TCPA violation penalties: how much they actually cost

TCPA violations cost $500, $1,500 per call or text. Learn how statutory damages, class actions, and FCC forfeitures add up, and what courts have actually awarded.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-09

Empty courtroom at dusk with folder on table representing TCPA penalty lawsuit
Empty courtroom at dusk with folder on table representing TCPA penalty lawsuit

TL;DR

Each TCPA violation carries a statutory penalty of $500 per call or text, rising to $1,500 if a court finds the violation was willful. Class actions multiply that fast: a single campaign touching 100,000 people theoretically exposes you to $50, $150 million. Real settlements range from hundreds of thousands to tens of millions. The FCC can also impose separate administrative forfeitures.

What is the TCPA penalty per violation?

The Telephone Consumer Protection Act sets a flat statutory damage amount that does not require the plaintiff to prove any actual harm. Under 47 U.S.C. § 227(b)(3), a person who receives a violating call or text can recover "$500 in damages for each such violation" or their actual monetary loss, whichever is greater. [1] If the court finds the defendant "willfully or knowingly" violated the statute, that award triples to $1,500 per violation. [1]

Those numbers sound manageable until you do the multiplication. A robocall campaign to 200,000 numbers, even one that breaks the rules on a small fraction of those dials, can produce a five- or nine-figure exposure before a single plaintiff lawyer files anything.

The $500/$1,500 structure has not changed since the TCPA was enacted in 1991. Congress set it high enough to deter bad actors without making injured consumers prove financial harm, because most unwanted calls cause annoyance rather than a calculable dollar loss. That design choice is exactly what makes TCPA class actions so dangerous for defendants.

What is the difference between a willful and non-willful TCPA violation?

Courts have split on what "willfully or knowingly" means under the TCPA. Most federal circuits apply a lower bar than you might expect. You do not need to know you were breaking the law. You only need to have intentionally made the call or sent the text. [2] If you ran a campaign and the calls went out as programmed, that is generally enough for a court to find willfulness, even if your compliance team thought the consent records were solid.

A handful of courts have required something closer to actual knowledge of the legal violation. That is the minority view. The practical upshot: assume you are always litigating at the $1,500 rate, not $500. Defense attorneys routinely advise this, and most class-action settlements are priced as if every violation was willful.

There is one partial shield. If you can show you had procedures in place, relied on written consent, or acted on a reasonable reading of an unclear FCC rule, you can argue good faith as a factor in whether the court grants the treble damages multiplier. It is not a statutory defense, but judges have discretion on equitable grounds in some circumstances.

How do TCPA class actions multiply the penalty?

Individual TCPA suits are rare. The real threat for any company running outbound calls or texts at scale is the class action. Plaintiffs' lawyers certify a class of everyone who received the same type of violating communication, then aggregate the $500 or $1,500 per-call figure across the whole class.

The math is brutal. A single text blast to 500,000 opted-out consumers at $1,500 each is $750 million in theoretical exposure. Courts do not actually award the full statutory amount in most class certifications, because defendants would be bankrupted by sums grossly out of proportion to any harm, and some judges reduce awards on due process grounds. But the theoretical ceiling drives settlement talks, and settlements in the tens of millions are common.

For a sense of real outcomes: UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations related to automated calls. Truist Bank settled a TCPA class action over similar claims. Credit One Bank faced a major TCPA class action that drew heavy attention, and Cash App also faced a TCPA class action settlement. These are not outliers. The Albertsons/Safeway TCPA settlement shows the exposure reaches well beyond financial services. Any company using autodialed calls or texts at scale is a target.

The class certification hurdle matters. Plaintiffs must show commonality: usually that a single policy or technology sent the violating messages. If you used one platform, one list, one campaign, that is usually enough.

TCPA and related penalty amounts by enforcement type Per-violation maximums and notable real-case outcomes TCPA private plaintiff, non-willf… $500 TCPA private plaintiff, willful (… $1,500 FCC administrative forfeiture (pe… $24k FTC / TSR civil penalty (per viol… $52k Dish Network judgment (total, mil… $280M Source: 47 U.S.C. § 227; FCC Enforcement Bureau; FTC TSR; DOJ v. Dish Network (2017)

What penalties can the FCC impose separately from private lawsuits?

Private litigation is not the only enforcement channel. The FCC has authority under 47 U.S.C. § 227(f) and the Communications Act to issue administrative forfeitures for TCPA violations. [3] These are government-imposed fines, separate from any private class action.

The FCC's forfeiture authority under the Communications Act allows penalties up to $23,727 per violation and up to $177,951 for a single continuing violation as of the most recent inflation adjustments. [4] In practice, the FCC has issued forfeitures in the millions for large robocall campaigns. In 2022, the agency proposed record fines against health insurance robocallers totaling nearly $300 million, though actually collecting from overseas or judgment-proof defendants is a separate problem. [3]

The FCC can also refer cases to the Department of Justice for criminal prosecution under the Communications Act, though criminal cases are uncommon and typically reserved for large-scale fraudulent robocall operations.

State attorneys general can bring their own enforcement actions under 47 U.S.C. § 227(f)(1), and many state laws layer extra penalties on top of the federal floor. More on that below.

How do TCPA penalties compare to FTC and state-level fines?

The TCPA is a federal statute, but it sits alongside other enforcement regimes that can fire at the same time.

Law / RegulatorPer-Violation PenaltyWho Enforces
TCPA (47 U.S.C. § 227)$500, $1,500 (private); up to $23,727 (FCC) [4]Private plaintiffs, FCC, state AGs
FTC Telemarketing Sales RuleUp to $51,744 per violation [5]FTC, DOJ
National Do Not Call RegistryUp to $51,744 per call [5]FTC, DOJ, state AGs
State TCPA analogs (e.g., Florida FTSA)$500, $1,500+ per call (varies)State courts, state AGs

The FTC's TSR penalty figure is real and adjusted for inflation. As of 2023, the FTC can seek $51,744 per violation of the Telemarketing Sales Rule, which covers many of the same call types the TCPA addresses. [5] Violate both, and you can face both.

Florida's Telephone Solicitation Act (FTSA), effective 2021, created a private right of action that mirrors TCPA exposure but applies to any call that uses an auto-dialer to reach a Florida number, no matter where the caller sits. [6] Several other states have passed or tightened their own analogs. You can be fully TCPA-compliant and still face state-level exposure if your consent practices do not meet the stricter state standard.

What are some of the largest real TCPA settlements and verdicts?

Settlements dominate because defendants rarely want a jury to set the final per-violation count. A few verdicts and large settlements show the real range.

Capital One settled a TCPA class action for $75.5 million in 2014, one of the early benchmark cases. [7] Dish Network saw a DOJ/FTC enforcement action end in a $280 million judgment in 2017, which at the time was the largest telemarketing penalty in U.S. history. [8] That case involved both TCPA and TSR violations across tens of millions of calls.

More recently, health insurance lead generators have faced enormous proposed FCC forfeitures. In 2022, the FCC proposed $299 million in fines against one robocall operation. [3] Collection is uncertain, but the proposed figure signals how the agency values large-scale violations.

On the smaller end, single-plaintiff TCPA cases settle in the $1,000, $5,000 range more often than you read about. Many companies quietly pay these to avoid litigation costs. The per-case economics favor settling early: defense costs alone for a single TCPA case often run $20,000, $50,000 before trial, which exceeds the statutory damages at stake for one plaintiff.

For ongoing case developments, the TCPA news tracker covers recent settlements and FCC actions as they happen.

Which TCPA rules generate the most violations and lawsuits?

Not all TCPA rules are litigated equally. Based on court filings and FCC enforcement patterns, a few categories generate the bulk of exposure.

Automated or prerecorded calls to cell phones without prior express written consent account for the largest share of TCPA class actions. The consent requirement here is strict: the FCC's 2012 order and later guidance require written consent (which includes electronic signatures) specifically authorizing autodialed marketing calls, with a clear disclosure that consent is not a condition of purchase. [9]

Text messages are the fastest-growing category. The FCC has confirmed that autodialed text messages are covered under the same TCPA provisions as calls. [9] A single bulk SMS campaign to a purchased list, or to a list that did not clearly opt in to marketing texts, can generate a class in a day. The text message marketing compliance guide and text messaging marketing rules cover the consent documentation you need.

Calls to numbers on the National Do Not Call Registry are the third major bucket. Residential landlines and cell phones both qualify for DNC protection. Companies with weak DNC scrubbing face both TCPA and TSR exposure.

Robocalls to reassigned numbers are a persistent trap. The FCC's Reassigned Numbers Database rules give a one-call safe harbor when a number has been reassigned and the caller did not know, but only if the caller has a process for checking reassigned numbers. [10] Without that process, every call to a reassigned number is a fresh violation.

Can you avoid TCPA penalties with an established business relationship?

The "established business relationship" (EBR) exemption is real but narrow, and many companies misread its scope.

For residential landline calls (not cell phones), an EBR allows certain prerecorded calls without prior express written consent. The relationship must be based on a prior transaction, inquiry, or application within the past 18 months, or an active membership or ongoing relationship. [1] The FCC has set these timeframes by rule.

Here is the limit that trips people up: the EBR exemption does NOT apply to autodialed or prerecorded calls to cell phones. Cell phone calls require prior express written consent regardless of any prior relationship. [9] This is the mistake behind most of the big class actions. A company that has called its customer base for years on cell phones, relying on an EBR theory, has no defense.

For DNC list purposes, an EBR allows calls to someone on the registry for up to 18 months after the last transaction, or 3 months after an inquiry. [1] But again, if the call is autodialed to a cell phone, you still need written consent independent of the EBR.

Treat cell phone consent as its own line item in your onboarding and lead intake process, completely separate from any relationship-based assumption.

How does TCPA exposure change for small businesses vs. large companies?

The TCPA has no small business carve-out. Sole proprietors, startups, and local businesses face the same $500/$1,500 per-violation structure as Fortune 500 companies.

What changes is the target-value math for plaintiffs' attorneys. Small companies with thin balance sheets attract individual plaintiff suits more than class actions, because a class action needs a settlement fund large enough to pay counsel and distribute to the class. A small outbound sales team that calls 5,000 leads poorly is more likely to face 10 to 20 individual demand letters than a multi-million-dollar class action.

Those individual demand letters are still serious. A typical pre-litigation TCPA demand letter for individual claims runs $1,500, $5,000, and the economics of fighting them are poor. Defense counsel fees to contest a single claim often exceed the damages. Many small businesses pay nuisance settlements for claims that might not survive motion practice, simply because contesting costs more.

The practical answer for small teams is the same as for large ones. Document consent, scrub the DNC registry, and stop using platforms that cannot demonstrate ATDS (automatic telephone dialing system) compliance. LeadCompliant's free TCPA compliance kit includes the consent documentation templates and DNC scrub checklist most small teams are missing. Getting the fundamentals right costs almost nothing next to one settled demand letter.

What defenses actually work against a TCPA penalty claim?

TCPA defense is not hopeless, but the effective defenses are narrower than most people expect.

Prior express written consent is the strongest one. If you have a clear, compliant consent record tied to the specific number called or texted, courts routinely grant summary judgment for defendants. The consent must be in writing (electronic counts), must clearly authorize the type of communication made, and must not be bundled as a condition of purchase. [9] The catch is evidentiary. You need to produce the specific consent record in discovery, with a timestamp and the exact disclosure language shown to the consumer.

The called-party consent defense covers situations where the person who consented is not the person who later sues. If a subscriber changes numbers and the new subscriber sues, you can argue the original subscriber consented. This is a real defense but it has limits: the FCC's reassigned number rules mean you still need a process for detecting reassignments.

The "not an ATDS" defense was reshaped by the Supreme Court's 2021 decision in Facebook v. Duguid, which held that an ATDS must actually have the capacity to generate numbers randomly or sequentially and then dial them. [2] That ruling narrowed the ATDS definition sharply and knocked out a wave of claims against companies using predictive dialers that dial from a stored list. The FCC has been working on new rulemaking that could expand ATDS coverage again, so this defense may shift.

Good faith reliance on FCC guidance is a partial defense when the rules were genuinely ambiguous. Courts have allowed this argument in limited circumstances, but it is not a clean win.

What does not work: "I didn't know," "my vendor handled it," or "we had a terms-of-service consent checkbox." Those arguments get companies into expensive litigation, not out of it.

How do you reduce TCPA penalty exposure before a lawsuit is filed?

Prevention is where the math works in your favor. A reasonable TCPA compliance program costs far less than a single settled class action, or even a handful of demand letters.

The four highest-ROI steps for outbound teams:

First, document consent at the point of collection. Every lead form, landing page, and third-party lead source should have a logged consent record that captures the timestamp, IP address, phone number, and the exact disclosure language shown. Generic privacy policies do not satisfy TCPA written consent requirements.

Second, scrub against the National DNC Registry before every campaign. The FTC requires telemarketers to access the registry at least every 31 days. [5] You also need your own internal DNC list and must honor opt-outs within the required window (10 business days under the TSR; the TCPA does not name a number, but courts have applied the same standard).

Third, audit your dialing technology. After Facebook v. Duguid, your exposure on the ATDS question turns on your specific platform's architecture. Get a written statement from your dialer vendor on whether their system generates numbers randomly or sequentially, and keep it on file. [2]

Fourth, set up a reassigned number check. The FCC's Reassigned Numbers Database (RND) is the official resource. [10] Checking against it before calling gives you the safe harbor the FCC created.

LeadCompliant's free tools let you run quick compliance checks on your consent language and calling practices. The one-time compliance kit is a good starting point if you are building these processes from scratch.

For ongoing monitoring of the regulatory environment and recent case outcomes, the TCPA news section stays current on FCC rulemakings and notable verdicts. If you want the consumer's view of stopping unwanted robocalls, the how to stop robocalls guide explains the enforcement tools on the other side of the table.

What should you do if you receive a TCPA demand letter or get sued?

Do not ignore it. A TCPA demand letter is not spam. Plaintiffs' attorneys in this space are sophisticated and usually have a documented violation before they send the letter. Ignoring it does not make it go away. It makes it more expensive.

If a demand letter lands, your first move is to pull the consent records for the specific phone number and date in question. If you have clean written consent tied to that number, you have a real defense and should put it in front of defense counsel fast. If you do not have the record, the negotiation calculus shifts toward settlement.

For individual demand letters in the $1,500, $5,000 range, fight-versus-settle is mostly a legal fee question. Fighting costs more than settling in almost every individual case. Settling creates no admission of liability. Many high-volume outbound sales businesses treat individual TCPA demand letters as a cost of operations and settle within 30 days.

Class action suits are a different category entirely. If you are served with a class action complaint, you need TCPA-specialized litigation counsel immediately. The class certification briefing schedule moves fast, and the decisions made in the first 60 to 90 days set the trajectory of the case. Early mediation is common and often results in settlements that include injunctive relief (practice changes) alongside a cash payment.

If the suit is a Kaiser TCPA settlement claim deadline style class settlement where you might be a defendant, act faster, not slower. Courts enforce deadlines strictly in settlement administration.

Frequently asked questions

What is the maximum TCPA penalty per violation?

The statutory maximum for a private plaintiff is $1,500 per call or text when the violation is willful or knowing. The FCC can impose administrative forfeitures up to $23,727 per violation under the Communications Act's adjusted penalty schedule. In practice, FCC proposed forfeitures against large robocall operations have reached hundreds of millions of dollars in aggregate, though collection is a separate challenge.

Does the TCPA cover text messages the same way it covers phone calls?

Yes. The FCC confirmed that autodialed text messages fall under the same TCPA provisions as voice calls to cell phones. Each individual text message counts as a separate violation. A bulk SMS campaign to 100,000 numbers without proper written consent exposes the sender to up to $150 million in statutory damages at the $1,500 willful rate, before any class action multiplier is applied.

Can a small business really get sued under the TCPA?

Absolutely. The TCPA has no small business exemption. Individual demand letters are actually more common against smaller companies than class actions, because plaintiffs target businesses with enough assets to pay but not enough to mount an expensive defense. A single poorly documented outbound call campaign can generate 20 or 30 individual demand letters at $1,500, $5,000 each.

How long do people have to sue under the TCPA?

The TCPA's statute of limitations is four years under the federal catch-all statute (28 U.S.C. § 1658), though some courts have applied a shorter three-year period from analogous state law. The four-year period is the majority rule. This means calls or texts from years ago can still generate live claims, which is why consent records need to be retained well beyond the campaign end date.

The TCPA does not specify an expiration date for consent, but courts and the FCC recognize that consent can be revoked at any time through any reasonable means. Once a consumer says stop, you must honor it. The FCC's one-to-one consent rule also requires that consent be specific to the company making the call, not transferable across multiple lead buyers.

The FCC adopted a one-to-one consent rule requiring that each seller obtain its own written consent rather than relying on blanket consent collected by a lead generator. Calls or texts made under a shared consent model after the rule's effective date are treated as violations, even if the underlying consent form existed. This significantly increases penalty exposure for companies buying leads.

Can you go to jail for TCPA violations?

Not for the TCPA itself. The TCPA is a civil statute with no criminal penalties. However, large-scale fraudulent robocall operations can face criminal prosecution under the Communications Act or wire fraud statutes. The FTC's Telemarketing Sales Rule also supports criminal referrals to DOJ in egregious cases. Most TCPA enforcement is civil: money damages and injunctions, not imprisonment.

Are TCPA violations covered by business insurance?

Sometimes, but it depends heavily on your policy. Some commercial general liability (CGL) policies exclude statutory damages. Professional liability and cyber policies vary. A handful of insurers offer specific TCPA endorsements. If you run outbound calls or SMS at any scale, ask your broker directly whether your policy covers TCPA class action defense costs and settlement payments. Do not assume coverage exists.

What happens if your third-party vendor caused the TCPA violation?

You can still be liable. The FCC and courts apply a vicarious liability standard: if you directed or ratified the vendor's calling practices, you share liability even if the vendor technically made the calls. This means you need written TCPA compliance representations in every vendor contract, plus audit rights. Blaming the vendor is rarely a complete defense.

How much does it cost to defend a TCPA lawsuit even if you win?

Defense costs for an individual TCPA case run roughly $20,000, $50,000 through summary judgment. Class action defense is far more expensive: $500,000 to several million dollars through trial, depending on class size and complexity. The TCPA does not shift attorneys' fees to defendants who win, meaning a successful defense still costs substantial money with no recovery.

What is the Reassigned Numbers Database and does checking it protect you from penalties?

The FCC's Reassigned Numbers Database (RND) lets callers verify whether a phone number has been reassigned to a new subscriber since consent was collected. Using it before calling gives you a safe harbor for one call to a reassigned number. Without checking it, every call to a number that changed hands since you collected consent is a potential violation with no protected status.

Do TCPA penalties apply to B2B calls?

It depends on the number called. The TCPA's cell phone autodialer prohibition applies to the phone number, not the purpose of the call. A business development call to a prospect's personal cell phone is subject to TCPA even in a B2B context. Calls to a business landline generally fall outside the TCPA's autodialer restrictions but may still implicate the DNC rules if the number is registered.

Sources

  1. Cornell LII, 47 U.S.C. § 227 — Telephone Consumer Protection Act (full statute text): TCPA statutory damages of $500 per violation, $1,500 for willful violations; established business relationship rules and timeframes
  2. U.S. Supreme Court, Facebook Inc. v. Duguid, 592 U.S. 651 (2021): ATDS must have capacity to generate numbers using a random or sequential number generator; willfulness standard discussion
  3. FTC, Telemarketing Sales Rule: Complying with the TSR: FTC TSR civil penalty up to $51,744 per violation; telemarketers must access DNC registry at least every 31 days
  4. Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida FTSA private right of action mirroring TCPA; applies to automated calls to Florida numbers
  5. U.S. District Court, N.D. Illinois, Capital One TCPA class action settlement, Case No. 12-cv-10064: Capital One settled a TCPA class action for $75.5 million in 2014
  6. U.S. DOJ, Office of Public Affairs (DISH Network telemarketing judgment, June 2017): Dish Network $280 million judgment for TCPA and TSR violations; largest telemarketing penalty at the time
  7. FCC, Reassigned Numbers Database (official program page): FCC Reassigned Numbers Database provides safe harbor for one call to reassigned numbers when caller checks before dialing
  8. FTC, National Do Not Call Registry — For Businesses: DNC registry requirements and enforcement authority for FTC and state attorneys general

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit