How to reduce outbound volume during TCPA rule changes

TCPA rule changes can trigger $500, $1,500 per-call liability. Here's how to cut outbound volume safely without killing your pipeline. Practical steps inside.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-11

Person pausing at office desk with phone set down during outbound calling compliance review
Person pausing at office desk with phone set down during outbound calling compliance review

TL;DR

When the FCC updates TCPA rules, every call or text you send under the old framework is a possible $500, $1,500 violation. The safest move is a temporary, structured volume cut: pause the riskiest segments, re-scrub against the National DNC Registry, confirm your consent records, then ramp back up under the new rules. This article walks through exactly how to do that.

Why do TCPA rule changes force you to cut outbound volume at all?

The short answer is liability math. Under 47 USC 227, each individual call or text that violates the TCPA carries a statutory damages floor of $500 and a ceiling of $1,500 for willful violations [1]. There is no per-campaign cap. Send 10,000 texts on a Tuesday, and if the FCC's new rules kicked in the Friday before, you potentially owe $5 million to $15 million. That is not a scare story. The Cash App TCPA class action settlement and the Credit One TCPA settlement both involved defendants who kept dialing under frameworks that had already shifted.

The statute at 47 USC 227(b)(3) creates a private right of action allowing a person to sue "in an appropriate court of that State" for each violation [1]. That private right of action is what makes the TCPA dangerous. You do not need a government agency to come after you. Any recipient can file, and class certification is common because the violation is identical for every class member.

Rule changes create one specific problem: the gap between when the FCC issues an order and when your team actually updates every system, script, and list. The FCC's one-to-one consent rule, finalized in December 2023 and set for a 2024 effective date before courts stepped in, is the cleanest example [2]. Companies that ran their lead-gen flows untouched through that transition were the ones most exposed. Cutting volume during that gap is not timid. It is risk management.

What are the most recent TCPA rule changes you need to know about?

The FCC has been unusually busy on TCPA rulemaking since 2021. Here are the changes that matter most to outbound teams right now.

The one-to-one consent rule (FCC 23-107) was adopted December 13, 2023. It would have required each consumer's consent to name a single seller, killing the lead-gen habit of a consumer checking one box and agreeing to calls from dozens of "marketing partners" [2]. The Eleventh Circuit vacated the rule in January 2025 [10], but the FCC has signaled it may pursue similar requirements through other channels. Treat this as a temporary stay, not a permanent win.

The lead generator loophole closure was part of that same 2023 order. The FCC's stated reason was that consumers had no real way to know how many companies would end up contacting them [2]. The rule got vacated, but plaintiff attorneys are already arguing that older multi-seller consent structures were never valid under existing TCPA standards. The litigation risk is real whether or not the formal rule is in force.

The reassigned numbers database (RND) launched in 2021 as a safe harbor mechanism [3]. Query the RND before a campaign, see a number flagged as reassigned, skip it, and you have a safe harbor defense. That defense only applies if you actually use the database. Plenty of small teams still do not.

Calling hours stay set at 8 a.m. to 9 p.m. local time for the called party [4]. That has not changed federally, but state laws keep tightening it. Florida, Oklahoma, and several others run shorter windows. The TCPA page on this site has the state-by-state breakdown.

TCPA compliance is not a set-and-forget thing. The FCC issues declaratory rulings, courts interpret them, and state attorneys general pile on. Every time a major ruling drops, you need a short pause to audit before you keep dialing.

How much volume should you actually cut, and for how long?

This depends on three things: how certain you are of your consent records, how automated your dialing is, and how fast your team can move.

If you use an autodialer (ATDS) or prerecorded messages to call cell phones, your exposure is at its highest. The FCC's definition of ATDS has been contested since the Supreme Court's 2021 Facebook v. Duguid decision [5], but any system that stores or produces numbers using a random or sequential number generator still carries risk. In that scenario, cutting 100 percent of automated cell phone outreach until you have re-confirmed consent records is the prudent call.

For teams doing manual dials to landlines with existing business relationships (EBR), the risk is lower and you can keep going with tighter scrubbing. The EBR exemption lets you call existing customers for up to 18 months after the last transaction without separate do-not-call consent, provided the number is not on the National DNC Registry [4].

Here is a rough framework, drawn from the tiers most compliance attorneys describe in industry guidance:

Outreach typeRecommended pauseResume condition
Automated calls/texts to cell phones (new leads)Full pause, 5-14 daysConsent re-confirmed in writing
Automated calls to landlines (no EBR)Full pause, 3-7 daysList re-scrubbed against DNC
Manual calls to existing customers (EBR)Reduce 25-50%, continue scrubbingUpdated process docs signed off
SMS to opted-in list with clear recordsReduce 50%, audit consent timestampsRecords verified, unsubscribes honored

The 5-14 day range for a full pause is not arbitrary. That is roughly how long a small team takes to pull consent records, run them through a scrubbing tool, check the reassigned numbers database, and get legal sign-off on updated scripts. Bigger organizations take longer.

TCPA: Key numbers every outbound team must know Statutory thresholds and compliance timelines under 47 USC 227 and FCC rules 500 $500 per violation (baseline statutory damages) 1,500 $1,500 per willful violation 31 31-day maximum DNC scrub interval (days) 18 18-month EBR window for existing customers (months) Source: FCC TCPA regulations (47 CFR 64.1200) and 47 USC 227, 2024

How do you scrub your list before resuming outbound calls?

List scrubbing during a TCPA rule change has to happen in a specific order, or you will miss things.

Step one is the National DNC Registry. You are required by law to scrub against it at least every 31 days [9]. If you have not scrubbed in more than 31 days, stop dialing immediately and scrub before anything else. You reach the registry through the FTC's donotcall.gov portal. Our do not call list guide covers the mechanics of accessing it, and if you have not set up your organization's subscription yet, the how do I get the do not call list page walks through account setup step by step.

Step two is the reassigned numbers database, run by SOMOS under FCC authorization [3]. Query every number you plan to dial. If the database shows the number was reassigned after the date your consent was collected, you cannot safely call it. The safe harbor requires that you have no actual knowledge of the reassignment, and the RND is how you establish that.

Step three is your internal suppression list. Every number that has asked not to be called, sent a STOP text, or been flagged by a prior campaign has to come off. For text message marketing specifically, STOP requests must be honored promptly.

Step four is state-specific DNC lists. Some states, including California, Texas, and Indiana, keep separate registries [6]. Checking only the federal list leaves you exposed to state TCPA analog statutes.

Step five is number type verification. Cell phones and landlines get treated differently under the TCPA. A number that was a landline when you collected it may now be a ported cell number. Real-time line-type tools catch this before a call goes out.

Do all five before you resume volume. Skipping any one is the kind of thing a plaintiff's attorney finds in discovery.

Consent is the single biggest battleground in TCPA litigation. Prior express written consent is required for autodialed calls and texts to cell phones for commercial purposes [1]. The FCC's regulations at 47 CFR 64.1200 define what written consent has to include: a clear and conspicuous disclosure, the consumer's signature (electronic is fine), and a specific agreement to receive autodialed calls or texts from the named company [4].

During a rule change audit, pull your consent records and check these specific things for every record you plan to use.

First, who is named as the consenting company? If your form named "our marketing partners" or a list of companies, that consent is legally shaky under even pre-2023 standards. The one-to-one consent rule may be vacated, but plaintiff attorneys are using the FCC's own rationale from that order to argue vague multi-party consents were never valid.

Second, what is the timestamp? Consent collected before certain FCC orders may predate requirements added later. You need to know what the rules were when the consent was collected, and whether your form met those rules at that time.

Third, is there a record of the specific language? Storing a bare "Y" in a consent field is not enough. You need the actual form or popup the consumer saw, the date, the IP address, and often the page URL. Courts have thrown out TCPA consent defenses where the defendant could only produce a checkbox field with no form text behind it.

Fourth, for leads you bought from third-party lead generators, can you independently verify the consent? You cannot rely on the lead generator's word. No documentation, no calls to that list until you get it.

LeadCompliant's free consent record checker can flag gaps in your existing records before you resume outreach. It is not a substitute for legal review, but it will tell you where your documentation is thin.

Should you pause SMS campaigns separately from phone calls?

Yes. Treat them separately, because the risk profile is different.

For calls, the ATDS definition question still leaves gray area depending on your dialing technology. For SMS to cell phones, there is almost none. A text to a cell phone number is covered by the TCPA's cell phone provisions regardless of how it was sent, and autodialed texts to cell phones require prior express written consent [1].

During a rule change window, SMS is often the higher-risk channel. Here is why.

Opt-out handling is instant and expected. A consumer who sends STOP must not get another marketing text. If your SMS platform has any processing lag and you fire a batch during that lag, you have violated the TCPA for every person in the batch who already opted out.

Delivery is logged. Unlike a phone call, where there can be ambiguity about whether anyone answered, SMS delivery receipts create a clean record that the message arrived. That makes class certification easier for plaintiffs.

Pause your SMS campaigns first. Honor all pending STOP requests, audit your list, then resume on a staggered schedule instead of blasting a full batch at once. Staggered sending also gives you time to catch deliverability issues before the whole list is affected.

The mobile phone do not call list page has more on how cell numbers are treated under the federal DNC rules, which apply to calls but not directly to texts (texts run on the consent requirements instead).

How do you keep some pipeline moving while you cut volume?

A full stop is the safest option legally. It is not always operationally viable. Here is how to keep moving without taking on the riskiest exposure.

Focus your calls on existing customers with clear EBR documentation. The 18-month EBR window for sales calls, or the 3-month window for inquiries, lets you reach people who already know you without fresh consent [4]. These calls are lower risk as long as the numbers are DNC-scrubbed.

Prioritize inbound-initiated callbacks. Someone who called you and asked for a callback has shown a level of consent that is far easier to document. During a compliance pause, shift your team's hours toward working those inbound leads hard.

Email is not covered by the TCPA. It falls under CAN-SPAM [7], but the penalty structure is different and CAN-SPAM class actions are essentially nonexistent next to TCPA class actions. If you have email addresses for your list, shifting volume to email during a TCPA pause is a reasonable bridge.

Referral and partner channels carry zero TCPA exposure on your end. Putting temporary energy into referral programs or partner co-marketing while you sort out your calling compliance is time well spent.

The goal is not to go dark. It is to keep revenue moving through lower-risk channels while you harden the higher-risk ones.

What does your internal process checklist look like during a TCPA rule change?

Here is a practical sequence for a small outbound team. This is not legal advice, and you should involve an attorney for material rule changes, but this is the operational floor.

Day 1 (same day you learn of a major rule change):

  • Pause all automated calling and SMS campaigns immediately
  • Pull the FCC order or court ruling and read the effective date, more than the headlines
  • Note whether the change is effective immediately, phased, or subject to further rulemaking

Days 2-4 (list audit):

  • Scrub against the National DNC Registry [9]
  • Query the reassigned numbers database [3]
  • Pull your internal suppression list and verify it is applied
  • Flag every record where consent documentation is missing or unclear

Days 3-7 (consent audit):

  • Pull consent form language for each lead source
  • Verify timestamps, IP records, and form version
  • Segregate any third-party-purchased leads where consent cannot be independently verified
  • Quarantine those leads until you get proper documentation or written indemnification from the lead seller

Days 5-10 (legal and process update):

  • Get attorney review of updated consent language
  • Update call scripts to reflect any new disclosure requirements
  • Brief your calling team on what changed and why
  • Document that the training happened (date, attendees, content)

Days 10-14 (phased resume):

  • Resume with EBR calls and fully verified consent records first
  • Run a small test batch of 200-500 calls before opening to full volume
  • Watch opt-out rates, complaint rates, and any inbound TCPA demand letters

Documenting every step matters. If a plaintiff sues over a call made after a rule change, your ability to show a court a written compliance process, executed on specific dates, is the difference between a quick settlement and drawn-out litigation.

How do you handle a TCPA rule change if you use a third-party dialer or BPO?

This is where a lot of small companies get surprised. You are liable for TCPA violations by your agents, contractors, and lead generators if you directed, ratified, or had reason to know of the violation [5]. The Facebook v. Duguid decision in 2021 narrowed the ATDS definition [5], but it did not touch vicarious liability rules.

If you use a third-party dialer or outsource calling to a BPO, do the following.

Pause and notify immediately. Send a written notice (email is fine, keep the thread) telling the vendor to stop calling your lists. Keep a copy. If the vendor keeps dialing after your written instruction, that record shows you tried to stop it.

Ask for their compliance documentation. Any reputable dialer or BPO can show you their DNC scrubbing schedule, their consent verification process, and their ATDS documentation. If they cannot, that is a problem that predates the current rule change.

Review your contract. Your vendor agreement should have TCPA indemnification language. If it does not, or if the indemnification is capped at a low amount, address that at your next renewal. Settlements like the cash app TCPA class action settlement show how fast liability scales to eight figures, and your vendor's indemnification cap may not cover your exposure.

Get written confirmation before you resume. Before you let a vendor restart dialing on your behalf, get written confirmation that they have updated their process for the new rules. If they get vague or push back, treat that as a serious red flag.

What are the biggest mistakes outbound teams make during TCPA rule changes?

These come up over and over in litigation and FCC enforcement actions.

Waiting for certainty before pausing. Rule changes often arrive with contested effective dates, ongoing appeals, and contradictory signals from the FCC and courts. Teams that wait for perfect clarity dial straight through the entire exposure window. The safer play is to pause early and resume once you have clarity, even if that costs you a week or two of lower volume.

Treating a court stay as a green light. When the Eleventh Circuit stayed the one-to-one consent rule, some companies read that as permission to go back to bulk lead-gen consent. The stay only meant that specific rule was not in effect. Plaintiff attorneys can still argue that pre-existing TCPA standards invalidate vague multi-party consent. A court stay is not an audit waiver.

Not documenting the pause. If you reduce volume but never write down that you did it, why, and what you changed, you lose the compliance narrative in litigation. The record of the compliance effort can be worth as much as the compliance itself.

Forgetting state laws. Even when the federal TCPA creates no new obligation from a given rule change, state analogs in Florida, Washington, and Illinois may impose stricter requirements [6]. A federal pause that ignores state law is an incomplete pause.

Resuming too fast. The pressure to hit monthly pipeline numbers is real, and compliance pauses cost you in opportunity. But resuming before your consent records are verified or your team is trained on the new rules restarts the exposure clock. Slow the resume down more than feels comfortable.

Where can you find official TCPA rule change notices and stay current?

The FCC's website publishes all rulemaking proceedings, orders, and declaratory rulings. The TCPA docket to watch is CG Docket 02-278 [2]. You can set up email alerts on the FCC's Electronic Comment Filing System (ECFS) for filings in that docket.

The FTC keeps separate DNC rules under the Telemarketing Sales Rule (TSR) at 16 CFR Part 310, with updates on the FTC's rules page [8]. The TCPA and TSR overlap but are not identical. The FCC governs the TCPA, the FTC governs the TSR, and both can apply to the same call.

The National Law Review, TCPA World, and Klein Moynihan Turco's blog are the three publications most compliance practitioners watch for fast TCPA updates. They are not primary sources, but they surface FCC orders quickly and in plain English.

For your internal team, subscribe to the FCC's public notice emails and set a recurring calendar event to check the docket monthly. The compliance gap that hurts most outbound teams is not malice. It is inertia. Nobody checked the docket, and the new rules went live while everyone was focused on quota.

The LeadCompliant compliance kit includes a one-time TCPA audit checklist and a rule-change response template you can use internally to standardize your pause-and-resume process. Worth having before you need it.

For teams managing DNC compliance alongside calling rules, the do not call telemarketer list page covers what commercial telemarketers specifically have to do under the TSR, which sits alongside the TCPA obligations.

Frequently asked questions

How quickly do TCPA rule changes take effect?

It varies. Some FCC orders include a specific effective date, often 30 to 90 days after publication in the Federal Register. Others take effect immediately on adoption. A court order staying a rule can shift the timeline further. The safest approach is to treat the publication date as your compliance deadline and start your internal audit before that date, not after.

Do I have to stop all cold calling during a TCPA rule change?

Not necessarily. Manual calls to landlines for existing customers with a documented EBR carry much lower TCPA risk than autodialed calls to cell phones for new leads. Make the pause risk-tiered: full stop on the highest-risk channels, reduced volume with tighter scrubbing on the lower-risk ones. A blanket stop is the safest call, but a tiered approach works if your documentation is solid.

It is the standard required for autodialed or prerecorded calls and texts to cell phones for commercial purposes. The FCC's rules at 47 CFR 64.1200 require a clear and conspicuous disclosure, an unambiguous agreement to receive such communications, and the consumer's signature (electronic works). The consent must name the specific company making the calls. A generic 'marketing partners' disclosure does not clearly satisfy this standard.

How often do I need to scrub my list against the National DNC Registry?

At least every 31 days under the FTC's Telemarketing Sales Rule, which runs parallel to your TCPA obligations. If you scrub on a calendar-month schedule and a rule change drops mid-month, scrub again before resuming. Monthly is the minimum. Many compliance-focused teams scrub every two weeks or in real time through an API integration.

Can I still text people who opted in before the latest TCPA rule change?

Generally yes, if you have documented prior express written consent that met the standards in effect when it was collected, and that consent specifically covers texts from your company. Review the form language and timestamp. If the consent came through a lead generator using a multi-seller checkbox, verify whether that specific consent is defensible under current FCC interpretations before you resume texting.

What happens if a court stays a new TCPA rule?

A court stay means the rule is not currently in force and violations of that specific rule cannot be cited in enforcement. But a stay does not erase the underlying TCPA statute or existing FCC regulations. Plaintiff attorneys can still bring private actions under other TCPA provisions. A stay is not a compliance holiday. Keep the rest of your compliance infrastructure running even when a specific rule is stayed.

How does vicarious liability work if I use a third-party calling vendor?

You can be held liable for your vendor's TCPA violations if you directed the calls, ratified the conduct, or had reason to know violations were happening. Written instructions to pause, plus contract indemnification language and vendor compliance documentation, are your main defenses. After any rule change, get written confirmation from your vendor that they have updated their process before you let them resume calling your lists.

What is the reassigned numbers database and do I have to use it?

The reassigned numbers database (RND) is an FCC-authorized database operated by SOMOS that tracks when a phone number changes hands between consumers. You are not legally required to query it, but querying it before each campaign creates a safe harbor defense: if you checked, found no reassignment, and still reached the wrong person, your liability is reduced. For cell phone campaigns, skipping the RND is a meaningful gap.

Are there states with stricter rules than the federal TCPA during rule changes?

Yes. Florida's Telephone Solicitation Act, Washington's Commercial Electronic Mail Act, Illinois's Automatic Telephone Dialers Act, and California's consumer protection statutes all create obligations that can exceed federal TCPA minimums. Some states set shorter allowable calling hours or broader definitions of what counts as an automated dialer. A federal compliance review is not enough on its own.

How long should a TCPA compliance pause last before I resume full volume?

For fully automated calls to cell phones, plan for a 5 to 14 day pause to audit consent records, re-scrub your list, check the reassigned numbers database, and update scripts and training. For lower-risk channels like manual calls to existing customers, a 3 to 5 day scrub-and-verify cycle is more typical. Phase the resume: test a small batch first and watch for complaint signals before opening to full volume.

What documentation should I keep to prove TCPA compliance after a rule change?

Keep the consent form text and version, the consumer's timestamp and IP address, your DNC scrub logs with dates, the reassigned numbers database query results, written notices to vendors telling them to pause, training records showing when your team was briefed, and the specific FCC order or court ruling you were responding to. Courts look for a documented, good-faith compliance effort. A folder of dated files beats a verbal 'we followed the rules.'

Does cutting volume during a rule change actually reduce my legal exposure?

Yes, directly. TCPA damages are per-call or per-text. Fewer calls means fewer potential violations. Beyond the math, a documented pause-and-audit process strengthens your defense by showing you acted in good faith once you became aware of a rule change. Courts and the FCC treat willful violations far more harshly than good-faith errors, and a documented pause is evidence against willfulness.

What is the difference between the TCPA and the Telemarketing Sales Rule during a rule change?

The TCPA (47 USC 227) is enforced by the FCC and governs the technology used to make calls and texts, consent requirements, and calling hours. The TSR (16 CFR Part 310) is enforced by the FTC and covers deceptive telemarketing practices, required disclosures, and the National DNC Registry. Both can apply to the same call. A change to one does not automatically change the other, so check both the FCC's docket and the FTC's rules page when compliance news breaks.

Sources

  1. U.S. Code, 47 USC 227 (TCPA full statute text): $500 statutory damages per violation, $1,500 for willful; private right of action for each call or text
  2. Electronic Code of Federal Regulations, 47 CFR 64.1200 (FCC TCPA rules: consent, calling hours, EBR): Calling hours 8am-9pm local time; written consent requirements; EBR window 18 months
  3. Supreme Court of the United States, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition; vicarious liability for third-party callers unchanged
  4. National Conference of State Legislatures, State Telemarketing Laws: Multiple states including Florida, Washington, Illinois maintain stricter telemarketing rules than federal TCPA
  5. FTC, CAN-SPAM Act: A Compliance Guide for Business: Email governed by CAN-SPAM, not TCPA; different penalty structure; class actions under CAN-SPAM are rare
  6. FTC, Telemarketing Sales Rule (16 CFR Part 310): FTC's TSR requires DNC scrubbing at least every 31 days; runs parallel to TCPA obligations
  7. FTC, National Do Not Call Registry: Federal DNC Registry administered by FTC; telemarketers must scrub against it every 31 days
  8. U.S. Court of Appeals for the Eleventh Circuit, Insurance Marketing Coalition v. FCC (2025): Eleventh Circuit vacated FCC one-to-one consent rule January 2025; rule not currently in effect

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit