Last updated 2026-07-09

TL;DR
The TCPA applies to any call or text that reaches a US consumer's phone, no matter where the caller sits. Offshore call centers follow the same consent rules, Do Not Call scrubbing, and calling-hour limits as domestic ones. Violations still cost $500 to $1,500 per call in statutory damages, and consumers can sue in US federal court.
Does the TCPA apply to offshore call centers calling US consumers?
Yes, fully. The TCPA's reach follows where the call lands, not where it starts. The statute, 47 U.S.C. § 227, bars certain calls or texts to US phone numbers without proper consent. There is no carve-out for callers dialing from the Philippines, India, Mexico, or anywhere else.[1]
The FCC has said this over and over. US federal courts have jurisdiction over claims tied to harm to US residents, so a consumer who gets an unwanted robocall on their Texas mobile number can sue the overseas company in US district court. Routing the call through Manila or Mumbai does not push the case outside US law.
So every process your offshore team runs has to meet TCPA standards before the call reaches the US side of the connection. Consent collection. Do Not Call scrubs. Autodialer rules. Calling hours. Being offshore is not a shortcut. It usually adds risk, because the documentation trail is harder to hold together across borders and time zones.
What are the core TCPA rules an offshore center must follow?
Four areas trip up offshore operations more than any others.
Autodialer restrictions. Under 47 U.S.C. § 227(b), using an automatic telephone dialing system (ATDS) or a prerecorded voice to call a cell phone requires prior express written consent from the called party.[1] After the Supreme Court's 2021 ruling in Facebook v. Duguid, the ATDS definition is narrower than it used to be. The equipment has to use a random or sequential number generator. But predictive dialers that generate or store numbers algorithmically may still qualify, and offshore centers running cheap, high-volume dialers need US counsel to assess this, not wave it away.[2] The Court held the term covers only equipment that can "store a telephone number using a random or sequential number generator, or produce a telephone number using a random or sequential number generator."
Do Not Call registry compliance. The FTC's National Do Not Call Registry blocks telemarketers from calling registered numbers.[3] Offshore centers must scrub against the registry before every outbound campaign, and re-scrub at least every 31 days if a campaign runs long. Calls to residential landlines or mobile numbers on the DNC without an established business relationship or written consent are violations no matter the caller's country. Our guide to the do not call list walks through the mechanics.
Calling hours. The TCPA's implementing regulations at 47 C.F.R. § 64.1200 prohibit telemarketing calls before 8 a.m. or after 9 p.m. in the called party's local time.[4] This catches offshore centers constantly. A team dialing from a single shift in India or Costa Rica will punch through outside those windows unless the system enforces the recipient's time zone, not the agent's.
Consent documentation. For marketing calls to cell phones using an ATDS, the FCC requires "prior express written consent" that is signed (including electronic signature), names the seller, and specifies the number being consented to.[5] Verbal consent is not enough for ATDS calls. Offshore teams that lean on a spoken yes captured in a CRM note are walking into lawsuits.
Can a US company be held liable for TCPA violations made by its offshore vendor?
Yes, and this is where US businesses using offshore BPOs get burned. The FCC has found that a seller can be vicariously liable for calls made by a third-party vendor acting on its behalf, even when the vendor is offshore and the US company knew nothing about a specific violation.[5]
The FCC's 2013 declaratory ruling laid out three theories that put the seller on the hook: actual authority (you told them to make the calls), apparent authority (the consumer reasonably thought the caller spoke for you), and ratification (you took the benefit of the calls without objecting to how they were made). Federal courts have applied all three against US companies whose offshore partners were doing the dialing.
What that means in practice: your offshore contract needs TCPA compliance warranties. You need audit rights. You need the vendor to carry real insurance or hold funds in escrow. And you need a paper trail showing you monitored compliance, because a court will ask whether you turned a blind eye.
The cash app TCPA class action settlement and the credit one TCPA settlement both show how companies paid huge sums over vendor or operational practices they could arguably have caught earlier.
What fines and penalties are at stake per call or text?
The TCPA sets statutory damages at $500 per violation, and up to $1,500 per violation if the court finds the conduct willful or knowing.[1] There is no cap per lawsuit and no minimum claim size. That is exactly why TCPA cases get filed as class actions. A single campaign sending 100,000 texts can expose a company to $50 million at $500 per text, or $150 million if the violations look intentional.
Nobody has clean data on average settlement sizes. Reported TCPA class action settlements have run from a few hundred thousand dollars for small operators to over $75 million for large enterprises. The FCC can also pursue its own forfeitures under 47 U.S.C. § 503, separate from private suits.
For offshore centers, the dollar exposure comes from scale. An offshore BPO calling US consumers is often running high-volume, high-frequency campaigns. At 50,000 non-consented calls, you are looking at potential liability of $25 million before any trebling. That math is why TCPA class action attorneys hunt for offshore-origin call traffic.
How does consent work when the lead is collected offshore before the call?
This is the most common failure point for offshore-heavy operations. Lead capture happens in one country, gets passed to a dialing team in another, and lands on a US consumer's phone. Every handoff is a place where consent documentation can break.
For consent to hold up in a US TCPA case, it has to meet US standards at the moment of collection, wherever that collection happened. The FCC requires prior express written consent for ATDS calls to mobile phones.[5] So the web form, the landing page, the sign-up sheet, or whatever captured the lead must:
- Clearly disclose that the consumer is agreeing to receive autodialed calls or texts
- Name the specific seller (or sellers, if you are a lead aggregator)
- Include the consumer's phone number
- Capture a signature, including a valid electronic signature under E-SIGN
If your offshore lead gen partner runs a foreign-language landing page that skips these elements because it follows its own country's marketing rules, the consent is invalid for US TCPA purposes. The FCC's 2024 one-to-one consent rule made this stricter still: consent given to a lead generator cannot be bundled and resold to multiple buyers.[6] Each seller who wants to call the consumer needs individual consent.
For text message marketing campaigns run through offshore teams, the rules and the documentation burden are identical.
Does the Do Not Call registry apply differently for offshore callers?
No. Same rules. The National DNC Registry maintained by the FTC covers calls to US residential phone numbers and mobile numbers used for residential purposes.[3] Any telemarketer calling those numbers, wherever they dial from, has to honor the registry.
Offshore call centers access the registry the same way a US center would, through the FTC's Telemarketer Portal at donotcall.gov. Annual fees apply based on area codes accessed (currently $79 per area code per year, with the first five area codes free for small businesses, though the fee schedule changes, so check the current FTC table).[3]
The DNC rules also cover company-specific do not call lists. If a US consumer tells your offshore agent to stop calling, that number goes on your internal DNC list within 30 days and stays there at least five years. The agent being in another country changes nothing about that duty.
Some offshore operations also have to worry about state DNC rules. Florida, Texas, and Indiana run their own registries with separate requirements. Florida's telemarketing law, for one, requires registration as a telephone solicitor and sets calling hours tighter than federal rules. See more on the do not call telemarketer list requirements.
For mobile-specific questions, our page on the mobile phone do not call list covers how cell numbers get handled.
What calling hours apply, and how do offshore teams calculate them?
Federal rules allow telemarketing calls between 8 a.m. and 9 p.m. in the called party's local time.[4] Not the caller's time. The consumer's.
This is a real operational headache for offshore teams. A Manila center runs a shift from 10 p.m. to 6 a.m. Philippine Standard Time to cover US business hours. That maps to roughly 9 a.m. to 5 p.m. Eastern, which is fine for Eastern and Central zones but risks going out-of-window for Pacific (6 a.m. Pacific is fine; earlier is not). When the team loses track or the dialer does not enforce windows, calls slip through at 7:45 a.m. in Arizona or 7:30 a.m. in Hawaii.
The fix is a dialing platform that automatically blocks calls based on the called number's area code, maps it to the right time zone, and accounts for daylight saving changes. Several US-based cloud dialers do this out of the box. If the offshore center runs a custom or budget dialer without that feature, you either build it in or accept the risk.
State laws add complexity. California has no separate calling-hour rule beyond federal, but Indiana extends the no-call window and Florida requires calls to stop at 8 p.m. instead of 9 p.m.[7] Run a national list and you need the most restrictive window applied per state, tighter than the federal default.
What records must offshore call centers keep for TCPA compliance?
The TCPA regulations require a telemarketer to keep records of consent and do not call compliance, but the statute itself is quiet on format and retention length. The FTC's TSR and FCC guidance together point to keeping records at least five years, matching the internal DNC list retention rule.[4][8]
For a US company using an offshore call center, the records that actually decide litigation are:
- Consent records (timestamp, IP address, form version, the exact disclosure language shown to the consumer)
- DNC scrub logs (which list version was used, when it ran, which numbers were suppressed)
- Call logs (number called, time of call, agent ID, dialer configuration in use)
- Scripts and recordings (to prove disclosures were made)
- Vendor contracts and compliance attestations
The trouble with offshore arrangements is that these records often sit in a foreign vendor's systems, sometimes on servers outside US jurisdiction. If the vendor folds or simply refuses to cooperate in discovery, you may have no way to produce the records that would defend you.
A practical fix is to require, by contract, that the vendor store all compliance records in a system your US entity can reach directly, and export records to your systems on a set schedule. That is not bulletproof, but it beats learning during discovery that your entire call log sits on a server in a country with no data-sharing treaty with the United States.
Are there specific FCC orders or rulings that address offshore call centers?
The FCC has not issued an order that names offshore call centers, but several rules and declaratory rulings clearly cover them.
The FCC's 2013 TCPA Omnibus Declaratory Ruling set out vicarious liability for sellers who use third-party telemarketers, which reaches offshore BPOs hired by US businesses.[5] The 2015 TCPA Omnibus Order handled ATDS definitions, reassigned-number rules, and consent revocation, all of which apply to offshore callers.
The FCC's 2024 order on one-to-one consent, adopted under the lead generator rule, requires that consent be given to named sellers and cannot be resold in bulk.[6] That hits offshore lead generation operations building lists for US clients directly.
The FTC's Telemarketing Sales Rule (TSR), codified at 16 C.F.R. Part 310, runs parallel to the TCPA and covers many of the same practices.[8] The TSR applies to calls into the United States regardless of where the call starts. The FTC has brought enforcement actions against offshore operations, including large international calling frauds that ended in FTC action and DOJ criminal referrals.
The statute text at 47 U.S.C. § 227(c)(5) gives the private right of action to a person who gets more than one call within any 12-month period "by or on behalf of the same entity in violation of the regulations," who "may, if otherwise permitted by the laws or rules of court of a State, bring in an appropriate court of that State" an action for damages.[1] That right is not limited by geography.
How should a US company structure its contract with an offshore call center to reduce TCPA risk?
The contract is your first line of defense and your main evidence that you took compliance seriously.
At a minimum, your offshore vendor agreement should include a TCPA compliance warranty (the vendor represents it will comply with the TCPA and TSR on every call under the contract), an indemnification clause (the vendor indemnifies you for TCPA violations caused by its acts or omissions), an audit right (you can inspect call records and compliance systems on reasonable notice), a records retention obligation (the vendor keeps consent and call logs for five years and hands them over in a US-accessible format), and a subcontractor restriction (the vendor cannot re-subcontract the dialing without your written approval).
Beyond the contract, run periodic compliance audits. Pull a random sample of call recordings and check the disclosures against your scripts. Spot-check DNC scrub logs to confirm scrubbing ran before each batch. Review the dialer configuration to confirm time-zone controls are on.
If you use a LeadCompliant-style tool for consent verification and DNC checking, you can run those checks independently of the offshore vendor's internal logs. That gives you a second source of truth.[9]
For the actual cold calling mechanics and what a compliant outbound call looks like start to finish, that guide covers the agent-level details your offshore trainer needs.
What steps should an offshore call center take right now to get compliant?
If you run an offshore operation calling US consumers today and you have never formally reviewed your TCPA posture, here is the honest sequence.
First, get your ATDS question answered by qualified US telecom counsel. Do not guess. If your dialer could qualify as an ATDS under any arguable definition and you are calling cell phones without written consent, you are exposed right now.
Second, scrub your entire active list against the National DNC Registry before the next campaign runs. The guide on how do I get the do not call list walks through the exact access process. Then build a recurring 31-day scrub into your campaign calendar.
Third, audit your consent records for every cell number in your active list. For each one, can you produce a record showing prior express written consent that names your company, specifies the number, and carries a timestamp? If not, move those numbers to a suppression list until you can re-acquire valid consent.
Fourth, configure your dialer to enforce called-party time zones. Then test it. Call your own numbers in different US time zones at the edge of the 8 a.m. and 9 p.m. windows and confirm the system blocks as intended.
Fifth, document everything. The compliance infrastructure you build now is also your litigation defense later.
LeadCompliant's free compliance kit includes a TCPA checklist built for outbound teams, a consent language template that meets FCC standards, and a DNC scrub frequency tracker.[9] It is a reasonable starting point before you bring in counsel for anything complex.
For a cold call script audit and what disclosures belong at the top of every outbound call, that resource covers agent-level compliance in more detail.
Frequently asked questions
Can a US consumer sue an offshore call center in US court?
Yes. The TCPA gives US consumers a private right of action in federal or state court against any entity that violates the statute. US courts can exercise personal jurisdiction over a foreign company that directs calls at US residents, and plaintiffs have served and litigated against offshore entities. Collecting a judgment is harder, but the suit itself is fully available under 47 U.S.C. § 227(b)(3).
Does the TCPA apply to texts sent by offshore teams to US numbers?
Yes. The FCC treats text messages to cell phones as calls under the TCPA, subject to the same rules. Offshore teams sending marketing texts to US numbers without prior express written consent face the same $500 to $1,500 per-message exposure as callers. The consent requirements and DNC obligations match those for voice calls exactly.
What is prior express written consent and how must it be documented?
Prior express written consent means a signed agreement, including electronic signatures, in which the consumer authorizes autodialed calls or texts to a specific phone number from a named seller. The disclosure must clearly say the consumer is agreeing to receive marketing calls or texts. Consent buried in terms of service without a clear affirmative act typically fails the FCC's standard under 47 C.F.R. § 64.1200.
Do offshore call centers need to register with any US agency?
There is no FCC registration requirement aimed at offshore call centers, but you must register with the FTC's Telemarketer Portal to access the National DNC Registry. Some states require separate registration. Florida, for instance, requires telephone solicitors calling Florida residents to register with the state. Check every target state for its registration rules before you launch.
What are the FCC's one-to-one consent rules and do they affect offshore lead generation?
The FCC's 2024 one-to-one consent rule requires that a consumer's consent go specifically to each seller who intends to call. Offshore lead generators who collect consumer data and sell it to multiple US companies can no longer use a single consent to authorize a list of buyers. Each buyer must be named at the time of consent or must obtain consent separately.
Can an offshore call center claim a TCPA exemption if it operates in a country with looser rules?
No. The TCPA applies based on the consumer's location, not the caller's. Operating under looser rules in the Philippines, India, or anywhere else is no defense in a US court. The only exemptions that matter are the ones written into the TCPA itself, such as certain established business relationship calls, and those apply the same to offshore and domestic callers.
How does the FTC's Telemarketing Sales Rule relate to the TCPA for offshore callers?
The TSR, codified at 16 C.F.R. Part 310, runs parallel to the TCPA and explicitly covers calls into the United States regardless of origin. It bans deceptive practices, limits calling hours to 8 a.m. to 9 p.m. local consumer time, and requires DNC compliance. The FTC can bring civil actions under the TSR with penalties up to $51,744 per violation. Many offshore fraud operations have faced FTC action under it.
If my US company uses an offshore call center that violates the TCPA, am I liable?
Almost certainly, under the vicarious liability theories the FCC set out in 2013. If the offshore center acted with your actual or apparent authority, or you took the benefit of its calls without checking its practices, US courts can hold you liable. Your contract with the vendor and your oversight practices become your main defenses. A paper compliance relationship with no real monitoring usually fails to protect you.
What are the time zone rules for calling US consumers from offshore?
Calls must happen between 8 a.m. and 9 p.m. in the called party's local time zone, per 47 C.F.R. § 64.1200. Some states are stricter: Florida cuts off at 8 p.m. Your dialing system has to map called numbers to their correct US time zone and apply daylight saving changes automatically. A static calling window based on the offshore agent's local time is a reliable way to rack up violations across US time zones.
How often must offshore call centers scrub against the National DNC Registry?
You must scrub before every campaign and re-scrub at least every 31 days for ongoing campaigns, per FTC rules. Numbers added to the DNC registry must be honored within 31 days of registration. Offshore teams running long campaigns often miss the rolling 31-day window. Build the scrub into your campaign system as a hard gate that blocks dialing when the last scrub date is older than 31 days.
Does a prior business relationship exempt an offshore call center from TCPA rules?
A prior established business relationship gives a limited exemption from DNC registry restrictions on residential landline calls, but it does not override the prior express written consent requirement for autodialed or prerecorded calls to cell phones. The exemption is time-limited: 18 months from the most recent transaction, or 3 months from an inquiry. It does not erase the duty to honor individual opt-out requests.
What internal DNC list must offshore call centers maintain?
Every telemarketer, offshore included, must keep a company-specific do not call list. If a consumer asks to stop receiving calls, that number goes on the list within 30 days and stays honored at least five years. The internal list is separate from the National DNC Registry. An offshore agent who ignores or forgets a stop-calling request creates a direct TCPA violation that the US client company is also exposed to.
Are there criminal penalties for offshore call centers violating US telemarketing laws?
The TCPA itself is civil, but large-scale offshore calling fraud has drawn DOJ criminal charges under wire fraud statutes and, in some cases, extradition proceedings. The FTC has referred international telemarketing fraud cases to DOJ. For legitimate businesses, the exposure is civil: private class actions and FTC or FCC administrative actions, not prison. Criminal exposure usually needs fraud or identity theft elements beyond a standard TCPA violation.
Sources
- Cornell LII, 47 U.S.C. § 227 (TCPA statute text): TCPA prohibits autodialed/prerecorded calls to cell phones without prior express consent; statutory damages $500-$1,500 per violation
- Supreme Court of the United States, Facebook Inc. v. Duguid, No. 19-511 (2021): ATDS definition requires use of random or sequential number generator to produce or store numbers
- FTC, National Do Not Call Registry for Telemarketers: Telemarketers must access and honor the National DNC Registry; fees apply per area code accessed
- FCC, 47 C.F.R. § 64.1200 (TCPA implementing regulations): Telemarketing calls prohibited before 8 a.m. or after 9 p.m. in called party's local time; internal DNC list records must be retained
- Florida Statutes § 501.059, Florida Telephone Solicitation Act: Florida restricts telemarketing calls to 8 a.m. to 8 p.m.; requires telephone solicitor registration
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR applies to telemarketing calls into the United States regardless of call origin; civil penalties up to $51,744 per violation
- LeadCompliant, TCPA Compliance Tools and Free Compliance Kit: Free TCPA checklist, consent language template, and DNC scrub frequency tracker for outbound teams
- FTC, Complying with the Telemarketing Sales Rule (business guidance): Telemarketers must scrub against National DNC Registry within 31 days before each campaign; records must be retained