Last updated 2026-07-10

TL;DR
Auto dealers get sued under the TCPA more than almost any other industry, because they live on outbound calls and texts. The statute (47 U.S.C. § 227) requires prior express written consent before you send a marketing text or use an autodialer to reach a cell phone. Each violation costs $500, or $1,500 if willful. Nail consent, scrub DNC lists every 31 days, and document all of it. That keeps you out of court.
Why are auto dealers targeted so often in TCPA lawsuits?
Dealers run high-volume outbound programs and lean on borrowed consent, which is exactly the profile plaintiff attorneys hunt for. Service reminders, lease-end calls, conquest campaigns, text blasts to dead leads. Pile that volume on top of a CRM nobody built with the TCPA in mind, and you have a target.
The math is brutal. One TCPA violation carries a statutory penalty of $500 per call or text, and that jumps to $1,500 if a court finds the violation was willful or knowing [1]. A blast text to 10,000 opted-out customers is a $15 million exposure on paper before anyone negotiates. Courts have certified automotive class actions again and again, and some settlements have run into the tens of millions.
Dealers also hand off lead data constantly. To OEM marketing programs, to third-party finance companies, to extended warranty vendors. Every handoff is a consent question. Did the consumer agree to hear from the dealer specifically, or just the OEM? Did that consent survive the trip to the F&I vendor? These aren't hypotheticals. They show up in complaints filed every week.
The FCC treats TCPA liability as strict in most cases. You don't have to mean to break the law. If the call reached a cell phone through an autodialer without valid consent, the violation happened [2]. That's why sloppy processes get expensive fast.
For how other industries learned this the hard way, the UnitedHealthcare $2.5M settlement and the Truist Bank class action both trace back to the same consent documentation gaps that sink dealer BDC teams.
What does the TCPA actually require from a car dealership?
The Telephone Consumer Protection Act (47 U.S.C. § 227) runs three separate rulebooks that touch dealers: calls to residential landlines, calls and texts to cell phones, and the National Do Not Call Registry. Each carries its own consent standard, and mixing them up is how dealers get sued.
For marketing calls and texts to cell phones using an autodialer or a prerecorded voice, the statute requires "prior express written consent" [1]. The FCC's 2012 order pinned down what that means: a written agreement (electronic signatures count) that clearly authorizes the specific seller to send autodialed or prerecorded marketing messages, that includes the consumer's phone number, and that states consent is not a condition of purchase [2].
Informational or transactional calls to cell phones are easier. A service appointment reminder or a recall notice needs only prior express consent, which can be oral or implied when someone hands you their number in context [2]. But the line between informational and marketing gets litigated constantly. "Your vehicle is ready" is informational. "Your vehicle is ready, and by the way we have a great trade-in offer" slides straight into marketing.
For prerecorded marketing calls to residential landlines, prior express written consent is required. Live agent calls to landlines fall mostly under the DNC rules.
The DNC rules require dealers to scrub against the federal registry before calling any residential number, cell or landline, for marketing. The scrub has to happen at least every 31 days [3].
Here's the point that trips dealers up. The autodialer definition (an ATDS, or automatic telephone dialing system) still gets read broadly by many courts even after Facebook v. Duguid in 2021. Duguid narrowed the federal definition to equipment that stores or produces numbers using a random or sequential number generator [4]. State analogs in places like Florida and Oklahoma still reach predictive dialers that don't fit the federal box [11]. Know which law applies where you're calling.
For a plain-English walk through what the statute covers, start with What does TCPA mean?.
What is prior express written consent and how does a dealer capture it?
"Prior express written consent" is the FCC's phrase from 47 C.F.R. § 64.1200(a)(2). The rule requires a written agreement that bears the signature of the person called (electronic signature is fine), clearly authorizes the seller to deliver calls or texts to a specific number, and states that consent is not required to buy any property, goods, or services [2].
Dealers capture this in three places: the lead form on the dealer website, the paper deal jacket (the buyer's order or credit application), and the text opt-in flow.
Website lead forms fail most often. A generic checkbox reading "I agree to receive communications" does not meet the FCC standard if it doesn't name the seller and spell out what messages are coming. Courts have thrown out vague disclosures repeatedly. The form needs language close to this: "By submitting this form, I consent to receive autodialed or prerecorded marketing calls and texts from [Dealership Name] at the number I provided above. Message and data rates may apply. Consent is not a condition of purchase."
Deal jacket consent usually rides inside the credit application. Most standard dealer forms carry a consent clause, but you have to confirm the clause survived any lender redline and that the version in the drawer is current. F&I managers love a form that's two revisions old.
Text opt-in flows work well when you run them right. A consumer texts a keyword to a short code or long code, and the system replies: "Reply YES to receive marketing texts from [Dealer] about vehicles, service, and offers. Msg&Data rates apply. STOP to cancel." That YES is the consent. Keep the log of the exchange forever.
The 2025 FCC one-to-one consent rule (adopted January 2025, effective January 27, 2025) added a hard requirement: consent goes to one seller at a time [5]. The old lead-gen move of capturing consent to contact "our network of dealers" on a third-party site is dead. Each dealer has to be named, or get its own consent. For dealers buying shared leads, this is the single biggest change on the board right now.
For the wider view on consent mechanics, see TCPA guidelines: what every outbound team must know in 2025.
How does the 2025 FCC one-to-one consent rule change lead generation for dealers?
The FCC's one-to-one consent rule took effect January 27, 2025, and it requires telemarketing consent to be obtained separately for each seller [5]. A consumer who fills out a form on a third-party automotive lead site asking for vehicle info has not consented to autodialed calls from every dealer in that site's network.
That matters because the dealer lead ecosystem runs on aggregated leads. Sites that generate and resell leads to many dealers at once leaned on language like "I consent to be contacted by dealers in your network." The FCC's order (FCC 23-107) shut that door [5]. Each seller named in a consent has to hold a direct, clear tie to the transaction the consumer was actually completing.
Here's what it means for you day to day. If you buy leads from a third-party aggregator, either verify that the aggregator's consent form names your dealership specifically, or treat those leads as unconsented for autodialer and prerecorded purposes. You can still put a human agent on the phone (live agent calls dodge the ATDS rules), but that reshapes your BDC economics.
Some dealers are moving lead generation to owned channels. Their own website, their own social forms, their own events. The consent is cleaner and you own the documentation. Others are working with vendors to build what the FCC calls "logically and topically" related consent, where the form ties the consumer's stated interest (buying a car) to the named dealer who will call. Both routes work.
One more thing. The one-to-one rule attaches to the entity making the call, more than the entity that collected the consent. Bought a list that came with consent records? You still have to verify those records hold up under the new standard. "We relied on the vendor" isn't a complete defense, though it may cut your damages. See TCPA 2025: what changed, what it costs, and how to stay compliant for the full rundown on recent shifts.
Do service reminder calls and texts require the same consent as marketing calls?
No. But the line is blurry, and plaintiff attorneys know exactly where it blurs.
A purely transactional or informational call, one that tells a customer their car is ready, confirms a service appointment, or flags a safety recall, requires only "prior express consent" under the TCPA, not the higher written standard [2]. A customer who gave the service department their cell number to get updates on their vehicle has generally given prior express consent for informational messages.
The trouble is message creep. If the service text reads "Your oil change is done, and we noticed your tires are at 3/32 tread, we have a special this week on tire rotations," that second clause flips the message into marketing in many courts' eyes. Courts weigh the primary purpose of the message. Tip toward selling and the written consent standard kicks in.
Recall notices sit in their own bucket. The FCC has guidance saying safety-related recalls can reach cell phones without prior express consent when the call comes from an automaker or dealer about a genuine safety recall [2]. Don't stretch that into permission to dress up marketing as a recall notice.
A working rule: if the message could show up in a sales team's playbook, treat it as marketing and get written consent. If it's purely operational (appointment confirmation, ready notification, recall), prior express consent from the number given in context is likely enough. Write down why you sorted each message type the way you did.
What are the DNC (Do Not Call) obligations specific to auto dealers?
Dealers making outbound marketing calls to residential numbers must register with the FTC's National Do Not Call Registry and scrub their call lists against it at least every 31 days [3]. The registration fee was about $76 per area code per year as of 2024, and free for the first five area codes [12]. You can't call any number that's been on the registry more than 31 days since your last scrub.
Beyond the federal registry, you keep an internal Do Not Call list. If anyone tells you, at any point, that they don't want calls, you honor that for at least five years [3]. The request can arrive any way: a verbal statement on a call, a STOP reply to a text, a written letter. They all count. Your CRM has to flag these and block future outbound.
State DNC laws stack on more. Indiana, Wyoming, and Tennessee run their own registries, among others [6]. Some states use shorter grace periods or wider definitions of a marketing call. If you sell in a multi-state metro (say you're right on a state line), you probably need to scrub against several registries.
The DNC safe harbor asks dealers to run a documented compliance program, train staff, and scrub lists on schedule. Courts have given that safe harbor real weight, but only when the program is written down and actually followed, not buried in a policy manual nobody reads [3][9].
SMS opt-outs get their own attention. Under the TCPA and carrier standards, a STOP reply to any marketing text has to suppress future messages immediately. The suppression covers every message from that sending number, not one campaign. Carriers block senders who ignore STOP, and the legal exposure matches ignoring a verbal DNC request.
What are the TCPA penalties and what have auto industry settlements actually looked like?
Statutory damages under 47 U.S.C. § 227(b)(3) run $500 per violation, trebled to $1,500 for willful or knowing conduct [1]. No cap per plaintiff. Class actions multiply the exposure by the number of people in the class. A text blast to 50,000 people with bad consent is, on the math, a $75 million problem at the treble rate.
Settlements land well below the statutory max in practice. Defendants fight over class certification, the ATDS definition, consent evidence, and damages. But "well below" still stings. Recent automotive-adjacent settlements have run from low six figures for small regional dealers to eight figures for dealer groups with big BDC operations.
What drives settlement value up: proof the failure was systemic rather than a one-off, internal emails showing legal concerns got raised and ignored, high message volume, and a tight class of plaintiffs whose phone records match easily.
Dealer groups with multiple rooftops carry pooled risk. A BDC program spanning 15 stores is one lawsuit against one defendant, and the class sweeps in customers from all 15.
A few examples from adjacent industries. The Credit One Bank TCPA settlement reached $12.5 million over autodialed calls made without consent. The Albertsons/Safeway settlement grew out of marketing texts to people who never opted in. The story repeats every time: volume contact program, bad or missing consent records, class action, settlement. Dealers aren't different from those industries in any way the law cares about.
For a feel for what live litigation looks like, TCPA news tracks recent filings and settlements.
How should a dealer handle consent from third-party leads and CRM data?
This is where most dealer compliance programs come apart.
When a lead lands from a third-party source, a major automotive marketplace, a manufacturer program, an independent aggregator, you get a name, a number, and maybe a consent timestamp. You almost never get the actual consent record: the form the person filled out, the exact disclosure language, the IP address, the timestamp in a verifiable format.
The FCC has been clear that the entity making the call has to verify consent [2]. Leaning on a vendor's word that consent was obtained may trim damages in some cases, but it doesn't erase liability. You need to read the consent language the vendor used and confirm it meets the written consent standard, names your dealership (not a network), and wasn't given as a condition of purchase.
Leads that came in before January 27, 2025, under the old model change the math. Many compliance attorneys tell dealers to treat pre-2025 third-party leads as needing re-consent for autodialer and prerecorded contact going forward, unless you have solid proof the consent form named your dealership. That's a painful operational call. It's cheaper than a class action.
Your CRM is the record of truth for all of this. Tag every lead source with a consent type: written (ATDS-eligible), express (informational only), or unknown/unconsented. Key your BDC dialing rules to those tags. When a lead's type reads unknown, a live agent call with no autodialer is the conservative play.
LeadCompliant's free consent checker and compliance kit can audit your existing lead sources against the current FCC standard, flag the gaps, and build a documentation process that survives discovery. It's a practical way to see what you actually have before a plaintiff attorney does it for you.
For why the established business relationship defense is weaker than most dealers assume, see TCPA existing business relationship: what actually protects you.
What texting practices are specifically high-risk for auto dealers?
SMS is where dealer TCPA exposure has grown fastest over the past three years. Texting is cheap, open rates are high, and BDC teams love it. So do plaintiff attorneys, because text logs are easy to produce in discovery, the content is unambiguous, and the volume is usually big.
High-risk practices to fix now:
Mass text blasts from the CRM. Most dealer CRM systems, configured carelessly, will text every contact in a filtered list using the built-in SMS function. If that function runs any automated list processing, it likely qualifies as an ATDS, or at minimum trips carrier terms. Document consent for every number before the blast runs.
Appointment reminder texts that sneak in upsells. As covered above, mixing operational content with a promotion creates a marketing message that needs written consent even when the customer only agreed to service updates.
Texting numbers that already replied STOP. Seems obvious. But CRM migrations lose suppression lists constantly. Every time you switch platforms or import a list, confirm the opt-out list is present, accurate, and wired into the sending rules.
Salespeople texting from personal cell phones for the dealership. The TCPA covers any call or text made by or on behalf of a seller. A salesperson texting from a personal phone using the dealership's template is, legally, the dealership making contact. You need a policy and a way to monitor it.
Third-party texting platforms with no A2P 10DLC registration. Since 2023, all business text messaging on 10-digit long code numbers must be registered under the 10DLC (Application-to-Person) system with the major carriers [7]. Unregistered campaigns get filtered or blocked, and the consent records the registration wants overlap with your TCPA consent documentation. If your platform isn't registered, fix that first.
For the operational SMS rules in detail, text message marketing and text messaging marketing cover the ground.
What does a basic TCPA compliance program look like for a dealer or dealer group?
A compliance program doesn't have to cost much. It has to be real, written down, and actually followed.
The five parts that matter:
1. Consent collection process. Every touchpoint that captures a phone number needs compliant consent language: the website lead form, the service write-up, the credit application, the text opt-in flow. Review these forms annually and after any FCC rulemaking.
2. Consent records. Store each record with the consumer's name, the number consented, the date and time, the exact disclosure language shown, and (for web forms) the IP address and form version. Keep them at least four years, which is the TCPA statute of limitations [1].
3. DNC scrubbing. Register with the federal DNC registry, scrub every outbound marketing list before dialing, and scrub at least every 31 days [3]. Run your internal opt-out list against new imports before they touch the dialer.
4. BDC training. Everyone making outbound calls or texts should know which consent types authorize which contact types, how to handle a DNC request on the call and log it right away, and what to do when someone says they never gave consent. Train at hire and at least once a year. Keep sign-off records.
5. Vendor contracts. If you buy leads, your contract should make the vendor represent that consent was obtained with specific language meeting current FCC standards, indemnify you for consent failures, and hand over consent records on request. These clauses are getting standard. A vendor who refuses them is telling you something.
For dealer groups with 10 or more rooftops, a compliance officer or outside TCPA counsel reviewing the program once a year earns its cost. One class action will dwarf years of compliance spending.
See telemarketing rules news: what changed and what's coming in 2025-2026 for FCC proceedings that may hit dealer programs next.
Does the TCPA B2B exemption help dealers calling commercial fleet buyers?
Somewhat. Less than most dealers hope.
The TCPA's autodialer restrictions cover calls to "any residential telephone subscriber" and to cell phones. Calls to a business landline for a genuine business-to-business purpose have traditionally sat outside the ATDS rules [8]. Running a fleet sales program that calls the office line of a fleet manager gives you more room.
The limits are real. The exemption doesn't cover cell phones. A fleet manager's cell number is a cell phone no matter what they use it for. An autodialed call to that number without consent is a TCPA problem even when the purpose is purely commercial. The exemption applies when the call goes to a business, not simply when it's made for a business reason. The number has to be registered to a business, not a residential subscriber who works from home or uses a personal cell for work. And state analogs in California, Florida, and elsewhere may not carry the same B2B carve-out [11].
For dealer groups running fleet sales with any outbound texting or autodialed calling to cell phones, written consent is still the safe answer. The B2B exemption is a real defense in the right facts. It's a litigation defense, not an operational permission slip. For the full breakdown, TCPA B2B exemption for AI calls: what businesses actually get covers the limits.
What should a dealer do if they receive a TCPA demand letter or lawsuit?
Stop the conduct the letter names. Right now. Don't wait for legal advice to stop what the letter says you're doing wrong. Keep running the same conduct after a written demand and you hand the plaintiff a willfulness argument and treble damages.
Preserve everything. A litigation hold means you stop routine deletion of anything tied to the claim: call logs, text records, consent documentation, CRM exports, lead source agreements, training records. Courts sanction spoliation, and plaintiff attorneys know how to find it.
Get a TCPA defense attorney in fast. TCPA litigation has a cottage industry of plaintiff firms that file at volume. Decisions in the first 60 days (whether to move to dismiss, how to answer class certification, how to challenge ATDS standing after Facebook v. Duguid) can bend the whole trajectory. A general-practice attorney who dabbles in TCPA is not the same as a firm that lives in it.
Audit your consent records for the specific numbers in the complaint. Clean documentation for the plaintiffs' numbers is your defense. Thin or missing records shape your settlement strategy. The audit also tells you how wide the problem runs, which is information you want before the plaintiff's attorney deposes your BDC team.
A lot of individual (non-class) demand letters come from serial litigants fishing for a quick settlement. That doesn't mean you ignore them. A fast settlement on a legitimate claim often beats litigation. But your attorney should size up whether the plaintiff has standing and whether the facts back the claimed violation before you write a check.
Frequently asked questions
Can a car dealer text customers without written consent?
For purely informational texts (appointment confirmations, service-ready notifications), prior express consent, which a customer gives by handing over their cell number, is generally enough. For marketing texts sent through an autodialer or automated platform, the TCPA requires prior express written consent that specifically authorizes marketing messages. In practice, most dealer texting platforms are automated enough that written consent is the standard to apply.
Does an existing customer relationship exempt a dealer from TCPA rules?
No. There's no established business relationship exemption under the TCPA for autodialed or prerecorded calls to cell phones. The EBR exemption exists for the federal DNC rules covering live calls to residential landlines, but it doesn't reach cell phone marketing calls or texts sent with an ATDS. A customer who bought a car five years ago hasn't consented to autodialed marketing texts today unless they gave specific written consent.
What is the statute of limitations for a TCPA claim against a dealership?
The TCPA carries a four-year statute of limitations under 28 U.S.C. § 1658, which applies because the TCPA is a federal statute enacted after 1990. Some courts have applied shorter state periods, but the federal four-year window is what most dealers plan around. That means you retain consent records, call logs, and opt-out records for at least four years.
Are service appointment reminder calls covered by the TCPA?
Yes, but under a lower consent standard. Purely informational calls and texts, including appointment reminders and service-ready notifications, require prior express consent, not prior express written consent. A customer who gave the service department their cell number implicitly consented to operational updates about their vehicle. The risk is message creep: adding promotional content to an informational message bumps it up to a marketing communication that needs written consent.
Do dealers need to register with the Do Not Call Registry?
Yes. Any dealer making outbound marketing calls to residential numbers (cell or landline) must register with the FTC's National Do Not Call Registry, pay the fee (free for the first five area codes, roughly $76 per additional area code per year as of 2024), and scrub call lists against the registry at least every 31 days. Dealers also keep an internal DNC list and honor opt-out requests for at least five years.
What happened to the FCC's one-to-one consent rule and how does it affect dealers?
The FCC's one-to-one consent rule took effect January 27, 2025. It requires telemarketing consent to be obtained separately for each named seller. Lead-gen forms that captured blanket consent to contact "a network of dealers" no longer meet the standard. Each dealer has to be named in the consent, or get independent consent. Dealers using third-party lead sources need to audit vendor consent forms immediately.
Can a dealership use an AI voice agent for outbound calls under the TCPA?
An AI voice agent that delivers a prerecorded or synthesized message is treated as a prerecorded call under the TCPA and needs prior express written consent before it can run marketing calls to cell phones. The FCC confirmed in February 2024 that AI-generated voices in robocalls fall under existing TCPA restrictions. If the AI agent is truly interactive and works like a live agent (no prerecorded content), different rules may apply, but that line isn't settled.
What consent language do I need on a dealer website lead form?
The FCC requires written consent that bears a signature (electronic is fine), clearly authorizes this specific dealership to send autodialed or prerecorded marketing calls and texts, identifies the phone number covered, and states that consent isn't required to buy a vehicle or service. A checkbox reading "I agree to receive communications" doesn't meet the standard. The disclosure should name the dealership and describe the message types.
Are personal cell phones used by salespeople covered by the TCPA?
Yes. The TCPA applies to calls and texts made by or on behalf of a seller, whatever device is used. A salesperson texting from a personal phone with dealership scripts or templates is the dealership making contact under the law. Dealerships need a policy covering this and should monitor or log outbound sales texts. Liability follows the beneficiary of the contact, not the phone.
What is the difference between an autodialer (ATDS) and a manual call under the TCPA?
After Facebook v. Duguid in 2021, an ATDS under federal law is equipment that stores or produces numbers using a random or sequential number generator and dials them. Manual calls, where a human looks up a number and dials it, are outside the ATDS rules. Predictive dialers that pull from stored lists (not random generation) sit in a gray zone; many federal circuits exclude them after Duguid, but state analogs may still cover them.
How should a dealer group handle TCPA compliance across multiple rooftops?
Dealer groups carry pooled risk: a class action against the group can sweep in customers from every location. The best approach is a centralized program with one consent form standard, centralized DNC scrubbing, unified CRM suppression rules, and documented training records across all stores. Every rooftop's BDC follows the same playbook. A compliance officer or outside counsel reviewing the program annually pays for itself at 10 or more stores.
Can a dealer revive a cold lead from three years ago with a text message?
Only if you have documented prior express written consent that covers marketing texts and was obtained in the last four years (inside the TCPA limitations window). The age of the lead alone doesn't revoke consent, but many older CRM records lack the documentation to prove consent existed. A lead from a third-party site under the old network-consent model fails the current one-to-one standard. The safe move is to re-consent old leads through a live agent call before sending any automated messages.
What records should a dealer keep to defend against a TCPA lawsuit?
Keep for at least four years: the consent record for each number contacted (form version, disclosure language, timestamp, IP address or signature), call and text logs showing what went out and when, DNC scrub logs (date of scrub, registry version), internal opt-out logs with the date and method of each request, lead source agreements, and BDC training records. These are the documents your defense attorney asks for on day one.
Does the TCPA apply to texts sent through a dealer's CRM platform?
Almost always yes. CRM SMS functions that send messages to a list of contacts through any automated process qualify as an ATDS, or at minimum trigger the same consent obligations. The fact that the message goes through software rather than a traditional autodialer doesn't remove TCPA coverage. Carriers also require A2P 10DLC registration for any business texting on long-code numbers, which overlaps with consent documentation requirements.
Sources
- Cornell Law School Legal Information Institute, 47 U.S.C. § 227: TCPA statutory damages are $500 per violation, trebled to $1,500 for willful or knowing violations; four-year statute of limitations applies
- FCC, Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, 47 C.F.R. § 64.1200: FCC requires prior express written consent for marketing calls/texts to cell phones using ATDS; consent must not be a condition of purchase; informational calls require prior express consent only
- FTC, National Do Not Call Registry: Telemarketers must scrub against the DNC Registry every 31 days; internal DNC requests must be honored for five years; registration fees and safe harbor requirements
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): ATDS under federal TCPA is limited to equipment that uses a random or sequential number generator to store or produce numbers
- FCC, Report and Order FCC 23-107 (one-to-one consent rule), effective January 27, 2025: FCC one-to-one consent rule requires telemarketing consent to be given to one seller at a time; network consent on third-party lead forms no longer valid; effective January 27, 2025
- FTC, Federal Trade Commission (state Do Not Call laws and registries): Multiple states including Indiana, Wyoming, and Tennessee maintain their own DNC registries with requirements beyond the federal registry
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: DNC registry fees, scrubbing requirements, and safe harbor provisions for established compliance programs under the Telemarketing Sales Rule
- U.S. Court of Appeals for the Eleventh Circuit: State analogs to the TCPA in Florida and other states may still reach predictive dialers that do not meet the narrowed federal ATDS definition post-Facebook v. Duguid
- FTC, National Do Not Call Registry, information for businesses: DNC Registry registration is free for the first five area codes; approximately $76 per area code per year for additional area codes as of 2024