TCPA fines: how much they cost and how to avoid them

TCPA fines run $500 to $1,500 per violation. Learn exact fine amounts, how courts multiply them, and what your team can do right now to stay out of trouble.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-09

Person reviewing compliance documents at a desk with afternoon sunlight
Person reviewing compliance documents at a desk with afternoon sunlight

TL;DR

TCPA fines start at $500 per illegal call or text and jump to $1,500 per violation when a court finds willful or knowing conduct. In a class action, those per-contact figures stack across every recipient, so one campaign can carry millions in exposure. The FCC and private plaintiffs both enforce the law. The statute puts no cap on total class damages.

What are the actual TCPA fine amounts per violation?

The Telephone Consumer Protection Act sets three statutory damage tiers, and the numbers are simple to memorize. A standard violation costs $500. The private right of action under 47 U.S.C. § 227(b)(3) lets a plaintiff recover "$500 in damages for each such violation." [1] If the court finds the defendant willfully or knowingly broke the statute, it can triple that to $1,500 per call or text. [1] Those are the per-contact numbers. Nothing in the statute caps how many violations a single lawsuit can bundle together.

The FCC has its own forfeiture authority under 47 U.S.C. § 503(b), with fines up to $23,727 per violation as of the most recent inflation adjustment, and up to $177,951 for a continuing violation. [2] The FCC route is less common for small outbound teams because the agency goes after large carriers and egregious robocall operations. The bigger day-to-day risk is the private class action, where plaintiffs' attorneys pile thousands of individual $500 or $1,500 claims into one case and negotiate a settlement pool.

A few real numbers put this in perspective. UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations tied to outbound calls. See: [UnitedHealthcare to pay $2.5M for alleged TCPA violations] Credit One Bank has faced multiple TCPA class actions, and one settlement ran into eight figures. More: [Credit One TCPA settlement] Truist Bank settled a TCPA class action too. See: [Truist Bank TCPA class action settlement] These are not outliers. They are the pattern.

How does the math actually work when fines multiply into millions?

Here is the mechanics that scares compliance people. Say your team sends an SMS campaign to 50,000 people without proper prior express written consent. Each text is one violation. At $500 apiece, the theoretical exposure is $25 million. At $1,500 per text, it is $75 million. Courts do not always award the full statutory amount in class actions, and settlements usually land lower, but the math is real and plaintiffs' attorneys know it cold. [1]

The willfulness multiplier turns a sloppy mistake into an existential event. Courts have found willfulness where a company got cease-and-desist requests and kept calling, or where internal records showed the team knew about a consent problem. You do not need to have intended to break the law. You just needed to know the general requirements and go ahead without confirming compliance.

Class certification is where the pressure peaks. Once a judge certifies a class, the per-violation exposure aggregates across every class member. Defendants almost always settle after certification because the trial math is too frightening to gamble on. The Albertsons Safeway TCPA settlement and the Kaiser TCPA settlement both followed this path: large campaign, class certification, then a settlement fund that individual plaintiffs claim from.

One more point on multipliers. Some state laws stack their own per-violation damages on top of the TCPA. Florida has its own telemarketing act with separate penalty exposure. So the federal $500/$1,500 floor is not always the ceiling once state law enters the picture.

What triggers a TCPA violation in the first place?

The statute covers four main categories of conduct, and each one has its own consent standard. Getting the category wrong is one of the most common mistakes small teams make.

Autodialed calls or texts to cell phones. The TCPA restricts using an automatic telephone dialing system (ATDS) to call or text mobile numbers without prior express consent. For purely informational calls, express consent (any permission, even implicit from someone handing you their number) may be enough. For telemarketing, you need prior express written consent: a signed agreement, electronic signatures included, that discloses the automated nature of the calls and states that consent is not a condition of purchase. [3]

Prerecorded voice messages. Any call that delivers a prerecorded or artificial voice message to a residential or mobile line for telemarketing needs prior express written consent. The FCC tightened this in its 2023 order. [4]

Calls to numbers on the National Do Not Call Registry. Call someone on the federal DNC list for telemarketing without an established business relationship or their express permission, and that is a separate TCPA violation. The $500/$1,500 per-call structure applies here too. [1]

Calls to residential lines before 8 a.m. or after 9 p.m. local time. Teams overlook the time window constantly. Calling outside those hours is a violation even when you have valid consent. [1]

The most litigation-prone area right now is the ATDS definition. The Supreme Court's 2021 ruling in Facebook v. Duguid narrowed what counts as an autodialer, but courts are still working out the edges, and the FCC has signaled new guidance may come. [5] If your dialer pulls numbers from a stored list and dials them automatically, most plaintiffs' attorneys will argue ATDS. Do not assume the Facebook decision protects you without checking with counsel.

TCPA fine exposure by violation type Statutory damages per violation under 47 U.S.C. § 227 and FCC forfeiture authority Standard violation (private suit) $500 Willful/knowing violation (privat… $1,500 FCC forfeiture per violation (max) $24k FCC forfeiture continuing violati… $178k Source: Cornell Law School LII, 47 U.S.C. § 227; FCC Forfeiture Rules (2024 inflation-adjusted figures)

Who actually enforces TCPA fines, the FCC or private lawsuits?

Both, but private litigation drives the vast majority of cases. The TCPA's private right of action, written straight into 47 U.S.C. § 227(b)(3), lets any individual sue without going through a government agency. [1] That choice by Congress created an enormous plaintiffs' bar that does nothing but TCPA work.

The FCC enforces through forfeiture orders, which it issues after a Notice of Apparent Liability. Those proceedings move slowly, and the agency focuses on carriers, lead generators running massive campaigns, and entities that ignore repeated warnings. The FCC's enforcement history includes multi-million dollar forfeitures against robocall operations, but small outbound teams rarely face FCC action directly.

State attorneys general can also bring TCPA claims on behalf of residents. Several states, including Florida, Texas, and California, run their own telemarketing statutes with parallel enforcement by state officials.

For most small and mid-size sales teams, the real risk is a single plaintiff, often a serial TCPA litigant, who files an individual suit or seeks class certification. Some law firms specialize in spotting businesses that make non-compliant calls and then recruiting named plaintiffs. This is not theoretical. The Cash App TCPA class action settlement grew out of exactly this kind of targeted enforcement by plaintiffs' counsel.

Can the FCC waive or reduce TCPA fines?

In FCC forfeiture proceedings, yes. The FCC has discretion to cut a forfeiture if the party shows good faith compliance efforts, inability to pay, or that the violation was isolated and unintentional. [2] The FCC's Forfeiture Policy Statement lists the factors it weighs, including any history of prior offenses, ability to pay, and whether real harm occurred.

In private litigation, there is no waiver mechanism. What happens instead is settlement negotiation. Courts have limited discretion to reduce statutory damages when a per-violation award is grossly disproportionate to actual harm, but federal courts rarely shave TCPA statutory damages by much. The Third Circuit and Seventh Circuit have both addressed this, and the trend is to respect the figure Congress wrote.

The honest answer for most teams: your best reduction is never getting to litigation. Once a class is certified, you negotiate from a position of weakness, and defense costs alone often top the eventual settlement. Good compliance before the first call is cheaper than good lawyers after the lawsuit.

What do real TCPA settlements actually cost companies?

Settlement amounts swing hard based on class size, clarity of liability, and how deep the defendant's pockets go. Here are real examples pulled from public court records and news coverage.

CompanyReported SettlementNotes
UnitedHealthcare$2.5 million [6]Alleged TCPA violations on outbound calls
Kaiser PermanenteApproximately $2.7 million [7]Settlement fund for class members
Albertsons / SafewayUndisclosed (class action settled) [8]Text message campaign allegations
Truist BankSettlement reached [9]Details under seal
Cash App (Block Inc.)Settlement reached [10]Class action over promotional texts

Those are the headline numbers. What companies never publish is total litigation cost: attorney's fees, internal staff time, discovery costs, and class administration expenses. A $2.5 million settlement can carry another $1 million or more in defense and administration. Plaintiffs' attorneys in successful class actions typically take 25 to 33 percent of the settlement fund.

For smaller companies, individual suits sting too. A solo plaintiff suing for 100 violations at $1,500 each is $150,000 in exposure before you pay your own lawyers. That kind of case settles fast and quietly, which is why no public database captures the full scope of TCPA liability.

How does the TCPA treat text messages differently from phone calls?

It does not, much. The FCC has long read "calls" under the TCPA to include text messages, and courts have agreed across the board. [3] A text to a cell phone using an ATDS or prerecorded content triggers the same $500/$1,500 per-violation exposure as a voice call.

Where texts create unique risk is volume. An automated SMS platform can push 100,000 messages overnight. A voice campaign to that many people takes real time, and recipients notice it faster. A text blast can generate class-action liability before your compliance team sees the first complaint.

The consent standard for marketing texts is prior express written consent. The FCC's rules require the consent to be in writing (electronic signatures count), to clearly authorize automated texts from your specific company, to name the program or purpose, and to disclose that consent is not a condition of purchase. [3] A generic checkbox buried in a terms-of-service page does not clear that bar under current FCC interpretation.

For building a clean SMS program, the text message marketing guide walks through the consent documentation in detail. The text messaging marketing piece covers the carrier registration rules (10DLC, toll-free verification) that now sit on top of TCPA consent.

One practical note on opt-outs. If someone texts STOP and you send another marketing message anyway, that is a separate, documentable violation. Courts take opt-out failures seriously because they show the kind of recklessness that supports the willfulness multiplier.

What defenses actually work against a TCPA fine or lawsuit?

Consent is the primary defense. Produce a clear, dated record showing the plaintiff gave prior express written consent for the specific type of communication you sent, and the case ends. The record has to be durable: a database entry with a timestamp, the exact consent language, the IP address if it came from the web, and ideally the source URL. [3]

Established business relationship (EBR) is a partial defense for calls to residential lines on the DNC list, but not for cell phone calls that require ATDS consent. The two analyses are different, and companies conflate them all the time.

The safe harbor defense for DNC violations is real but narrow. Under 47 C.F.R. § 64.1200(c)(2)(i), a company escapes liability for a DNC violation if it had written procedures in place, trained its personnel, monitored for compliance, used a current DNC list downloaded within 31 days, and can show the call was an error. [11] All five prongs have to be present. One missing piece and the safe harbor is gone.

The ATDS defense after Facebook v. Duguid gets tried a lot: companies argue their system is not a true autodialer under the Supreme Court's narrowed definition. [5] It works sometimes. But it is a fact-intensive fight, and plaintiffs' attorneys have gotten creative about pleading ATDS claims in ways that survive a motion to dismiss.

What does not work: ignorance of the law, blaming a third-party lead vendor without documentation, and claiming you thought the numbers were landlines. Courts have rejected all three as standalone defenses, over and over.

How can small outbound teams reduce their TCPA fine exposure?

The checklist is short. Running it consistently is the hard part.

First, document consent at the point of collection. Whatever form, landing page, or verbal disclosure you use, store a copy of exactly what the consumer saw or heard, the date, and the channel. That record is your entire defense if you get sued. A consent record you cannot retrieve is the same as no consent at all.

Second, scrub against the National DNC Registry before every campaign. You have to download a fresh list at least every 31 days, and your calls must reflect the list within that window. [11] Scrub your own internal DNC list too, the people who already opted out. That internal list has to be honored for five years. [11]

Third, run a real opt-out mechanism for texts and honor it within 24 hours. Carrier requirements reinforce this through 10DLC registration, but TCPA liability exists independent of any carrier rule.

Fourth, train anyone who touches the dialer or the SMS platform. The safe harbor requires training, and it just cuts down on mistakes. An hour of training costs less than a single violation.

Fifth, audit your lead sources. If you buy leads from a third party, their consent language may not cover your specific brand or your use of an autodialer. Get the consent documentation from the vendor and have someone actually read it. If they cannot produce it, do not use the list.

LeadCompliant has a free compliance kit and consent checkers built for small outbound teams that want to run these audits without hiring outside counsel for every question. Worth a look before your next campaign.

For teams that handle their own calling, how to stop robocalls covers how regulators and carriers now flag non-compliant traffic, which hits your deliverability as well as your legal exposure.

Does the TCPA apply to B2B calls and texts?

Partially, and this is one of the most misunderstood corners of the statute.

Calls to business landlines mostly sit outside TCPA autodialer restrictions for the calls themselves, though Do Not Call rules can still apply if the number is registered. But calls and texts to a person's cell phone are covered by the TCPA regardless of whether the purpose is business-to-business. Text a business owner on their personal mobile number, and the TCPA applies.

This matters enormously for B2B teams that buy mobile number lists. "It's a business contact" is not a TCPA defense for cell phone contacts. The consent analysis stays the same: did the individual give prior express consent for automated calls or texts to their wireless number? [1]

Sole proprietors and small business owners are a risky population to contact by mobile without clean consent documentation. They count as private individuals in the eyes of the TCPA even when you are calling about their business.

What recent FCC rule changes affect TCPA fine exposure?

The FCC has been busy. In 2023 and 2024, the agency issued orders tightening consent rules in ways that hit outbound teams directly.

The FCC's 2023 order on one-to-one consent mattered a lot. It requires prior express written consent for telemarketing calls to be obtained on a per-seller basis. The old practice of bundling consent for a list of companies on a single form, common in lead generation, no longer works under the FCC's reading. Each company using the lead has to be named specifically in the consent form the consumer signs. [4]

The FCC also moved on lead generator loopholes in the same period, signaling that consent gathered through comparison shopping sites and then sold to multiple buyers would draw scrutiny. [4]

For prerecorded messages, the FCC confirmed that prior express written consent is required for all artificial voice or prerecorded telemarketing calls to any number, residential landlines included, which effectively ends the established business relationship exemption for recorded messages. [4]

These changes raise fine exposure because plenty of companies were running campaigns under the old rules and never updated their consent forms or their lead buying. If your consent documentation predates late 2023, review it. The TCPA news page tracks regulatory changes as they land.

Is there a statute of limitations on TCPA claims?

Yes. The limitations period for private TCPA claims is four years under the federal catch-all statute, 28 U.S.C. § 1658. [12] A few courts have run a different analysis and used a shorter period, but four years is the dominant rule in federal court.

That means a plaintiff can sue you today for a text you sent in 2021. It also means your consent documentation needs to reach back at least four years. Companies that purge old contact records, figuring they are done with them, get a nasty surprise when a lawsuit points to a campaign they barely remember.

For class actions, the class period usually tracks the same four-year window, which sets how large the class can grow and therefore how large the exposure gets.

Practical takeaway: keep consent records, DNC scrub logs, and opt-out records for at least five years. That buffer past the limitations period lets you produce documentation in discovery without scrambling.

Frequently asked questions

What is the minimum TCPA fine per violation?

The statutory minimum for a private lawsuit is $500 per illegal call or text under 47 U.S.C. § 227(b)(3). If the defendant acted willfully or knowingly, courts can raise that to $1,500 per violation. The FCC's separate forfeiture authority allows fines up to $23,727 per violation, but private litigation is far more common than FCC enforcement for most outbound sales teams.

Can a company be fined for every single text in an SMS campaign?

Yes. Each non-compliant text message is its own TCPA violation. A campaign of 10,000 texts without proper consent carries theoretical exposure of $5 million at $500 per text, or $15 million at the $1,500 willful rate. This is why class actions from text campaigns produce such large settlement demands. Documenting consent before launch is the only real defense.

Does the TCPA apply to cold emails?

No. The TCPA covers telephone calls and text messages. Cold email is governed by the CAN-SPAM Act, which has a different framework, different penalties, and no private right of action for individual recipients. If your email includes a click-to-call element or drives people to a number you autodial, though, TCPA analysis applies to the call itself.

Under FCC rules, prior express written consent for telemarketing requires a written or electronic agreement signed by the consumer that clearly authorizes calls or texts from a specific company using an autodialer, discloses that consent is not a condition of purchase, and identifies the general purpose of the messages. A pre-checked box or buried terms-of-service language usually does not meet this standard.

Can I avoid TCPA fines by using a third-party dialer or lead vendor?

No. You are liable for calls and texts made on your behalf. If you hire a third-party vendor who makes non-compliant calls promoting your product, TCPA liability can attach to your company under vicarious liability theories courts have applied. You are also responsible for confirming that leads you buy carry valid consent documentation covering your specific company, beyond whoever originally collected the lead.

Are TCPA fines tax deductible?

Generally no, not fully. The IRS disallows deductions for fines and penalties paid to a government, which covers FCC forfeiture amounts. For private civil settlements, deductibility depends on how the settlement agreement characterizes the payment. Amounts labeled compensatory damages may be deductible; amounts labeled penalties or punitive damages are not. Talk to a tax professional for your specific situation.

How long does a TCPA lawsuit take to resolve?

Individual cases typically settle within six to eighteen months. Class actions run longer: two to four years from filing to final approval is common. The class certification phase, usually twelve to eighteen months in, is the decision point where most defendants choose to negotiate seriously. Once a class is certified, theoretical damages exposure gets very large and settlement pressure spikes.

Does the National Do Not Call Registry protect businesses from TCPA fines?

The DNC Registry is a tool consumers use to opt out of telemarketing. Companies that call registered numbers for telemarketing face TCPA liability, with the same $500 to $1,500 per-call damages. Registering your own business on the DNC list does not reduce your obligations as a caller. You still have to scrub your outbound lists against the registry before dialing.

What is the TCPA safe harbor and how does it protect companies?

Under 47 C.F.R. § 64.1200(c)(2)(i), a company can avoid DNC-related liability if it had written compliance procedures, trained its staff, monitored for compliance, used a DNC list downloaded within 31 days, and can show the violation was a good-faith error. All five elements must be present. The safe harbor applies specifically to DNC violations, not to autodialer or prerecorded-voice consent violations.

Can individuals file TCPA lawsuits or only class actions?

Both. Any individual who receives a non-compliant call or text can file suit under the TCPA's private right of action and seek $500 to $1,500 per violation. Class actions just aggregate many individual claims. Serial TCPA plaintiffs who file individual suits for dozens or hundreds of calls are a real and documented phenomenon, sometimes filing dozens of cases a year.

How do TCPA fines compare to state telemarketing law penalties?

State penalties vary. Florida's Telephone Solicitation Act allows $500 per violation for residential calls and $10,000 per willful violation. Texas Business & Commerce Code § 305.053 allows $10,000 per violation of state telemarketing rules. California's TCPA analog provides additional recovery paths. In many states, TCPA exposure and state law exposure stack, so plaintiffs can pursue both in the same lawsuit.

What should I do if I receive a TCPA demand letter?

Do not ignore it, and do not respond yourself without legal counsel. A demand letter is often a precursor to a lawsuit or class action. Preserve every record related to the alleged contacts: consent documentation, DNC scrub logs, dialer records, and opt-out logs. Contact a TCPA attorney promptly. Early negotiation is almost always cheaper than litigation, but you need to understand your actual exposure before settling.

Does the TCPA cover ringless voicemails?

The FCC classified ringless voicemails, also called direct-to-voicemail drops, as calls under the TCPA in 2022. They require the same consent as any other prerecorded message call to a cell phone. Marketing ringless voicemails to mobile numbers without prior express written consent carries $500 to $1,500 per-voicemail exposure, the same as a regular autodialed call.

Sources

  1. Cornell Law School LII, 47 U.S.C. § 227 - Telephone Consumer Protection Act: Statutory text establishing $500 per violation and $1,500 for willful/knowing violations as private right of action damages; time restrictions on calling (8am-9pm local)
  2. FCC, Rules and Regulations Implementing the TCPA of 1991 (47 C.F.R. § 64.1200): Prior express written consent requirements for autodialed/prerecorded telemarketing calls and texts; text messages treated as calls under the TCPA
  3. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition to systems that produce numbers using a random or sequential number generator, excluding systems that dial from stored lists
  4. LeadCompliant / public court records, UnitedHealthcare TCPA settlement coverage: UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations on outbound calls
  5. Public court records / settlement administration, Kaiser Permanente TCPA settlement fund: Kaiser Permanente TCPA class action settlement fund of approximately $2.7 million
  6. Public court records, Albertsons Safeway TCPA class action settlement: Albertsons and Safeway reached a TCPA class action settlement related to text message campaign allegations
  7. Public court records, Truist Bank TCPA class action settlement: Truist Bank reached a settlement in a TCPA class action lawsuit
  8. Public court records, Cash App (Block Inc.) TCPA class action settlement: Cash App reached a TCPA class action settlement related to promotional text messages
  9. FTC, National Do Not Call Registry (16 C.F.R. Part 310): Companies must download DNC list within 31 days of calling; internal DNC lists must be honored for five years; safe harbor requires five elements including written procedures, training, and current list
  10. Cornell Law School LII, 28 U.S.C. § 1658 - Statute of limitations for federal civil actions: Four-year federal catch-all statute of limitations applies to private TCPA claims in federal court

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit