State TCPA-equivalent laws tracker: what every state has on the books

At least 13 states now have their own TCPA-style laws with stricter rules than federal law. Track every state, penalty, and consent rule in one place.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-11

Empty state government hearing room with wooden chairs and microphones, symbolizing TCPA-equivalent state telemarketing law proceedings
Empty state government hearing room with wooden chairs and microphones, symbolizing TCPA-equivalent state telemarketing law proceedings

TL;DR

The federal TCPA sets a national floor, but at least 13 states have passed their own stricter telemarketing and robocall laws covering calls, texts, and consent. Florida, Oklahoma, and Maryland let private citizens sue for $500 to $1,500 per violation, and those damages stack on top of federal exposure. This tracker covers every state law in force and how it interacts with federal rules.

Why are states passing their own TCPA-style laws?

The federal TCPA (47 U.S.C. § 227) has been the main national defense against unwanted calls and texts since 1991. But Congress wrote it before smartphones existed, and the FCC updates its rules slowly. States got tired of waiting.

The result is a wave of state telemarketing statutes that either copy the TCPA's structure or go well past it. Some restrict calling windows. Some require opt-in consent for all commercial texts, more than marketing ones. Some add per-call fines that dwarf what the TCPA allows on its own. A handful let their attorneys general sue for residents, and a handful give individuals the right to sue directly, the same way the TCPA does.

Here is why this matters for your outbound team. Federal preemption runs one direction only. The TCPA says plainly that it does NOT preempt state laws that protect consumers more than federal law does [1]. The statute itself puts it this way: "State law is not preempted to the extent that it imposes more restrictive intrastate requirements or regulations on, or which prohibit, the use of automatic telephone dialing systems, artificial or prerecorded voice messages, or the sending of facsimile messages." [1]

So federal compliance is not a shield. If a Florida resident gets your call, Florida's Mini-TCPA applies. Full stop.

This guide is not legal advice. Use it as a map, then bring in counsel before you launch into any state with its own statute.

Which states have their own TCPA-equivalent laws right now?

Here is the tracker as of mid-2025. "Active" means the law is in force and being enforced. This list keeps growing.

StateLaw / CitationScopePrivate Right to SueMax Penalty Per ViolationEffective
FloridaFL Telephone Solicitation Act + SB 1120 ("Mini-TCPA")Calls & texts, expanded ATDS definitionYes$500-$1,500 (+ treble)July 1, 2021
OklahomaOklahoma Telephone Solicitation Act, 15 O.S. § 775ACalls & texts to Oklahoma residentsYes$500-$1,500 per call2022
MarylandMD Telephone Consumer Protection Act, Md. Code Com. Law § 14-3201Calls & textsYes$500 per violation, up to $1,500 willful2021
WashingtonWA Commercial Electronic Mail Act (CEMA), RCW 19.190 + WA DNCCalls, texts, and emailAG + private$500-$1,000 per textActive
TexasTX Business & Commerce Code § 305Telemarketing callsAG only$5,000 per willful violationActive
CaliforniaCA Automatic Calls Law (Bus. & Prof. Code § 17538.41) + CCPA-adjacent rulesCalls; data rules overlayAG + private (CCPA)$2,500-$7,500 per intentional CCPA violationActive
VirginiaVA Telephone Privacy Protection Act, Va. Code § 59.1-514Telemarketing callsAG only$1,000 per violationActive
ColoradoCO No-Call Act, CRS § 6-1-902Telemarketing callsAG$1,000-$10,000 per violationActive
IndianaIN Telephone Privacy Law, IC 24-4.7Telemarketing callsAG + DNC registry$5,000-$10,000 per violationActive
North CarolinaNC Telephone Solicitations Act, NCGS § 75-100TelemarketingAGVariesActive
TennesseeTN No-Call Act, TCA § 65-4-401Telemarketing callsAG$1,000-$10,000Active
GeorgiaGA Fair Business Practices Act, OCGA § 10-1-393.5TelemarketingAGUp to $2,000 per violationActive
MinnesotaMN Do Not Call Act, Minn. Stat. § 325E.395Telemarketing callsAGUp to $1,000 per day per violationActive
ArkansasAR No-Call Registry, A.C.A. § 4-99-401Telemarketing callsAGUp to $10,000Active
MichiganMI Home Solicitation Sales Act + MI DNCCallsAG$500-$25,000Active

The penalty ranges above are per-violation maximums pulled from the cited statutes. What a court actually awards depends on willfulness, the number of calls, and whether the judge applies treble damages [2][3][4][7].

How do state laws interact with the federal TCPA?

Think of compliance as a stack. The federal TCPA sits at the bottom. Every state layer on top can only add restrictions, never remove them. If federal law requires prior express written consent for marketing texts, a state can require that plus a checkbox disclosure. It cannot say verbal consent is fine.

The statute is direct about this. Section 227(e)(1) says the TCPA "does not preempt any State law that imposes more restrictive intrastate requirements or regulations" on autodialed calls or prerecorded messages [1]. Courts read that to mean you comply with whichever rule is stricter, state or federal.

Most enforcement runs in parallel. A plaintiff can sue under both the TCPA and a state equivalent in the same complaint, and the damages can stack. The early Florida Mini-TCPA cases showed exactly that shape: defendants faced federal TCPA exposure sitting on top of Florida's per-call statutory damages, with no offset between the two [2].

For your cold calling team, the takeaway is blunt. You need to know where each number's owner actually lives, not what area code the number carries. A 213 number can belong to someone who moved to Florida last year. If they are a Florida resident when you dial, Florida law applies.

Maximum per-violation penalty by state (TCPA-equivalent laws) AG-enforced maximums shown; private action states can stack federal TCPA damages on top Michigan (AG) $25k Indiana (AG) $10k Colorado (AG) $10k Arkansas (AG) $10k California (CCPA, AG) $7,500 Texas (AG) $5,000 Florida (private, per text/call) $1,500 Oklahoma (private) $1,500 Maryland (private) $1,500 Washington (private, per text) $1,000 Source: State statutes cited in citations [2][3][4][7][10][11][12], 2025

What does Florida's Mini-TCPA actually require?

Florida Senate Bill 1120, signed in June 2021 and effective July 1, 2021, is the most aggressive state TCPA analog in the country [2]. It rewrote Florida's Telephone Solicitation Act in a few ways that hit outbound teams hard.

It widened the definition of an automated dialing system. The FTSA covers any system that dials from a list or uses a random or sequential number generator, which is broader than the contested federal ATDS definition after Facebook v. Duguid. If your platform dials from a spreadsheet, it may count as an ATDS under Florida law even when it would not under the current federal test.

It covers texts, not only calls. Any commercial text to a Florida phone number using an automated system requires prior express written consent [2].

It lets private citizens sue. The statute gives individuals a cause of action for $500 per violation, trebled to $1,500 for willful violations. With no per-plaintiff cap and full class action exposure, one bad campaign hitting 10,000 Florida numbers can generate $15 million in statutory exposure before anyone proves actual harm.

Florida also keeps its own Do Not Call list that supplements the national registry. Callers have to honor both [2].

What makes Oklahoma's law different from Florida's?

Oklahoma's Telephone Solicitation Act (15 O.S. § 775A) took effect in 2022 and borrowed heavily from Florida [3]. It gives private citizens the right to sue. It covers texts. The damages copy the TCPA: $500 per violation, up to $1,500 for willful violations.

The real difference is how Oklahoma defines a "telephone solicitation." Oklahoma's language is somewhat narrower on what qualifies as an automated system, so some predictive dialers that would trigger the FTSA might not trigger the Oklahoma act, depending on how they run. This is being litigated right now, and nobody should lean on that gap without current legal guidance.

Oklahoma also stacks its own DNC registry on top of the national list. Businesses calling Oklahoma residents have to check both. The Oklahoma Attorney General can enforce independently of any private lawsuit [3].

Which states give private citizens the right to sue (like the TCPA does)?

This is the question that drives real litigation risk. A law enforced only by an attorney general means your exposure is basically a regulatory fine. A law with a private right of action means every person you call is a potential plaintiff, and class actions become viable.

States with confirmed private rights of action in their telemarketing statutes include Florida, Oklahoma, Maryland, and Washington [2][3][4]. California is a special case. The core California Automatic Calls Law is enforced through the AG, but overlay claims under the California Consumer Privacy Act can be brought privately for data violations tied to the campaign [5].

States like Texas, Virginia, Indiana, and Colorado rely mostly on AG enforcement. That lowers direct litigation risk but does not erase it. An AG investigation can still produce per-violation penalties that get very large for high-volume callers.

For a sense of what TCPA class actions cost when they settle, the cash app TCPA class action settlement and the credit one TCPA settlement both show how fast multi-state exposure compounds. Adding state law claims to a TCPA suit is now standard plaintiff-firm practice.

Do state DNC lists differ from the national Do Not Call Registry?

Yes, and this trips up a lot of outbound teams. The national do not call list run by the FTC covers telemarketing calls to residential numbers [6]. Many states run their own registries alongside it, each with separate registration rules, scrub timelines, and covered caller categories.

Florida, Indiana, Colorado, Arkansas, Minnesota, Texas, and several others keep independent DNC registries [3][7]. Scrubbing the national list does not clear you for state-level compliance. You have to pull the state data separately, usually through the state AG's office or a licensed data vendor.

Here is the operationally painful part. Some state lists give you less time to comply. The national list gives you 31 days from a consumer's registration before you must stop calling. Some state lists cut that window shorter. Indiana's registry, for example, requires compliance within 30 days but adds caller-identification requirements stricter than the federal rules [10].

If you are building your scrub process, check the mobile phone do not call list rules too. Several states extend DNC protection to wireless numbers in ways that go past the FTC's own wireless guidance [6]. To register for the national registry, the how do I get the do not call list page walks through it.

What states are currently moving toward stricter telemarketing laws?

As of mid-2025, at least eight states have pending bills modeled on Florida's Mini-TCPA or on expanded consent rules for text messages. The most active are New York, Illinois, Nevada, New Jersey, Arizona, and Pennsylvania.

New York's proposed bill, introduced in the 2024-2025 session, would add a private right of action to the state's existing telemarketing statute and expand the ATDS definition to match Florida's broader language. Illinois has pushed similar language through committee. Neither has passed as of this writing, but legislative trackers show both advancing.

Nevada already tightened its telemarketing rules around caller ID spoofing and disclosure under NRS Chapter 228. It has not yet added a full private right of action for robocall violations.

The pattern is easy to read: states with big consumer populations and busy plaintiff's bars move fastest. If you run campaigns into New York, Illinois, or New Jersey, watch those legislatures every quarter. LeadCompliant's free compliance checkers flag which states have active call and text rules for a given campaign, which is one way to stay current without hiring a full-time analyst.

For teams running text message marketing, state text-consent rules deserve extra attention. They are changing faster than voice-call rules in most legislatures right now.

How do I figure out which state's law applies to a given call or text?

This is the messy part. Jurisdiction for telemarketing law usually attaches to the called party's location at the time of the call, not the area code. A 212 area code does not mean New York anymore. Number portability broke the link between geography and area codes years ago.

For most outbound teams, the practical approach is two steps. Use a carrier lookup or real-time number intelligence tool to get the current state of registration before you dial. Then apply the strictest applicable law to any number whose subscriber location you cannot confirm.

Some compliance programs geo-code against the billing address in your CRM. That works when you have it. But for cold cold call campaigns where you buy lists, you often have no verified address. The safest default is to apply Florida and Oklahoma consent rules (the strictest in force) to any number you cannot place, because those rules overlap heavily with what most other states already require.

For states with separate DNC registries, you need a scrub that pulls both national and state files. The do not call telemarketer list guide covers how to access multiple registry sources in one workflow.

What penalties can a company face for violating a state TCPA equivalent?

The short answer: worse than you probably think, and it compounds with federal exposure.

Under the federal TCPA, statutory damages run $500 per violation, trebled to $1,500 for willful violations, with no per-plaintiff cap [1]. State laws sit on top. In Florida, a single automated text to an unconsenting resident is $500 to $1,500 under the FTSA, plus the same range under the federal TCPA if the message also broke federal rules. One text to one person can cost $3,000 in combined statutory damages before attorney fees.

Class actions are where this turns existential. A campaign that sent 50,000 texts without adequate consent to Florida residents faces theoretical statutory exposure of $75 million under the FTSA alone if a class is certified. Courts have sometimes cut class damages on due process grounds when they get "grossly excessive," but there is no guarantee and no bright line for where that cut kicks in.

Colorado's No-Call Act lets the AG pursue up to $10,000 per violation [7]. Indiana permits $10,000 per violation too [10]. Michigan's statute reaches $25,000 per violation in the worst cases. For a small team running high volume, none of those numbers are survivable at scale.

Here is the honest summary. Public settlement data puts the typical TCPA class action settlement somewhere between $1 million and $10 million, and that figure leaves out defense costs, which routinely run into six figures before a case ever resolves.

The federal TCPA requires prior express written consent for marketing calls and texts sent with an ATDS or prerecorded voice to a cell phone [1]. State laws that add consent requirements usually push in one or more of these directions:

1. They widen what counts as an ATDS, pulling more dialing equipment into the consent requirement. Florida's definition is the clearest example.

2. They require consent for some calls the TCPA exempts. A few states require written consent for B2B calls to cell phones, where the TCPA's business exemption would otherwise apply.

3. They add disclosure requirements at the point of consent. Maryland, for instance, requires that the consent language name the company calling, a specificity the federal TCPA does not demand the same way [4].

4. Some states add a faster revocation right. If a consumer says stop calling and the federal rule gives you time to process it, a state rule might require you to stop immediately. The FCC's one-per-message revocation rule addresses this at the federal level, but some states went further earlier.

For any consent form or lead form that captures phone numbers, write the language to cover multi-state requirements. The most conservative move is to satisfy Florida's rules, because that text will satisfy nearly every other state's current requirements as well.

How should a small outbound team actually build compliance for multi-state calling?

You do not need ten people to handle this. You do need a system. Here is what a working small-team approach looks like.

Build a state-law matrix for every state where your lead list has numbers. The table in the second section of this article is your starting point. Refresh it once a quarter, because this area moves fast.

Run every list through a national DNC scrub, then check whether any states in your list keep their own DNC registries. States with separate registries include Indiana, Florida (supplemental list), Colorado, Texas, and about a dozen more.

Apply the strictest consent standard in your list to the entire campaign. If you have any Florida or Oklahoma numbers, hold everyone to FTSA-level consent. Tiering consent state by state rarely pays off for small teams.

Document your consent chain. For any number where you rely on prior express written consent, you need to produce the record: the form, the timestamp, the IP address, and the exact language the consumer agreed to. Courts increasingly demand this in both TCPA and state analog litigation.

LeadCompliant's free one-time compliance kit includes a state-law matrix and consent language templates you can adapt. For a small team, that is the fastest way to get a working baseline without paying an attorney to build it from scratch.

Before you add state layers, know the federal floor. The TCPA basics guide is where to start.

Frequently asked questions

Does the federal TCPA preempt state telemarketing laws?

No. The TCPA says plainly that it does not preempt state laws more restrictive than federal rules (47 U.S.C. § 227(e)(1)). States can add consent requirements, widen what counts as an autodialer, or set higher per-violation fines. You comply with whichever standard is stricter, and a plaintiff can bring both federal and state claims in the same lawsuit.

Which state has the strictest telemarketing law right now?

Florida's Mini-TCPA (SB 1120, effective July 1, 2021) is widely considered the strictest. It combines a broader ATDS definition than the current federal test, covers texts and calls, allows private lawsuits, and stacks $500 to $1,500 per-violation damages on top of any federal TCPA exposure. Oklahoma's 2022 law is nearly identical and a close second.

Can I get sued in multiple states for the same telemarketing campaign?

Yes. A single campaign reaching consumers in several states can generate claims under each state's applicable law plus federal TCPA claims. A plaintiff's attorney filing a class action can name every applicable state statute in one complaint. Each statute adds its own per-violation damage math, which is why multi-state campaigns carry exposure that compounds quickly.

Do state laws apply to B2B calls, or only consumer calls?

Most state telemarketing statutes focus on consumer calls, but the line is blurring. Florida's FTSA applies to any call or text made to a Florida telephone number using an automated system, with no clear B2B exemption. Oklahoma's statute similarly lacks a clean B2B carve-out. Review the specific statute's definitions before assuming a B2B campaign is exempt.

Do I need to scrub against state DNC lists separately from the national list?

Yes, if you call into states that keep their own registries. Florida, Indiana, Colorado, Texas, Arkansas, Minnesota, and others maintain DNC lists that supplement the national FTC registry. Scrubbing only the national list gives you no safe harbor for state DNC violations. Pull both sets of data before you dial.

What is the penalty for violating Florida's Mini-TCPA?

Florida's Telephone Solicitation Act allows $500 per violation, up to $1,500 for willful or knowing violations, with a private right of action. These stack on top of federal TCPA damages. A campaign sending 10,000 unconsented texts to Florida residents faces up to $15 million in Florida statutory exposure alone, before attorney fees or federal claims.

Are text messages covered by state TCPA-equivalent laws?

In many states, yes. Florida, Oklahoma, Maryland, and Washington explicitly cover texts in their telemarketing or automated dialing statutes. Pending bills in other states are trending toward explicit text coverage too. Relying on older statutes that mention only telephone calls is risky, since courts are actively reinterpreting those laws to cover SMS.

How do I know which state's law applies when I don't know where a phone number is located?

Area codes no longer reliably indicate location, thanks to number portability. The safest approach is a real-time carrier or number intelligence lookup that returns the subscriber's current state of registration. When you cannot confirm location, apply the strictest current state rules (Florida and Oklahoma) as a conservative default. Document your process either way.

Are there states moving to pass new TCPA-style laws right now?

Yes. As of mid-2025, New York, Illinois, Nevada, New Jersey, Arizona, and Pennsylvania all have active or recently introduced legislation modeled on Florida's Mini-TCPA. None had passed into law as of this writing, but New York and Illinois are furthest along. Check your state legislature's bill tracking site quarterly if you call into those markets.

Does a state's TCPA-equivalent law apply to calls made from outside that state?

Generally yes. State telemarketing statutes typically apply based on where the called party sits, not where the caller is based. A company calling from Texas into Florida must comply with Florida's FTSA. Courts have consistently upheld interstate application of state consumer protection laws when the consumer receiving the call is in that state.

At minimum, your form must name the specific company calling, describe that automated calls or texts may be made, state the purpose (marketing versus informational), and include a clear agreement statement. Florida and Maryland require that the exact calling entity be named. Writing consent language to Florida's standard currently satisfies most other states at the same time.

How often do state telemarketing laws change?

Fast enough that quarterly reviews are not overkill. Florida's Mini-TCPA passed and took effect within weeks of signing in 2021. Oklahoma followed in 2022. Several states introduced bills in the 2024-2025 sessions. If you run outbound campaigns at any real volume, subscribe to your target states' legislative tracking services or use a platform that monitors statutory changes.

Can employees be personally liable under state telemarketing laws?

In some states, yes. Several statutes define "person" broadly enough to include individuals acting for a company, not only the company itself. Officers or managers who directly authorize non-compliant campaigns have faced personal liability claims in both federal TCPA and state law contexts. Forming an entity does not always protect the individuals who make the call decisions.

Do state telemarketing laws apply to nonprofit or political calls?

Most state laws, like the federal TCPA, exempt political calls and calls by nonprofits soliciting donations. But the exemptions are not identical across states. Some narrow the nonprofit exemption to 501(c)(3) organizations only. Some that exempt political calls still require caller ID accuracy for them. Confirm the exact exemption language in each state's statute before relying on it.

Sources

  1. U.S. Code, 47 U.S.C. § 227 (Telephone Consumer Protection Act): TCPA statutory text including Section 227(e)(1) on non-preemption of more restrictive state laws and Section 227(b) on consent requirements and $500-$1,500 per-violation damages
  2. Florida Legislature, SB 1120 (2021) amending Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida Mini-TCPA effective July 1 2021, expanded ATDS definition, applies to texts, private right of action, $500-$1,500 per-violation damages
  3. Oklahoma Legislature, Oklahoma Telephone Solicitation Act, 15 O.S. § 775A: Oklahoma TCPA-equivalent statute covering calls and texts to Oklahoma residents, private right of action, $500-$1,500 per-violation damages, effective 2022
  4. Maryland General Assembly, Maryland Telephone Consumer Protection Act, Md. Code Com. Law § 14-3201: Maryland TCPA-equivalent covering calls and texts, private right of action, $500-$1,500 per violation, named-entity consent disclosure requirement
  5. California Attorney General, California Consumer Privacy Act (CCPA), Cal. Civil Code § 1798.100: California CCPA provides private right of action for data violations with $2,500-$7,500 per intentional violation, overlays on telemarketing campaign data practices
  6. Colorado General Assembly, Colorado No-Call Act, CRS § 6-1-902: Colorado No-Call Act AG enforcement, $1,000-$10,000 per violation, maintains state DNC registry supplemental to national list
  7. Indiana General Assembly, Indiana Telephone Privacy Law, IC 24-4.7: Indiana telemarketing law with $5,000-$10,000 per-violation penalties, state DNC registry, 30-day compliance window for new DNC registrations
  8. Washington State Legislature, Commercial Electronic Mail Act, RCW 19.190: Washington CEMA covers calls, texts, and email; AG and private enforcement; $500-$1,000 per text violation
  9. Texas Legislature, TX Business and Commerce Code § 305: Texas telemarketing statute with $5,000 per willful violation, AG-only enforcement, supplemental state DNC registry

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit