Do not call list fines: what they actually cost and how to avoid them

DNC violations cost up to $53,088 per call under TCPA and FTC rules. Learn exactly how fines are calculated, who enforces them, and how to stay compliant.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Office phone at rest on a desk beside a notepad, do not call compliance concept
Office phone at rest on a desk beside a notepad, do not call compliance concept

TL;DR

Calling someone on the National Do Not Call Registry can cost you up to $51,744 per violation under FTC rules, and TCPA violations carry a separate $500 to $1,500 per-call exposure in private lawsuits. The FCC and state attorneys general can pile on top. Small teams get hit just as hard as enterprises. Here is what the numbers mean and how enforcement works.

What is the do not call list and which law backs it up?

The National Do Not Call Registry is a database run by the Federal Trade Commission that lets consumers opt out of most commercial telemarketing calls. It launched in 2003 under authority from the Telephone Consumer Protection Act (47 U.S.C. § 227) and the FTC's Telemarketing Sales Rule (16 C.F.R. Part 310). [1][2]

Those are two separate legal frameworks. That matters, because they create two separate enforcement paths. The TCPA is a federal statute enforced by the FCC and, importantly, by private plaintiffs in civil court. The Telemarketing Sales Rule (TSR) is enforced only by the FTC and state attorneys general. Call someone on the registry without a valid exemption and you may be exposed to both at once.

The TCPA's core prohibition sits at 47 U.S.C. § 227(c): "No person or entity shall initiate any telephone solicitation to a residential telephone subscriber who has registered his or her telephone number on the national do-not-call registry." [3] That one sentence generates most of the litigation you read about.

The registry covers residential landlines and personal cell phones. Business-to-business calls mostly sit outside its scope, though the TCPA still applies to certain autodial and prerecorded call scenarios no matter whether the number is on the registry. Courts keep sorting out the line between a residential and a business line, especially for cell phones people use for both work and personal calls.

How much is the fine for calling someone on the do not call list?

There are two fine structures, and both can apply to the same call.

The FTC adjusts its civil penalty ceiling every year for inflation. As of 2024, the maximum per-violation penalty under the Telemarketing Sales Rule is $51,744. [4] The FCC sets its own figure under the TCPA: the maximum is currently $23,727 per intentional violation. [5] The FTC number gets more press because it is higher, but both are per-call figures. A campaign that dials a few hundred DNC numbers can stack into seven figures fast.

Private lawsuits under the TCPA are the third track, and often the most expensive in practice. The statute allows $500 in statutory damages per violation, or $1,500 per willful or knowing violation. [3] That sounds modest until you realize class actions aggregate millions of individual calls. UnitedHealthcare agreed to pay $2.5 million to resolve alleged TCPA violations, a case you can read about here: UnitedHealthcare TCPA settlement.

State penalties add another layer. Several states run their own mini-TCPA or DNC statutes with independent per-call fines. Florida's Telephone Solicitation Act, for example, allows up to $500 per call in private actions, and the state attorney general can seek additional civil penalties. Texas, Indiana, and Oklahoma each keep state DNC lists on top of the federal registry. [6]

Here is a quick reference for the main fine tiers:

Enforcement channelFine per violationWho can bring it
FTC (TSR violation)Up to $51,744FTC only
FCC (TCPA, intentional)Up to $23,727FCC only
TCPA private lawsuit$500 standard / $1,500 willfulAny individual plaintiff
State statutes (varies)$100 to $25,000State AG or private plaintiff

How does the FTC calculate do not call fines in practice?

The FTC does not automatically charge the maximum. It weighs the volume of illegal calls, how long the conduct ran, whether the company profited, and whether it cooperated with investigators. Repeat offenders and companies that ignored prior consent orders get hit much harder. [4]

In 2023, the FTC sued a lead generation operation called Fluent, Inc. for allegedly selling leads that produced millions of calls to DNC-registered numbers. The FTC did more than charge one fine. It sought relief for each distinct call identified. When a campaign runs at scale, the math turns brutal.

One thing that catches small businesses off guard is the "established business relationship" (EBR) exemption. If a consumer has bought from you or made an inquiry within the past 18 months, you can call them even if they are on the registry. [2] But that EBR ends the moment the consumer asks you to stop. After that, ignoring the request turns a protected call into a clear violation.

The FTC also checks internal "do not call" list compliance separately from the national registry. Even if a number is not on the national registry, a consumer who told your company directly not to call has put you on notice. Call them again and you can trigger TSR liability just the same.

Documentation is what saves companies during FTC investigations. Show the registry scrubbing logs, the date of the scrub, and the version of the database you used, and you have evidence of a good-faith compliance effort. Fail to show that, and the presumption runs against you.

Maximum do not call fine per violation by enforcement channel All figures are per-violation (per call) maximums as of 2024 FTC (TSR) civil penalty $52k FCC (TCPA, intentional) $24k TCPA private suit (willful) $1,500 TCPA private suit (standard) $500 Source: FTC Telemarketing Sales Rule; FCC TCPA enforcement; 47 U.S.C. § 227(c)(5)

What is the TCPA do not call list rule and how does it differ from the FTC registry?

The TCPA do not call framework has two components people often conflate. First, the national registry the FTC maintains. Second, company-specific do-not-call lists every telemarketer has to keep on its own. The TCPA requires both. [3]

Under 47 C.F.R. § 64.1200(d), any entity making telephone solicitations has to have a written policy for maintaining its internal DNC list, train the personnel who place calls on that policy, honor internal DNC requests within 30 days, and keep those requests on file for at least five years. [7] Many companies focus so hard on the national registry that they let their internal list process fall apart. That is a separate, independent liability.

The TCPA carries its own exemptions from the national registry rule. Calls made with the consumer's prior express written consent bypass the DNC restriction entirely. Calls by or on behalf of tax-exempt nonprofits are exempt. Calls to someone with an established business relationship are exempt (though the 18-month and three-month windows apply, depending on whether the relationship came from a purchase or an inquiry).

The biggest structural difference between the TCPA and the TSR is the private right of action. The TCPA lets any individual sue directly in federal or state court without involving the FCC or FTC. That is why TCPA class actions are common and TSR class actions basically do not exist. Call someone on the DNC list and they hire a plaintiff's attorney, and the FTC is not in the room at all. The case proceeds under 47 U.S.C. § 227(c)(5), which expressly creates that private cause of action. [3]

For how these cases look in practice, the Credit One TCPA settlement and the Truist Bank TCPA class action settlement show how individual DNC-related claims scale into large settlements.

Who enforces do not call violations and how do investigations start?

Three main actors enforce DNC rules: the FTC, the FCC, and state attorneys general. Private plaintiffs handle their own civil suits on their own.

The FTC gets the most consumer complaints. Its Consumer Sentinel Network database collected more than 1.2 million do-not-call complaints in fiscal year 2023 alone. [4] The FTC uses those complaints to spot patterns. If a particular phone number or company name shows up thousands of times in a short window, that triggers a closer look. The FTC can subpoena call records, phone bills, and CRM data.

The FCC handles TCPA complaints separately. Consumers file with the FCC, the FCC contacts the carrier, and in egregious cases the FCC opens a formal investigation that can end in a Notice of Apparent Liability for forfeiture. The FCC's enforcement bureau can propose fines and, after a response period, issue a forfeiture order. [5]

State AGs run on parallel tracks. Many states have memoranda of understanding with the FTC to share complaint data and coordinate. A state AG can bring an action under the TSR on behalf of state residents without waiting for the FTC.

Investigations most often start from consumer complaints. A smaller number start from whistleblowers, competitor complaints, or the agencies' own market monitoring. The best defense is never landing in the complaint pile, which means scrubbing numbers against the registry before every campaign, more than when you first build a list.

What counts as a valid exemption from do not call rules?

Exemptions are narrower than most sales teams think. The main ones are prior express written consent, established business relationships, and calls to businesses.

Prior express written consent is the cleanest protection under both the TCPA and the TSR. The FCC's rules define valid consent: it has to be an agreement in writing (including electronic records) that clearly authorizes the specific seller to deliver calls or texts using an autodialer or prerecorded voice, and the agreement cannot be a condition of buying a product or service. [7] Consent grabbed through buried checkbox language or pre-checked boxes is not valid consent in most courts' views.

The established business relationship exemption under the TSR lets you call a customer who bought from you within the past 18 months, or who made an inquiry within the past three months, even if their number is on the national registry. That window closes permanently once the consumer tells you to stop. The EBR cannot be revived. [2]

Business-to-business calls sit outside the registry's scope, but the TCPA's restrictions on autodialers and prerecorded messages still apply no matter whether the number is on the registry. A company that autodials a cell phone without consent can face TCPA liability even in a B2B context if the number belongs to an individual. [3]

Charitable and political calls live in a complicated zone. Calls from tax-exempt 501(c)(3) organizations are exempt from the national registry rule, but not from the TCPA's autodialer and prerecorded call provisions. Political campaign calls to cell phones using an autodialer still need prior express consent. Plenty of campaigns have learned this the hard way.

How do you register a phone number on the national do not call registry?

Consumers can add a number to the registry at donotcall.gov or by calling 1-888-382-1222 from the number they want to register. Registration is permanent under the current rules. The FTC dropped the five-year re-registration requirement in 2008. A registered number stays on the list indefinitely unless the consumer removes it or the number is disconnected and reassigned. [1]

Telemarketers have to access the registry through the FTC's subscription portal, not through donotcall.gov. A single area code is free. Subscriptions covering multiple area codes or the full national list cost money. As of 2024, access to all area codes is $17,632 per year, though smaller subscriptions run much cheaper. [8]

Companies have to scrub their call lists against the registry no more than 31 days before making a call. Pull a clean version 32 days ago, and if someone registered on day one, you are now technically calling a registered number without a valid scrub. Many compliance teams set a standard scrub cycle of every 15 to 30 days to build in a buffer.

Once a number is registered, telemarketers have 31 days to honor it before they are legally required to stop calling. That is a technical grace period, not a license to call registered numbers. If a consumer registers and you call them, they will complain, and the complaint is what pulls enforcement attention your way.

Can small businesses really get fined for do not call violations?

Yes. The FTC and FCC set no minimum company size for enforcement. Sole proprietors running outbound sales from a home office have been named in FTC actions. Small lead generation companies get hit regularly.

The practical difference is that large companies have more resources to fight penalties in negotiation, and regulators sometimes prioritize high-volume violators for systemic impact. But the statute does not care about size. A three-person operation that makes 10,000 calls to DNC-registered numbers faces the same per-call exposure as a 500-person call center.

Private class actions actually target mid-size companies more often than giant corporations, because the giants keep armies of lawyers and settlements can drag on for years. A plaintiff's attorney hunting for a fast settlement sometimes finds a $10M to $50M revenue company more attractive: large enough to pay, small enough to be nervous about litigation costs.

The Albertsons/Safeway TCPA settlement and the Cash App TCPA class action settlement show what happens when consumer-facing brands let their call and text programs drift out of compliance. Neither case required a consumer to prove actual damages. The statutory per-call amount was enough to build a class.

Run any outbound program without a documented scrubbing process and you are exposed. That is not an opinion. It is what the statute says.

What should a compliant do not call scrubbing process actually look like?

A minimal compliant process has four parts: access the registry through the FTC portal, scrub every call list within 31 days of dialing, keep your own internal DNC list and honor it within 30 days of any opt-out, and document everything.

Documentation is the piece most teams skip. If the FTC or a plaintiff's attorney subpoenas your records, you want to show the date you pulled the registry data, the version you used, which list you ran against it, and what was suppressed. Keep those logs for at least five years to cover the TCPA's statute of limitations.

Some teams use third-party compliance tools to automate registry scrubbing. That is fine, and often smart, but outsourcing the task does not outsource the liability. You stay responsible for making sure the scrub happened correctly. Get a written agreement from any vendor that spells out they are maintaining registry access and running scrubs on schedule.

LeadCompliant has a free DNC checker and a one-time compliance kit that walk through the written policy requirement under 47 C.F.R. § 64.1200(d). A written policy is not optional. It is a specific regulatory requirement, and the absence of one is easy for plaintiff's attorneys to establish in discovery.

For outbound teams that also send texts, the rules stack on top of each other. The DNC registry applies to calls, but the TCPA's autodialer and consent rules apply to texts independently. The text message marketing guide covers where those two frameworks meet.

Train everyone who touches a dialer. The TCPA's internal DNC policy requirement specifically covers training. If a sales rep ignores a verbal opt-out because they do not know it counts, that is a willful violation under 47 U.S.C. § 227(c)(5), which triples the per-call damages.

What do recent do not call enforcement actions tell us about current risk?

The FTC keeps escalating its enforcement posture. In 2022 and 2023, it pursued actions against robocall operations, lead generators, and companies using "ringless voicemail" technology, which the FCC has since confirmed falls under the TCPA's prerecorded call rules. [5]

The FCC moved in 2023 and 2024 to speed up its own enforcement, especially around illegal robocalls. It created a requirement that voice service providers block calls from bad actors the FCC identifies, which pushes compliance upstream to carriers and shrinks the window violators have before their traffic gets cut off. [5]

State enforcement has picked up at the same pace. Florida and Texas have both brought high-profile actions in the past two years. Florida's law, updated in 2021, goes beyond the federal registry and bans calls to registered numbers regardless of an EBR, a stricter standard than the federal rule. [6]

The TCPA news landscape changes fast. For ongoing enforcement updates, the TCPA news tracker covers new FCC orders, major settlements, and court decisions as they happen.

The clearest pattern in recent enforcement: companies that cannot produce documentation of their scrubbing process get the least favorable treatment in settlements. Companies with clean records that made a genuine procedural mistake fare much better. The documentation habit is the cheapest insurance you can buy.

How do do not call fines interact with TCPA class action risk?

Regulatory fines and private class actions are separate exposure tracks, but they often run in parallel. An FTC action rarely triggers a class action automatically, because the TSR has no private right of action. But when the FTC publishes a complaint or settlement, it hands plaintiff's attorneys a roadmap. The same call records, the same lists, the same company practices the FTC uncovered become ammunition for a TCPA class action under 47 U.S.C. § 227(c)(5). [3]

Class actions aggregate individual $500 or $1,500 statutory damage claims across thousands or millions of class members. The math is the problem. A campaign that placed 500,000 calls to DNC-registered numbers creates potential exposure of $250 million at $500 per call. No class action recovers that full figure. Courts and defendants negotiate hard. But settlements routinely land in the $2 million to $20 million range for mid-size defendants, and plaintiff's attorneys take 30 to 40 percent.

The standard defendant strategy is to challenge class certification by arguing that individual questions (did each member consent? was each call really a solicitation?) predominate over common ones. That argument works sometimes, not always, and fighting it costs hundreds of thousands of dollars in legal fees before you get there.

For a sense of the litigation lifecycle, the Joseph Snyder Credit One TCPA case shows how an individual TCPA claim develops.

The short version: regulatory fines are painful but predictable. Class action exposure is less predictable and potentially much larger. Both flow from the same root cause: calling numbers that should have been suppressed. Fix the suppression process and you kill both risks at once.

Frequently asked questions

How much is the fine for calling someone on the do not call list?

The FTC can fine telemarketers up to $51,744 per call under the Telemarketing Sales Rule as of 2024. The FCC can separately fine up to $23,727 per intentional TCPA violation. Private plaintiffs can sue for $500 to $1,500 per call under the TCPA. All three can apply to the same call, and state penalties can add further exposure on top.

What is the TCPA do not call list rule?

The TCPA at 47 U.S.C. § 227(c) prohibits telephone solicitations to residential subscribers who have registered on the national do-not-call registry. It also requires every telemarketer to maintain a company-specific internal DNC list and honor opt-out requests within 30 days. Violations carry $500 to $1,500 per call in private lawsuits, with no cap on the number of calls in a class action.

Who enforces do not call list violations?

The FTC enforces the Telemarketing Sales Rule and operates the national registry. The FCC enforces the TCPA. State attorneys general can enforce both federal TSR violations on behalf of their residents and independent state DNC statutes. Private individuals can also sue directly under the TCPA without involving any government agency, which is how most TCPA class actions arise.

How do I check if a number is on the do not call list?

Consumers can verify their registration at donotcall.gov. Telemarketers must access the registry through the FTC's subscription portal at telemarketing.donotcall.gov to scrub their call lists. Free access covers up to five area codes. Access to all area codes costs up to $17,632 per year. Scrubs must happen no more than 31 days before dialing.

Does the do not call list apply to text messages?

The national do-not-call registry technically applies to voice calls, not text messages. But the TCPA independently restricts unsolicited commercial text messages sent via autodialer to numbers without prior express written consent. Many consumers on the DNC registry also lack consent for texts, so ignoring either protection creates parallel exposure under the same statute.

How long does a number stay on the do not call registry?

Permanently. The FTC dropped the five-year re-registration requirement in 2008. A registered number stays on the list indefinitely unless the consumer removes it voluntarily or the number is reassigned after being disconnected. Companies must scrub against the current version of the registry no more than 31 days before each call campaign.

Can a business be exempt from do not call rules?

Yes, under limited circumstances. Calls made with prior express written consent from the consumer bypass the DNC restriction. An established business relationship (purchase within 18 months or inquiry within three months) creates an exemption under the TSR. B2B calls are generally outside the national registry's scope. Tax-exempt nonprofits are exempt from the registry rule but not from the TCPA's autodialer restrictions.

What is the TCPA and how does it relate to the do not call list?

The Telephone Consumer Protection Act (47 U.S.C. § 227) is the federal statute that, among other things, requires the creation of the national do-not-call registry. It prohibits calls to registered numbers without consent and creates the private right of action that powers TCPA class actions. The FTC's Telemarketing Sales Rule enforces registry compliance separately; both frameworks apply to most commercial telemarketing calls.

What is the established business relationship exemption and when does it expire?

The established business relationship (EBR) exemption lets you call a consumer on the DNC registry if they purchased from you within the past 18 months or made an inquiry within the past three months. The exemption ends permanently the moment the consumer asks you to stop calling. After that, any additional call is a violation regardless of the EBR history.

Can small businesses get fined for do not call violations?

Yes. The TCPA and TSR apply regardless of company size. Solo operators and small lead generators have been named in FTC enforcement actions. Private TCPA class actions often target mid-size companies specifically because they are large enough to pay settlements but less resourced to fight expensive litigation. There is no small-business exemption in either the TCPA or the Telemarketing Sales Rule.

What records do I need to keep to defend against a do not call complaint?

Keep scrubbing logs that document the date you pulled registry data, which area codes you accessed, and which lists were suppressed. Maintain internal DNC opt-out records for at least five years. Keep written consent records for any number where you rely on consent as your exemption. The absence of these records is itself evidence of a compliance failure in court and FTC investigations.

What happens if I accidentally call someone on the do not call list?

An accidental call you can document as a genuine procedural error, backed by records showing a proper scrubbing process, is easier to defend than deliberate calling. Under the TCPA's safe harbor, good-faith reliance on an established compliance process can reduce or eliminate liability for isolated errors. But you have to actually have that process documented, more than claim you did.

Do state do not call lists exist separately from the federal registry?

Yes. Several states including Texas, Indiana, Oklahoma, Colorado, and Wyoming maintain their own DNC lists that require separate registration by telemarketers. Some states like Florida have rules stricter than the federal standard, such as eliminating the established business relationship exemption for registry-listed numbers. You must comply with both federal and applicable state requirements.

What is the TCPA statute of limitations for do not call violations?

The TCPA has a four-year federal statute of limitations under 28 U.S.C. § 1658, though some courts have applied a two-year state-law period for certain claims. The practical implication is that call records from four years ago can still be the basis of a lawsuit filed today. This is one reason compliance professionals recommend retaining scrubbing logs and consent records for at least five years.

Sources

  1. FTC, National Do Not Call Registry: The FTC maintains the national do-not-call registry; consumers can register at donotcall.gov and registration is permanent.
  2. FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): The TSR governs do-not-call requirements, established business relationship exemptions (18 months for purchases, 3 months for inquiries), and is enforced by the FTC and state AGs.
  3. U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: 47 U.S.C. § 227(c) prohibits telephone solicitations to DNC-registered numbers; § 227(c)(5) creates a private right of action for $500 to $1,500 per violation.
  4. FTC, Telemarketing Sales Rule civil penalty adjustments and DNC complaint data: The FTC's maximum civil penalty per TSR violation is $51,744 as of 2024; the FTC received over 1.2 million DNC complaints in fiscal year 2023.
  5. Florida Division of Consumer Services, telemarketing rules: Florida's Telephone Solicitation Act (updated 2021) prohibits calls to registered numbers regardless of an established business relationship, a stricter standard than the federal rule.
  6. FCC, 47 C.F.R. § 64.1200, rules implementing the TCPA: 47 C.F.R. § 64.1200(d) requires a written DNC policy, personnel training, honoring requests within 30 days, and retaining opt-out records for at least five years.
  7. FTC, complying with the Telemarketing Sales Rule guidance: Telemarketers must access the registry through the FTC subscription portal; full national access costs up to $17,632 per year; scrubs must occur no more than 31 days before dialing.
  8. U.S. Code, 28 U.S.C. § 1658, federal civil statute of limitations: The general federal four-year statute of limitations applies to TCPA claims under 28 U.S.C. § 1658.

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit