Last updated 2026-07-10

TL;DR
The federal Do Not Call registry, run by the FTC and enforced by both the FTC and FCC, lets consumers opt out of most telemarketing calls. Telemarketers must scrub their call lists against it every 31 days. Calling a registered number can cost up to $51,744 per violation. The registry does not cover every call, and several narrow exemptions apply.
What is the federal DNC registry and who runs it?
The National Do Not Call Registry is a free, government-run database where U.S. consumers list phone numbers they don't want telemarketers to call. It launched in 2003 under a joint rule between the Federal Trade Commission and the Federal Communications Commission. The FTC runs the registry itself, meaning it handles consumer registrations and the data access portal for businesses. The FCC, operating under the Telephone Consumer Protection Act (47 U.S.C. 227), enforces against the callers it regulates, while the FTC enforces the Telemarketing Sales Rule against other covered sellers [1][2].
Two federal agencies. One shared list. Slightly different enforcement paths. Both agencies have brought major actions against violators, and the FTC has been more active on the civil penalty side.
As of 2024, the registry holds more than 240 million phone numbers [3]. That count has grown every year since launch. If you're building a call list without scrubbing against it, you are almost certainly dialing registered numbers.
The registry covers residential landlines and cell phones alike. There's a stubborn myth that cell phones get their own separate list. They don't. A consumer registers any number, mobile or landline, at donotcall.gov or by calling 1-888-382-1222, and that number lands in the same federal database [4]. For more on how cell phones specifically interact with the rules, see our guide on the mobile phone do not call list.
What law created the federal do not call registry?
Two statutes matter here. The Do-Not-Call Implementation Act of 2003 (Pub. L. 108-10) authorized the FTC to charge fees for accessing the registry and gave the agency explicit authority to create it [5]. But the underlying prohibition on calling registered numbers comes from two separate bodies of law: the FTC's Telemarketing Sales Rule (16 C.F.R. Part 310) and the FCC's rules implementing the TCPA (47 U.S.C. 227).
The TCPA itself, passed in 1991, predates the national registry. It originally required companies to keep their own internal do-not-call lists and honor consumer requests to stop calling. The national registry came later as a centralized alternative, so both systems now run in parallel. A caller can violate the internal DNC rules without touching the national registry, and the reverse is true too.
The text of 47 U.S.C. 227(c)(5) gives private citizens the right to sue for violations of the FCC's do-not-call rules, with damages of "not less than $500" per violation, trebled to $1,500 if the court finds willfulness [2]. That private right of action is why plaintiffs' attorneys love TCPA cases: the damages are statutory, so you don't have to prove actual harm.
The FTC's Telemarketing Sales Rule covers sellers and telemarketers in interstate commerce, but it explicitly excludes certain categories, including banks, federal credit unions, common carriers, and nonprofit organizations, from the TSR's scope [1]. Those entities may still face FCC rules and state law, so an exemption from one set of rules doesn't mean a free pass across the board.
Who must scrub call lists against the federal registry?
Any telemarketer or seller that makes, or causes someone else to make, outbound calls to consumers to sell goods or services must honor the national registry [1]. That sweeps in insurance brokers, home improvement companies, debt relief services, real estate agents making cold calls, subscription box companies, and plenty more.
The obligation isn't only on the company doing the dialing. If you hire a third-party call center or lead generation vendor, you as the seller are also responsible for registry compliance. The FTC has acted against sellers who blamed their vendors. Responsibility runs both directions in that relationship.
Companies with fewer than five employees that do their own calling are still covered. Size creates no exemption.
To legally call consumers, a telemarketer must access the registry and scrub its list within 31 days before making any call [1]. That 31-day window is a hard ceiling, not a suggestion. If your last scrub was 32 days ago, you are technically out of compliance even if the list you pulled last month was clean. Most compliance software automates this on a rolling basis, which is the only sane way to manage it at any real volume. For a practical walkthrough of how to actually pull the list, see how do I get the do not call list.
The registry is organized by area code. Businesses pay a fee to access numbers by area code, and under recent FTC fee schedules the cost is around $75 per area code per year, with a cap for companies accessing the full national registry (the FTC updates these annually, so verify at donotcall.gov before budgeting) [3].
What are the penalties for calling a number on the federal DNC registry?
The FTC can seek civil penalties up to $51,744 per violation under the FTC Act and the Telemarketing Sales Rule [6]. That figure adjusts periodically for inflation under the Federal Civil Penalties Inflation Adjustment Act, so the current number when you read this may differ slightly. Check the FTC's current penalty schedule at ftc.gov.
The FCC can impose forfeitures under the Communications Act as well. In 2021, the FCC proposed a $225 million forfeiture against a Texas-based health insurance telemarketer for more than one billion illegal robocalls, though the final settled amount in cases like this varies [7].
On top of federal penalties, private plaintiffs can sue under 47 U.S.C. 227(c)(5) for $500 per call or up to $1,500 per willful violation. Class actions multiply that fast. A 2019 settlement in Abante Rooter & Plumbing v. Alarm.com reached $28 million for the class, though specific case details and settlement amounts depend on class size and negotiation.
State attorneys general can also bring actions under their own do-not-call statutes, and many states pile on top of federal penalties rather than replacing them. See our do not call list overview for the full picture of how state and federal regimes interact.
The math on penalties is worth sitting with. If a caller makes 1,000 calls to registered numbers in a single campaign, the exposure at $51,744 per call is over $51 million in potential FTC penalties alone, before any private litigation. Nobody has clean data on how FTC settlements compare to theoretical maximum exposure, but the agency has consistently pursued multi-million dollar cases against mid-sized operations, not only fly-by-night scammers.
| Enforcement path | Per-violation maximum | Who brings it |
|---|---|---|
| FTC civil penalty | $51,744 | FTC |
| FCC forfeiture | Up to $20,000/day per violation under Comms Act | FCC |
| Private TCPA suit | $500-$1,500 per call | Individual or class |
| State AG action | Varies by state | State attorney general |
What calls are exempt from the federal DNC registry?
Exemptions exist, but most businesses overestimate how broad they are. The main ones:
Established business relationship (EBR): A telemarketer can call a registered number if that person has made a purchase, repair, or financial transaction with the company within the past 18 months, or has made an inquiry or submitted an application within the past 3 months [1]. The EBR doesn't survive indefinitely. It expires on the timelines above, and if the consumer explicitly asks to be removed from the call list during the relationship, the EBR is gone immediately, regardless of timing.
Express written consent: If a consumer has given written consent (which can be an electronic record) to receive calls from a specific company, that company can call even if the number is registered [1]. Consent given to one company does not transfer to another. Lead aggregators and data brokers cannot pass consent along to buyers and have it count as consent to those buyers. The FCC has become steadily stricter on this point.
Personal relationship: Callers with a personal relationship to the consumer can call. This is rarely relevant for businesses.
Non-commercial calls: Political calls, survey calls, and nonprofit solicitations are generally exempt from the FTC's Telemarketing Sales Rule, though they may still face TCPA restrictions on autodialed calls to cell phones.
Charitable organizations: Calls made by or on behalf of tax-exempt nonprofits soliciting donations are exempt from the national registry under the TSR. But again, the TCPA's autodialer restrictions can still apply if they're calling cell phones without consent.
Healthcare calls: Informational calls from healthcare providers to their patients often qualify for exemptions, but this area is fact-specific and worth reviewing with counsel.
The EBR exemption is the one most abused. Companies stretch the definition of "inquiry" to cover anyone who ever clicked a web ad or landed on a page. That is not what the rule covers. The FTC has been clear that a passive website visit doesn't create an EBR.
How does a consumer register their number on the DNC registry?
Consumers register online at donotcall.gov or by calling 1-888-382-1222 from the number they want registered [4]. Registration is free and permanent. There is no annual renewal. The old rule requiring re-registration every five years was killed by the Do-Not-Call Improvement Act of 2007 (Pub. L. 110-187), which made registrations permanent unless the consumer removes the number or it's disconnected and reassigned [8].
Once registered, a number should appear in the registry within 24 hours, but telemarketers technically have 31 days from the registration date before they're legally required to stop calling. That window reflects the scrubbing cycle: companies pull the list monthly, so a newly registered number won't hit every clean scrub the moment it's added [1].
If a registered number gets reassigned to a new person (common with cell phones, less so with landlines), the new holder has to register it again. The registry tracks numbers, not people. That reassignment problem is real. A caller who scrubbed a number as DNC-registered six months ago might find that same number now belongs to someone who wants telemarketing calls, or the opposite. Good compliance programs track reassignment risk, more than DNC status.
For a full breakdown from the consumer side, including what registration actually prevents, see our article on the do not call list number.
How do businesses access and use the federal DNC list?
Telemarketers and sellers access the registry through the FTC's business portal at donotcall.gov. You create an organization account, pay the area code access fees, and download the number files for the area codes where you're calling. The files come in a standard format compatible with most dialing platforms and CRM scrubbing tools [3].
There's a safe harbor provision worth knowing. If a company maintains a written policy for complying with the national DNC rules, trains its people on it, and calls a registered number only through an isolated error, it may avoid liability under the safe harbor [1]. The safe harbor isn't a pass for systemic violations. It's protection for genuine mistakes inside an otherwise clean compliance program. Most enforcement actions don't involve companies with solid written policies. They involve companies with no policies at all.
For third-party data: if you're buying leads or call lists from a vendor, verify the vendor scrubbed against the registry before selling you the data, and confirm when that scrub happened. If the scrub is more than 31 days old, you need to scrub again yourself before calling. Buying a "clean" list doesn't transfer the liability if the list is stale.
LeadCompliant's free number checker lets you verify individual numbers against the federal registry instantly, which helps for spot-checking before a campaign or auditing a batch of inbound leads. Our one-time compliance kit also includes a written DNC policy template you can adapt for your team.
For a deeper look at the business access side, see our guide on how to get the do not call list and the overview of what a do not call telemarketer list actually contains.
Does the federal registry cover text messages and robocalls?
The national DNC registry was built around voice calls. Its core prohibition targets outbound telephone solicitation calls to registered numbers. Robocalls and text messages carry their own overlapping rules that go well beyond the registry.
For robocalls, the TCPA imposes separate consent requirements for calls made using an automatic telephone dialing system (ATDS) or a prerecorded voice to cell phones, whether or not the number is DNC-registered [2]. A cell phone number that isn't registered on the DNC list is still protected against unconsented autodialed calls. The registry and the TCPA's ATDS rules are separate tracks.
For text messages, the FCC has consistently held that texts to cell phones using an ATDS fall under the TCPA's prior express written consent requirement. The DNC registry doesn't directly prohibit texts, but TCPA consent rules restrict them heavily. In 2023, the FCC adopted the TCPA's one-to-one consent rule, which says consent given to one entity can't be shared across multiple sellers, tightening the lead generation ecosystem significantly [7].
The takeaway for outbound teams: scrubbing the DNC registry is necessary but not sufficient for cell phone outreach. You also need TCPA-compliant consent for any autodialed or prerecorded contact, whether or not the number appears on the registry. Treating the registry as the only compliance step is how companies get blindsided by TCPA suits from cell phone owners whose numbers weren't even registered.
How does the federal DNC registry interact with state do-not-call lists?
Many states run their own DNC registries that layer on top of the federal list. Florida, Indiana, and Pennsylvania operate active programs with their own registration processes, fees, and penalties. A number can be on the federal list, a state list, both, or neither.
Federal preemption does not wipe out state do-not-call rules. The Telemarketing Sales Rule explicitly preserves state laws that give consumers greater protection [1]. So if Florida's law has a shorter EBR window than the federal 18 months, you follow Florida's shorter window when calling Florida numbers.
In practice, if you call nationally, you need to scrub both the federal registry and each relevant state list before each campaign. Some compliance platforms fold this into one step. Others make you manage state lists separately.
Florida's Do Not Call Act has particularly strong enforcement, with a $10,000 per-call civil penalty for violations [9]. For teams calling Florida numbers, our article on the Florida do not call list covers the state-specific rules in detail. Indiana and Pennsylvania also run active state programs, covered in our Indiana do not call list and do not call list PA guides.
How do you report a DNC violation?
Consumers report violations at donotcall.gov/report or by calling 1-888-382-1222 [4]. The FTC also takes complaints through its general consumer complaint portal at reportfraud.ftc.gov. These complaints feed the FTC's enforcement database and get shared with the FCC and state law enforcement partners.
The FTC uses complaint data to spot patterns. A single complaint from one person rarely triggers an investigation. Thousands of complaints about the same caller do. That's why mass robocall operations tend to attract enforcement attention before smaller ones.
If you're on the business side and you get a complaint or a demand letter, document your scrubbing records immediately. Compliance teams should keep DNC scrub logs, consent records, and call records for at least four years, which is the outer limit of the TCPA statute of limitations under most courts' reading, though this is unsettled law and some circuits land on a different window.
For a practical guide to handling consumer complaints and documenting your process, see our resource on do not call list report.
One thing I'd actually do running a small outbound team: set a calendar reminder to pull a fresh registry file every 28 days rather than every 31. That three-day buffer costs nothing and keeps you safely inside the window even if someone forgets for a day or two.
What common mistakes get businesses in trouble with the DNC registry?
Here are the failure modes that show up over and over in FTC and FCC enforcement actions:
Scrubbing too infrequently. Teams that pull the list quarterly instead of monthly open windows where they're calling newly registered numbers. The 31-day rule is the ceiling, not a recommendation for how often to check.
Treating vendor-supplied lists as pre-scrubbed. Even if your lead vendor swears the list is clean, you bear independent responsibility for scrubbing before you call. If the vendor scrubbed six weeks ago and sold you the data last week, you're already outside the 31-day window.
Misapplying the EBR. The established business relationship window is 18 months from the most recent purchase or transaction, and 3 months from an inquiry. It does not include people who opened a marketing email, liked a social post, or visited a website without taking direct action. Stretching this definition is the single most common legal argument companies make that doesn't hold up.
Not honoring company-specific DNC requests. Even if a number isn't on the national registry, a consumer can ask your company specifically to stop calling. You must honor that request within 30 days and keep the opt-out for at least five years [1]. Failing to honor an internal DNC request is a separate violation from calling a registry-registered number.
Ignoring reassigned numbers. Cell phone numbers change hands constantly. Calling a number that was consented to by its previous owner exposes you to liability from the new owner. Tools that flag likely reassignment are worth using for any high-volume cell phone campaign.
No written compliance policy. The safe harbor requires a written policy. Companies that never wrote one are ineligible for it, which means a single error can trigger full liability instead of the policy giving you a cushion.
Frequently asked questions
How many numbers are on the federal DNC registry?
As of 2024, the federal Do Not Call registry contains more than 240 million phone numbers. The registry has grown every year since it launched in 2003. Both residential landlines and cell phone numbers sit in the same database. Consumers register at donotcall.gov or by calling 1-888-382-1222 at no cost.
How often do telemarketers have to scrub against the federal DNC registry?
Telemarketers must access and scrub their call lists against the national registry within 31 days before making any call. That's a hard deadline under the FTC's Telemarketing Sales Rule. Most compliance-conscious operations scrub every 28 days to build in a safety buffer. Scrubbing quarterly or annually is a clear violation and shows up in enforcement actions regularly.
What is the penalty for calling a number on the federal do not call list?
The FTC can seek civil penalties up to $51,744 per violation. The FCC can impose separate forfeitures. Private individuals can also sue under 47 U.S.C. 227(c)(5) for $500 to $1,500 per call. In class actions, those per-call amounts multiply across every affected consumer, which is why TCPA class settlements routinely reach into the millions.
Does the federal DNC registry cover cell phones?
Yes. Consumers can register any phone number, including cell phones, on the federal DNC registry at donotcall.gov. There is no separate list for mobile numbers. Beyond the registry, cell phones also carry TCPA protections against autodialed and prerecorded calls without consent, which apply regardless of whether the number is registered.
How long does a DNC registration last?
Registrations are permanent. The Do-Not-Call Improvement Act of 2007 eliminated the original five-year renewal requirement. A number stays on the registry until the consumer removes it or the number is disconnected and reassigned. Reassigned numbers don't carry the prior owner's registration, so the new holder must register again to get the same protection.
What is an established business relationship and how long does it last?
An established business relationship (EBR) lets a telemarketer call a registered number if there was a purchase or transaction within the past 18 months, or an inquiry by the consumer within the past 3 months. The EBR ends immediately if the consumer asks to be removed from the company's call list, regardless of when the transaction or inquiry occurred.
Are political calls, charity calls, and surveys exempt from the DNC registry?
Generally yes, under the FTC's Telemarketing Sales Rule, which covers commercial sellers. Nonprofit charitable solicitations, political calls, and opinion surveys are typically exempt from the TSR's DNC provisions. But if these calls use an autodialer or prerecorded voice to reach cell phones, they still face TCPA restrictions independent of the registry.
Is there a safe harbor for accidentally calling a DNC-registered number?
Yes. The FTC's rules include a safe harbor for companies that have a written DNC compliance policy, train personnel on it, and call a registered number as an isolated error rather than a systemic practice. The safe harbor doesn't protect companies with no policy or with patterns of violations. It exists for genuine mistakes inside an otherwise functioning compliance program.
Do state DNC lists replace the federal registry or add to it?
State lists add to the federal registry, they don't replace it. Federal law preserves state do-not-call laws that offer greater consumer protection. If you call nationally, you need to scrub both the federal registry and each applicable state list. Some states, including Florida and Indiana, run their own registries with independent penalty structures.
Can a company call someone who asked to be taken off their internal list but isn't on the national registry?
No. If a consumer makes a do-not-call request directly to a company, that company must honor it within 30 days and keep the opt-out for at least five years, regardless of whether the number appears on the national registry. The company-specific DNC and the national registry are parallel obligations, and both must be honored.
Who enforces the federal DNC registry rules?
Enforcement is split. The FTC enforces its Telemarketing Sales Rule against sellers and telemarketers under the FTC Act. The FCC enforces the TCPA's do-not-call provisions under 47 U.S.C. 227. State attorneys general can also bring actions. Private consumers can sue directly under 47 U.S.C. 227(c)(5) without agency involvement.
How do I register my number on the federal DNC list?
Go to donotcall.gov or call 1-888-382-1222 from the phone number you want registered. Registration is free and permanent under current law. Your number should appear in the registry within 24 hours, but telemarketers have up to 31 days from your registration date before they're legally required to stop calling.
What records should a business keep to prove DNC compliance?
Keep dated records of every registry scrub, including which area codes you downloaded and when. Retain consent records for any numbers you call under the EBR or express consent exceptions. Hold call records showing which numbers were dialed and when. Most practitioners recommend keeping these records for at least four years given TCPA statute of limitations arguments, though some circuits read the window differently.
Does the DNC registry apply to B2B calls?
Generally no. The national DNC registry covers calls to residential telephone subscribers and cell phones used for personal purposes. Calls to businesses at business numbers fall outside the registry's opt-out requirements. But if you're calling a sole proprietor or someone who uses a personal cell phone for business, the lines blur, and the safer practice is to scrub those numbers anyway.
Sources
- FTC, Telemarketing Sales Rule (16 C.F.R. Part 310): Telemarketers must scrub call lists against the registry within 31 days before calling; EBR is 18 months for transactions, 3 months for inquiries; safe harbor requires written policy
- Legal Information Institute, 47 U.S.C. 227 (TCPA): 47 U.S.C. 227(c)(5) provides private right of action for $500 per violation, trebled to $1,500 for willful violations
- FTC, National Do Not Call Registry Data Book FY 2024: Registry contains more than 240 million phone numbers as of 2024; area code access fees approximately $75 per area code annually
- FTC, DoNotCall.gov consumer information: Consumers register at donotcall.gov or 1-888-382-1222; registration is free; complaints filed at same portal
- Congress.gov, Do-Not-Call Implementation Act of 2003, Pub. L. 108-10: Do-Not-Call Implementation Act of 2003 authorized FTC to create the national registry and charge fees for access
- FTC, Civil Penalty Amounts: Maximum civil penalty under FTC Act and TSR for DNC violations is $51,744 per violation as adjusted for inflation
- Congress.gov, Do-Not-Call Improvement Act of 2007, Pub. L. 110-187: Do-Not-Call Improvement Act of 2007 made DNC registrations permanent, eliminating the prior five-year renewal requirement
- Florida Legislature, Florida Do Not Call Act, Fla. Stat. 501.059: Florida Do Not Call Act provides civil penalty of up to $10,000 per violation for calling registered Florida numbers