Last updated 2026-07-10

TL;DR
TCPA compliance costs small outbound teams roughly $500 to $5,000 per year in tools and processes, plus $2,000 to $20,000 if you hire a lawyer to build your program. Doing nothing risks statutory damages of $500 to $1,500 per call or text. For most teams, proactive compliance pays for itself after avoiding a single demand letter.
What does TCPA compliance actually cost?
The honest answer depends on two things: whether you're starting from scratch or cleaning up an old mess, and how many outbound contacts you push per month. The ranges are still real and knowable.
A small team making a few hundred calls or sending a few thousand texts per month usually spends between $1,500 and $8,000 a year once you add up DNC scrubbing, consent documentation, a basic CRM setup, and a periodic legal check. Larger teams running tens of thousands of monthly contacts spend $20,000 to $60,000, mostly on software, staff time, and outside counsel.
Those numbers sound steep until you look at the other side of the ledger. The TCPA [1] sets statutory damages at $500 per violation for negligent violations and $1,500 per violation for willful ones [2]. A single plaintiff who got 50 unconsented texts can file a claim worth $25,000 to $75,000 before attorneys' fees. Class actions turn that arithmetic into millions.
The Credit One Bank case settled for $35 million, covering consumers who kept getting autodialed calls after revoking consent [12]. You can read the details in our breakdown of the Credit One TCPA settlement. UnitedHealthcare paid $2.5 million for alleged TCPA violations [3]. Neither was a fly-by-night operation. Both were large companies with gaps in how they tracked consent and honored revocations.
So the real question is not "what does compliance cost." It's "what does one incident cost compared to a year of prevention." That math almost always favors building the program.
What are the main cost categories for a TCPA compliance program?
Break the spend into five buckets. Most small teams have some cost in every bucket. The only question is how much.
1. DNC list scrubbing
The FTC requires telemarketers to scrub their lists against the National Do Not Call Registry before calling [10]. Access for up to 5 area codes is free. A full national subscription costs $18,341 per year under the FTC's current fee schedule [5]. Many teams pay a third-party service that bundles the registry fee with its own suppression lists; those run about $0.002 to $0.01 per record scrubbed, or $200 to $1,000 per month for teams sending 100,000 monthly contacts.
2. Consent collection and documentation
Written prior express consent for marketing texts and calls to cell phones is required under 47 U.S.C. § 227(b)(1) [1]. Building forms that capture compliant consent, storing records with timestamps and source URLs, and tying those records to your CRM costs anywhere from $0 (if you configure a free CRM yourself) up to $500 to $3,000 in setup labor. Consent certificate platforms like Jornaya or ActiveProspect's TrustedForm run $300 to $1,500 per month depending on volume [11].
3. Legal counsel and policy drafting
A compliance policy, script review, and opt-out procedure document from a qualified telemarketing attorney typically costs $2,000 to $8,000 for the initial build and $500 to $2,000 a year for review. That is not a luxury. A written policy is evidence of good faith if a claim ever lands on you. Hourly rates for TCPA-specific counsel run $350 to $650 at most mid-size firms.
4. Technology and software
This covers your dialer, your CRM, and any compliance-specific tooling. A cloud predictive dialer with built-in calling-time limits and opt-out management runs $50 to $200 per seat per month. CRM configuration to flag DNC status and consent expiration is usually internal labor rather than a line item. Dedicated compliance platforms that combine scrubbing, consent management, and audit trails cost $300 to $2,000 per month.
5. Staff time
This is the cost most teams undercount. Someone has to manage suppression lists, process opt-outs within the required 30-business-day window [10], audit call recordings, and track FCC rule changes. A rough rule: budget 4 to 8 hours per month of a manager's time for a small team, more if you run high-volume text campaigns. At $75 to $150 per burdened hour, that is $300 to $1,200 per month in internal labor.
How do compliance costs compare to TCPA settlement amounts?
This is where the numbers get clarifying fast. One year of a full program for a small team costs less than the cheapest defended lawsuit.
| Scenario | Estimated Cost |
|---|---|
| Annual DNC scrubbing (national, self-serve) | $18,341/yr |
| Annual DNC scrubbing (third-party service, 100K contacts/mo) | $2,400, $12,000/yr |
| TrustedForm or Jornaya consent certificates | $3,600, $18,000/yr |
| TCPA attorney policy build | $2,000, $8,000 (one-time) |
| Annual legal review | $500, $2,000/yr |
| Compliance platform (small team) | $3,600, $24,000/yr |
| Total small-team annual program | $5,000, $30,000/yr |
| Single plaintiff, 50 unconsented calls, willful | $75,000 |
| Class action settlement, mid-size defendant | $1M, $35M |
| FCC consent revocation rule non-compliance | $500, $1,500/call |
The Truist Bank TCPA class action settled for $4.45 million. Read that breakdown here. Albertsons and Safeway faced a TCPA class action settlement too. Neither company was doing anything most sales teams would call reckless. The violation in most of these cases was a process gap: calling a number that had been reassigned, blowing past a verbal opt-out, or buying a third-party lead list without checking where the consent came from.
Nobody has clean public data on what the average TCPA demand letter costs to resolve. The closest figures come from plaintiff attorneys who publish their results: individual nuisance settlements typically run $500 to $5,000 per plaintiff. Add $3,000 to $10,000 in your own legal fees to respond, and you've spent more resolving one claim than a full year of compliance tooling would have cost.
What does it cost to comply with the FCC's 2024 consent revocation rules?
The FCC's August 2024 order (FCC 24-75) tightened consent revocation and set the price of getting it wrong. Callers must honor opt-out requests within ten business days, and consumers can revoke consent "through any reasonable means," including a verbal request during a call, not only by clicking an unsubscribe link [6].
"Any reasonable means" is the part that costs money. You need call recording review or real-time agent flagging to catch verbal revocations, a workflow that moves those revocations to your suppression list inside the ten-business-day window, and documentation that you honored the request. If your dialer has none of that, you are probably out of compliance right now.
A verbal revocation workflow usually means:
- Agent training (2 to 4 hours per rep, roughly $50 to $150 per person in loaded labor)
- A CRM trigger or ticket for compliance review when an agent flags a revocation ($500 to $2,000 to configure if your CRM supports it, or free with a simple spreadsheet process)
- A weekly suppression list audit (1 to 2 hours of manager time)
For most small teams, getting this right costs $500 to $3,000 in one-time setup and $200 to $500 per month in ongoing labor. That is cheap next to the exposure. Every call or text to someone who already revoked consent is a separate violation at $500 to $1,500.
For rule changes and enforcement as they land, our TCPA news page tracks the latest FCC orders and case outcomes.
What is the cheapest way to build a TCPA-compliant outbound program?
Start with the free layer. The statute text and the FCC's public guidance tell you most of what you need to know about consent standards and calling-time limits [1][2]. You can read the requirements yourself instead of paying a consultant to summarize them. Our plain-English TCPA breakdown is a good first stop before you spend a dollar.
Then stack these free or near-free resources:
- The FTC's free DNC registry access covers up to 5 area codes. If you're testing a new market or running a small regional campaign, that might cover you without a national subscription [5].
- Most CRMs (HubSpot's free tier, Zoho, Airtable) can store consent date, source URL, and opt-out status if you configure them deliberately. That takes a few hours and costs nothing but your time.
- A one-page written calling policy documents your intent. If you don't have one, a TCPA attorney can draft a template for $500 to $1,500 instead of a full policy build.
The honest floor for a small team doing compliant calling and texting is probably $2,000 to $4,000 in year one if you do most of the work yourself: free registry access for a limited area code footprint, a few hundred dollars for a consent form build, and a one-time attorney review. Year two and beyond, you're mostly paying for scrubbing and the occasional legal check-in.
LeadCompliant offers a free TCPA compliance checklist and DNC lookup tool that covers a lot of the initial audit work at no cost. Tools like that let you find gaps before you pay a lawyer to name them for you.
Don't confuse cheap with sufficient. The FCC's 2025 rule updates and state law overlays (Florida, Oklahoma, and others) add complexity that a free checklist can flag but cannot replace qualified legal review [7].
How much does a TCPA lawsuit cost to defend or settle?
Once you get sued or receive a demand letter, the costs jump. Here is what real defense looks like.
A demand letter from a plaintiff attorney usually asks for $500 to $5,000 on an individual claim and threatens federal court if you don't answer. Your own attorney will charge $2,000 to $5,000 just to evaluate the claim and send a response. If you settle fast (most individual claims do), total out-of-pocket runs $2,500 to $10,000.
If the case files in federal court and reaches discovery, defense costs alone often hit $50,000 to $150,000 before any settlement. Class certification, if it happens, pushes total exposure into seven figures. The Cash App TCPA class action produced a substantial consumer settlement. See the full breakdown for what that kind of exposure looks like in practice.
The Joseph Snyder v. Credit One case shows how individual plaintiffs use the TCPA's fee-shifting provisions. See that case here. Plaintiff attorneys take these cases on contingency because the statutory damages create a predictable payout. So the supply of willing plaintiffs is never limited by whether they can afford a lawyer.
Insurance does not reliably cover TCPA claims. Most commercial general liability policies exclude or limit coverage for statutory violation claims. TCPA-specific endorsements exist but are expensive and far from universal. Don't assume your CGL policy has your back on a class action.
Do state laws add to the cost of compliance?
Yes. In some states, a lot. State telemarketing statutes stack their own consent rules and private rights of action on top of the federal TCPA.
Florida's Telephone Solicitation Act (FTSA) created a private right of action with $500 per call in damages, similar to the TCPA but with its own consent and time-of-day rules [7]. Florida plaintiffs filed hundreds of FTSA suits after the law took effect in 2021. The legislature amended it in 2023 to require pre-suit notice, which slowed the volume, but Florida is still a high-litigation state.
Oklahoma's Telephone Solicitation Act, Texas's Business and Commerce Code Chapter 305, and Maryland's telephone solicitation laws each add state-level requirements that can be stricter than federal rules [9]. If you call or text into multiple states, you need either a multistate compliance review ($3,000 to $10,000 from a qualified firm) or a defensible policy of applying the strictest standard you know to every contact.
For a small team calling nationwide, the practical cost of state compliance usually sits inside the same legal review and scrubbing workflow as federal compliance. You don't pay twice. But you do need a lawyer who knows these statutes by name, not someone who skimmed the federal TCPA once.
For deeper state coverage, our state laws hub tracks the key variations. TCPA 2025 changes covers the latest federal updates that overlap with state rules.
What compliance costs are one-time vs. ongoing?
This split matters for budgeting. Most founders ask "how much does compliance cost" and want one number. The real answer has two parts.
One-time setup costs:
- Legal policy build: $2,000 to $8,000
- Consent form design and CRM configuration: $500 to $3,000
- Initial TCPA training per rep: $100 to $500 per person in labor time
- Audit of existing contact lists for consent validity: $1,000 to $5,000 in attorney or consultant time
Recurring annual costs:
- National DNC registry access: up to $18,341/yr for unlimited [5]
- Third-party scrubbing service: $2,400 to $12,000/yr depending on volume
- Consent certificate platform (TrustedForm, Jornaya): $3,600 to $18,000/yr [11]
- Annual legal review: $500 to $2,000
- Compliance platform or dialer with compliance features: $3,600 to $24,000/yr
- Manager compliance labor: $3,600 to $14,400/yr
For a very small team (2 to 5 reps, under 20,000 monthly contacts), realistic totals are $2,000 to $5,000 in year-one setup and $3,000 to $10,000 a year in ongoing costs. Scale those by contact volume as you grow.
The 30-business-day opt-out processing window under the Telemarketing Sales Rule is a process cost, not a software cost, but it eats someone's time every week [10]. Budget 2 to 4 hours per week of staff time if you have any real opt-out volume.
Is TCPA compliance worth the cost for small businesses?
For most outbound teams, the math is not close. The expected cost of a single TCPA claim, weighted across the realistic range of outcomes, beats the annual cost of a basic program inside the first year.
Here is a rough way to think about it. Say you send 10,000 texts per month to purchased leads with unverified consent. Your exposure per batch is potentially $5 million in statutory damages if every contact is a violation (10,000 x $500). Your odds of a claim in any given year are low but not zero, especially since plaintiff attorneys run TCPA detection services that scan for auto-dialer signatures and unsubscribe failures. Even a 1% chance of a $100,000 resolution carries an expected cost of $1,000 per month. A program that prevents it costs less than that.
The counterargument is real: plenty of small teams run non-compliant programs for years and never get hit. Nobody has good data on the actual claim rate per non-compliant contact. The closest public figures come from the FTC's annual Do Not Call report, which tracks consumer complaints, not lawsuit rates [4]. What we do know is that TCPA class action filings have numbered in the hundreds per year for the past decade, and plaintiff firms actively market to consumers who get spam calls.
Our recommendation: if you're making more than 5,000 outbound contacts per month, a compliance program is not optional. If you're under that and just starting, the free checklist and basic scrubbing approach buys you time while you build revenue to fund a fuller program. Get a lawyer's eyes on your consent language before you scale.
For the consent mechanics behind all of this, TCPA guidelines for 2025 and our guide to existing business relationships explain what actually protects you and what doesn't.
How do you build a cost-effective TCPA compliance budget?
Build the budget in three tiers by contact volume and risk. Then spend where the plaintiffs actually look.
Tier 1: Under 5,000 monthly contacts, low complexity
Free FTC DNC registry access for 5 area codes, a CRM configured to track consent and opt-outs, a one-page calling policy reviewed by an attorney once ($500 to $1,500), and 2 hours per month of manager review. Total annual cost: $1,000 to $3,000.
Tier 2: 5,000 to 50,000 monthly contacts, moderate complexity
Full national DNC scrubbing through a third-party provider, a consent certificate tool for lead-gen sources, a compliance-aware dialer, and an annual legal review. Total annual cost: $8,000 to $25,000.
Tier 3: 50,000+ monthly contacts or high-risk categories (financial services, healthcare, debt collection)
Enterprise scrubbing, a consent management platform, dedicated compliance staff or a fractional compliance officer, quarterly legal review, and call recording monitoring. Total annual cost: $30,000 to $80,000+.
Two things deserve priority in any tier: consent documentation and opt-out processing. Those are the two areas where plaintiffs most consistently find violations, and process discipline handles both better than expensive software does.
If you're in financial services or healthcare, your risk runs higher because your customer base overlaps heavily with plaintiff attorney targeting. The Kaiser TCPA settlement involved healthcare-adjacent contacts; you can see the claim details here. The UnitedHealthcare $2.5M settlement is another reference point for healthcare-sector exposure.
For SMS campaigns, the cost picture shifts a little because text marketing needs written prior express consent, which adds a consent-collection layer that informational messages skip. Our text message marketing guide breaks down the consent tiers and what each one costs to implement.
LeadCompliant's compliance kit bundles the foundational documents (calling policy template, consent language examples, opt-out workflow checklist) into one resource so you're not paying a lawyer to draft from a blank page.
This article is general information, not legal advice. Talk to a qualified attorney about your specific situation.
Frequently asked questions
How much does TCPA compliance cost per year for a small business?
For a small outbound team making under 20,000 monthly contacts, expect $3,000 to $10,000 per year in combined scrubbing, consent tooling, and legal review. Year-one setup adds $2,000 to $8,000 for policy drafting and CRM configuration. Teams under 5,000 monthly contacts can build a basic program for $1,000 to $3,000 annually if they do most of the work themselves.
What is the minimum you can spend on TCPA compliance and still be protected?
There is no guaranteed minimum, but the practical floor for a real program is roughly $1,500 to $3,000 in year one: free FTC DNC registry access for up to 5 area codes, a CRM configured to track consent and opt-outs, and a one-time attorney review of your consent language and calling policy. Below that, you leave gaps a plaintiff attorney can exploit.
What does a TCPA violation cost per call or text?
The TCPA sets statutory damages at $500 per violation for unintentional violations and $1,500 per violation for willful or knowing ones. Courts have ruled that each call or text is a separate violation. There is no cap per plaintiff in individual suits, and class actions multiply that per-call figure across all affected contacts, often producing settlements in the millions.
Is DNC list scrubbing required, and how much does it cost?
Yes, federal law requires telemarketers to scrub against the National Do Not Call Registry before calling. The FTC provides free access for up to 5 area codes; national unlimited access costs $18,341 per year directly from the FTC. Third-party scrubbing services that bundle registry access with extra suppression data typically cost $0.002 to $0.01 per record, or $200 to $1,000 per month for teams with 100,000 monthly contacts.
Do I need a lawyer to be TCPA compliant, or can I do it myself?
You can build the operational pieces yourself (consent forms, CRM configuration, scrubbing workflows), but you should have a qualified attorney review your consent language and calling policy at least once. Self-diagnosing consent adequacy is risky because courts have struck down language that looked reasonable to the companies using it. A one-time legal review costs $500 to $2,000 and is worth every dollar.
What does it cost to defend a TCPA lawsuit?
Defense costs for an individual TCPA claim typically run $2,000 to $5,000 just to respond to a demand letter, with settlement adding $500 to $5,000 more. If the case files in federal court and reaches discovery, defense costs alone often hit $50,000 to $150,000 before any settlement payment. Class actions cost far more; major settlements have ranged from $1 million to $35 million.
Does business insurance cover TCPA claims?
Most standard commercial general liability policies exclude or limit coverage for statutory violation claims like TCPA. Some insurers offer TCPA-specific endorsements or media liability policies that cover regulatory fines and defense costs, but these are not universal and require careful review of your policy language. Do not assume you are covered without confirming in writing with your broker.
What does consent management software cost for TCPA compliance?
Purpose-built consent certificate platforms like TrustedForm (ActiveProspect) or Jornaya cost roughly $300 to $1,500 per month depending on volume, which works out to $3,600 to $18,000 annually. These tools generate a timestamped certificate proving a consumer saw and agreed to specific consent language at a specific URL, which is strong evidence if you face a claim.
What are the FCC's 2024 and 2025 consent revocation rules, and what do they cost to implement?
The FCC's August 2024 order (FCC 24-75) requires callers to honor opt-out requests within ten business days through any reasonable means, including verbal requests during a call. Implementing a verbal revocation workflow costs $500 to $3,000 in one-time setup (agent training, CRM trigger configuration) and $200 to $500 per month in ongoing audit labor. Non-compliance means every post-revocation contact is a separate $500 to $1,500 violation.
Are there cheaper state-level compliance options, or do state laws always add cost?
State laws generally add cost rather than reduce it. Florida, Oklahoma, Texas, and Maryland have state telemarketing statutes with their own consent requirements and private rights of action running parallel to the TCPA. A multistate compliance review costs $3,000 to $10,000. The practical shortcut is applying the strictest known standard to all contacts, which avoids a state-by-state analysis but requires knowing what that standard is.
How much does TCPA compliance cost for text message marketing specifically?
Text campaigns require written prior express consent for marketing messages, a consent-collection form, an opt-out keyword workflow (STOP, UNSUBSCRIBE, and the like), and DNC scrubbing before sending. Add a consent certificate tool if you use leads from third parties. For a small SMS program, total annual compliance cost runs $4,000 to $15,000 depending on volume and whether you use a purpose-built platform.
Can I use a B2B exemption to reduce TCPA compliance costs?
The TCPA's B2B exemption is narrow. It generally covers calls to business landlines for legitimate business purposes, but it does not exempt calls or texts to cell phones, even if the recipient is a business contact. If you're calling cell phones, you need prior express consent regardless of whether the call is framed as B2B. Our guide to the TCPA B2B exemption covers exactly where the lines are.
What is the cost difference between TCPA compliance and non-compliance?
A basic compliance program for a small team runs $3,000 to $10,000 per year. A single defended TCPA claim, even one that settles fast, typically costs $5,000 to $15,000 in combined legal fees and settlement. A class action can cost $1 million to $35 million. For any team running more than a few thousand monthly contacts, proactive compliance is cheaper than absorbing even one mid-size claim.
How long does it take to build a TCPA compliance program?
A basic program (consent forms, CRM configuration, calling policy, DNC scrubbing account) takes two to six weeks to build if you have an attorney lined up and a CRM already in use. The slow parts are attorney availability and getting clean data exports from your existing contact list for consent auditing. A fuller program with a compliance platform and staff training takes 60 to 90 days.
Sources
- U.S. Code, 47 USC 227 (Telephone Consumer Protection Act): The TCPA prohibits autodialed or prerecorded calls/texts to cell phones without prior express consent; requires written consent for marketing messages.
- FTC: National Do Not Call Registry Data Book (annual reports): The FTC requires telemarketers to honor the National Do Not Call Registry; consumers can file complaints; the FTC publishes annual complaint data.
- FTC: National Do Not Call Registry for businesses and fee schedule: Access to the National DNC Registry for up to 5 area codes is free; national unlimited annual subscription costs $18,341.
- Florida Legislature: Florida Telephone Solicitation Act (FTSA), Section 501.059 F.S.: Florida's FTSA creates a private right of action for telephone solicitation violations with $500 per call damages, separate from federal TCPA rights.
- Texas Legislature: Business and Commerce Code Chapter 305 (Telemarketing): Texas has its own telemarketing statute with separate requirements that outbound teams calling into Texas must follow alongside federal rules.
- FTC: Complying with the Telemarketing Sales Rule: The Telemarketing Sales Rule requires opt-out requests to be honored within 30 business days and prohibits calling numbers on the National DNC Registry.
- ActiveProspect: TrustedForm product information: TrustedForm generates timestamped consent certificates for lead-gen consent documentation; pricing depends on volume.
- CourtListener: In re Credit One Bank TCPA Litigation, $35M settlement: Credit One Bank's TCPA class action settled for $35 million, covering consumers who received autodialed calls after revoking consent.