Last updated 2026-07-11

TL;DR
The National Do Not Call Registry, run by the FTC, holds over 249 million phone numbers as of 2023. The FCC's one-to-one consent rule took effect January 27, 2025, and killed shared lead-gen consent forms for robocalls. FTC civil penalties reach $51,744 per call. Scrub the registry every 31 days, honor state lists, and document consent.
What is the DNC registry and who runs it?
The National Do Not Call Registry is a federal list that lets consumers tell telemarketers to stop calling. The Federal Trade Commission (FTC) runs it under the Telemarketing Sales Rule (16 CFR Part 310) and the Do-Not-Call Implementation Act of 2003 [1]. The Federal Communications Commission (FCC) enforces the parallel rules under the Telephone Consumer Protection Act, 47 U.S.C. § 227 [2].
Two agencies, one list, two sets of teeth. The FTC can sue telemarketers directly. The FCC writes the rules on consent and autodialing. They coordinate, but they run separate investigations, and each one can hit you with its own penalties.
Consumers sign up by phone at 1-888-382-1222 or online at donotcall.gov [11]. Registration is permanent. A 2008 amendment killed the five-year expiration that existed in the original rule [3], so a number stays on the list until the consumer disconnects it or takes it off.
The registry held roughly 249 million active registrations as of the FTC's most recent annual data book [4]. It has grown every year since 2003 and shows no sign of shrinking. If you run outbound calls in the United States, you are almost certainly dialing into that pool.
For a broader look at how the do not call list works from both the consumer and caller side, that article covers the full mechanics.
What are the biggest recent changes to DNC registry rules?
The biggest recent change is the FCC's one-to-one consent rule, adopted in December 2023 and effective January 27, 2025. The FCC's Report and Order (FCC 23-107) rewrote how lead generators can get TCPA consent [5]. Under the old reading, one checkbox on an aggregator site could authorize calls from dozens of unrelated companies. That is over.
Starting January 27, 2025, prior express written consent for robocalls and robotexts has to go to one seller at a time. The consent also has to be logically and topically related to the website where it was collected. A consumer on a mortgage comparison site cannot be consented into calls from a home security company on the same checkbox [5]. This is the biggest structural shift in TCPA consent practice in years, and it hits lead buyers as hard as lead sellers.
On the FTC side, the civil penalty per violation rose to $51,744 for 2024 under the Federal Civil Penalties Inflation Adjustment Act [6]. That number climbs a little every year. It is not a negotiating floor. It is the statutory maximum per call, and the FTC has used it to build multi-million-dollar cases.
The FTC also ran Operation Stop Scam Calls in 2023, a coordinated sweep against illegal robocallers. Some actions produced permanent injunctions and judgments over $100 million, though actual collection on those judgments is usually far lower [4].
States moved too. Florida and Pennsylvania both enforce DNC rules that go past the federal floor, and both have been active. Florida's law under the Florida Telemarketing Act carries its own per-call penalty structure. See the Florida do not call list article for specifics.
How often do callers have to scrub against the DNC registry?
The FTC's Telemarketing Sales Rule requires you to access the registry and honor a number within 31 days of it appearing on the list [1]. In practice, that means you scrub your call list against the current registry no more than 31 days before you dial.
This rule catches a lot of teams off guard. They scrub once when they buy the list and assume they are covered. They are not. If a prospect registered on day 15 after your initial scrub, and you call on day 35, you broke the rule even though your original data was clean.
The safest process is a monthly automated scrub tied to your dialing calendar, not your list purchase date. Most compliance-minded teams scrub every 15 to 30 days to build in margin. The 31-day window is a ceiling, not a target.
To scrub at all, you have to register as an organization. The FTC charges $75 per area code per year, capped at $18,044 for the full national list [4]. Nonprofits that call only on their own behalf skip the fee but still have to honor the list.
For a step-by-step walkthrough of downloading the data, see how do I get the do not call list.
What does the FCC's one-to-one consent rule mean for lead generators in 2025?
The FCC's one-to-one consent rule (FCC 23-107) is the single most consequential change for outbound teams that buy leads [5]. Before January 27, 2025, many lead-gen sites used a broad disclosure that claimed to authorize calls from a list of "marketing partners," sometimes dozens of them. Courts and the FCC tolerated it for years, though it always sat in an uncomfortable gray zone.
That structure is now flatly illegal for automated calls and texts. The rule requires that prior express written consent name the specific seller making the call. Consent has to be one-to-one: one consumer, one company. In the order, the FCC described the requirement as consent given to "a single seller" per authorization [5].
Here is what it means operationally. If you buy leads from an aggregator that uses a shared consent form, those leads do not carry valid TCPA consent for your robocalls. You either build your own opt-in flow, partner with sources using compliant one-to-one disclosures, or stick to human-initiated calls that do not need prior express written consent under the TCPA. The DNC registry prohibition still applies to every call regardless of type.
The topicality requirement matters just as much. The FCC said consent must be "logically and topically related to the interaction that prompted the consent." If you sell insurance and the consent form sits on a recipe website, the consent is invalid even if it names your company.
Lead buyers who ignore this face direct liability. The FCC was clear that a seller cannot hide behind a lead generator's form when the consent was invalid. You are responsible for having a lawful basis to make the call.
What exemptions exist to the DNC registry rules?
Several kinds of calls are exempt from the registry, and knowing the exact limits matters, because callers routinely overclaim them.
The clearest one is the established business relationship (EBR). Under the FTC's rule, an EBR exists if the consumer made a purchase or completed a transaction with you in the past 18 months, or made an inquiry or application in the past 3 months [1]. An inquiry alone gives you only a 3-month window. The exception dies the moment the consumer tells you specifically not to call, even inside the EBR window.
Personal relationship calls are exempt. If you actually know the person, the registry does not apply. This is narrow and does not cover sales calls to acquaintances.
Calls with express written permission are exempt. This is the consent carve-out, and it is what most teams lean on for active prospect lists. The consent has to be in writing (electronic records count) and has to authorize the specific seller to call [2].
B2B calls are largely exempt from the federal registry. The registry protects residential subscribers, so calls to business lines are not covered [1]. Some states extend DNC rules to business numbers, and the TCPA's autodialer limits apply to cell phones no matter how the line is used.
Charitable calls made on the organization's own behalf, political calls, and survey calls are generally exempt from the DNC prohibition. They still have to follow the TCPA's autodialer and prerecorded-voice rules in separate parts of 47 U.S.C. § 227 [2].
See the do not call telemarketer list article for a full breakdown of who the rules actually reach.
How are cell phones handled under the DNC registry?
Cell phones can be registered on the National DNC Registry, and plenty are. The FTC has never published a clean split of mobile versus landline registrations, so nobody has good data on the exact ratio. The closest proxy is a CDC survey finding that about 73% of U.S. adults live in wireless-only households [7], which suggests most new registrations are mobile numbers.
Here is the part many callers miss. The TCPA layers separate restrictions on cell phones regardless of DNC status. Under 47 U.S.C. § 227(b), using an automatic telephone dialing system or a prerecorded voice to call a cell phone requires prior express consent, even if that number never touched the DNC registry [2]. The two frameworks stack.
So a mobile number that is not on the registry can still be off-limits if you are autodialing without consent. And a mobile number that is on the registry carries both the DNC prohibition and the autodialer consent requirement.
For a full breakdown of what cell phone owners and callers need to know, the mobile phone do not call list article goes deep on the TCPA's wireless rules.
One practical note about porting. A number that was a landline when it was registered may be a cell phone now. Carrier lookup tools can identify the current line type, and most compliance teams run these checks before dialing to avoid autodialing a ported cell phone under what they thought was a landline permission.
What are the current DNC violation penalties?
The FTC can seek civil penalties up to $51,744 per violation for 2024 [6]. Each illegal call is its own violation. The FCC can impose forfeitures up to $23,727 per violation for knowing or willful conduct, with a single-day cap of $177,944 for continuing violations [8].
Consumers can also sue under the TCPA's private right of action. Section 227(c)(5) lets an individual recover $500 per violation, or up to $1,500 for a knowing or willful one [2]. Class actions are the real exposure. A certified class of 100,000 consumers at $500 each is a $50 million statutory damages case before attorneys' fees.
The FTC's largest recent DNC judgments run into the hundreds of millions against high-volume illegal robocalling operations, though most of those defendants lack the assets to pay [4]. For legitimate businesses, settlements in the low millions for systematic non-compliance are more common.
State attorneys general can bring their own actions under section 227(f), and many do. Florida's attorney general has been especially active, and states with their own telemarketing statutes can stack penalties on top of the federal ones.
Here is the honest risk math: for most small and mid-size outbound teams, the aggregated per-call damages under the TCPA private right of action create far more exposure than FTC penalties. The class action plaintiff's bar watches these cases closely.
| Penalty type | Amount | Authority |
|---|---|---|
| FTC civil penalty (per violation) | Up to $51,744 | 16 CFR 310, FTC Act |
| FCC forfeiture (knowing/willful, per violation) | Up to $23,727 | 47 U.S.C. § 503 |
| TCPA private right of action (per call) | $500, up to $1,500 | 47 U.S.C. § 227(c)(5) |
| TCPA class action (illustrative 100K class) | $50M+ statutory | 47 U.S.C. § 227(c)(5) |
How do state DNC lists interact with the federal registry?
The federal registry is a floor, not a ceiling. Most states that run their own DNC programs require separate registration and enforce their own rules on top of the federal regime [9]. If you operate in any of those states, you scrub against both.
States with distinct DNC programs or stricter telemarketing statutes include Florida, Pennsylvania, Texas, Indiana, Wyoming, and Louisiana, among others. Some state lists sit separately from the federal registry. Others have been folded into or coordinated with the federal database over time.
Florida's law under the Florida Telemarketing Act (Florida Statutes Chapter 501) is aggressive. Florida lets a consumer register on the state list even if they never registered federally, and Florida's per-call penalties apply to state-list violations on their own [9]. If you call Florida numbers, read the Florida do not call list article carefully before your next campaign.
Pennsylvania has a similar setup. The state list runs under the Pennsylvania Telemarketer Registration Act, and state registration is required separately from federal registration [10]. See the do not call list PA article for the registration steps.
The takeaway is simple. If your call list touches numbers in states with independent DNC programs, your scrubbing process has to include those state lists. A vendor that only checks the federal registry leaves you exposed in those states.
LeadCompliant's DNC registry overview covers the federal and state interaction in more detail, and the free compliance kit includes a state-by-state program checklist.
What does current FTC enforcement tell us about what triggers investigations?
Read the FTC's enforcement actions from the last three years and clear patterns show up in what actually opens a case.
High call volume to registered numbers is the most common thread. Companies making thousands or millions of calls to DNC-listed numbers are the primary targets [4]. The FTC's technology team works from call data that surfaces through consumer complaints and the reporting system on donotcall.gov.
Complaints are the primary trigger for smaller investigations. The FTC logged roughly 2.1 million do not call complaints in fiscal year 2023 [4]. Those complaints are searchable by company name, phone number, and calling pattern, and a spike around one number or organization draws attention fast.
Spoofing raises the stakes. Using false caller ID to disguise calls is a separate violation under the Truth in Caller ID Act, and spoofing plus DNC violations is a reliable path to a big penalty [4].
No written DNC compliance policy hurts you. Both agencies look for evidence of good-faith compliance when they set penalties. A company with a documented scrubbing process, training records, and internal DNC policies gets treated differently than one with nothing.
For teams that want to check whether a number has been reported, the do not call list report article covers the reporting process and how complaint data gets used.
How do businesses register to access and download the DNC registry?
To scrub your call lists against the National DNC Registry, you register at telemarketer.donotcall.gov. You cannot download the list anonymously [1].
Registration asks for your organization's name, address, contact info, and a certification that you will use the data only to prevent calls to registered numbers. You pay the access fee ($75 per area code per year, capped at $18,044 for the full national list) and then download the relevant area codes as a comma-delimited text file [4].
The data comes as plain text and has to connect to your CRM or dialing platform to do anything. Most serious outbound teams do not build that integration themselves. They either use a DNC scrubbing service that keeps a current copy of the registry and runs automated checks, or a dialing platform with the registry built in.
Using a third-party service does not move the legal obligation off you. A vendor error does not erase your liability for calling a registered number, though documented reliance on a vendor's representations has been treated as a mitigating factor in some enforcement matters.
Access expires every year and has to be renewed. If your subscription lapses and you keep calling without re-scrubbing, you lose even the technical good-faith argument.
For a detailed walkthrough, the government do not call list and ftc do not call list articles cover the registration interface field by field.
What should outbound teams actually do right now to stay compliant?
Compliance is not a one-time project. It is a recurring operational process. Here is what actually matters day to day.
Get your scrubbing on a fixed calendar. Scrub against the federal registry and any applicable state lists no more than 31 days before each campaign launch. If your dialing runs continuously, set a monthly scrub date and treat a missed one the way you would treat a missed payroll run.
Audit your lead sources for post-January-2025 consent. If you buy from aggregators, ask them straight: does each consent form name your company specifically, and is it logically related to the site topic? If the answer to either is no, those leads carry TCPA exposure for any automated call you make.
Document your internal DNC list. The FTC's rule requires you to keep your own do-not-call list of consumers who asked not to be called, and to honor those requests across your whole organization within 30 days [1]. If a consumer says "stop calling me" and a different rep dials them two weeks later because nobody saw the note, that is a violation.
Train your agents. Reps routinely misread the 30-day internal DNC window and the EBR rules. A written policy means nothing if the people dialing do not know the rules.
Look hard at your channel mix. Human-initiated calls to EBR numbers carry far lower TCPA exposure than automated calls to purchased lists. If your business can lean toward inbound-initiated conversations and confirmed opt-in lists, your compliance overhead drops a lot.
LeadCompliant's free compliance kit includes a scrubbing schedule template, a consent documentation checklist, and a state DNC program reference chart, which saves a few hours of setup for teams building this from scratch.
Frequently asked questions
How many phone numbers are registered on the National DNC Registry?
About 249 million phone numbers are registered on the National Do Not Call Registry as of the FTC's most recent annual data book. The list has grown every year since it launched in 2003 and shows no sign of plateauing. Both landlines and mobile numbers can be registered, and registration is permanent since the 2008 amendment removed the five-year expiration.
Does the DNC registry apply to text messages?
Yes. The FCC treats text messages sent with an automatic telephone dialing system as subject to TCPA restrictions, and a consumer's DNC registration applies to marketing texts the same as voice calls. The FCC's 2023 one-to-one consent order explicitly covered robotexts. If a number is on the registry, do not send it unsolicited marketing texts either.
Can a number be removed from the DNC registry?
Yes, but only by the consumer who registered it. Consumers remove a number at donotcall.gov or by calling 1-888-382-1222. A number also drops off automatically if it is disconnected and reassigned to a new subscriber, though that can take time to propagate through the database. Callers have no way to remove a number themselves.
What is the established business relationship exception and how long does it last?
The established business relationship (EBR) exception lets you call a consumer on the registry if they made a purchase or completed a transaction with you in the past 18 months, or made an inquiry or submitted an application in the past 3 months. It ends immediately if the consumer specifically tells you not to call, even inside the window. Document every transaction and inquiry with timestamps to support the defense.
What changed about TCPA consent on January 27, 2025?
The FCC's one-to-one consent rule took effect on January 27, 2025. It requires prior express written consent for robocalls and robotexts to name one specific seller, be given directly to that seller rather than through a shared aggregator checkbox, and be logically related to the interaction that prompted it. Broad, multi-seller consent forms are no longer valid for automated marketing calls.
Do B2B calls have to follow DNC registry rules?
Generally no, for the federal registry. The National DNC Registry protects residential subscribers, so calls to business numbers are not covered by the registry prohibition. But if an employee's personal cell phone gets called for business, the TCPA's wireless restrictions can still apply. Some states extend DNC protections to business lines, so check state law before assuming a B2B call is unrestricted.
How much does it cost to access the DNC registry for scrubbing?
The FTC charges $75 per area code per year, capped at $18,044 for the complete national list. Nonprofits that call only on their own behalf are exempt from the fee. You pay at registration and renew annually. If your subscription lapses and you call without re-scrubbing, you lose even the technical protection of having checked the list.
What triggers an FTC or FCC DNC investigation?
The most common triggers are high volumes of consumer complaints filed at donotcall.gov, call data showing systematic dialing of registered numbers, and tips from industry insiders or injured parties. Caller ID spoofing sharply raises enforcement interest. The FTC's analytical team monitors complaint patterns, and a spike around a particular number or company name is often what opens a case.
Are political calls exempt from the DNC registry?
Political calls are generally exempt from the registry's prohibition, because the registry applies to telemarketing, defined as calls encouraging the purchase or rental of goods or services. Pure political advocacy calls do not meet that definition. But political calls using prerecorded messages to cell phones still need prior express consent under the TCPA's separate autodialer provisions.
How do I file a complaint about an illegal telemarketing call?
File at donotcall.gov or by calling 1-888-382-1222. Complaints go into the FTC's database and get reviewed for enforcement patterns. Have the caller's phone number, the date of the call, and what was offered. Filing does not guarantee action on your individual call, but complaint data is the primary tool the FTC uses to identify systematic violators.
Does a company need to maintain its own internal DNC list in addition to scrubbing the federal registry?
Yes. The FTC's Telemarketing Sales Rule requires companies to keep an internal do-not-call list of consumers who specifically asked not to be called. You honor those requests within 30 days and keep the record for at least five years. This applies even when the consumer is not on the federal or state registry. Failing to maintain and honor an internal list is a separate, independent violation.
What is the penalty for calling a number on the DNC registry?
The FTC can seek up to $51,744 per violation for 2024. The FCC can impose forfeitures up to $23,727 per knowing or willful violation. Individual consumers can sue under the TCPA for $500 per call, or $1,500 for a knowing or willful one. Class actions aggregating thousands of $500 claims are the largest practical financial exposure for most outbound sales teams.
Do numbers stay on the DNC registry forever?
Since a 2008 amendment to the Do-Not-Call Implementation Act, registrations do not expire. Before that, numbers dropped off after five years and consumers had to re-register. Now a number stays until the consumer removes it or the number is disconnected and reassigned. Reassigned numbers can take time to drop off, so number type and reassignment checks are good practice before dialing old lists.
Are there DNC rules specific to certain industries like insurance or mortgage?
The federal registry applies across industries with no sector carve-outs. But insurance and financial services also answer to industry regulators (state insurance commissioners, the CFPB) that can impose extra calling restrictions. The one-to-one consent rule specifically hits lead generation in high-volume sectors like insurance, mortgage, and home services. State attorneys general have brought industry-targeted enforcement in those areas too.
Sources
- FTC, Telemarketing Sales Rule (16 CFR Part 310): The TSR requires telemarketers to honor DNC registrations within 31 days, maintain internal DNC lists for 5 years, and governs the EBR exception windows of 18 months for transactions and 3 months for inquiries.
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: The TCPA prohibits autodialed or prerecorded calls to cell phones without prior express consent and allows private suits of $500 to $1,500 per violation under section 227(c)(5).
- FTC, National Do Not Call Registry Data Book FY 2023: The FTC received approximately 2.1 million DNC complaints in FY 2023, the registry held approximately 249 million registrations, and access fees are $75 per area code capped at $18,044 for the full national list.
- FTC, adjusted civil penalty amounts, Federal Register notice (2024): As of 2024, the maximum civil penalty per DNC violation is $51,744, adjusted under the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015.
- CDC National Center for Health Statistics, Wireless Substitution: Early Release of Estimates: A CDC survey found approximately 73% of U.S. adults live in households with only wireless telephone service, suggesting the majority of new DNC registrations are mobile numbers.
- Florida Office of the Attorney General, Florida Telemarketing Act, Chapter 501 F.S.: Florida's Telemarketing Act imposes its own DNC registration requirements and per-call penalties independent of the federal registry.
- Pennsylvania Attorney General, Pennsylvania Telemarketer Registration Act: Pennsylvania maintains a separate state DNC list under the Pennsylvania Telemarketer Registration Act, requiring independent state registration for telemarketers operating in the state.
- FTC, donotcall.gov consumer registration page: Consumers register their phone numbers on the National DNC Registry at donotcall.gov or by calling 1-888-382-1222; registration is permanent.