What is the penalty for violating TCPA: fines, lawsuits, and real costs

TCPA violations cost $500, $1,500 per call or text. Learn exactly how penalties work, when they triple, and how courts have awarded millions in class actions.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-10

Federal courthouse exterior with stone columns, representing TCPA penalty litigation
Federal courthouse exterior with stone columns, representing TCPA penalty litigation

TL;DR

A TCPA violation carries a statutory penalty of $500 per illegal call or text message. If a court finds the violation was willful or knowing, that jumps to $1,500 per violation. TCPA allows class actions and caps nothing, so one mass-texting campaign can produce multi-million-dollar liability. Private plaintiffs, state attorneys general, and the FCC can all pursue violators.

What is the penalty for violating the TCPA?

The Telephone Consumer Protection Act sets a flat statutory damages figure: $500 for each call or text message that breaks the law [1]. The plaintiff does not have to prove they lost a dime. The violation itself is the injury. That is the design Congress chose when it passed 47 U.S.C. § 227 in 1991, and nobody has revised those dollar amounts upward for inflation since.

When a court finds the defendant acted willfully or knowingly, the judge can treble the award to $1,500 per violation [1]. Courts apply that multiplier when a company keeps calling after a written revocation of consent, keeps autodialing numbers on its own do-not-call list, or continues a campaign after its own lawyers told it to stop.

The math is brutal at scale. A single text blast to 100,000 people who never gave proper consent is $50 million in statutory exposure at the base rate, and $150 million if a court trebles. That is before attorneys' fees, injunctive relief, or any state-law claims stapled onto the same complaint.

There is no statutory cap on aggregate damages in a private TCPA suit. That sets TCPA apart from many other consumer protection statutes, where total class recovery is bounded. It is one big reason TCPA litigation keeps growing: a plaintiffs' firm can file one class action and stare down a defendant with enormous potential liability who often settles fast [2].

What does the statute actually say about penalties?

The operative text is 47 U.S.C. § 227(b)(3), which reads in relevant part: "a person or entity may, if otherwise permitted by the laws or rules of court of a State, bring in an appropriate court of that State (A) an action based on a violation of this subsection or the regulations prescribed under this subsection to enjoin such violation, (B) an action to recover for actual monetary loss from such a violation, or to receive $500 in damages for each such violation, whichever is greater, or (C) both such actions" [1]. The trebling clause follows right after: "If the court finds that the defendant willfully or knowingly violated this subsection or the regulations prescribed under this subsection, the court may, in its discretion, increase the amount of the award to an amount equal to not more than 3 times the amount available."

Two things stand out. "Whichever is greater" means a plaintiff with documented actual losses above $500 per violation can claim the higher number. In practice, almost no consumer can show $500 in actual harm from a single robocall, so the statutory floor is what gets claimed almost every time. And the trebling is discretionary, not mandatory. Judges sometimes refuse to treble even after finding willfulness, though the trend in bigger class actions leans toward awarding the multiplier when the conduct was systematic.

The FCC enforces a separate track under 47 U.S.C. § 503(b), which lets the agency issue forfeiture orders of up to $25,000 per violation per day, with a maximum of $2,225,000 per proceeding for continuing violations [3]. These are regulatory penalties, not private damages, and the FCC pursues them on its own, no lawsuit required.

How does willful or knowing violation change the penalty?

Courts read "willful or knowing" broadly. You do not need criminal intent. Most circuits hold that a defendant acted willfully if it knew it was making the calls or sending the texts, even if it had no idea those actions were illegal [2]. Ignorance of the law buys you nothing here.

Factors that reliably push courts toward trebling: calling after a consumer explicitly revoked consent, using an autodialer or prerecorded message after receiving cease-and-desist letters, keeping a campaign alive after internal counsel flagged the risk, or buying lead lists without checking whether the listed consumers ever gave valid prior express written consent.

Companies tend to dodge trebling when they had a documented compliance program running, acted on advice of counsel, stopped fast once they learned of a problem, or when the alleged violation turned on a genuinely contested legal question (like whether their dialing system counts as an autodialer in the post-Facebook v. Duguid world).

Here is the practical takeaway for compliance teams. The paper trail of what you knew and when you knew it matters enormously. A memo showing your legal team flagged a risk and you kept calling anyway is exactly the kind of document that turns a $500-per-violation case into a $1,500-per-violation case.

TCPA penalty tiers vs. comparable consumer protection law penalties Maximum per-violation penalty amounts across key federal statutes TCPA – willful/knowing (max per v… $1,500 TCPA – base per violation $500 FDCPA – per individual action $1,000 CAN-SPAM – per email (approx.) $250 Telemarketing Sales Rule – per vi… $52k Source: 47 U.S.C. § 227 [1]; FTC Civil Penalty Schedule [6]; 15 U.S.C. § 1692k [11]

Can one TCPA lawsuit really result in millions of dollars in damages?

Yes, and it has, over and over. Because TCPA allows class certification, a single action can pool thousands or millions of individual $500 claims into one suit. Real settlement figures give you a feel for the scale.

UnitedHealthcare paid $2.5 million to settle alleged TCPA violations tied to calls made without proper consent. Credit One Bank reached a substantial settlement over autodialed calls. Truist Bank resolved a TCPA class action over similar allegations. Cash App faced a TCPA class action settlement that drew heavy consumer claims. Kaiser Permanente's TCPA settlement had a claim deadline that pulled in thousands of class members. Albertsons and Safeway settled a TCPA case over promotional texts.

These are not flukes. The TCPA plaintiffs' bar has sharpened its class certification playbook over three decades. The typical path: a named plaintiff gets unwanted calls or texts, files a class action in federal court, moves to certify a class of every similarly situated consumer who got the same type of contact, and then the defendant's exposure balloons fast enough that settlement makes economic sense even when the defendant thinks it has good defenses.

Nobody has clean public data on the total paid in TCPA settlements each year. Multiple plaintiffs' firm trackers put the figure in the hundreds of millions of dollars annually across all cases, but that is an estimate, not a census. The closest reliable benchmarks are the FCC's own enforcement records and PACER data from the federal courts, and neither produces a tidy aggregate. What PACER data shows clearly is that TCPA is consistently one of the highest-volume consumer protection dockets in the federal system [2].

What are the possible consequences beyond the dollar penalty?

Money is the most visible consequence. It is not the only one.

Injunctive relief. Courts can order a company to stop specific calling or texting practices, sometimes for good. Violate that injunction and you face contempt sanctions on top of everything else.

FCC enforcement actions. The FCC can issue a Notice of Apparent Liability and then a forfeiture order. It has hit major carriers with eight-figure fines for illegal robocall practices. For smaller companies, FCC enforcement is rarer than private litigation, but it is not hypothetical. In recent years the FCC has run coordinated enforcement with state attorneys general [3].

State AG enforcement. Forty-seven states have their own telemarketing statutes. Many let state attorneys general sue on behalf of residents, and some state laws stack penalties on top of federal TCPA claims. California, Florida, and Texas enforce aggressively.

Reputational damage. Hard to quantify, very real. Class action settlements are public record. Plaintiff attorneys hand out press releases. A company known for illegal texts loses vendor relationships, payment processor access, and customer trust faster than it expects.

Personal liability. Corporate officers and even individual call center employees have been named in TCPA suits, though courts split on piercing the corporate veil. The risk is real enough that it surfaces in settlement negotiations.

How are TCPA penalties calculated per violation?

Each discrete call or text message is a separate violation [1]. Send a campaign of 50,000 texts without proper consent and that is 50,000 separate $500 violations, or $25 million in base exposure. If each consumer got three messages in the campaign, courts usually treat each message as its own violation, not the campaign as a lump.

This per-contact counting is one of the most operationally important facts an outbound team can internalize. A company that calls 10,000 people once has less exposure than a company that calls 1,000 people ten times each, at least on the math. Volume and frequency both cut against you.

Text marketing works the same way. Per-message counting applies. An opt-out confirmation text sent to someone who already opted out can itself be a violation in some circuits. Read the compliance framework for text message marketing before you build any SMS program.

One wrinkle. Courts in different circuits have sometimes aggregated violations that stem from a single, indivisible act. This is rare and fact-specific. Do not plan your compliance program around the hope that a court will squash your 100,000 violations into one.

Who can sue for a TCPA violation?

The law gives private individuals a direct right of action. Anyone who got an illegal call or text can file in state or federal court. They do not need an attorney, though in practice class actions almost always come from plaintiffs' firms that aggregate claims.

Class representatives. In class actions, one or a few named plaintiffs stand in for potentially millions of class members. Each class member recovers a share of the settlement, usually far less than $500 per violation once attorneys' fees come out. Named plaintiffs often collect an extra incentive payment.

State attorneys general. Several states have explicitly authorized their AGs to bring TCPA enforcement actions. Florida has been active on robocall enforcement alongside the federal framework.

The FCC. The FCC can pursue forfeiture orders against carriers and companies for TCPA and related violations [3]. It can also refer matters to the Department of Justice for civil penalty collection.

One party that cannot sue under TCPA is the FTC. The FTC enforces the Telemarketing Sales Rule, a separate but overlapping framework [10]. Companies sometimes face parallel FTC and TCPA exposure for the same conduct. For the do-not-call side of this, the National Do Not Call Registry is run jointly by the FTC and FCC [4].

What defenses actually work in a TCPA penalty case?

The strongest defenses are factual, not legal. Prove the consumer gave prior express written consent in the form the FCC's rules require and you win. Prove you used a non-ATDS system (post-Facebook v. Duguid, this argument has more legs than it did before 2021) and you may dodge liability for the autodialer prong.

Prior express written consent is the gold standard. For marketing calls and texts, the FCC requires written consent that clearly authorizes calls using an ATDS or prerecorded voice, identifies the seller, and was signed (electronic signatures count) before the call [5]. Verbal consent does not cut it for marketing communications. If your consent capture does not meet this spec, you do not have a defense.

Established business relationship used to be a defense but was mostly killed off for robocalls in 2012. It still has narrow relevance in some DNC registry contexts.

Bona fide error defense. TCPA lets a company escape liability if it shows the violation was unintentional and resulted from a bona fide error despite maintaining procedures reasonably designed to avoid such error [1]. This is a narrow door. You need actual written compliance procedures in place before the violation, not something drafted after the demand letter lands.

Constitutional arguments. Some defendants have challenged whether TCPA statutory damages get so disproportionate they violate due process. Courts have largely rejected these arguments in the class action context, though a few district courts have knocked down astronomical jury awards. Do not build your risk strategy around this one.

How does TCPA enforcement compare to other consumer protection laws?

TCPA is uniquely punishing for one reason: no cap on aggregate class damages, paired with per-violation statutory amounts that make individual proof of harm pointless.

LawPer-violation penaltyCap on class damages?Who enforces
TCPA (47 U.S.C. § 227)$500, $1,500NoPrivate plaintiffs, FCC, state AGs
Telemarketing Sales Rule (FTC)Up to $51,744 per violation (civil penalty)N/A (govt enforcement)FTC, DOJ
CAN-SPAM ActUp to $51,744 per emailYes ($250 per email, max $2M+ per campaign)FTC, state AGs, ISPs
FDCPA (debt collection)$1,000 per action + class cap of 1% of net worth or $500,000YesPrivate plaintiffs, CFPB
Florida Mini-TCPA (Florida FTSA)$500, $1,500 per violationNoPrivate plaintiffs

The FTC civil penalty figure was updated in 2024 for inflation. Check the FTC's current civil penalty schedule for the precise current number [6]. The TCPA's $500/$1,500 figures have never been adjusted.

For outbound teams, the FDCPA comparison is instructive. Debt collectors already know FDCPA's $1,000 per-action cap and $500,000 class cap. TCPA has no such class cap, which is why debt collectors who also run autodialers face a different order of exposure, and why so many TCPA class actions target financial services companies.

State mini-TCPAs pile on another layer. Florida's Telephone Solicitation Act was amended in 2021 and 2023 and creates a separate per-text private right of action that in some respects reaches further than the federal statute. Washington, Oklahoma, and several other states have similar laws.

What recent FCC rules changed how TCPA penalties apply?

The FCC issued a significant order in late 2023 that tightened consent for lead generation. The order required prior express written consent for marketing texts and calls to be given on a one-to-one basis: one consent, one seller [7]. The old trick of having a consumer check one box on a lead gen form and consent to calls from dozens of affiliated sellers no longer produces valid consent under FCC rules. The one-to-one requirement had an effective date of January 27, 2025, though the FCC later delayed and a court vacated pieces of the rule, so track the current status before you rely on it.

The rule change hits penalty exposure directly. Companies that bought leads from aggregators relying on the old one-to-many consent model may be making calls with no valid consent, which turns every call into a potential $500 violation.

The FCC also cleaned up its revocation-of-consent rules in 2024. A consumer can revoke consent by any reasonable means, and the company has to honor it within 10 business days [7]. Call after a consumer revokes and that is a willful violation with trebling exposure.

For the latest on FCC enforcement priorities and rule fights, TCPA news is genuinely worth watching. The regulatory picture shifted a lot in 2024 and much of it is still in litigation.

What should a small outbound team actually do to limit TCPA penalty exposure?

Start with consent documentation. Every number you call or text for marketing needs documented prior express written consent that meets the FCC's current standard. That means a record of who consented, when, to which entity, through what form, and the exact language they agreed to. If you cannot produce that record, you are exposed.

Scrub against the National Do Not Call Registry before every campaign. Numbers on the registry cannot be called for telemarketing without consent, and the FTC keeps the registry current [4]. Most serious compliance vendors automate this scrub. For the consumer-facing side of how people stop unwanted calls, see our guide on how to stop robocalls.

Maintain an internal DNC list. Any consumer who asks not to be called goes on your own suppression list within 30 days and stays honored for at least five years. This is a separate obligation from the national registry.

Audit your dialing technology. After Facebook v. Duguid (2021), the Supreme Court narrowed the definition of an automatic telephone dialing system [8]. Whether your specific system qualifies is a factual and legal question you should have counsel evaluate, especially if you run predictive dialers or click-to-call systems.

LeadCompliant's free TCPA compliance kit includes consent language templates, scrub checklists, and a revocation-handling workflow built around the 2024 FCC rules. It is a starting point, not a substitute for legal review, but it gives small teams a working structure without building from scratch.

Document everything. The bona fide error defense and any willfulness argument both turn on whether you had written procedures before the violation. Build the paper trail now, not after a demand letter shows up.

Are there real cases that show what a TCPA penalty looks like in practice?

A few examples from public court records show how the math plays out.

In 2019, an Oregon federal jury awarded $925 million against ViSalus Inc. after finding the company sent more than 1.8 million unsolicited promotional robocalls [9]. The trial judge later cut that award on due process grounds, but the initial figure shows what uncapped per-violation math looks like when a jury runs it.

On appeal, Wakefield v. ViSalus reached the Ninth Circuit on the question of whether courts can reduce clearly excessive TCPA awards. The litigation dragged, which is the point: even the appeal is expensive and uncertain for defendants.

Smaller companies face proportionally smaller but still painful outcomes. A regional insurance agency calling without consent across a campaign of 30,000 texts faces $15 million in base exposure. Most settle somewhere between $300,000 and $3 million depending on the quality of their consent records and how aggressive plaintiffs' counsel is.

If you operate in Kentucky or another state with an active plaintiffs' bar, the local landscape matters. A TCPA lawyer in Kentucky can tell you what local settlement norms look like. The Joseph Snyder Credit One TCPA case shows how individual named plaintiffs drive large class recoveries.

The pattern across every one of these cases is consistent. The companies that landed in the worst trouble kept calling after they had reason to stop. The penalty for a single negligent call is painful. The penalty for a systematic campaign that rolled on past internal red flags is catastrophic.

Frequently asked questions

What is the penalty for violating the TCPA?

The TCPA imposes a statutory penalty of $500 per illegal call or text message under 47 U.S.C. § 227(b)(3). If a court finds the violation was willful or knowing, the penalty can triple to $1,500 per violation. There is no cap on aggregate class action damages, so a campaign that reached 100,000 people without consent can generate $50 million or more in base exposure before any multiplier.

What is a possible consequence for violating the TCPA?

Consequences include private lawsuits with $500 to $1,500 per-violation statutory damages, class action settlements that routinely reach millions of dollars, FCC forfeiture orders up to $2.225 million per proceeding, state attorney general enforcement actions, and court injunctions ordering a company to stop specific practices. Ongoing violations after a court order can trigger contempt sanctions on top of the original penalties.

Can the TCPA penalty be tripled, and when does that happen?

Yes. Courts can award up to $1,500 per violation instead of $500 when the defendant willfully or knowingly violated the statute. Most circuits do not require that the company knew its conduct was illegal, only that it intentionally made the calls or sent the texts. Continuing to call after a revocation of consent or an internal legal warning strongly supports a trebling award.

Is there a cap on total TCPA damages in a class action?

No. Unlike the FDCPA, which caps class damages at 1% of net worth or $500,000, the TCPA has no aggregate cap for private class actions. Total exposure is the number of violations multiplied by $500 or $1,500. A few courts have reduced jury verdicts on due process grounds, but there is no statutory ceiling, and settlements in the hundreds of millions have occurred.

Can the FCC fine a company separately from a private TCPA lawsuit?

Yes. The FCC can issue forfeiture orders under 47 U.S.C. § 503(b) independently of any private litigation. The maximum FCC fine is $25,000 per violation per day with an overall cap of $2,225,000 per proceeding for continuing violations. A company can face an FCC enforcement action and a private class action at the same time, arising from the same conduct.

Does each phone call or text count as a separate TCPA violation?

Yes. Courts treat each call or text message as a discrete violation carrying its own $500 or $1,500 penalty. If a campaign sends three messages to 10,000 people, that is potentially 30,000 separate violations. Campaign-level aggregation gets argued by defendants but rarely accepted by courts. Volume and message frequency both drive total exposure.

What is the bona fide error defense in a TCPA case?

A company avoids TCPA liability if it proves the violation was unintentional and resulted from a bona fide error despite maintaining written procedures reasonably designed to prevent such errors. The defense is narrow. You must have documented compliance procedures in place before the violation, not created afterward. Courts scrutinize whether the procedures were real and whether the error was genuinely the type they were designed to catch.

Do state laws add penalties on top of TCPA federal penalties?

Often yes. Many states have their own telemarketing and robocall statutes. Florida's Telephone Solicitation Act, for example, creates a separate per-text private right of action with $500 to $1,500 penalties. State and federal claims are frequently brought together in one complaint, and both can proceed at once. Some states also allow punitive damages and attorney fees beyond the federal statutory amounts.

How did Facebook v. Duguid change TCPA penalty exposure?

The Supreme Court's 2021 decision in Facebook, Inc. v. Duguid narrowed the definition of an automatic telephone dialing system (ATDS) to equipment that uses a random or sequential number generator to store or produce numbers to be called. Systems that dial from a fixed list without random or sequential generation may not qualify as an ATDS, potentially removing one basis of TCPA liability. Prerecorded voice and DNC claims are unaffected by the ruling.

The FCC's one-to-one consent rule required prior express written consent for marketing calls and texts to be given to one seller at a time. Lead generation forms that bundled consent for multiple companies in one checkbox would no longer produce valid consent. The rule's status has shifted through delays and litigation, so confirm the current effective status. Companies still relying on the older bundled-consent model risk making calls without valid consent, converting every call into a potential $500 violation.

Can individuals be personally liable for TCPA violations, more than the company?

Courts have found individual liability in some cases, particularly for corporate officers who directly participated in or directed the illegal calling campaign. The standard varies by circuit and is harder to meet than corporate liability, but it is not impossible. Personal liability risk is one reason compliance decisions should not rest entirely on a company's indemnification promises.

How long does someone have to file a TCPA lawsuit?

The TCPA does not specify its own statute of limitations. Federal courts have generally applied either a four-year limitations period under the federal catch-all statute (28 U.S.C. § 1658) or, in some circuits, the relevant state's limitations period for similar claims, which can be as short as two years. The split among circuits means the answer depends on where the suit is filed.

What is a typical TCPA settlement amount?

There is no single typical figure. Small cases with a few thousand class members often settle in the $200,000 to $2 million range. Large campaigns reaching hundreds of thousands or millions of consumers have settled for $2.5 million to well over $75 million. Settlement amounts depend heavily on class size, consent documentation quality, whether trebling is plausible, and both sides' litigation risk tolerance.

If a consumer did not ask to be on a DNC list, can they still sue for TCPA violations?

Yes. The DNC registry and prior express consent are separate TCPA requirements. A consumer who never registered on the National Do Not Call Registry can still sue if they received an autodialed or prerecorded call or text without giving prior express written consent. The consent requirement applies independently of DNC status for automated marketing communications.

Sources

  1. U.S. Code, 47 U.S.C. § 227 – Telephone Consumer Protection Act, Cornell Legal Information Institute: Statutory penalty of $500 per violation, trebled to $1,500 for willful or knowing violations; bona fide error defense language
  2. Federal Trade Commission, legal library of statutes and enforcement: TCPA allows private right of action; class action mechanism; consistent high-volume federal docket
  3. Federal Trade Commission, National Do Not Call Registry: National Do Not Call Registry maintained by FTC and FCC; telemarketers must scrub against it before calling
  4. Federal Trade Commission, civil penalty inflation adjustments: FTC civil penalty per TSR violation adjusted to $51,744 (2024 inflation adjustment)
  5. Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): ATDS definition narrowed to devices using random or sequential number generator; list-based dialers may not qualify
  6. U.S. District Court, District of Oregon, Wakefield v. ViSalus Inc., Case No. 3:15-cv-01857 (2019): Jury awarded $925 million against ViSalus for over 1.8 million unsolicited robocalls at $500 per call
  7. FTC, Telemarketing Sales Rule, 16 CFR Part 310: Separate federal telemarketing enforcement framework; parallel to TCPA; FTC and DOJ enforcement
  8. Consumer Financial Protection Bureau, Fair Debt Collection Practices Act resources: FDCPA class damages capped at 1% of net worth or $500,000; contrasts with uncapped TCPA class exposure

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit