Last updated 2026-07-10

TL;DR
The FCC enforces the TCPA (47 U.S.C. § 227), which prohibits autodialed calls, prerecorded messages, and unsolicited texts to cell phones without prior express written consent. Violations cost $500 to $1,500 per call or text. The rules apply regardless of whether you're selling something, and a prior business relationship no longer excuses autodialed calls to mobile numbers.
What do the FCC rules actually say about calling cell phones?
One sentence in federal law drives most of the risk. 47 U.S.C. § 227(b)(1)(A) makes it unlawful to make any call using an automatic telephone dialing system or an artificial or prerecorded voice to any telephone number assigned to a cellular telephone service without the prior express consent of the called party. [1] That single provision has produced more class-action litigation than almost any other consumer protection law in the country.
The FCC implements the statute through regulations at 47 C.F.R. Part 64, Subpart L. The commission writes rules, issues declaratory rulings, and imposes forfeiture penalties. Courts also enforce the TCPA through private lawsuits, and that's where most of the real money changes hands.
Three things trigger the rule: you use an autodialer or predictive dialer, you use a prerecorded or artificial voice message, or you send a text message treated as a "call" under the statute. Do any of those to a cell number without proper consent and you're exposed. A live agent manually dialing a cell phone sits outside the autodialer restriction. Prerecorded messages do not, even when a human starts the call. [1]
People misread one thing constantly. The rule covers telemarketing and non-telemarketing calls to cell phones. The consent bar differs (informational calls need prior express consent, telemarketing calls need prior express written consent), but neither can go out by autodialer without some form of consent.
What is an autodialer under the FCC rules, and why does the definition matter?
The whole definition turns on one phrase, and billions of dollars of litigation have turned with it. The statute defines an automatic telephone dialing system (ATDS) as equipment with the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial those numbers. [1] Sounds narrow. For years, the FCC read it broadly, sweeping in predictive dialers and any system with the potential capacity to autodial, even when it wasn't set up that way for a given call.
The Supreme Court cut that back in April 2021. In Facebook, Inc. v. Duguid (594 U.S. 522), the Court held that a device must use a random or sequential number generator to store or produce numbers. Systems that only dial from a stored list of specific numbers are probably not ATDSs under the statute. [2] That helped businesses running list-based dialers. It did not erase the risk, because lower courts and the FCC have not fully settled the post-Duguid picture.
Here's the practical call. If your dialing platform could, even theoretically, generate and dial random or sequential numbers, treat it as an ATDS. Get that determination in writing from your vendor. If you run a pure click-to-call or manual operation with a human on every call, you're not using an ATDS, but you still can't play prerecorded messages without consent.
Texts sent through a platform that uses an ATDS are covered too. Peer-to-peer texting, where a human sends each message by hand, sits in a grayer zone, but the FCC looks at functional capacity, not marketing labels. [3]
What consent is required before calling or texting a cell phone for telemarketing?
For telemarketing calls and texts to cell phones, the FCC requires prior express written consent. [3] That phrase has a specific legal meaning. Under 47 C.F.R. § 64.1200(f)(9), the written consent has to include a clear and conspicuous disclosure that the consumer authorizes the seller to deliver calls or texts using an ATDS or prerecorded voice, and the consumer can't be required to consent as a condition of buying anything.
"Written" includes electronic signatures. A checkbox on a web form, a text reply of "YES", or an email confirmation can all qualify, as long as the consent language is clear, you capture a timestamp and the source URL or channel, and the consent isn't buried in terms and conditions. The FCC and courts throw out consent obtained through deceptive or ambiguous disclosures.
Informational calls (appointment reminders, account alerts) only need prior express consent, which someone can give orally or by handing over the number in a context that implies consent for that kind of contact. The line between informational and telemarketing snaps the moment you add an upsell, a promotional offer, or a sales pitch.
Three things to get right on your consent forms: name the specific seller or company placing the calls (a parent brand or affiliate network is not enough), name the channel (autodialed calls, texts, or both), and include a clear opt-out. Shared consent across a chain of companies in a lead-gen setup is a heavy enforcement target right now. [4]
Revocation has to be honored promptly. The FCC's one-to-one consent rules (adopted December 2023, effective January 2025) require that consent go to a single seller, not a broad group of marketing partners. [4] That change alone breaks most lead-aggregator consent models built before 2024.
What did the FCC's 2023 and 2024 rulemaking change for cell phone telemarketing?
The FCC moved hard on consent in late 2023 and 2024. These are the biggest shifts in TCPA practice in a decade.
In December 2023, the FCC adopted its "one-to-one consent" order. [4] Starting January 27, 2025, a consumer's prior express written consent to receive telemarketing calls or texts has to go to one specific seller at a time. The old move (a box agreeing to be contacted by "our marketing partners," then selling that lead to dozens of companies) is gone for autodialed and prerecorded contacts. Each company needs its own consent, obtained in a context logically and topically related to that company.
That order took direct aim at lead-generator websites. A consent disclosure on a generic insurance or financial comparison site can't serve as valid consent for a specific mortgage lender or health insurer unless that company is named on the page when the consumer consents. [4]
In February 2024, the FCC tightened the rules on AI-generated voices. The commission ruled that voice cloning and AI-generated voice calls fall inside the statutory meaning of "artificial or prerecorded voice," so they need the same consent as any other prerecorded call. [5] That shut a loophole some vendors were selling hard.
The practical fallout is direct. Buy leads from a third party and you now bear responsibility for verifying that the consent meets the one-to-one standard and names your company. "Our vendor handles consent" is not a defense that survives litigation.
What are the FCC's calling hours rules for cell phones?
The TCPA statute doesn't set calling hours, but the FCC's regulations at 47 C.F.R. § 64.1200(c)(1) bar telephone solicitations before 8 a.m. or after 9 p.m. local time at the called party's location. [3] That applies to landlines and cell phones alike.
The FTC's Telemarketing Sales Rule (TSR) at 16 C.F.R. § 310.4(c) sets the same 8 a.m. to 9 p.m. window for the calls it covers. [6] Two federal agencies, one identical time restriction, separate legal exposure if you miss either.
"Local time at the called party's location" means the time zone where the person actually is, not where the number's area code was issued. Know a contact is in California from their billing address? Use Pacific time. A New York area code but the person lives in Arizona? Use Mountain time. The rule follows the person, not the number.
For how these hour restrictions interact with the TSR and state rules, see TCPA quiet hours: what times you can and cannot call or text.
State laws sometimes go stricter. Florida, for one, restricts calls to 8 a.m. to 8 p.m. under its own mini-TCPA. Check state law alongside the federal floor every time.
How much can FCC violations for cell phone telemarketing actually cost?
Two separate penalty structures apply. The FCC can issue forfeitures under 47 U.S.C. § 503(b) of up to $25,912 per violation (a 2023 figure, adjusted annually for inflation), with a cap of $194,344 for a single continuing violation or series of violations. [7] The commission has handed out nine-figure fines against robocallers, though collection is uneven.
The bigger risk for most outbound teams is private litigation under 47 U.S.C. § 227(b)(3). Anyone who receives a violating call or text can sue. Damages run $500 per violation. If the court finds the violation was willful or knowing, damages triple to $1,500 per violation. [1] There's no cap. A single campaign sending 10,000 improper texts can produce $5 million to $15 million in statutory damages before attorneys' fees.
Class actions are the real threat. Plaintiffs' lawyers file TCPA class actions routinely because the per-violation damages are fixed, proving damages is easy, and the defendant's own records show the scope of the violation. Nine-figure settlements have hit major carriers and marketing companies. The statute has no good-faith defense written into it, so even honest mistakes are actionable.
One honest note. Individual suits from serial TCPA plaintiffs happen too. Some firms keep clients who knowingly take calls and texts to generate claims. The count of professional TCPA plaintiffs is real but hard to pin down; the FCC has acknowledged the issue without fully resolving it.
For lawsuit patterns and what settlements actually look like, see penalties and lawsuits.
Do the FCC cell phone rules apply to B2B telemarketing calls?
Mostly yes, and it catches a lot of sales teams off guard.
The TCPA has no blanket B2B exemption. Autodial a cell phone registered in a person's name, even calling that person in their professional role, and you're covered. The phone is the trigger, not the purpose of the call. [1] A rep cold-calling a procurement manager's iPhone with a predictive dialer needs consent as much as a consumer telemarketer does.
One nuance. Calls to numbers assigned to a business (a main office line on a PBX system billed to a corporate account) may fall outside the cell phone restrictions depending on how the line is provisioned. In practice, most decision-makers pick up on personal or company-issued cell phones, and those are covered.
The FTC's Telemarketing Sales Rule has a cleaner B2B exemption (it generally excludes calls where the purchaser is a business), but the TSR doesn't override the TCPA. They're separate statutes run by separate agencies. You have to satisfy both. [6]
For the full B2B picture, including what the TSR says specifically, see B2B cold calling rules: what's legal, what's not, and what to do and FTC Telemarketing Sales Rule, B2B calls, and AI voice in 2024.
What about the National Do Not Call Registry and cell phones?
The National Do Not Call (DNC) Registry, run by the FTC, covers both landlines and cell phone numbers. [8] Telemarketers have to scrub against the registry before calling and honor registrations within 31 days of the consumer signing up. Calling a registered number costs up to $51,744 per violation as of 2023. [9]
Cell owners register their mobile numbers at DoNotCall.gov. The registration never expires. There's no separate "cell phone DNC" list; the one national registry covers every number.
Here's a common mistake. Some teams think getting consent to call a cell also clears the DNC obligation. It doesn't, not automatically. Prior express written consent for TCPA purposes is separate from the established business relationship or prior express invitation exemptions under the DNC rules. If someone on the DNC gives you written consent to receive telemarketing texts, that consent satisfies the TCPA, and it likely also functions as a prior express invitation under the DNC rules if it's written correctly. Keep records proving both.
Companies also have to maintain their own internal DNC lists and honor opt-outs within 30 days. [3] That internal list obligation applies even when you have an existing customer relationship.
For a full walkthrough of scrubbing lists and running DNC compliance day to day, see the cold calling compliance overview.
How do the FCC rules treat text messages to cell phones?
The FCC has treated text messages as "calls" under the TCPA since at least 2003. A text sent via an ATDS to a cell phone needs the same prior express written consent as an autodialed voice call. [3] Your SMS marketing platform, automated drip sequences, and bulk promotional texts all land in the same framework.
Some vendors argue P2P (peer-to-peer) texting sits outside the ATDS definition because a human sends each message. After Facebook v. Duguid, that argument carries more weight than before, but it hinges on how the platform is built. If the platform automates scheduling, sequencing, or delivery in any meaningful way, courts and the FCC may still call it an ATDS. Don't treat a "P2P" label as a safe harbor.
Opt-out has to be instant and reliable. An opt-out keyword (STOP, QUIT, CANCEL, UNSUBSCRIBE, END) must be recognized, and you have to stop sending within a reasonable time, with same business day the defensible standard. One more message after a STOP is a separate violation. [3]
The TCPA's text rules intersect with the CAN-SPAM Act for email-to-SMS gateways (messages sent to a number's email address like 5551234567@vtext.com). CAN-SPAM's opt-out rules can apply there instead of the TCPA in some configurations. If you're doing gateway texting, hire a lawyer who knows both statutes.
For a full SMS compliance framework, see the SMS compliance hub.
What recordkeeping and compliance systems do you actually need?
The FCC doesn't dictate a recordkeeping format, but in litigation your records are your defense. You have to prove three things: that you had consent, what exactly the consent said, and when you got it.
Minimum records per contact: the timestamp and source of consent capture, the exact disclosure language shown to the consumer, the IP address or channel where consent came in, any later opt-out requests and the date you processed them, and the call or message logs showing what went out and when. Keep these for at least four years, the outer edge of most TCPA statutes of limitations.
For consent from third-party lead vendors, keep documentation that you verified the consent met the one-to-one standard and named your company. A contract clause where the vendor guarantees compliant consent is not enough. Audit sample consent records before a campaign and periodically after.
Scrubbing against the federal DNC registry takes a SAN (Subscriber Account Number) from the FTC. You register at donotcall.gov and download scrub lists monthly at minimum. [8] Buying a compliance tool to handle DNC scrubbing is fine, but you own the output.
LeadCompliant offers a free TCPA compliance kit with consent form templates, scrubbing checklists, and call-time calculators if you want a starting framework without building everything yourself.
For how to structure a cold call operation with these systems built in, the cold call guide covers operational setup in detail.
What exemptions exist from the FCC's cell phone calling rules?
Real exemptions are narrow. The ones people cite most:
Emergency calls are exempt. Calls made to address an emergency, with no commercial component, fall outside the TCPA. That matters for healthcare and public safety, not for outbound sales.
Calls made by or on behalf of tax-exempt nonprofits are exempt from the DNC registry rules, but not necessarily from the autodialer or prerecorded voice consent requirements. Nonprofits still can't autodial cell phones without consent.
An established business relationship (EBR) matters less than it used to. The EBR exemption is strong for DNC list purposes: you can call existing customers on the DNC for 18 months after the last transaction and 3 months after an inquiry. [3] But for the autodialer restriction on cell phones, EBR is no defense. You still need prior express written consent for telemarketing calls placed via ATDS to a cell phone, even to a long-term customer.
A number the consumer handed over during a transaction may count as implied consent for informational (non-telemarketing) callbacks. A customer who gives you their cell for order updates has probably consented to order-related calls. That consent does not stretch to promotional calls.
Government-contracted calls for specific purposes (Medicaid notifications, school emergency alerts) have exemptions granted by FCC order. Narrow, specific, and irrelevant to commercial sales.
The exemption sellers wish existed but doesn't: nothing protects you from accidentally calling a reassigned number. Call a number that used to belong to a consenting customer but got reassigned to someone new, and you can be liable for calling the new owner. The FCC's Reassigned Numbers Database exists to help callers check this. [10]
What is the Reassigned Numbers Database and should you use it?
The FCC launched the Reassigned Numbers Database (RND) in 2021. [10] It tracks disconnected and reassigned phone numbers so callers can check whether a number they have consent for has since gone to a new subscriber.
The RND matters because the TCPA creates liability for calling a reassigned number even when you had valid consent from the previous owner and had no idea the number changed hands. One call to a reassigned number after you've had notice of a disconnect can wipe out the good-faith defense. Querying the RND and keeping records that you did so before each campaign gives you a defensible position.
The database runs through FCC-authorized data providers. In most cases you don't hit a raw API directly; you use a licensed provider who has access. Costs vary but stay modest next to TCPA litigation risk.
For high-volume outbound teams, querying the RND before each campaign run belongs in the pre-call scrubbing workflow, right next to DNC scrubbing. It's not legally required, but skipping it when the tool exists is hard to explain in a deposition.
Frequently asked questions
Can a telemarketer call my cell phone if I gave them my number?
Giving out your cell number does not automatically equal consent to receive autodialed or prerecorded telemarketing calls. For telemarketing via an ATDS, the FCC requires prior express written consent with a clear disclosure naming the company and the communication type. Simply providing a number on a form or verbally doesn't meet that standard unless the consent language was explicit.
Does the TCPA apply to text messages sent to cell phones?
Yes. The FCC ruled that text messages are "calls" under the TCPA. Texts sent via an automatic telephone dialing system to a cell phone require prior express written consent for telemarketing, the same standard as autodialed voice calls. Bulk SMS platforms and automated drip sequences almost certainly qualify as ATDSs, so the consent requirement applies to your text campaigns.
What is prior express written consent under FCC rules?
Prior express written consent is a signed (including electronic) agreement that clearly discloses the seller will deliver autodialed or prerecorded calls or texts, names the specific company, and isn't a condition of purchase. A checkbox on a web form with compliant disclosure language qualifies. Buried terms-and-conditions language and pre-checked boxes don't. The FCC codified this in 47 C.F.R. § 64.1200(f)(9).
How much does a TCPA violation cost per call or text?
The statute sets $500 per violation for standard violations and $1,500 per violation for willful or knowing ones. There's no cap on total liability, so a campaign reaching 50,000 people without proper consent could produce $25 million to $75 million in statutory damages exposure. The FCC can separately fine up to $25,912 per violation in forfeiture actions under 47 U.S.C. § 503(b).
Can I call cell phones for B2B sales without consent if I use an autodialer?
No. The TCPA's autodialer restriction covers cell phones regardless of the call's commercial purpose or whether it's B2B. If you use an ATDS to reach a decision-maker's mobile phone, you need prior express written consent for telemarketing calls. The FTC's Telemarketing Sales Rule has a broader B2B exemption, but that rule doesn't override the TCPA's cell phone restrictions.
What changed with the FCC's 2023 one-to-one consent rule?
Effective January 27, 2025, prior express written consent for telemarketing calls and texts must go to one named seller at a time. The old practice of capturing a single consent to share with dozens of lead buyers is invalid for autodialed contacts. Each company in a lead-gen chain needs its own named consent, obtained in a context logically related to that company's products or services.
What are the calling hours rules for cell phones under FCC regulations?
FCC rules at 47 C.F.R. § 64.1200(c)(1) prohibit telephone solicitations before 8 a.m. or after 9 p.m. at the called party's local time. This applies to cell phones and landlines alike. Some states have stricter windows. You must use the time zone where the consumer is located, not where your team is calling from.
Can AI-generated voice calls be made to cell phones without consent?
No. The FCC ruled in February 2024 that AI-generated and voice-cloned calls qualify as "artificial or prerecorded voice" under the TCPA. They require the same prior express written consent as any prerecorded call to a cell phone. Marketing a product as AI voice or voice cloning doesn't change the legal classification.
Does registering on the Do Not Call list prevent all telemarketing calls to a cell phone?
Registering your cell number on the National DNC Registry at DoNotCall.gov should stop most commercial telemarketing calls after 31 days. But companies with an established business relationship (within 18 months of a transaction or 3 months of an inquiry) may still call. Charitable, political, and survey calls are also exempt from the DNC rules.
What is the Reassigned Numbers Database and do I have to use it?
The FCC's Reassigned Numbers Database tracks phone numbers that have been disconnected and reassigned to new subscribers. It's not legally mandatory, but calling a reassigned number after the previous owner's consent is no longer valid creates TCPA liability. Querying the RND before campaigns gives callers a defensible good-faith position. Access runs through FCC-licensed data providers.
Is there an established business relationship exemption for autodialed calls to cell phones?
No, not for the ATDS restriction. An established business relationship (EBR) exempts telemarketers from the Do Not Call registry rules for 18 months after a transaction, but EBR is no defense to the TCPA's requirement for prior express written consent when using an autodialer or prerecorded voice to call a cell phone. Those are separate legal requirements.
What records do I need to prove TCPA compliance for cell phone calls?
Keep the timestamp and source URL where consent was captured, the exact disclosure language shown, the IP address or channel, opt-out requests with processing dates, and call or message logs for at least four years. For leads bought from third parties, document that you verified the consent named your company and met the one-to-one standard before the campaign ran.
How do I stop receiving robocalls on my cell phone legally?
Register your number at DoNotCall.gov, which covers cell phones. You can also revoke any consent you gave to specific companies in writing. If calls continue after 31 days from DNC registration, you can file a complaint with the FCC at fcc.gov or the FTC at ReportFraud.ftc.gov. Continuing calls after revocation may support a private lawsuit for $500 to $1,500 per call.
Do robocall rules differ for political calls to cell phones?
Political calls (from campaigns, PACs, and parties) are exempt from the DNC registry and the telemarketing definition under the TCPA. But they are NOT exempt from the ATDS restriction on cell phones. Political organizations must have prior express consent before using an autodialer or sending automated texts to cell numbers, which is why political texting programs lean heavily on P2P platforms.
Sources
- Legal Information Institute, 47 U.S.C. § 227 (Telephone Consumer Protection Act): Statute text prohibiting autodialed and prerecorded calls to cell phones without prior express consent; $500 and $1,500 per-violation damages
- Supreme Court of the United States, Facebook, Inc. v. Duguid, 594 U.S. 522 (2021): ATDS definition requires use of random or sequential number generator to store or produce numbers
- FCC, 47 C.F.R. Part 64 Subpart L, Restrictions on Telemarketing and Telephone Solicitation: FCC regulations implementing TCPA, including prior express written consent definition, calling hours (8 a.m. to 9 p.m.), text message treatment, opt-out, and internal DNC list requirements
- Federal Register, FCC Report and Order on One-to-One Consent (FCC 23-107), December 2023: One-to-one consent rule requiring named, specific seller consent effective January 27, 2025; closes lead aggregator loophole
- Federal Register, FCC Declaratory Ruling on AI-Generated Voice Calls under the TCPA, February 2024: AI-generated and voice-cloned voices qualify as artificial or prerecorded voice under the TCPA
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR calling hours restriction (8 a.m. to 9 p.m. local time) and B2B exemption scope
- FCC, Section 1.80 forfeiture penalty schedule, 47 C.F.R. § 1.80 (inflation-adjusted amounts): FCC forfeiture penalty up to $25,912 per violation under 47 U.S.C. § 503(b)
- FTC, National Do Not Call Registry: Cell phone numbers can be registered on the National DNC Registry; telemarketers must scrub within 31 days
- FTC, Consumer Protection (Do Not Call penalties): DNC violation penalty up to $51,744 per call as of 2023
- FCC, Reassigned Numbers Database (reassigned.us): FCC launched the Reassigned Numbers Database in 2021 to help callers verify whether a number has been reassigned to a new subscriber