FCC DNC registry explained: what it is and who must comply

The FCC enforces DNC registry rules under TCPA. Learn who must scrub lists, penalties up to $1,500/call, and how to stay compliant. Updated 2026.

LeadCompliant Team
25 min read
In This Article

Last updated 2026-07-09

Office desk with a landline telephone and call list related to DNC registry compliance
Office desk with a landline telephone and call list related to DNC registry compliance

TL;DR

The FCC enforces the National Do Not Call Registry under the TCPA (47 U.S.C. 227) for telephone solicitations. Telemarketers must scrub calling lists against the registry every 31 days and can face fines up to $1,500 per willful violation. Registration and list access both require paying fees to the FTC, which actually runs the registry database.

What is the FCC DNC registry and who actually runs it?

People say 'FCC DNC registry' out of habit. The name is a little wrong, and the mistake causes real compliance gaps, so it's worth getting the split between the two agencies straight.

The National Do Not Call Registry was created jointly by the FTC and FCC in 2003. The FTC (Federal Trade Commission) owns and operates the database at donotcall.gov. Consumers register their numbers there. Telemarketers pay the FTC for access to scrub their lists. The FTC enforces violations against most commercial telemarketers under the Telemarketing Sales Rule (TSR).

The FCC (Federal Communications Commission) writes its own parallel DNC rules under the Telephone Consumer Protection Act, 47 U.S.C. 227 [1]. Those rules cover 'telephone solicitations' broadly, including calls made by or on behalf of any person or entity. The FCC enforces its rules against common carriers and through its own complaint and forfeiture process. Private citizens can also sue directly under TCPA Section 227(b) and 227(c) without waiting for either agency to act.

For a company making outbound sales calls, the takeaway is simple. You comply with both agencies at once. Most of the day-to-day scrubbing runs through the FTC's database, but the FCC's implementing regulations (47 C.F.R. Part 64, Subpart L) create the private right of action that class-action attorneys live on. That private right of action is why TCPA suits outnumber TSR enforcement actions by a wide margin.

So the honest answer to 'what is the FCC DNC registry' is this: there's one national registry, the FTC runs the database, and the FCC enforces complementary rules that let individuals sue you directly. Both matter. Neither cancels the other out.

What does the TCPA actually say about do-not-call rules?

The statute text is short and worth reading. 47 U.S.C. 227(c)(1) directs the FCC to 'compare lists of telephone numbers of residential subscribers who object to receiving telephone solicitations' and to set rules protecting those subscribers [1]. The FCC put that mandate into 47 C.F.R. 64.1200(c), which bars any person from making a telephone solicitation to a residential subscriber who has registered on the national registry [2].

47 U.S.C. 227(c)(5) creates the private right of action. Any 'person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations' can sue for $500 per violation, or up to $1,500 per violation if the court finds the defendant willfully or knowingly broke the rules [1]. There's no cap on the number of violations in a class action. That math is why a mid-size outbound team can face eight-figure exposure.

The statute has carve-outs. Calls made with the prior express invitation or permission of the called party are exempt. So are calls under an established business relationship (EBR), though the EBR exemption for registry purposes is narrow. It covers a relationship within 18 months of the last transaction, or 3 months after a consumer inquiry, and only if the consumer hasn't asked to be put on the company's internal DNC list [2].

Calls that aren't 'telephone solicitations' at all, like purely informational calls or calls to existing customers about their existing accounts, may fall outside the registry rules. Courts read 'telephone solicitation' broadly, though. Labeling a call 'informational' does not make it safe. If a commercial purpose is mixed in, a court may still call it covered.

One thing the statute does not do: it does not override stronger state laws. Florida, Indiana, and Pennsylvania run their own do-not-call lists with extra requirements. Depending on where you call, you may have to scrub several lists.

How do telemarketers get access to the DNC registry?

You access the registry at donotcall.gov, which the FTC operates [3]. The process runs in a few steps.

First, register your organization. You give a business name, a primary contact, and the area codes you plan to call. Registering the organization is free.

Second, pay for the data. The FTC charges per area code, per year. Under the FTC's fee rule, the cost is $75 per area code annually, with a cap of $18,936 per year for full national coverage [11]. Nonprofit organizations calling for charitable purposes, political organizations, and survey callers (under narrow definitions) generally don't pay. Call one area code, and your annual cost is $75. Call nationwide, and you hit the cap for roughly $19,000 a year.

Third, download or query the list. The FTC hands you the data in a format you can scrub against your calling lists. Most serious outbound teams don't do this by hand. They use a compliance platform or their dialer's built-in scrubbing tools to automate the comparison.

Scrubbing is not a one-time chore. The rules require you to scrub no more than 31 days before making any call [2]. If your list is 45 days old relative to the last registry pull, every call on it is potentially a violation, even if the number was clean when you first checked. Set a calendar reminder. Better, automate the refresh.

For the technical steps of pulling and working with the data, the how do i get the do not call list guide walks through it.

Key DNC registry compliance numbers Federal thresholds and penalty figures every outbound team should know 31 DNC registry: max scrub gap (days) 1,500 TCPA private suit: $ per willful violation 52k FTC civil penalty per TSR violation ($) 200 DNC registry registrations… Source: FTC (donotcall.gov), 47 U.S.C. 227, 16 C.F.R. Part 310, 2024

How often do you have to scrub against the registry?

Every 31 days, at minimum. That number lives in the FCC's implementing rules at 47 C.F.R. 64.1200(c) [2]. The regulation says you must access the registry and compare numbers no more than 31 days before making any call.

Most compliance teams scrub more often than that, weekly or even daily for high-volume dialers. Nothing stops you from scrubbing more. The 31-day window is the maximum gap, not the goal. Numbers become effective 31 days after registration, so a consumer who signed up on June 1 is protected starting July 2. Those two 31-day windows interact in a way that bites people. Pull the list June 1, call July 5, and you might dial someone who registered June 3 and became protected July 4. Stale data is a real risk.

The database updates on a rolling basis. The FTC doesn't publish how many new registrations land each day, but the registry has held more than 200 million active registrations [3]. Even a small daily churn across 200 million-plus numbers matters when you're calling at volume.

One common mistake sinks teams. They pull the list, load it into the CRM, then don't re-pull for 60 or 90 days because 'setup takes time.' That gap is liability. If you can't automate the 31-day refresh, build a manual process with a hard deadline and one named person on the hook for it.

What are the penalties for violating DNC registry rules?

Penalties come from two directions: government enforcement and private lawsuits.

On the government side, the FCC can issue a Notice of Apparent Liability (NAL) and then a forfeiture order. The FCC's base forfeiture for most TCPA violations runs from $1,000 to $10,000 per call under its forfeiture policy statement and Section 1.80 of its rules [4]. The FCC has issued forfeitures in the hundreds of millions against large-scale robocallers, though those cases involve thousands or millions of calls.

The FTC enforces the Telemarketing Sales Rule and can seek civil penalties up to $51,744 per violation as of 2024, a figure it adjusts for inflation every year under the Federal Civil Penalties Inflation Adjustment Act [5].

Private lawsuits are the bigger day-to-day risk for a small team. Under 47 U.S.C. 227(c)(5), anyone who gets more than one violating call in a 12-month period can sue for $500 per call, or $1,500 per call for willful violations [1]. Class actions stack those numbers across every registered person you called. Run one campaign of 50,000 numbers with 10,000 on the DNC, and you're looking at $5 million at $500 a call, or $15 million if a court finds willfulness.

Courts have found willfulness when a company wrote policies but never enforced them, or when compliance staff flagged a problem and got ignored. 'We didn't know' rarely works when the regulations are this clear.

The penalties and lawsuits hub covers how courts calculate damages and what class certification looks like in TCPA cases.

Are cell phones covered by the DNC registry?

Yes. Cell phone numbers can be registered on the National Do Not Call Registry, and registered wireless numbers get the same protection as landlines [3]. The FCC confirmed this in its rules. There's a stubborn myth that the registry only covers landlines. That myth is wrong, and it's been wrong since 2003.

The FCC's rules under TCPA Section 227(b) add a separate layer for cell phones. Autodialed or prerecorded calls to wireless numbers need prior express consent whether or not the number is on the DNC registry. Those are two different obligations. DNC registry rules cover telephone solicitations to registered numbers. The autodialer and prerecorded-call rules cover how you're allowed to place calls to wireless numbers at all.

So if you call a cell number that's on the DNC registry, you can face liability under both 227(b) (for using an autodialer or prerecorded message without consent) and 227(c) (for calling a registered number without a valid exemption). The mobile phone do not call list article digs into the wireless-specific rules.

Treat every number on your list as potentially wireless and potentially registered. Tools that flag line type (wireless vs. landline) help with 227(b) consent analysis. They don't replace DNC scrubbing.

What exemptions exist that let you call a DNC-registered number?

A few real exemptions exist, and people routinely think they're broader than they are.

Prior express invitation or permission. If the consumer gave you written or clearly documented permission to call, you can call even a registered number. The permission has to be specific, not buried in general terms of service, and it should name the entity that will be calling.

Established business relationship (EBR). You can call a customer you have an EBR with without breaking the national registry rules. The FCC defines EBR as a prior relationship formed by a voluntary two-way communication between a person and a business, within 18 months of the last transaction or 3 months of an inquiry. Once that window closes, the EBR expires. And even inside the window, if the consumer told you to stop calling or put themselves on your internal company DNC list, the EBR exemption does not save you [2].

Non-commercial and exempt callers. Political calls, calls from nonprofit charitable organizations, and certain survey calls sit outside the telemarketing rules. But the line between a nonprofit's own fundraising call and a commercial telemarketer dialing on behalf of a nonprofit gets litigated regularly.

Personal relationship. Calls from individuals with a personal relationship to the recipient are exempt. Mostly irrelevant for business callers.

Don't assume an EBR covers every name on a purchased list. 'They filled out a form on a partner site' does not create an EBR with your company. The relationship has to be between the consumer and the entity placing the call.

What is the company-specific internal DNC list and how does it differ from the national registry?

The national registry is one piece. The FCC's rules also require every company doing telephone solicitations to keep its own internal do-not-call list [2].

When a consumer asks you to stop calling, you add them to your internal list promptly and stop dialing them. That duty exists on its own, separate from the national registry. Someone who never signed up for the national list but tells your agent 'take me off your list' is protected by your internal-list obligation. Call them again and you're in violation.

Internal DNC requests have to be honored for at least 5 years under the FCC's rules [2]. You need a documented process: how agents log requests, where the data sits, and how it flows into your dialer to suppress future calls. A paper binder doesn't cut it for a team placing thousands of calls a week.

The two lists work together. Before any call, you scrub against the national registry (every 31 days) and against your internal suppression list (continuously). A number that's clean on the national registry can still be off-limits because someone opted out of your company directly.

For how the whole dnc registry ecosystem fits together across federal and state lists, that page breaks down the full suppression stack.

Do state DNC lists add requirements on top of the federal registry?

Several states run their own do-not-call programs with rules that go past the national registry. Call into those states and you scrub those lists too.

Florida's list, run by the Florida Department of Agriculture and Consumer Services, covers calls to Florida residents and carries its own registration and fee requirements for telemarketers [6]. Florida also has the Florida Telephone Solicitation Act (FTSA), which as of 2021 created a private right of action for certain autodialed calls and texts that mirrors TCPA exposure. The florida do not call list article has the current fee and registration details.

Indiana runs the Indiana Telephone Privacy List. Violations draw civil penalties under Indiana Code 24-4.7 [7]. See indiana do not call list for the specifics.

Pennsylvania runs its Do Not Call Registry under the Pennsylvania Telemarketer Registration Act [8]. Details live at do not call list pa.

Texas and Wyoming maintain notable programs too. The headache for national callers is that each state has its own registration process, fee, scrub frequency, and exemption set. A spreadsheet mapping which states you call and what each one demands is the floor. Some teams pay a third-party aggregator that bundles state files into the scrubbing service.

The government do not call list article compiles the full landscape of federal and state government-run lists.

How do you report a DNC violation and what happens after?

Consumers report violations at donotcall.gov [3]. The FTC collects those complaints and, together with FCC consumer complaint data, uses them to spot patterns. Complaint volume is a key input for enforcement priorities at both agencies.

When you report, the FTC asks for the calling number, the date and time of the call, and any details about the company. The FTC doesn't answer individual complaints with a case result. It uses the data in aggregate. You won't get a refund or payment from filing unless a big enforcement action eventually produces a consumer redress fund.

Private lawsuits are where individual consumers actually recover money. Got more than one violating call in 12 months from the same entity? You can file in small claims or federal court under 47 U.S.C. 227(c)(5). You don't need an attorney, though class-action lawyers often take TCPA cases on contingency because the per-violation amounts pile up fast.

If you're the business getting the complaint, act right away. Pull the call logs for that number. Check your scrub records for it on the date of the call. Check your internal DNC list. Find a gap, fix the process before the next batch runs. One complaint rarely becomes a lawsuit by itself. Repeated violations across many consumers are what trigger class filings.

The do not call list report page explains the complaint and reporting process in more detail.

What does a basic DNC compliance process look like for a small outbound team?

Small teams can get compliant without an enterprise software budget. Here's what the process needs, at minimum.

List acquisition: pay for national registry access at donotcall.gov and download the area codes you dial [3]. Call into Florida, Indiana, Pennsylvania, or another state with its own list, and add those to the scrub workflow.

Scrubbing cadence: pull a fresh registry file at least every 31 days. Run every number on your calling list against the registry file and your internal DNC list before dialing. Remove matches. Don't dial suppressed numbers.

Internal DNC capture: train agents to catch and log opt-out requests in real time. The log needs to feed your dialer's suppression list within 24 hours, immediately if you can. Test the flow every quarter.

Documentation: keep records of registry access (date, area codes pulled), scrub runs (date, list name, records suppressed), and your internal DNC list. In a lawsuit, these records are your first defense. Retain them at least 4 years.

Consent records: for any call resting on prior express permission rather than EBR, store a copy of the consent with the timestamp, source, and exact language the consumer saw. Separate from DNC scrubbing, and just as important.

LeadCompliant offers a free TCPA compliance kit with a scrub-schedule template and an internal DNC log format if you want a starting point instead of building documents from scratch.

A team dialing under 10,000 numbers a month pays less than $19,000 a year for national registry access at broad area code coverage, plus whatever your dialer or compliance tool charges for scrubbing automation. That cost sits orders of magnitude below the exposure from a single class action.

How is the FCC updating DNC and TCPA rules in 2024-2026?

The FCC has been busy on TCPA rulemaking. Two changes matter most for outbound teams.

First, the one-to-one consent rule, adopted in December 2023 [9]. Under that rule, a consumer's consent has to go to the specific seller who will call, not to a lead aggregator's website in general. The rule requires prior express written consent from a single seller. That hits teams buying leads from shared lead-gen forms hard. If your lead process relied on one form consenting to calls from 'marketing partners,' that model is now legally risky. (Note: the D.C. Circuit vacated the one-to-one rule in early 2025 before it took full effect, so confirm the current status with counsel before you rebuild your consent flow around it.)

Second, the FCC keeps pushing call blocking and labeling under the STIR/SHAKEN framework to fight illegal robocall traffic [10]. Those rules mostly target carriers and large-scale spoofing, but they touch legitimate callers too. If your calls get mislabeled 'Spam Likely' by downstream analytics, your answer rates drop no matter how clean your DNC compliance is.

The FTC reviews its Telemarketing Sales Rule on a cycle. In 2023 it finished a review, kept the core DNC framework, and tightened rules around prerecorded messages and abandoned call rates [5].

For a small team, the practical move is to audit your lead sources. Ask each vendor for proof of individualized consent. If they can't produce it, the leads carry legal risk, and at that point the consent problem is bigger than the DNC problem.

The do not call telemarketer list article covers what telemarketers specifically have to maintain and how the FCC's rules apply to them.

Frequently asked questions

Is the FCC DNC registry the same as the FTC's national do not call registry?

Same list, different agencies. The FTC operates the database at donotcall.gov and enforces it against most commercial telemarketers under the Telemarketing Sales Rule. The FCC writes parallel rules under the TCPA (47 U.S.C. 227) and enforces them separately. As a caller, you comply with both frameworks. The FCC's rules are what create the private right of action consumers and class-action attorneys use to sue directly.

How much does it cost to access the national DNC registry?

The FTC charges $75 per area code per year for registry access. The annual cap is $18,936, which covers all area codes in the country. Call only one or two states and your cost is $75 to $150 a year. Call nationally and need every area code, and you pay the cap. Nonprofits, political organizations, and certain survey callers are exempt from the fees. Registration itself is free; you only pay for data access.

Can I call a cell phone number that is on the DNC registry?

No. Cell phones can be registered on the national registry and get the same protection as landlines. The FCC confirmed this in its rules implementing TCPA Section 227(c). On top of that, wireless numbers carry extra protection under Section 227(b): autodialed or prerecorded calls to cell phones need prior express consent regardless of registry status. Calling a wireless number on the DNC registry without consent can trigger liability under both sections at once.

How long does a number stay on the DNC registry once registered?

Registrations are permanent unless the consumer asks for removal or the number gets reassigned or disconnected. The FTC periodically purges numbers that were disconnected and reassigned. Under the TCPA, once a number is reassigned to a new consumer, any prior consent does not transfer to the new holder. Callers are responsible for having a process to catch reassigned numbers before dialing.

What is the established business relationship (EBR) exemption and how long does it last?

The EBR exemption lets you call a registered number if you have a prior relationship with that consumer. The FCC defines the window as 18 months after the last transaction or 3 months after the consumer made an inquiry. Once either window closes, EBR is gone. Even inside the window, if the consumer asked to be placed on your internal do-not-call list, EBR doesn't apply. The relationship must be with your company specifically, not a partner or affiliate.

How do I add someone to my company's internal DNC list and how long must I keep them there?

When a consumer asks you to stop calling, your process should log that number within 24 hours (immediately is better) and suppress it in your dialer. The FCC's rules require you to keep internal DNC requests for at least 5 years. You need a documented process: how agents record the request, where the data lives, and how it suppresses future dials. Failing to honor opt-out requests is a separate violation from national registry scrubbing failures.

What is the maximum fine for calling a number on the DNC registry?

Private plaintiffs can sue for $500 per call, or $1,500 per willful violation, under 47 U.S.C. 227(c)(5). There's no statutory cap on the number of violations in a class action, so exposure scales with call volume. Government enforcement adds another layer: the FTC can seek up to $51,744 per violation (2024 figure, inflation-adjusted), and the FCC can issue forfeitures up to $10,000 per call under its guidelines. Willfulness findings sharply raise both government and private liability.

Do state do-not-call lists create additional obligations beyond the national registry?

Yes. Florida, Indiana, Pennsylvania, and several other states run their own lists with separate registration requirements, fees, and scrub rules. Call into those states and you comply with the state program on top of the national registry. State penalties apply independently of federal penalties. Some states also define covered calls more broadly or set shorter opt-out honor windows than the federal rules. Map your calling footprint against state programs before assuming the national registry alone is enough.

Indirectly, yes. The FCC's one-to-one consent rule required a consumer's prior express written consent to go to a single named seller, not a pool of 'marketing partners,' which affected teams buying leads from aggregators. The D.C. Circuit vacated the rule in early 2025 before full effect, so confirm current status with counsel. Either way, DNC scrubbing is required separately. Satisfying a consent standard never substitutes for suppressing registered numbers.

What records should I keep to defend a DNC compliance program?

Keep records of every registry pull (date, area codes, record count), every scrub run against your calling list (date, list name, suppression count), your internal DNC list with the dates entries were added, and consent documentation for any calls made on permission rather than EBR. Retain these at least 4 years, matching the TCPA statute of limitations. In litigation, these records are the difference between a dismissal and a damages award.

How do I report a telemarketer that called me on the DNC registry?

Report to the FTC at donotcall.gov or by calling 1-888-382-1222. You can also file a complaint with the FCC through the consumer complaint center at consumercomplaints.fcc.gov. The FTC uses complaint data to spot patterns and set enforcement priorities, but it does not respond to individual complainants with case outcomes. To recover money, talk to a consumer protection attorney about a private suit under 47 U.S.C. 227(c)(5), which allows $500 to $1,500 per violation.

Are political calls and nonprofit fundraising calls exempt from DNC registry rules?

Political calls are generally exempt from the national DNC registry rules because they aren't 'telephone solicitations' under the TCPA, which requires a commercial purpose. Nonprofit charitable solicitations sit in a gray area: calls by nonprofit staff are often exempt, but calls by commercial telemarketers hired to fundraise for a nonprofit may not be. Courts and the FCC look at who controls the call and who benefits commercially. Don't assume a nonprofit tie makes every call exempt.

Can I be sued even if I only called someone twice?

Yes. Under 47 U.S.C. 227(c)(5), a person who receives more than one violating call within a 12-month period from the same entity has standing to sue. Two calls is enough. The key phrase is 'more than one,' so a single call doesn't trigger the private right of action, but a second one does. That threshold is low enough that even small campaigns with weak quality control create real lawsuit exposure.

Sources

  1. U.S. Code, 47 U.S.C. 227 (Telephone Consumer Protection Act): TCPA creates private right of action for $500-$1,500 per violation and directs FCC to establish DNC rules at Section 227(c)
  2. FCC, 47 C.F.R. Part 64 Subpart L (Restrictions on Telemarketing): FCC rules require DNC scrubbing every 31 days, honor EBR for 18 months/3 months, maintain internal DNC list for 5 years
  3. FTC, National Do Not Call Registry: FTC operates the national DNC registry; over 200 million registrations; consumers register and telemarketers pay for access
  4. FCC, Forfeiture Policy Statement and Section 1.80 of the Rules: FCC forfeiture guidelines for TCPA violations range from $1,000 to $10,000 per call
  5. FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): FTC civil penalty per TSR violation is up to $51,744 (2024, inflation-adjusted); FTC completed TSR review in 2023
  6. Florida Department of Agriculture and Consumer Services, Do Not Call Program: Florida operates its own DNC list with separate registration and fee requirements for telemarketers calling Florida residents
  7. Indiana Attorney General, Telephone Privacy (Indiana Code 24-4.7): Indiana maintains the Indiana Telephone Privacy List with civil penalties for violations under Indiana Code 24-4.7
  8. Pennsylvania Office of Attorney General, Consumer Protection: Pennsylvania operates its own DNC registry under the Pennsylvania Telemarketer Registration Act
  9. FTC, National Do Not Call Registry Fees (16 C.F.R. 310.8): FTC charges $75 per area code annually for DNC registry access with a $18,936 annual cap covering all area codes

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit