Last updated 2026-07-11

TL;DR
Prior express written consent (PEWC) is a signed agreement, on paper or electronically, where a consumer clearly authorizes a specific seller to contact them by autodialer or prerecorded message on their cell phone, and acknowledges that consent is not required to buy anything. All four elements must be present or the consent is invalid under 47 U.S.C. § 227.
What does prior express written consent actually mean under the TCPA?
Prior express written consent is a signed authorization. Not a verbal yes, not a buried checkbox. The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, splits consent into two tiers. "Prior express consent" covers informational calls. "Prior express written consent" (PEWC) is the higher standard, and it is required for any autodialed or prerecorded telemarketing call or text to a cell phone. [1]
The FCC defined PEWC in its 2012 omnibus order and tightened it in later rulings. In plain terms, it is a written agreement, signed by the person being contacted, that clearly authorizes the specific company making the call or sending the text to reach them at a specific number using automated technology. That agreement also has to spell out, clearly and conspicuously, that agreeing to be contacted is not a condition of buying anything. [2]
Get any one of those pieces wrong and the consent is worthless. Courts and the FCC have been consistent. A checkbox buried in a privacy policy, a verbal "yes" on a recorded call, and a web form that ties consent to a purchase requirement have all been found insufficient. [3]
This is the consent type behind the big TCPA class actions you read about. The cash app tcpa class action settlement and cases like it almost always turn on whether valid PEWC existed for the messages that went out.
What are the four required elements of valid prior express written consent?
Four elements. All four have to be present, or the consent falls apart. The FCC's rules at 47 C.F.R. § 64.1200(f)(9) lay them out.
1. A written agreement signed by the consumer. "Signed" includes an electronic or digital signature that meets the E-SIGN Act standard, so a checkbox with a typed name or a click-to-agree button can qualify. What matters is that the action is unambiguous and traceable to the person. A pre-checked box does not qualify. [4]
2. Clear and conspicuous disclosure. The consumer has to be told, in language they can actually read before they act, that they are agreeing to receive autodialed and/or prerecorded calls or texts. Buried disclosures, tiny gray-on-white font, and disclosures that appear after the submit button all fail this element. The FCC has said clear and conspicuous means a reasonable person would notice and understand it. [2]
3. Authorization of a specific seller. The consent has to name who is getting permission to call. Consent given to one company does not transfer to a third party, a partner, or an affiliate unless that party is named in the original agreement. This is the lead-generator trap that has spawned enormous litigation. [3]
4. The no-purchase-required disclosure. The agreement has to state, explicitly, that consenting to be contacted is not a condition of buying any good or service. That language belongs in or right next to the consent language itself, not stashed somewhere else on the page. [2]
Miss element three and your lead vendor's consent is probably junk. Miss element four and even your own in-house opt-in form may not hold up. Both mistakes are common.
What counts as a valid written signature for TCPA consent?
A valid signature can be a handwritten name on a paper form, an electronic signature through a service like DocuSign, a typed name in a web form field, or a clear affirmative click on an "I agree" button tied to disclosed consent language. The FCC folded the E-SIGN Act, 15 U.S.C. § 7001, directly into its PEWC definition. [4]
What does not work: a pre-checked box (the consumer has to make an affirmative act), a passive scroll past terms, a verbal confirmation recorded over the phone, or consent collected by a third party that is not disclosed in the agreement.
One practical note. If you collect consent electronically, keep the full record: the IP address, timestamp, exact page content, and the consumer's action. Courts in TCPA cases demand this evidence routinely. If you cannot produce it, you effectively cannot prove consent existed. That is not a theoretical risk. In credit one tcpa settlement litigation and many similar cases, the inability to document consent has been the deciding factor. [3]
Does TCPA written consent require the exact phone number to be specified?
The rules do not force the consumer to type in a specific ten-digit number, but they do require consent for calls or texts to the number you actually dial. The consumer has to knowingly hand over their number as part of the consent transaction. [1]
The trouble shows up with number porting, reassigned numbers, and third-party leads. If a consumer gave their number to Company A, and Company B buys that lead and dials the same number, Company B has no valid PEWC because it was never named in the agreement. The FCC's 2015 Declaratory Ruling made the point plainly: consent is tied to a specific called party at a specific number, not to a number floating in a database. [9]
Reassigned numbers are a different problem. If a number was legitimately consented to by one subscriber and then reassigned to a different person, that new subscriber never consented to anything. The FCC's reassigned numbers database exists partly to help callers scrub for exactly this risk. [5]
What types of calls and texts actually require prior express written consent?
Not every call needs PEWC. The standard applies to telemarketing calls and texts made with an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice to a cell phone number. That is the trigger. [1]
Here is a clean breakdown of when PEWC is required versus when a lower standard or no consent applies:
| Call/Text Type | Technology | To Cell Phone | Consent Required |
|---|---|---|---|
| Telemarketing call | ATDS or prerecorded | Yes | Prior express WRITTEN consent |
| Telemarketing call | Manual dial, live agent | Yes | FTC do-not-call rules apply; no PEWC required |
| Informational/transactional call | ATDS | Yes | Prior express consent (not written) |
| Emergency call | Any | Any | None |
| Call to residential landline | Prerecorded, telemarketing | N/A | Prior express written consent |
| Non-telemarketing text | ATDS | Yes | Prior express consent (not written) |
The line between telemarketing and informational matters a lot here. Courts look at the primary purpose of the message. A call that mentions a product, pushes a purchase, or promotes a service is almost certainly telemarketing no matter what you call it internally. [3]
For a wider look at how these rules govern outbound sales work, the cold calling overview covers the full picture for live-agent calls.
How is prior express written consent different from prior express consent?
Prior express consent (no "written" attached) is the older, lower bar. Before the FCC's 2012 rule change, it was enough for informational and transactional calls to cell phones. It can be given orally, it needs no no-purchase-required disclosure, and it does not have to name a specific seller. [2]
Prior express WRITTEN consent is the higher standard the FCC built specifically for telemarketing. Congress handed the FCC authority to create this split under 47 U.S.C. § 227(b)(2)(C), and the agency used it hard. The 2012 order killed an exemption that had let telemarketers lean on an established business relationship instead of written consent. That exemption is gone. [2]
Short version: if you are cold calling someone's cell with an autodialer to sell something, you need the written version. Full stop.
Can consent be buried in terms of service or a privacy policy?
No. The FCC's clear and conspicuous requirement exists to stop exactly this. The consent disclosure has to be presented so a reasonable person would notice it before taking the action that counts as agreement. Courts have thrown out disclosures tucked below a submit button, printed in small type inside a general terms-of-service link, or shown only after payment. [3]
A few practical rules that come out of the case law and FCC guidance:
The consent language should be visible on the same screen as the action the consumer takes. If someone is filling out a form, the disclosure belongs near the submit button, not in a separate linked document they have to hunt for.
The language should specifically say "autodialed" or "automated" calls and texts, and it should name or describe the company that will be reaching out. Generic language like "you may be contacted by our partners" has been rejected over and over. [3]
One real case: the Ninth Circuit in Van Patten v. Vertical Fitness Group (2017) held that consent embedded in a general membership agreement was insufficient when the telemarketing nature of future texts was not clearly disclosed. That principle has been applied widely since. [11]
Does consent transfer when you buy leads from a third party?
Almost always no. This is the most expensive mistake in outbound sales right now.
When a consumer fills out a form on a lead aggregator's site and consents to be contacted, that consent is valid only for the companies named in that form. If your company is not named, or the form uses vague language like "mortgage partners" or "insurance providers in your area," that consent does not reach you. [3]
The FCC addressed this directly in 2012, and courts have backed it up steadily. The lead generation industry argued that consent to a broad category of sellers was enough. That argument has not done well in litigation.
If you buy leads, you need to see the actual opt-in form the consumer completed. Not a summary. Not a vendor's assurance. The actual form, with the specific consent language, and your company's name or a description narrow enough to include you. If the vendor cannot produce it, assume the consent is invalid.
For more on how the do not call list interacts with third-party leads, that resource covers the overlapping obligations.
How do you revoke prior express written consent?
Consumers can revoke PEWC at any time, through any reasonable means. The FCC made this explicit in its 2015 Declaratory Ruling, and lower courts have refined the boundaries of acceptable revocation channels in the years since. [9]
You cannot contractually limit how someone revokes. A clause reading "revocation must be in writing via certified mail" is unenforceable under the FCC's framework. If someone texts "STOP," emails to say no more calls, or tells a live agent verbally to stop, that is valid revocation and you have to honor it promptly.
The FCC's 2024 one-to-one consent rules also clarified that revoking consent from one seller does not automatically revoke consent given separately to another. Each consent relationship stands on its own. [6]
Process-wise: build revocation into your CRM at the record level, not the list level. If someone revokes for calls, log when they said it, who received it, and what action was taken. A gap in that documentation during litigation is almost as bad as no documentation at all.
LeadCompliant's free consent checker can audit whether your current opt-in forms capture and document revocation properly. Their compliance kit walks through this record-keeping requirement step by step.
What did the FCC's 2024 one-to-one consent rule change?
The FCC issued a Report and Order in December 2023 (with a scheduled effective date of January 27, 2025) that tightened the lead generation consent model considerably. [6]
The key changes:
First, PEWC would have to be granted to one seller at a time. The old move of having a consumer check one box and consent to contact from a long list of partners, affiliates, or "marketing partners" is prohibited for covered calls and texts. Each seller needs its own individual consent.
Second, the calls or texts would have to be "logically and topically related" to the website or interaction where consent was collected. If someone consented on a mortgage comparison site, a debt collection call would not be logically related and would not be covered.
Third, the FCC required that any consent given through a lead generator be passed to the seller in a way that preserves the original consent record, more than a name and number transfer.
The rule drew a legal challenge, and the Eleventh Circuit vacated it in January 2025 (Insurance Marketing Coalition Ltd. v. FCC). As of this writing, the one-to-one requirement is not in force. But the underlying principle, that broad bundled consent to unnamed multiple sellers is legally weak, was already where courts were heading before the 2024 order. Building toward one-to-one consent is still the safer practice. [7]
What are the penalties if you make calls without valid prior express written consent?
Statutory damages under 47 U.S.C. § 227(b)(3) run $500 per violation for negligent violations and up to $1,500 per violation for knowing or willful ones. Each call or text is a separate violation. [1]
The math gets frightening fast. A campaign that sends 100,000 texts without valid PEWC carries potential exposure of $50 million to $150 million before any class-certification multiplier.
Class actions are the main engine of TCPA enforcement. A plaintiff's attorney can pull thousands of similarly situated recipients into a single suit, which is why TCPA cases routinely settle in the millions even when the per-call damages look modest. The FCC and state attorneys general also bring enforcement actions, but private class actions are the dominant threat for most businesses.
Here is how the numbers have played out in some notable settled cases:
| Company | Approximate Settlement | Year |
|---|---|---|
| Capital One | $75 million | 2015 |
| Bank of America | $32 million | 2014 |
| DirecTV | $13 million | 2016 |
| Google/Nextel | $19 million | 2021 |
Note: settlement amounts reflect total funds, not always purely TCPA damages, and are drawn from public court filings. These figures are real, but each case involved multiple claims. [8]
For a closer look at how one large settlement unfolded, the cash app tcpa class action settlement breakdown shows the mechanics of class certification and damages calculations in practice.
How should you document and store prior express written consent records?
The FCC sets no specific retention period for PEWC records, but courts and plaintiffs' attorneys will demand them the moment litigation starts. Aim for this standard: keep the record for as long as you are contacting that person, plus four years after the last contact (the outer edge of the TCPA statute of limitations, though some courts apply longer state periods). [1]
What the record needs to hold:
A copy of the exact consent form, including all text the consumer saw when they agreed. A screenshot or archived HTML beats a verbal description. The timestamp of the consent action, tied to a server log rather than a self-reported date. The consumer's identifier, name, and number. An IP address for web-based consent. If the consent was on paper, a scanned copy of the signed form.
Store these records in a system that is hard to modify after the fact. A database where the consent record can be edited retroactively is a liability. Immutable storage, or at minimum audit-logged storage, is the right call.
For teams handling high-volume leads, the text message marketing guide covers consent documentation specifically for SMS programs, which tend to generate the most volume and the most exposure.
LeadCompliant's compliance kit includes a consent record template you can adapt to your tech stack. It is free and there is no credit card.
Does the TCPA written consent requirement apply to texts the same way it applies to calls?
Yes. The FCC confirmed in its 2012 order and its 2015 Declaratory Ruling that text messages sent through an ATDS are treated the same as calls under 47 U.S.C. § 227(b)(1)(A). A text is a "call" for TCPA purposes. [9]
So if you run any automated SMS marketing program, every text to a cell phone for a telemarketing purpose needs PEWC with all four elements: the no-purchase-required language, the specific seller identification, the clear disclosure of automated messaging, and the affirmative signature-equivalent action by the consumer.
One nuance. Purely transactional texts, like a shipping confirmation or a one-time password, usually fall under the lower prior express consent standard as long as they carry no promotional content. The moment a transactional message includes even a sentence promoting a product or service, most courts and the FCC treat the whole message as telemarketing. The line is fine, and plaintiffs' attorneys know how to argue it.
If you are not sure your contacts have valid written consent for your SMS program, checking them against the mobile phone do not call list is a necessary but not sufficient step. DNC scrubbing handles one layer; it does not create or validate PEWC.
Frequently asked questions
Does prior express written consent expire?
The TCPA and FCC rules set no expiration date for PEWC. Practically, consent can go stale if a lot of time passes or if the nature of the contact changes materially from what the consumer originally agreed to. Some compliance attorneys suggest re-confirming consent after 18 to 24 months of inactivity, but there is no binding rule on this. A consumer can revoke at any time regardless of when they originally consented.
Can I rely on verbal consent recorded over the phone for telemarketing calls?
No, not for ATDS or prerecorded telemarketing calls to cell phones. The FCC's written consent requirement specifically excludes verbal consent for these call types. A recorded verbal agreement might satisfy the lower prior express consent standard for informational calls, but not for telemarketing using automated technology. If you are calling cell phones with a dialer to sell something, you need written consent obtained before the call.
Does a business relationship with a customer mean I have their TCPA consent?
Not anymore. The FCC eliminated the established business relationship (EBR) exemption for autodialed and prerecorded telemarketing calls to cell phones in its 2012 order, effective October 2013. A prior purchase or inquiry still matters for some manually dialed call rules and for FTC DNC exemptions, but it does not substitute for PEWC under the TCPA for automated telemarketing.
What language must appear in a TCPA written consent form?
The form has to state that the consumer agrees to receive autodialed and/or prerecorded calls or texts, identify the seller or company making contact, and state explicitly that consent is not required to buy any goods or services. The FCC does not mandate exact wording, but the disclosure has to be clear and conspicuous, and the consent action has to be affirmative. Pre-checked boxes, passive scrolling, and buried terms-of-service links do not satisfy this standard.
Is a double opt-in required for TCPA compliance?
The TCPA and FCC rules do not require a double opt-in. A single clear affirmative action, like checking an unchecked box or clicking a clearly labeled consent button, can satisfy the written agreement requirement. That said, double opt-in is a strong practice because it creates a second documentation point and helps confirm the consumer controls the number. Many SMS compliance programs use it as risk reduction, not a legal mandate.
If a consumer gives consent on a lead gen website, can multiple companies use that consent?
Only if each company is specifically named in the consent agreement. The FCC's 2012 rules require consent to a specific seller, and its 2024 one-to-one order pushed the same direction before being vacated on appeal. Broad consent to unnamed "marketing partners" or a category of companies does not reach any specific seller who is not identified by name or sufficient description in the original form. Buying a lead does not transfer consent.
What is the difference between TCPA consent and CAN-SPAM consent?
CAN-SPAM governs commercial email and requires no prior consent at all; it is an opt-out framework. TCPA governs calls and texts and requires prior consent before contact for automated telemarketing. TCPA written consent has to be obtained before the first automated marketing call or text. The two laws operate independently. Complying with CAN-SPAM for an email campaign tells you nothing about whether a follow-up text to the same contact complies with the TCPA.
Do the TCPA written consent rules apply to B2B calls?
The TCPA's cell phone rules apply to any call made to a cellular number regardless of whether the recipient is a consumer or a businessperson. If you are autodial calling a cell phone to sell something, it does not matter that the number belongs to a business owner or employee. You still need PEWC. The residential landline rules have some different nuances, but the cell phone written consent requirement is not limited to personal-use numbers.
What happens if a consumer changes their phone number after giving consent?
The consent follows the person who gave it, not the number. If a consumer ports their number to a new carrier or gets a new number, consent given for the old number does not automatically cover the new one. More dangerous still, if the old number is reassigned to a new subscriber, your consent to reach the original subscriber does not cover the new person who now holds that number. Regular scrubbing against the FCC's reassigned numbers database is the main mitigation tool.
Can a consumer revoke TCPA consent by replying STOP to a text?
Yes. A STOP reply to a text message is valid revocation under the FCC's 2015 Declaratory Ruling, and you have to honor it promptly. You cannot force consumers to use a specific revocation method. Courts have found revocations sent by email, stated verbally to a live agent, or submitted through an online form all valid. Once revocation is received, any later automated marketing contact violates the TCPA regardless of the original consent.
Does the FCC's 2024 one-to-one consent rule still apply after the court challenge?
No. The Eleventh Circuit vacated the one-to-one consent rule in January 2025 in Insurance Marketing Coalition Ltd. v. FCC, so it is not in force. The FCC could re-issue a revised rule, and the underlying legal theory, that broad bundled consent to unnamed sellers is insufficient, has strong support in existing case law independent of the 2024 order. Structuring consent on a one-to-one basis remains the lower-risk approach.
What records do I need to prove prior express written consent in court?
At minimum: a copy of the exact consent form the consumer saw, including all disclosure language; a timestamp tied to a server log; the consumer's name and phone number; and, for web-based consent, an IP address. Courts in TCPA cases routinely reject consent defenses when records show only a name and number with no corroboration of when or how the form was completed. Immutable or audit-logged storage is strongly recommended for these records.
Are there state laws that add requirements on top of TCPA written consent?
Yes. Several states impose stricter or broader requirements than the TCPA. Florida's Telephone Solicitation Act (FTSA) and Washington's Commercial Electronic Mail Act add obligations for calls and texts to residents of those states. California's CCPA interacts with consent records by imposing data handling and deletion obligations. Any national outbound program needs to account for the strictest applicable state law, above the federal minimum.
Does TCPA written consent apply if I use a human agent making manual calls?
No, not under the TCPA's cell phone provision, which requires an ATDS or prerecorded/artificial voice. A truly manual call made by a live agent dialing each number individually does not trigger the PEWC requirement, though you still have to respect the National Do Not Call Registry and applicable state DNC rules. For how manual cold calling interacts with the do-not-call rules, the do-not-call telemarketer list resource covers those obligations.
Sources
- Cornell LII, 47 U.S.C. § 227 (TCPA statute text): TCPA statutory text on ATDS call restrictions and $500/$1,500 per-violation damages
- FTC, Complying with the Telemarketing Sales Rule: Third-party lead consent transfer limitations and buried consent language findings
- FCC, 47 C.F.R. § 64.1200 (TCPA implementing regulations): Regulatory definition of prior express written consent including E-SIGN Act incorporation and signature requirements
- FCC, Reassigned Numbers Database (official program page): FCC's reassigned numbers database exists to help callers identify numbers reassigned to new subscribers
- U.S. Court of Appeals, 11th Circuit, Insurance Marketing Coalition Ltd. v. FCC (2025): Eleventh Circuit vacated the FCC's one-to-one consent rule in January 2025
- Consumer Financial Protection Bureau (public enforcement and court filings): Settlement amounts in notable TCPA class actions including Capital One ($75M, 2015) and Bank of America ($32M, 2014)
- Electronic Signatures in Global and National Commerce Act (E-SIGN Act), 15 U.S.C. § 7001: E-SIGN Act establishes legal validity of electronic signatures incorporated by FCC into PEWC definition
- Ninth Circuit, Van Patten v. Vertical Fitness Group, LLC, 847 F.3d 1037 (9th Cir. 2017): Ninth Circuit found consent in general membership agreement insufficient when telemarketing nature of texts was not clearly disclosed
- FTC, National Do Not Call Registry (consumer and business information): FTC DNC registry obligations and exemptions applicable to outbound telemarketing regardless of TCPA consent status