Last updated 2026-07-09

TL;DR
Peer-to-peer texting avoids TCPA's autodialer rules only when a human sends each message individually. The moment your platform queues, bulk-sends, or automates delivery, courts and regulators treat it like an ATDS. You still need written consent, a working opt-out process, and audit-ready records no matter which platform you use.
What is peer-to-peer texting and does TCPA apply to it?
Peer-to-peer (P2P) texting, for TCPA purposes, means a real person sits at a keyboard or phone and sends messages one at a time, with no system queuing or auto-delivery. Picture a political canvasser firing off personalized texts from an app, or a sales rep sending a follow-up from a cell phone. Regulators have historically gone easier on that than on bulk SMS blasts.
The TCPA itself, 47 U.S.C. § 227, never uses the words "peer-to-peer" [1]. The statute restricts using an "automatic telephone dialing system" (ATDS) to text or call cell phones without prior express consent. Whether P2P texting trips that wire depends entirely on whether your platform counts as an ATDS. Courts have fought over that for years and still don't fully agree.
Here's the short version. If a human manually sends each message and the platform has no capacity to auto-generate or auto-send from a stored list, you're likely outside the ATDS definition the Supreme Court drew in Facebook v. Duguid (2021) [2]. If your "P2P" platform auto-queues messages for agents to click through fast, a plaintiff's lawyer will call it an ATDS. Several have won that argument.
So yes, TCPA applies to P2P texting. Which rules bite hardest depends on what your platform actually does, not what its sales page calls it.
What did Facebook v. Duguid change for P2P texting compliance?
Facebook v. Duguid, 592 U.S. 395 (2021), was the biggest TCPA ruling in decades. The Court held that an ATDS must have the capacity to "use a random or sequential number generator" to store or produce numbers [2]. A system that just dials or texts from a stored list, without that generator function, isn't an ATDS under this reading.
For P2P programs, that was good news. If your platform pulls a contact list and lets a human click "send" on each one, you have a real argument that no ATDS is involved. That knocks out the main TCPA prohibition lawyers used to chase text marketers.
The catch is that Duguid didn't erase TCPA liability for texts. Three problems survived the ruling.
State mini-TCPA laws didn't change. Florida's FTSA, for one, defines automated systems more broadly than the federal standard [3]. The FCC's consent rules for non-emergency texts to cell phones still apply, ATDS or not, depending on the commercial purpose. And if your P2P platform does have auto-send or queue-and-blast features, a court can still stamp it as an ATDS. Don't let a vendor's "P2P" label do your legal work.
The practical read on Duguid: genuine human-initiated P2P texting carries lower TCPA exposure than autodialed blasts. It is not a free pass.
What kind of consent do you need before sending P2P texts?
Consent rules for texts under the TCPA turn on what the message says [4].
| Message Type | Consent Standard | Form Required |
|---|---|---|
| Informational / transactional (non-marketing) | Prior express consent | Oral or written |
| Telemarketing / advertising | Prior express written consent | Written only |
| Emergency messages | No consent required | N/A |
Most outbound sales and marketing teams send promotional texts. That means you need prior express written consent, which the FCC defines as a signed written agreement (electronic signatures count) that clearly authorizes the sender to send autodialed or prerecorded texts and includes the recipient's phone number [4]. The consent has to disclose that agreeing to texts is not a condition of buying anything.
Even if your P2P platform ducks the ATDS definition under Duguid, you're still sending commercial texts to cell phones. Other FCC rules, state laws, and common-law claims can reach you. The safe posture is to treat consent as required even in the gray zones.
Consent must be specific to your company. Shared consent forms that bundle multiple sellers are now disfavored under the FCC's one-to-one consent rule, which took effect for most covered calls in January 2025 [5]. If your lead vendor collects consent for a whole list of companies on one click, that consent is suspect. Each business needs its own clear consent.
Get it in writing. Store it with a timestamp and the source URL or document. You'll need it the day a plaintiff's lawyer calls.
How do you pick a P2P texting platform that won't get you sued?
Platform choice is probably the single biggest compliance variable in P2P texting. Two tools can both call themselves "P2P" and carry wildly different risk, depending on how the technology actually runs.
Ask every vendor these questions before you sign anything.
Does the platform auto-send messages without a human triggering each one? A yes is a red flag. Genuine P2P needs human-initiated sends.
Can it blast a list without agent action on each individual message? Again, a yes pushes you toward ATDS territory no matter the branding.
Does it handle opt-out keywords (STOP, UNSUBSCRIBE, QUIT, CANCEL, END, HELP) automatically? It should. The FCC requires opt-out requests be honored within a reasonable time, and automated handling takes human error out of it [4].
What data does it retain? You need send timestamps, delivery receipts, and a record of who clicked send. If the vendor can't show you a compliance log, walk away.
Does it scrub against the National DNC Registry before allowing sends? For telemarketing texts, this matters a lot. Texts get you into DNC trouble faster than calls do.
LeadCompliant's free compliance tools (leadcompliant.com) include a DNC scrub checker and a consent documentation template you can run before loading contacts into any P2P platform.
One more check: has the platform been named in TCPA litigation? Vendors who've been defendants or co-defendants in class actions may have fixed their tech since, but that track record is worth a look.
What opt-out rules apply to peer-to-peer texts?
Opt-out handling is where a lot of P2P programs fall apart. The FCC requires that any consumer who sends a standard opt-out keyword, STOP, QUIT, CANCEL, END, UNSUBSCRIBE, or HELP for information, be honored promptly [4]. In a P2P program where a human reads and answers replies, the human should catch those. In practice, humans miss them.
Your program needs a written procedure for what happens when someone texts STOP. It should log the opt-out with a timestamp, remove the number from all active contact lists inside a set window (many teams use 24 hours; the TCPA sets no statutory deadline, but the FCC expects prompt compliance), and suppress the number from future sends across every campaign and sub-list.
At any real volume, manual opt-out management is a liability. Even if humans send the texts, they should not track opt-outs in a spreadsheet. Use a suppression list the platform checks before each send, or a CRM that maintains suppression automatically.
Think about re-consent too. If someone opts out and later fills out a new consent form, you can re-engage them. But you need a timestamp proving the new consent is newer than the opt-out. Keep both records.
State laws add another layer. California's CPUC rules and Florida's FTSA carry opt-out provisions that run alongside the federal ones [3]. Assume the strictest applicable standard applies.
Do the National DNC Registry rules apply to P2P texts?
The National Do Not Call Registry, run by the FTC under 16 C.F.R. Part 310, covers telephone solicitations [6]. The FTC and FCC both treat text messages as "telephone calls" for regulatory purposes, so a telemarketing text to a number on the DNC Registry can draw a violation even when a human sends it P2P.
The FTC can seek civil penalties up to $51,744 per violation as of 2024, and that figure adjusts for inflation over time [11]. Each text to a DNC-registered number is a separate violation.
The TCPA also carries its own internal DNC protection. Consumers can tell a company directly to stop calling or texting them (a "company-specific" DNC request), and those requests must be honored for at least five years [1].
For P2P compliance, the steps are concrete. Register with the National DNC Registry as a telemarketer if you're doing commercial outreach. Pull and scrub your contact lists against the registry every 31 days or less; the rule requires scrubbing within 31 days of your most recent download [6]. And keep a company-specific DNC list your P2P platform checks before any send.
None of this is optional for P2P. The registry doesn't care how the text got sent. If the number is registered and the message is a solicitation, you're exposed.
What records do you need to prove TCPA compliance?
If you get sued or the FCC comes knocking, your documentation is your defense. TCPA litigation often shifts the burden fast: once a plaintiff shows they got a text they didn't want, the sender has to produce evidence of consent.
Keep these records for every contact in your P2P program.
Consent record: the signed consent form or electronic consent capture, with the exact timestamp, IP address, and the specific disclosure language the consumer agreed to.
Source documentation: where the lead came from, including the URL of the web form or the vendor name if you bought it. The FCC's one-to-one consent rules make lead source documentation more important than ever [5].
Send log: which number got texted, who sent it (agent ID), the timestamp, the message content or template ID, and platform delivery status.
Opt-out log: any STOP or opt-out response received, the timestamp, and when the number hit the suppression list.
DNC scrub records: the date each scrub ran, which list version you used, and which numbers got suppressed.
How long do you keep all this? The TCPA has a four-year statute of limitations under 28 U.S.C. § 1658, so hold records at least four years from the date of last contact [7]. Some practitioners keep five to build a buffer.
Store records somewhere besides your P2P platform's servers. Switch platforms or watch a vendor shut down, and your defense goes with it. Export and back up on a schedule.
What are the actual TCPA penalties for a bad P2P texting program?
The TCPA gives consumers a private right of action and sets statutory damages at $500 per violation, or up to $1,500 per willful or knowing violation [1]. Every text to an unconsenting number is its own violation. Class actions multiply that in a hurry.
Real settlements show the scale. UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations involving text messages [see /articles/tcpa-basics/unitedhealthcare-to-pay-2-5m-for-alleged-tcpa-violations]. Credit One Bank settled a TCPA class action tied to autodialed contacts [see /articles/tcpa-basics/credit-one-tcpa-settlement]. Truist Bank and Albertsons/Safeway have both faced large TCPA class settlements in recent years [see /articles/tcpa-basics/truist-bank-tcpa-class-action-settlement] [see /articles/tcpa-basics/albertsons-safeway-tcpa-settlement].
None of those companies thought they were doing something obviously illegal. Most cases grew out of consent documentation gaps, purchased lead lists with stale or invalid consent, or platform behavior the sender never fully understood.
Run the math for a small team. A single class action with 10,000 members at $500 per text is $5 million in exposure before attorneys' fees. Class counsel usually takes 25 to 33 percent of a settlement, and the defendant pays its own lawyers on top of that. Defending a TCPA class action routinely costs six figures before anyone talks settlement.
The risk isn't theoretical. TCPA class filings stayed elevated through 2023 and 2024, and P2P texting programs have been specific targets [8].
How do state mini-TCPA laws affect your P2P texting compliance?
Federal TCPA is the floor, not the ceiling. About a dozen states have passed laws stricter on at least one point, and several hit P2P programs directly.
Florida's Telephone Solicitation Act (FTSA), Florida Statutes § 501.059, defines an "automated system" more broadly than the post-Duguid federal ATDS standard, covers texts by name, and creates a private right of action at $500 per violation [3]. Florida plaintiffs' attorneys have been aggressive under it. Text Florida numbers and you need Florida-specific consent practices.
California layers the CPUC's text messaging rules on top of the California Consumer Privacy Act, which adds data-handling duties beyond consent. If your text program collects personal data (it does), CCPA compliance is a parallel obligation [9].
Oklahoma, Washington, and Texas each have their own telephone solicitation laws with different consent and opt-out standards. Texas, for example, keeps its own DNC list for intrastate calls and texts.
Here's what works for a multi-state P2P program. Figure out which states make up most of your list, look up the statute for each, and build your consent language and procedures to satisfy the strictest one that touches you. Trying to run state-by-state variations inside a small team almost always breaks down. Pick the strictest standard and apply it everywhere.
This area is still moving fast. Check for legislative updates at least once a year, and know that when a new TCPA-adjacent state law passes, it usually shows up in the compliance press if you're paying attention.
What does a practical P2P texting compliance checklist look like?
Here's what a well-run P2P program actually has in place, in the order you'd build it.
Step 1: Audit your platform. Write down exactly how your tool works. Can it auto-send without human action per message? Does it queue messages for rapid-fire clicks? Get the vendor's technical documentation in writing and have someone with TCPA knowledge read it.
Step 2: Build your consent flow. For marketing texts, you need prior express written consent that names your company, describes the message purpose, and confirms consent is not a purchase condition [4]. On web forms, use a clear unchecked checkbox and disclosure language. Never rely on pre-ticked boxes.
Step 3: Vet your contact lists. Bought leads? Get the consent documentation from the vendor. Under the FCC's one-to-one consent rules effective 2025, consent must run to your company specifically, not bundle across sellers [5]. Leads without verifiable individual consent to you should not enter your P2P program.
Step 4: Set up DNC scrubbing. Register with the National DNC Registry, pull the list, and scrub your contacts before loading them. Repeat every 31 days [6]. Fold your company-specific suppression list into the same process.
Step 5: Configure opt-out handling. Make sure your platform, or a human workflow with airtight documentation, processes STOP messages and suppresses numbers within 24 hours. Test it monthly.
Step 6: Train your agents. Everyone sending P2P texts needs to know what they can and can't say, how to handle opt-out replies, and what to do when a consumer claims they never consented. Don't assume agents know the rules.
Step 7: Log everything. Timestamp every send, every opt-out, every consent record. Back it up to a system that doesn't depend on your P2P vendor staying in business.
Step 8: Review regularly. Laws change. The FCC issued significant new consent rules in 2024 and 2025. Put a quarterly compliance reminder on the calendar and actually read the updates. LeadCompliant's TCPA news tracker (leadcompliant.com) is one free way to keep current without hiring a full-time compliance attorney.
This isn't a one-time project. It's an ongoing program. The teams that get sued are almost always the ones who set compliance up once and never looked again.
What are the biggest P2P texting compliance mistakes small teams make?
Small outbound teams repeat the same compliance mistakes. Knowing them is half the fight.
The most common one: calling something P2P because the vendor calls it P2P, without verifying what the platform actually does. Some tools sold as P2P have auto-queue features courts have found to be ATDS functionality. Never take a vendor's label as a legal conclusion.
A close second: buying lead lists without getting or checking consent records. A vendor saying its leads are "TCPA compliant" is not documentation. You need the actual consent record, the timestamp, the form language, and the source URL for every number you text [5].
Third: skipping DNC scrubbing because "our platform handles that." Unless you've personally verified the scrubbing process, tested it, and confirmed it updates inside the 31-day window, don't assume it works [6].
Fourth: no written opt-out procedure and no suppression list. Agents texting from a shared tool with no central opt-out tracking will re-contact someone who already said stop. That turns a $500 violation into a $1,500 willful one and hands plaintiffs the pattern evidence they need to certify a class.
Fifth: storing consent records only in the P2P platform. Switch platforms, watch a vendor get acquired, or lose one to a sudden shutdown, and your consent records vanish. Export and store them yourself.
Sixth: ignoring state law. A team texting Florida and California numbers on federal TCPA assumptions alone is running with big blind spots. Florida's FTSA has produced more litigation per capita than almost any other TCPA-adjacent statute [3].
For more, text message marketing and text messaging marketing cover the broader consent framework for any SMS program, P2P or otherwise.
Frequently asked questions
Is peer-to-peer texting actually exempt from the TCPA?
Not exactly. P2P texting isn't named in the TCPA statute. What matters is whether your platform counts as an ATDS under 47 U.S.C. § 227. After the Supreme Court's Facebook v. Duguid ruling in 2021, systems that don't use a random or sequential number generator are less likely to be ATDSs, which helps genuine P2P programs. But consent rules, DNC rules, and state laws still apply regardless of ATDS status.
Do I need written consent for P2P marketing texts?
Yes. If the text has a commercial or advertising purpose, the FCC requires prior express written consent under 47 C.F.R. § 64.1200. That means a signed agreement (electronic is fine) that names your company, describes the message type, and confirms consent is not a condition of purchase. Informational texts need only prior express consent, which can be oral, but for outbound sales texting, assume written consent is required.
What makes a P2P texting platform legally distinct from an autodialer?
After Facebook v. Duguid (2021), an ATDS must have the capacity to use a random or sequential number generator to store or produce numbers. A true P2P platform where a human manually triggers each send, with no auto-queue or bulk-blast capacity, is less likely to meet that definition. The key is the platform's actual technical functionality, not its marketing name. Get the vendor's technical documentation in writing.
Can I text people on the National Do Not Call Registry using a P2P platform?
No. The FTC's Telemarketing Sales Rule covers text solicitations, and sending a commercial text to a registered number can expose you to civil penalties up to $51,744 per violation as of 2024. The delivery method, P2P or otherwise, doesn't override DNC registration. Scrub your contact lists against the National DNC Registry every 31 days before texting them for telemarketing purposes.
How does Florida's FTSA affect P2P texting compliance?
Florida Statutes § 501.059, the Florida Telephone Solicitation Act, defines automated systems more broadly than the post-Duguid federal ATDS standard and covers text messages by name. It creates a private right of action at $500 per violation. Florida plaintiffs' lawyers have used it aggressively since 2021. If any of your contacts have Florida numbers, apply Florida-specific prior express written consent and maintain Florida-compliant opt-out procedures.
How long do I need to keep TCPA consent records?
The TCPA has a four-year statute of limitations under 28 U.S.C. § 1658. Keep consent records, send logs, opt-out logs, and DNC scrub records at least four years from the date of last contact with any number. Many compliance practitioners keep five years for a buffer. Store records outside your P2P vendor's system in case you change platforms or the vendor closes.
What should a P2P texting opt-out process look like?
When a recipient texts STOP, QUIT, CANCEL, END, or UNSUBSCRIBE, your system or a human must log the request with a timestamp, add the number to a suppression list immediately (24 hours is a common standard), and confirm no further texts go out from any campaign touching that number. Test your opt-out process monthly. Re-engagement requires documented new consent that post-dates the opt-out.
What is the FCC's one-to-one consent rule and how does it affect P2P lead lists?
The FCC's one-to-one consent rule, effective January 2025, requires consent to receive marketing texts or calls to be specific to a single named company, not bundled across multiple sellers on one form. If your lead vendor collected consent through a form that listed multiple potential callers, that consent is likely no longer valid for your texting program. You need individual, company-specific consent for each contact you text.
Can a small sales team use P2P texting for cold outreach legally?
Only if recipients have given prior express written consent to your company specifically. Cold outreach via text, meaning contacts with no prior relationship and no consent, is high-risk regardless of the platform. The TCPA has no cold-text exemption. Some teams use text as a warm follow-up after an inbound web inquiry, which can satisfy consent if the form disclosure was adequate.
What happens if my P2P platform auto-queues messages for agent clicks?
Courts have found that rapid-click queuing systems can constitute ATDS functionality even when a human clicks send on each message. If your platform pre-loads messages, orders them for sequential delivery, and lets an agent send hundreds of texts an hour with minimal friction, a plaintiff's attorney will argue it's functionally an autodialer. Get the technical documentation and have it reviewed before deploying at volume.
What does the TCPA actually say about text messages?
47 U.S.C. § 227(b)(1)(A)(iii) prohibits using an ATDS to make any call (including texts, per FCC interpretation) to a cellular telephone without prior express consent, with narrow exceptions for emergencies and certain other calls. The statute doesn't mention texting by name, but the FCC and courts have held since at least 2003 that text messages are calls under the statute.
Are there any free tools to check P2P texting compliance before a campaign?
Yes. The National DNC Registry (donotcall.gov) offers a paid scrubbing service for businesses. The FCC's consumer complaint database can show you whether a vendor or platform has a complaint history. LeadCompliant offers a free DNC checker and a one-time compliance kit at leadcompliant.com covering consent documentation and scrubbing workflows for small outbound teams.
How do TCPA class action lawsuits typically start for texting programs?
Most TCPA text class actions start with one consumer who got an unwanted text, looked up the law, and found a plaintiffs' attorney willing to take the case on contingency. The attorney then subpoenas your send records, hunts for scale (how many others got the same texts), and files for class certification. Weak or missing consent documentation is the most common path to a certified class. See real examples at Credit One TCPA settlement and Truist Bank TCPA class action settlement.
Does using a personal cell phone for P2P sales texts reduce TCPA risk?
Somewhat, but less than most people assume. A personal cell phone makes it harder for plaintiffs to argue an ATDS was involved, since it typically lacks auto-dialing capacity. But consent requirements still apply. Text numbers that haven't consented to hear from your company and you're still exposed to TCPA and state-law claims. The platform matters less than the consent record.
Sources
- U.S. House of Representatives, Office of the Law Revision Counsel, 47 U.S.C. § 227: TCPA statutory text, including $500/$1,500 per-violation damages and ATDS definition
- Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): ATDS must have capacity to use a random or sequential number generator to store or produce numbers
- Florida Legislature, Florida Statutes § 501.059, Florida Telephone Solicitation Act: Florida FTSA covers text messages, has broader automated system definition than post-Duguid federal standard, $500 per violation private right of action
- FCC, 47 C.F.R. § 64.1200, Rules and Regulations Implementing the TCPA: Prior express written consent required for marketing texts; opt-out keyword standards; consent must not be a purchase condition
- FTC, National Do Not Call Registry, 16 C.F.R. Part 310: DNC Registry covers telephone solicitations including texts; scrubbing required within 31 days
- U.S. House of Representatives, Office of the Law Revision Counsel, 28 U.S.C. § 1658: Four-year statute of limitations for TCPA claims and other federal civil actions
- WebRecon LLC, TCPA Lawsuit Statistics 2023-2024: TCPA class action filings remained elevated in 2023 and 2024; P2P texting programs among targeted programs
- California Attorney General, California Consumer Privacy Act (CCPA): CCPA imposes data handling obligations on businesses collecting personal data including text consent records from California residents
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR civil penalty amounts and scope, including text solicitations covered as telephone solicitations; up to $51,744 per violation as of 2024