Last updated 2026-07-09

TL;DR
Every prerecorded telemarketing call must play an opt-out disclosure at the start and offer an automated, interactive opt-out that works throughout the call. The FCC's 2012 rule under 47 USC 227 requires you to add opt-outs to your do-not-call list within 10 business days. Get it wrong and you face up to $1,500 per call in statutory damages.
What does the TCPA actually require for opt-out in prerecorded calls?
A working opt-out in a prerecorded telemarketing call has three parts: an identity and callback number at the start, an automated interactive way to opt out that runs the whole call, and suppression within 10 business days. Most teams miss at least one.
The Telephone Consumer Protection Act, 47 U.S.C. § 227, and the FCC's rules at 47 C.F.R. § 64.1200 impose that multi-part requirement on prerecorded telemarketing calls. The statute gives the FCC authority to require that any artificial or prerecorded voice message include a mechanism for the called party to opt out of future calls [1]. The FCC used that authority in its 2012 Report and Order (FCC 12-21), which took effect October 16, 2013.
Here is what the rule actually says you must do. The message must state at the beginning, before pitching anything, the identity of the business on whose behalf the call is made and the telephone number of that business [2]. It must offer an automated, interactive opt-out mechanism the called party can use during or after the message, and that mechanism has to record the request. Any opt-out must be honored within 10 business days, and the number added to the caller's do-not-call list [2].
The word "automated" is doing a lot of work here. A message that says "call us back at 800-xxx-xxxx to be removed" does not satisfy the requirement. The opt-out must take no human interaction on your side to complete. Pressing a key, speaking a word into an IVR, or hitting a URL that triggers instant suppression are all fine in concept. The mechanism just has to work the moment the consumer reaches for it.
When during the call does the opt-out disclosure have to appear?
At the outset, and it has to stay available the whole time. The FCC rule is explicit that the opt-out mechanism must be available at the beginning of the message and remain available throughout [2]. "At the outset" gets read as within the first few seconds, before the pitch begins.
Most compliant openers sound like this: "This is a message from [Company Name] at [phone number]. To be removed from our call list at any time, press 9 now or during this message." Then the pitch follows.
You cannot bury the opt-out at the end. You cannot make someone sit through a full minute of marketing before they can act. A consumer who hangs up before your message finishes still needs a real chance to opt out. That is why the "press 9" instruction goes at the start and stays available continuously, not saved for a tail disclosure.
Voicemail creates its own trap. Some carriers and dialers cut calls that hit voicemail before the full message plays. If your message lands on voicemail and the disclosure never plays, you have a separate TCPA problem, because a voicemail left without the required disclosures is still a covered call. Your IVR logic has to tell live answers apart from voicemail and handle each one right [2].
What counts as a valid automated opt-out mechanism?
Any method that runs without a human, triggers on the consumer's action, and records the request. The FCC did not name a technology. It defined a function: the mechanism must be automated (no human picks up and processes it), interactive (the consumer's action drives the outcome), and able to capture the request [2].
Three implementations show up in practice.
DTMF keypress. The called party presses a digit (usually 1, 2, or 9) during the message and the dialer's IVR suppresses the number on the spot. This is the most common approach because it works on every phone and asks nothing of the consumer beyond a button.
Speech recognition. The IVR listens for a word like "stop" or "remove" and treats it like a keypress. It works, but it adds error. If your engine misses a spoken opt-out, you have a documented failure you will not enjoy explaining in litigation.
Web opt-out via a URL in the message. Some callers read out a short URL. It is technically allowed, but it makes the consumer write down a web address while a phone message plays. Courts and the FCC have not struck it down, yet it is hard to call that "easy," and plaintiff attorneys have attacked it as not interactive enough.
Keypress is the standard. Use it unless you have a real technical reason not to.
The FCC also made clear that the opt-out mechanism has to run around the clock [2]. If your IVR goes offline after hours and someone gets a prerecorded call at 7 PM, presses 9, and nothing happens, that is a violation even when the call itself was otherwise lawful.
How fast do you have to honor an opt-out request?
Ten business days. That is the ceiling under 47 C.F.R. § 64.1200(d)(3), which governs company-specific do-not-call lists [2]. An opt-out taken during or after a prerecorded call has to put the number on your internal do-not-call list within 10 business days, and no further calls may go to that number after that.
Ten business days is not a target. It is the legal maximum. Real-time suppression, the instant the IVR captures the request, is both doable and safer. Every day you wait is a day something breaks: a batch file fails to upload, a new campaign launches before the list updates, a rep dials the number by hand.
Congress set the 10-business-day window for written opt-out requests under the DNC framework. The FCC applied the same clock to automated opt-outs from prerecorded calls. Some plaintiff attorneys argue that when your system already captured the request in real time, waiting is unreasonable. No circuit has settled that in every case. You do not want to be the test.
If you run cold calling campaigns alongside prerecorded programs, share one suppression list across both. An opt-out on a prerecorded call should kill live-agent calls to that number too.
Does the opt-out rule apply to calls made with prior express consent?
Yes. This one surprises a lot of teams. The FCC's opt-out mechanism requirement applies to all prerecorded telemarketing calls, even those made to consumers who gave prior express written consent [2]. Consent lets you make the call. It does not waive the opt-out mechanism once you make it.
Think of it this way. Consent is the door in. The opt-out is the door out, and the consumer can walk through it any time. You cannot contract away opt-out rights in a prerecorded call. The FCC has held that line since 2012.
So if a consumer signed up for your marketing texts and calls six months ago, and today you play them a prerecorded pitch, that call still needs the compliant opt-out at the start, still has to honor an opt-out within 10 business days, and still has to add the number to your internal DNC list if they press 9.
For what consent actually covers, the TCPA basics are worth a read, especially the difference between prior express written consent and informational consent.
What happens if you get the opt-out mechanism wrong?
The math is ugly. Under 47 U.S.C. § 227(b)(3), a consumer can recover $500 per violation or actual damages, whichever is greater. If the court finds the violation willful or knowing, that trebles to $1,500 per call [1]. In a class action, where thousands of people got the same noncompliant message, aggregate exposure can hit eight figures before a settlement.
The Cash App TCPA class action settlement and the Credit One TCPA settlement both show how fast these cases scale. Neither company set out to run an illegal robocall campaign. Failures at the technical layer, an opt-out that did not suppress, a disclosure that came too late, are exactly what plaintiff experts hunt for.
Beyond private suits, the FCC can impose forfeitures under its enforcement authority, with per-violation amounts in the tens of thousands and adjusted for inflation [11]. State attorneys general can stack penalties under state robocall laws. Florida (FTSA) and Oklahoma have their own per-call damages that pile on top of TCPA exposure.
The FTC's National Do Not Call Registry adds one more layer. Call someone on the do not call list with a prerecorded message they never consented to, and you now have both a TCPA violation and a possible TSR violation [10].
| Violation type | Per-call damages |
|---|---|
| TCPA statutory (not willful) | $500 |
| TCPA statutory (willful/knowing) | $1,500 |
| FCC forfeiture (per violation) | Tens of thousands, inflation-adjusted |
| TSR/FTC civil penalty (per call) | Up to $51,744 [5] |
These are cumulative risks, not alternatives. One bad prerecorded campaign can trigger all of them.
Are there different rules for non-telemarketing prerecorded calls?
Yes, and the line matters. The FCC's automated opt-out mechanism requirement applies to prerecorded calls that include or introduce an advertisement or that count as telemarketing [2]. A purely informational call, like a bank fraud alert, a pharmacy prescription reminder, or a utility outage notice, is not subject to the same opt-out mechanism requirement, as long as it pitches nothing.
The line between informational and telemarketing blurs fast. If your "appointment reminder" also mentions a special offer, you have probably crossed into telemarketing, and the full opt-out requirement applies. The FCC looks at the purpose and content of the message, more than the label you gave it internally.
Even for informational calls, you still have to identify yourself and give a contact number [2]. And if a consumer tells you to stop calling, the company-specific DNC rules bind you regardless of call type. The automated opt-out mechanism is the extra layer that kicks in for telemarketing specifically.
Some categories, like political organizations, nonprofits, and certain survey calls, run under different rules. If your use case is not clearly commercial telemarketing, get a legal opinion on your exact facts, not a generic compliance guide.
How do you test whether your opt-out mechanism actually works?
Testing is how you prove due diligence if you ever land in litigation. It is not optional.
Before any prerecorded campaign goes live, run end-to-end tests that confirm four things: the disclosure plays at the right point in the message, pressing the opt-out key actually triggers suppression in your CRM or dialer, the suppressed number stays out of later call exports, and the suppression survives a campaign refresh.
Test with real numbers your team controls. Call yourself, press 9, then check the suppression file for your number. Call yourself again the next day and confirm the dialer does not try you. Repeat this after every material change to your IVR script, your dialer config, or your list workflow.
Document all of it. A log showing you tested on a given date, found a suppression failure, fixed it before launch, and retested is the kind of record that separates a willful violation from an honest technical error in front of a court.
LeadCompliant's free compliance checklist walks through the specific testing steps for prerecorded opt-out flows if you want a structured format.
Voicemail gets its own test. Call a number that rolls to voicemail and confirm your system does not leave a partial message that drops the disclosure. Some dialers detect voicemail and play a shorter alternate message. That one needs its own compliant disclosure, or the system should leave nothing at all.
What should the opt-out disclosure script actually say?
The FCC sets the function, not the words. A compliant opening has to do three jobs: name the business, give a callback number, and tell the consumer how to opt out right now.
A basic compliant opener reads like this:
"This is [Company Name] calling. Our number is [phone number]. To be removed from our call list at any time during this message, press 9 now."
Then the pitch runs. Before the message ends, a short reminder helps: "Again, press 9 at any time to be removed from future calls."
A few things to avoid. Do not make opt-out conditional. "Press 9 and a representative will remove you" implies a human step and might fail the automated test. Do not add friction like "press 9, then confirm by pressing 1" unless your system genuinely needs it, and even then keep it to one step. Do not describe the opt-out as "removing you from this campaign" instead of your full call list, because the rule makes you honor it company-wide.
The identity disclosure has to be the business making the call (or the one on whose behalf it is made), not a rep's first name. A first name alone does not cut it.
If a third-party dialer or lead aggregator places calls for you, you are still on the hook for making sure their opt-out works and that opt-outs flow back to your own suppression list. You cannot contract out of TCPA liability by blaming the vendor [3].
Do these rules apply to cell phones and landlines the same way?
For prerecorded calls, the opt-out mechanism requirement applies whether the call goes to a cell phone or a landline. The opt-out obligation is identical.
What differs is the consent bar to make the call in the first place. Prerecorded telemarketing calls to cell phones require prior express written consent under 47 C.F.R. § 64.1200(a)(2) [2]. Prerecorded telemarketing calls to residential landlines sit at a somewhat lower bar, though the FCC's 2012 rules tightened that a lot.
Consumers who registered their cell numbers on the mobile phone do not call list or the national do not call telemarketer list get an extra layer of protection. In most circumstances you cannot call them even with consent unless you have an established business relationship or an exemption applies.
The takeaway is simple. Run prerecorded campaigns to any mobile numbers and you need two things: proper consent to make the call, and a compliant opt-out in the message. Miss either one and you have a violation.
How do FCC orders shape the current opt-out rules?
The current opt-out rules come mostly from the FCC's 2012 Report and Order, FCC 12-21, adopted February 15, 2012 and effective October 16, 2013 [2]. That order killed the "established business relationship" exception for prerecorded telemarketing calls and tightened the opt-out mechanism requirement at the same time.
The FCC required, in that order, an automated, interactive opt-out mechanism available throughout the duration of the call. That standard is what courts and defense attorneys now cite.
Later FCC actions built on it. The FCC's 2023 and 2024 proceedings on artificial intelligence in calls and on one-to-one consent extended the framework without replacing the core opt-out rule [6]. The 2024 one-to-one consent rule (FCC 24-25), which required consent for each seller rather than through a broad comparison-shopping form, was vacated by the 11th Circuit in January 2025 [7]. That vacatur did not touch the opt-out mechanism requirement, which is still fully in force.
For teams doing cold call outreach alongside prerecorded campaigns, the FCC's cell-phone rules and the TRACED Act matter too. The TRACED Act (2019) gave the FCC new enforcement tools and pushed carriers to deploy robocall-blocking technology [8].
What records do you need to keep for opt-out compliance?
Record-keeping is where small teams cut corners and regret it. The FCC's rules require companies to maintain written do-not-call policies, train staff, and keep records of opt-out requests [2]. For prerecorded calls, retain the audio file or script actually played (more than what you meant to play), the timestamp of each call, the disposition of each call (did the consumer press the opt-out key?), the date the opt-out hit your suppression list, and proof that no calls went out to that number afterward.
FCC enforcement actions and civil TCPA cases both turn, again and again, on whether the defendant can produce records showing they knew about a DNC request and called anyway. "We had a technical glitch" plays far better when you can show what the glitch was, when you caught it, and how you fixed it. "We don't really track that" is not a defense at all.
Keep call records at least four years. The TCPA's statute of limitations for private actions is four years under 28 U.S.C. § 1658 [9], though some courts apply state periods that run shorter or longer. Four years minimum is the safe practice, five if you have the storage.
If you want to check a number against the national registry before calling, the FCC and FTC both provide access. The process is covered in how do i get the do not call list.
LeadCompliant's TCPA compliance kit includes a record-keeping template built for prerecorded campaigns, with fields for opt-out logging and suppression verification.
Frequently asked questions
Does a prerecorded call to a consenting customer still need an opt-out mechanism?
Yes. The FCC's opt-out mechanism requirement applies to all prerecorded telemarketing calls, even those to consumers who gave prior express written consent. Consent lets you make the call; it does not remove the consumer's right to opt out of future calls. You must still include the automated opt-out disclosure and honor any opt-out within 10 business days.
Can I use a callback number as my opt-out mechanism instead of a keypress?
No. The FCC requires an automated, interactive opt-out mechanism. A callback number makes the consumer place a separate call and deal with a human or a second IVR, which fails the automated requirement for a mechanism available during the original call. A DTMF keypress (like pressing 9) that suppresses the number immediately is the standard compliant approach.
What happens if a consumer opts out and I call them again by mistake?
That is a separate TCPA violation, potentially $500 to $1,500 in statutory damages per call. If you called multiple times after the opt-out, each call is its own count. Courts have found willful violations, triggering $1,500 treble damages, when records show the opt-out was logged but calls kept coming. Real-time suppression feeding every active campaign is the only reliable protection.
How long does the company have to process a DNC opt-out from a prerecorded call?
Ten business days is the statutory maximum under 47 C.F.R. § 64.1200(d)(3). If your IVR captures the opt-out in real time, there is no technical reason to wait. Many plaintiff attorneys argue any delay after the IVR logs the request is unreasonable. Treat the 10-day rule as the legal ceiling, not the target.
Does the opt-out rule apply to prerecorded calls left as voicemails?
Yes. A prerecorded message left as a voicemail is still a covered call under the TCPA. It must include the caller's identity, a callback number, and an opt-out mechanism. If the voicemail cannot carry an interactive DTMF keypress, you must give clear opt-out instructions and process those opt-outs through an accessible means, typically a working toll-free number that feeds an automated suppression system.
Are purely informational prerecorded calls exempt from the opt-out mechanism requirement?
Generally yes, if the call carries no advertisement or telemarketing content. Fraud alerts, appointment reminders, and utility outage notices from companies with an existing relationship are usually exempt. But if the message includes any promotional content, even briefly, it likely counts as telemarketing and the full opt-out requirement applies. When in doubt, include the opt-out anyway; it costs almost nothing.
Can a third-party vendor be responsible for TCPA violations in a prerecorded call on my behalf?
Both you and the vendor can be liable. The FCC holds that vicarious liability applies when a seller knows about or ratifies unlawful calling by an agent or vendor. If you hired a vendor to run prerecorded calls and their IVR lacked a working opt-out, plaintiffs typically sue both parties. Due diligence on vendor compliance, including written representations and testing, is your responsibility.
What is the FCC rule number that governs prerecorded call opt-out requirements?
The primary rule is 47 C.F.R. § 64.1200, which implements 47 U.S.C. § 227 (the TCPA). The current opt-out mechanism requirement was established in FCC Report and Order FCC 12-21, adopted February 15, 2012, effective October 16, 2013. The rule requires an automated interactive opt-out available throughout the call and a 10-business-day suppression window.
Do state laws add any additional opt-out requirements beyond the federal TCPA rules?
Several states do. Florida's Telephone Solicitation Act (FTSA) added per-call damages for calls to Florida area codes and its own consent and opt-out requirements. Oklahoma, Washington, and others have similar laws. State requirements often stack on top of TCPA requirements rather than replacing them. A compliant federal opt-out is a floor, not a ceiling, if you call into multiple states.
How should opt-out data from prerecorded calls integrate with my CRM and dialer?
The opt-out must move from the IVR to your suppression list before the next campaign runs. Ideally the IVR writes directly to a suppression table in real time, and your dialer checks that table before every dial. If you export a nightly file from your IVR into a separate CRM, that lag opens a window where a suppressed number could get called again. Real-time API integration between IVR and CRM is the most defensible setup.
Can I charge a fee or require account login to process an opt-out?
No. The FCC's framework requires opt-out to be easy and free. Any friction, including making the consumer log in, provide an account number, or pay a fee to be removed, would almost certainly be treated as failing to provide a meaningful opt-out. The mechanism must work immediately for any caller, with a single interaction.
What is the maximum FCC fine for failing to include an opt-out mechanism in a prerecorded call?
The FCC can impose forfeitures in the tens of thousands of dollars per violation under its administrative enforcement authority, adjusted periodically for inflation. In cases involving thousands of calls, total forfeitures can reach millions. This is separate from private TCPA litigation, where plaintiffs recover $500 to $1,500 per call. Both types of liability can hit the same campaign at once.
Does the opt-out need to be offered in multiple languages?
The TCPA and FCC rules do not explicitly require multi-language opt-out disclosures. But if you target a population that mainly speaks a language other than English and your opt-out runs only in English, a court could find the mechanism was not meaningfully accessible. Best practice is to deliver the opt-out disclosure in the same language as the substantive message.
Is there a safe harbor if my opt-out mechanism fails due to a technical error?
There is no explicit statutory safe harbor for technical failures in the opt-out mechanism. Courts have weighed good-faith efforts and lack of willfulness in damages, and documented testing can support an argument that a failure was inadvertent rather than knowing. The safer position is preventing the failure: redundant IVR testing, pre-campaign checklists, and real-time suppression are far cheaper than litigation.
Sources
- 47 U.S.C. § 227, Telephone Consumer Protection Act: Statutory basis for FCC authority to require opt-out mechanisms; $500/$1,500 per-call damages provision
- FCC, Report and Order FCC 12-21 (2012) and 47 C.F.R. § 64.1200: Requires automated interactive opt-out mechanism throughout prerecorded telemarketing call; caller identity disclosure at outset; 10-business-day suppression window
- FCC, TCPA rules and vicarious liability under 47 C.F.R. § 64.1200: Sellers can be vicariously liable for TCPA violations by third-party vendors placing calls on their behalf
- FTC, Telemarketing Sales Rule (TSR), civil penalty amounts: FTC civil penalties under TSR up to $51,744 per violation
- 11th U.S. Circuit Court of Appeals, Insurance Marketing Coalition v. FCC, No. 24-10277 (2025): 11th Circuit vacated FCC's one-to-one consent rule (FCC 24-25) in January 2025; core opt-out mechanism requirement unaffected
- TRACED Act, Pub. L. 116-105 (2019): TRACED Act gave FCC enhanced enforcement tools and directed carriers to implement robocall-blocking technology
- 28 U.S.C. § 1658, federal four-year statute of limitations: Federal four-year statute of limitations applies to TCPA private actions
- FTC, National Do Not Call Registry: National DNC Registry rules and access requirements for telemarketers