agree to terms" checkbox and the consumer cannot complete a purchase without checking both, a court could find the consent was coerced and therefore invalid.

How does Facebook v. Duguid affect what disclosures I need in a consent form?

The Supreme Court's 2021 decision in Facebook v. Duguid narrowed the ATDS definition to systems that use a random or sequential number generator to store or produce numbers. If your dialer calls from a fixed list without random generation, it may not be an ATDS, reducing your TCPA exposure for that specific element. Prerecorded message calls still require prior express written consent regardless of ATDS status, so consent forms for prerecorded campaigns still need all standard fields.

A void consent form means every call or text made under it is effectively unconsented. TCPA statutory damages are $500 per violation for negligent violations and up to $1,500 per violation for willful violations under 47 U.S.C. 227(b)(3). In a class action covering thousands of contacts, aggregate exposure can reach tens of millions of dollars. Courts have not provided a substantial compliance safe harbor for missing consent elements.

Not necessarily. A single consent form can cover both calls and texts if it explicitly names both channels. The form should say the company may contact you using automated dialing systems and/or prerecorded messages, and through text messages. If your form only references "calls" and you send texts, or vice versa, the undisclosed channel lacks proper consent. One well-drafted form covering both is cleaner than two forms.

What records do I need to prove a consumer gave valid written consent?

At minimum: the exact consent language shown to the consumer, the date and time of submission, the phone number provided, the IP address, the form URL, and any confirmation message sent or received. Store these for at least four years to cover the TCPA statute of limitations. If you cannot produce a specific consumer's complete consent record during discovery, courts treat the consent as unproven, which is functionally the same as having none.

The FCC's December 2023 one-to-one consent order was stayed by the Eleventh Circuit in January 2025 and is not currently in effect. It would require that each seller be named individually and that consent be topically related to the website where it is collected. Even with the stay, existing case law in many circuits already applies a named-seller standard, so updating your forms to name specific sellers remains the safer practice.

Is a pre-checked opt-in box sufficient for TCPA written consent?

No. Courts and the FCC both require an affirmative consumer act to constitute a valid signature or electronic consent. A pre-checked box requires no action from the consumer and therefore does not meet the signature requirement under 47 C.F.R. 64.1200(f)(9) and the E-Sign Act. The consumer must actively check the box, click a button, type their name, or take some equivalent affirmative step for the consent to be valid.

Sources

  1. FCC, 2012 TCPA Omnibus Order (27 FCC Rcd 1830), 47 C.F.R. 64.1200(f)(9): Definition of prior express written consent requiring a signature, named seller, ATDS/prerecorded disclosure, and no-condition-of-purchase statement; effective October 16, 2013
  2. U.S. Congress, Electronic Signatures in Global and National Commerce Act (E-Sign Act), 15 U.S.C. 7001: Electronic signatures have the same legal effect as handwritten signatures; contracts may not be denied legal effect solely because they are in electronic form
  3. U.S. Court of Appeals for the Ninth Circuit, Van Patten v. Vertical Fitness Group, LLC, 847 F.3d 1037 (9th Cir. 2017): Affirmative consumer action required for valid TCPA consent; passively provided contact information is insufficient for telemarketing consent
  4. U.S. Congress, Telephone Consumer Protection Act, 47 U.S.C. 227: Statutory damages of $500 per violation for negligent violations and up to $1,500 per violation for willful violations; prior express consent standard for ATDS calls to cell phones
  5. FCC, Reassigned Numbers Database Final Rule (FCC 21-32), 2021: FCC created a Reassigned Numbers Database to allow callers to verify whether a number has been reassigned to a new subscriber before dialing
  6. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 222 (2021): ATDS definition under the TCPA requires that the system use a random or sequential number generator to store or produce numbers; systems calling from fixed lists without random generation may not qualify as ATDSs
  7. Florida Legislature, Florida Telephone Solicitation Act (FTSA), Section 501.059, Florida Statutes: Florida FTSA amended in 2021 to require prior express written consent for autodialed calls and texts to Florida residents, with a broader auto-dialer definition than the post-Duguid federal standard and a $500 per call private right of action
  8. U.S. Court of Appeals for the Eleventh Circuit, Insurance Marketing Coalition v. FCC, No. 24-10277 (11th Cir. 2025): Eleventh Circuit stayed the FCC's December 2023 one-to-one consent rule in January 2025 pending further review
  9. Federal Trade Commission, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR governs telemarketing consent and disclosure obligations alongside the TCPA, including requirements for clear disclosure of the identity of the seller and the purpose of the call

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit