TCPA compliance for utilities: what energy and water companies must know

Utilities face TCPA fines up to $1,500 per call. This guide covers consent rules, exemptions, robocall limits, and SMS compliance for energy and water companies.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Utility worker near electrical transformer at dusk for TCPA compliance article
Utility worker near electrical transformer at dusk for TCPA compliance article

TL;DR

Utilities are not exempt from the TCPA. Every autodialed call or text to a residential or mobile number needs prior express consent, and marketing calls need written consent. The FCC utility exemption is narrow: it covers free informational calls about outages or safety, nothing else. Fines run $500 to $1,500 per violation, and class actions against utilities have settled in the millions.

Does the TCPA apply to utility companies?

Yes, fully. There is no blanket utility carve-out in the Telephone Consumer Protection Act. The statute, 47 U.S.C. 227, applies to any person or entity that makes autodialed or prerecorded calls or sends automated texts to wireless numbers or residential lines without proper consent. [1] Investor-owned, municipal, and cooperative utilities are all covered.

The confusion comes from a limited FCC exemption that covers a narrow slice of calls. That exemption does not cover sales, marketing, service upgrades, or anything revenue-generating. The moment a call or text touches a commercial goal, the exemption is gone and full consent rules apply.

Federal courts have never treated utilities as a protected class. There are active TCPA class actions against electric, gas, and water companies right now. The risk is real. Small outbound teams at regional utilities have been named as defendants in suits that reach seven figures in alleged exposure fast.

What is the utility exemption in FCC rules?

The FCC created a limited exemption for certain non-commercial informational calls to residential lines. Under 47 C.F.R. 64.1200(a)(3)(iii), a prerecorded call made by a utility to its customers can qualify for exemption if the call is not charged to the recipient and relates to a natural gas, water, or electric service disruption or outage. [2]

That exemption has hard edges:

ConditionRequired
Call is about an outage, disruption, or safety issueYes
Call is free to the recipientYes
Caller is the utility serving that customerYes
No marketing or promotional content in the callYes
Call is to a residential line (not always mobile)Yes

The FCC has ruled on "dual-purpose" calls too, messages that carry both a transactional notice and a marketing element. Those calls lose exemption status. If your outage notification says "while you're waiting, ask about our smart thermostat program," you just turned an exempt call into a marketing call that needed prior express written consent before it went out. [3]

The exemption says nothing about texts. Automated SMS is covered under the wireless number prohibition in 47 U.S.C. 227(b)(1)(A), and there is no FCC exemption for utility texts to cell phones regardless of content.

The consent level depends on the call's purpose. The TCPA draws a clean line between informational calls and marketing calls.

For informational calls to mobile numbers (billing reminders, appointment confirmations, payment due notices, outage updates), a utility needs prior express consent. [4] That means the customer gave permission to be contacted at that number, and the permission is documented. A customer providing a cell number at account sign-up, on a form that discloses the utility may call or text that number, usually meets this standard.

Marketing calls or texts to mobile numbers raise the bar to prior express written consent. The FCC's 2012 TCPA Order defined this as a written agreement, including electronic, that clearly and conspicuously authorizes the seller to deliver advertisements or telemarketing messages using an automatic telephone dialing system. [5] The consent has to name the specific company, say that autodialed calls or texts may be sent, and be signed (a checkbox counts). A disclosure buried in a terms-of-service document almost certainly will not satisfy this.

For prerecorded calls to residential landlines, the same split applies: informational needs prior express consent, sales needs prior express written consent.

Here is what utilities miss most. Consent is number-specific. If a customer changes their phone number and you keep dialing the old one, the new owner of that number never consented. Courts have found liability on exactly that fact pattern. Scrub your lists when numbers get ported or reassigned.

TCPA penalty exposure for utilities: key numbers Based on 47 U.S.C. 227 and FCC forfeiture authority $500 Per violation (standard) $1,500 Per violation (willful) $10k FCC forfeiture per violation (max) $1M FCC forfeiture per day (ongoing violations, max) Source: 47 U.S.C. 227 (U.S. Congress); FCC forfeiture rules 47 U.S.C. 503

Do the National DNC Registry rules apply to utilities?

Yes. The National Do Not Call Registry applies to telephone solicitations, meaning calls that encourage the purchase or rental of goods or services. [6] If a utility calls a customer on the DNC Registry to sell a service plan, an upgrade, or any new product, that call has to comply with DNC rules.

Purely informational calls (an outage alert, a scheduled maintenance notice) are generally not telephone solicitations, so the DNC Registry does not apply to them the same way. But the moment the call or text carries a sales angle, DNC rules apply. Utilities that run outbound calling for customer acquisition, win-back campaigns, or upselling existing customers to higher tiers are making telephone solicitations and must scrub against the registry.

There is an established business relationship (EBR) exception under FCC rules. It lets a company call a DNC-listed customer if the company had a business relationship with that customer within the prior 18 months. [7] Utilities keep ongoing billing relationships, so the EBR often applies. It is not a free pass. The customer can still ask to go on a company-specific internal DNC list, and after that request you have to stop calling within 30 days.

For more on stopping unwanted calls generally, see how to stop robocalls.

Can a utility use an autodialer or ATDS for outage or billing calls?

Only with consent. The definition of an automatic telephone dialing system (ATDS) under 47 U.S.C. 227(a)(1) has been fought over in courts for years. The Supreme Court's 2021 decision in Facebook v. Duguid narrowed it, holding that an ATDS must have the capacity to use a random or sequential number generator to store or produce numbers. [8] Equipment that just dials from a stored list without a number generator may not qualify as an ATDS under the federal statute.

That ruling helped utilities and other outbound callers, because many predictive dialers that work off customer account lists may not meet the narrowed definition. Do not read it as a green light. Several state TCPA-equivalent laws (California's rules, Florida's FTSA) use broader definitions the Duguid ruling does not touch. [9] A Florida court found liability against a caller using a dialer that was clearly not a random-number generator under the federal test but still violated Florida's statute. Utilities operating in multiple states have to check each state's analog.

The ATDS question is only half of it. Prerecorded or artificial-voice calls carry their own prohibition under 47 U.S.C. 227(b)(1)(B) for residential lines, and that prohibition applies no matter how the call was dialed. A utility sending a prerecorded outage alert to a residential landline still needs prior express consent unless the narrow FCC exemption covers that specific message.

What state laws do utilities need to watch beyond the federal TCPA?

Several states have passed statutes stricter than the federal TCPA, and utilities with service territory in those states have to comply with both layers.

Florida passed the Florida Telephone Solicitation Act (FTSA) in 2021. It defines an autodialer broadly and requires written consent for any autodialed call or text, sweeping in commercial calls that might slip past the narrowed federal definition after Duguid. [9] Florida has a private right of action at $500 per violation, matching the federal statute.

California runs its own state DNC rules plus the CCPA and CPRA framework governing how customer data (phone numbers included) may be processed. Utilities in California also answer to the California Public Utilities Commission, which has customer communication rules that sometimes overlap with TCPA requirements.

Washington, Oklahoma, and Indiana have passed or updated telephone solicitation statutes in recent years, each with its own consent standards and fee structures. The trend is clear. States keep adding private rights of action, raising per-violation fines, and in some cases reaching B2B calls the federal TCPA leaves alone.

Federal preemption does not protect utilities here. The TCPA expressly preserves state law that is more restrictive. [1] Running a single national consent standard keyed to the strictest state you operate in is painful, but it is the cleanest way to close the gap.

For ongoing developments see TCPA news.

What do real TCPA lawsuits against utilities look like?

The cases follow one pattern. A customer hands over a phone number at account opening. Years later the utility drops that number into an automated marketing or collections campaign. The customer says they never consented to marketing calls, or that they opted out and the calls kept coming. A class action gets filed. Discovery shows the utility has no reliable consent records for thousands of accounts. Then settlement talks start.

UnitedHealthcare, which sits in health coverage but shares the large-organization outbound calling profile of a regulated utility, paid $2.5 million to resolve alleged TCPA violations tied to automated calls. See: unitedhealthcare to pay $2.5m for alleged tcpa violations.

Financial services companies have taken the same hits. The Truist Bank TCPA class action settlement and the Credit One TCPA settlement both traced back to the same failure: weak consent documentation and sloppy opt-out handling. Energy and water utilities carry the same operational risk. They keep large account databases, run automated outbound systems, and often acquired customer phone numbers years ago under weaker disclosure standards.

The TCPA permits $500 per violation and up to $1,500 per willful violation. [1] In a class action where a utility sent 100,000 automated marketing texts without proper written consent, the statutory exposure runs $50 million to $150 million before any settlement reduction. Courts almost always cut that number in a settlement, but the pressure it creates forces very large payouts.

Start at the application or enrollment stage. Every sign-up form, online, paper, or over the phone, should carry a clear, separate consent disclosure for automated calls and texts. The disclosure names the company, states that autodialed or prerecorded calls or texts may be sent, describes the message categories (billing, outage alerts, marketing), and lets the customer opt in or out of each category on its own.

Marketing messages need written, signed consent. Electronic signatures work under the E-SIGN Act, but a checkbox the customer actively clicks is far better evidence than a passive pre-checked box. Never pre-check boxes. Courts have consistently rejected pre-checked-box consent as insufficient. [5]

Store consent records with a timestamp, the exact disclosure language shown, the IP address or form identifier, and the number consent covered. You will need this in litigation. "We told everyone at sign-up" is not a defense. You need the specific record for the specific number on the specific call date.

Build an opt-out process that works in both directions. If a customer texts STOP, that number comes off all marketing lists within 24 hours, and the suppression holds even if the customer later calls in and hands over the same number for service reasons. Conflating service contact permission with marketing consent is one of the most common ways utilities get into trouble.

LeadCompliant offers a free consent-documentation checklist and number-scrubbing tools worth running against your existing contact database before your next outbound campaign.

Think about periodic re-permissioning too. If you collected consent five or more years ago under older disclosure language, that consent may not meet today's standards. A re-permissioning campaign, where customers actively confirm their communication preferences, costs money upfront and beats defending a class action by a wide margin.

What are the rules for automated texts from utilities?

Automated texts to cell phones fall under 47 U.S.C. 227(b)(1)(A)(iii), the same provision covering autodialed calls to wireless numbers. [1] There is no text-message exception. There is no utility exception for texts.

For informational texts (payment due in three days, your technician arrives between 2 and 4 p.m., outage in your area restored), you need prior express consent. The customer giving you their mobile number after being told you may send automated service messages is generally enough.

For marketing texts (switch to paperless billing and get a $10 credit, upgrade to the budget-protection plan), you need prior express written consent with every element above.

Time-of-day rules apply to texts. Automated calls and texts to residential numbers may only go out between 8 a.m. and 9 p.m. local time at the called party's location. [4] If you are a utility with customers across time zones, your outbound system has to check local time before sending, not the clock at your operations center.

Carriers enforce the CTIA's Messaging Principles and Best Practices. SMS programs need opt-out instructions in every message, or at minimum in the first one, and opt-out requests (STOP, UNSUBSCRIBE, QUIT) have to be honored immediately. [12] Carrier filtering can shut down your entire SMS program if opt-out rates spike, which is a business problem sitting right next to the legal one.

For a broader look at building compliant SMS programs see text message marketing and text messaging marketing.

How do safe harbor and reassigned number protections work for utilities?

The FCC built a Reassigned Numbers Database (RND) to fix one of the most common sources of accidental TCPA liability: calling a number that a customer once held but that has been reassigned to a new person who never consented. [10] Utilities carry large customer databases built over decades, and number reassignment happens constantly.

The FCC's 2021 rules let callers cut their exposure by checking the RND before each call. If the database shows the number was not reassigned as of a certain date, the caller gets a safe harbor for one call even if the number turns out to have been reassigned. The safe harbor is narrow. It covers the single call made in good-faith reliance on the database result, not a whole campaign. [10]

Subscribing to the RND costs money (fees are set by the database administrator under FCC oversight), but utilities making high-volume outbound calls should treat it as a mandatory operating cost, not an optional tool. The alternative is ongoing exposure every time a former customer's number gets recycled.

Beyond the RND, scrub contact lists against the National DNC Registry every 31 days or less before any solicitation campaign. The FTC requires re-scrubbing at that interval at minimum. [6] A list scrubbed 90 days ago is not compliant.

What should a utility's TCPA compliance program include?

A compliance program that actually cuts risk has seven parts. You do not need outside counsel to build all of them, but you do need one person who owns this.

First, a written consent policy that spells out what language appears on every enrollment channel, how consent gets stored, and how long records stay. Seven years is a reasonable minimum. The TCPA statute of limitations is four years, but class actions take years to certify and discovery often reaches back further.

Second, a scrubbing process. Every marketing list runs through the National DNC Registry and the Reassigned Numbers Database before each campaign. Not once at list purchase. Before each campaign.

Third, an opt-out management system. Every opt-out from any channel (verbal on a call, STOP via text, written request, agent entry) has to land in a central suppression file that feeds every outbound system. Siloed opt-out lists show up over and over in TCPA class action complaints.

Fourth, call and text time-of-day controls enforced at the platform level, not by agent discipline.

Fifth, an internal audit schedule. Pull random samples of calls and texts monthly and confirm consent records exist for each one.

Sixth, vendor oversight. If you use a third-party dialing vendor, marketing agency, or lead generator, you are still liable for their TCPA violations when they call on your behalf. Your vendor contract has to require TCPA compliance, and you should audit their consent documentation. Courts have found utilities and other regulated entities liable for vendor calls under agency theory.

Seventh, training. Every agent who makes outbound calls or handles opt-out requests gets trained on TCPA basics at hire and once a year after that. This matters even more in deregulated energy markets, where utilities contract with third-party marketers.

LeadCompliant's one-time compliance kit includes templates for all seven parts and a free number-scrubbing tool you can run before your next campaign.

What are the penalties for TCPA violations, and how do they add up?

The TCPA lets private plaintiffs sue for $500 per violation. If a court finds the violation willful or knowing, that jumps to $1,500 per violation. [1] There is no cap. Every call or text is a separate violation.

The FCC also has authority to impose forfeiture penalties of up to $10,000 per violation and $1 million per day for ongoing violations, under 47 U.S.C. 227(e) and 47 U.S.C. 503. Those sit separate from private suits.

The math gets brutal fast. A utility that sends 50,000 automated marketing texts without written consent faces $25 million in statutory damages at $500 per text, or $75 million at the willful rate. Settlements land much lower, but legal fees, operational disruption, and reputational cost are real whether you fight or settle.

Class certification is the pressure point plaintiffs use. Once a court certifies a class, the per-violation damages stack into a number most defendants cannot afford to take to trial. The Cash App TCPA class action settlement and the Albertsons/Safeway TCPA settlement both show how large-organization outbound programs generate class exposure quickly.

Utilities weighing their exposure should also read the Kaiser TCPA settlement claim deadline case for how a regulated-sector organization ran settlement administration at scale.

Frequently asked questions

Are utility emergency alert calls exempt from the TCPA?

Calls about genuine emergencies or outages that are free to the recipient, made by the utility serving that customer, and free of marketing content may qualify for the FCC's narrow utility exemption under 47 C.F.R. 64.1200(a)(3)(iii). But the exemption does not cover texts to cell phones, and it is lost the moment any promotional content shows up. Document every exemption-reliance decision in writing.

Can a utility call a customer on the DNC list if they have an existing relationship?

Yes. The established business relationship (EBR) exception under FCC rules allows calls to DNC-listed customers within 18 months of a transaction. But if that customer asks to go on your internal do-not-call list, you have to honor it within 30 days and cannot use the EBR to override it. EBR covers service-related solicitations, not unrelated product pitches.

Does the TCPA apply to business customer accounts at utilities?

The TCPA's wireless-number prohibition attaches to the phone number itself, not the account type. If you autodialed a cell phone belonging to a business contact who never consented, courts have found liability. The residential-line provisions are less likely to reach a true business landline, but many small business owners use personal cell phones for business accounts, and those are fully covered.

Prior express consent is required for automated billing texts to cell phones. The customer has to have given you their mobile number knowing automated messages may be sent to it. You do not need prior express written consent for purely informational billing texts, but if the text carries any promotional element (upgrade your plan, refer a friend), written consent is required.

Can a utility use a ringless voicemail to avoid TCPA issues?

No. The FCC ruled in 2018 that ringless voicemail drops are covered by the TCPA as prerecorded voice messages to residential lines, requiring prior express consent. Several district courts reached the same conclusion for wireless numbers. Ringless voicemail is not a workaround. It carries the same consent requirements as a standard autodialed call.

How often must a utility scrub its calling list against the National DNC Registry?

The FTC requires scrubbing at most 31 days before each solicitation campaign. Scrubbing once at list purchase and then calling for 90 days is not compliant. Utilities making outbound sales or marketing calls should build scrubbing into the campaign workflow as a mandatory pre-launch step, not a periodic administrative task.

If a customer gives a phone number on a service application, does that count as TCPA consent?

It depends on what the application disclosed. Providing a phone number alone is not consent to automated marketing calls or texts. The FCC requires that customers be clearly told they may receive autodialed or prerecorded messages at that number. If your enrollment form skipped that disclosure, you likely do not have valid consent for automated marketing outreach to that number.

What happens if a third-party marketer the utility hired violates the TCPA?

The utility can be liable. Courts apply agency law: if the third party acted on your behalf, with your authority, using your customer data or brand, you may be vicariously liable for their TCPA violations. Utility contracts with marketing vendors should include TCPA compliance warranties, require consent documentation, and grant audit rights. Indemnification clauses help but do not erase your exposure.

Does Facebook v. Duguid change anything for utility outbound calling?

It helps on the federal ATDS definition. The Supreme Court's 2021 ruling requires an autodialer to use a random or sequential number generator, so dialers working from customer lists may not qualify federally. But state laws in Florida, California, and elsewhere use broader definitions Duguid does not touch. Utilities calling into those states still face autodialer liability under state law even when they are clear federally.

Can a utility text customers who opted out of calls?

Not if the opt-out was for automated communications generally. If a customer says 'stop calling me,' the safest read is that they withdrew consent for all automated outbound contact, texts included. Treating call opt-outs and text opt-outs as separate lists is operationally convenient and legally risky. Apply opt-outs across channels unless the customer's original consent was specifically channel-limited.

Are deregulated energy marketers held to the same TCPA standard as utilities?

Yes, and sometimes a stricter one. Deregulated retail energy suppliers sell a commodity in a competitive market, so their outbound calls are clearly telephone solicitations under full TCPA and DNC rules. They cannot claim the utility exemption because they are not the distribution utility. Their consent requirements match any other telemarketer: prior express written consent for autodialed marketing calls or texts.

What time-of-day rules apply to utility outbound calls and texts?

Under 47 C.F.R. 64.1200(c)(1), calls to residential numbers may only be made between 8 a.m. and 9 p.m. local time at the called party's location. The FCC applies the same window to automated texts. Utilities with customers across multiple time zones have to use the recipient's local time, not the call center's, when scheduling automated outreach.

The TCPA has a four-year federal statute of limitations, but class actions can take three or more years to certify after filing. Keep consent records at least seven years. Records should include the exact disclosure language shown to the customer, a timestamp, the specific phone number consented to, and the channel (web form, paper, phone). Storing only a yes/no flag with no supporting documentation is not sufficient.

Is there a safe harbor if a utility calls a reassigned number by mistake?

The FCC created a limited one-call safe harbor for callers who check the Reassigned Numbers Database before calling and see no reassignment indication. That safe harbor covers one call, not an ongoing campaign. After a single call where the person says they are not the intended recipient, you have to update your records. Continued calling after that point is not protected and exposes you to per-call liability.

Sources

  1. U.S. Government, 47 U.S.C. 227, Telephone Consumer Protection Act: TCPA applies to any person making autodialed calls to wireless numbers; $500 per violation, $1,500 for willful violations; state law more restrictive is preserved
  2. FCC, 47 C.F.R. 64.1200, Rules and Regulations Implementing the Telephone Consumer Protection Act: FCC utility exemption for prerecorded calls about outages applies only if the call is free and non-commercial
  3. FCC, 47 C.F.R. 64.1200(c), time-of-day restrictions and consent requirements: Automated calls and texts to residential numbers must be made between 8 a.m. and 9 p.m. local time; informational calls to wireless numbers require prior express consent
  4. FTC, National Do Not Call Registry: Telemarketers must scrub calling lists against the National DNC Registry at most 31 days before each solicitation campaign
  5. FCC, 47 C.F.R. 64.1200(f)(5), established business relationship definition: The established business relationship exception allows calls to DNC-listed customers within 18 months of a transaction; customer can override this by requesting company-specific do-not-call status
  6. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 222 (2021): ATDS definition under federal TCPA requires capacity to use random or sequential number generator; dialers working from stored customer lists may not qualify
  7. Florida Legislature, Florida Telephone Solicitation Act, s. 501.059 F.S.: Florida's FTSA defines autodialer more broadly than post-Duguid federal definition and requires written consent for autodialed calls or texts; $500 per violation private right of action
  8. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: Telephone solicitation definition covers calls that encourage purchase of goods or services; DNC Registry obligations apply to any such call

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit