Last updated 2026-07-11

TL;DR
The TCPA (47 U.S.C. § 227) restricts calls, texts, and faxes to consumers using autodialers or prerecorded voices. It does not cover email. Violations cost $500 to $1,500 per message, and class actions routinely settle in the millions. Consent, proper scrubbing, and calling-hours rules are your three core defenses.
What is the TCPA and which marketing channels does it actually cover?
The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, was signed into law in 1991. The Federal Communications Commission (FCC) enforces it, and private plaintiffs sue in federal court [1]. The statute restricts autodialed calls, prerecorded voice calls, and text messages to mobile phones, plus unsolicited faxes and prerecorded calls to residential landlines.
The short version: if your outbound marketing touches a phone, the TCPA probably applies. If it touches only email, it does not. That distinction matters a lot, and it gets its own section below.
For a broader orientation on the law, see What does TCPA mean? The plain-English breakdown and our full TCPA law guide.
Three channel categories trigger TCPA scrutiny in marketing:
1. Autodialed or prerecorded calls and texts to cell phones (the most litigated category) 2. Prerecorded voice calls to residential landlines 3. Unsolicited fax advertisements
Live-agent calls from a manual dialer to a cell phone sit in a legal gray zone the FCC has handled inconsistently across rulings. Most compliance attorneys say the same thing: treat any call to a cell number as TCPA-covered unless you are certain no autodialer sits anywhere in the chain.
Does the TCPA apply to email marketing?
No. The TCPA does not apply to email marketing. Full stop.
The statute text in 47 U.S.C. § 227 covers "telephone calls" and "telephone facsimile machines." Email lives under a completely separate law: the CAN-SPAM Act of 2003, enforced by the FTC and state attorneys general [2]. CAN-SPAM sets rules for commercial email, including opt-out mechanisms and honest subject lines. But it carries no per-violation private right of action, which is exactly what makes TCPA cases so dangerous for marketers.
So why does the confusion exist? Two reasons. First, some email platforms fire an SMS notification to the recipient's phone alongside the email. If your campaign causes a text to land on a cell phone via an autodialer, that text leg can be TCPA-covered even when the email is not. Second, non-lawyers hear "electronic communication" and assume the TCPA covers all digital outreach. It does not.
If a plaintiff's attorney sends you a TCPA demand letter over an email campaign alone, that claim is legally baseless. If the campaign also sent texts, that is a different story.
Run separate compliance tracks. Email gets CAN-SPAM compliance. Calls and texts get TCPA compliance. Never let one team's opt-out list stand in for the other's.
What consent does TCPA marketing require?
Consent under the TCPA has two tiers, and marketers confuse them constantly.
"Prior express consent" covers informational or non-marketing calls and texts to cell phones. Getting it is easy. If someone hands you their cell number in a context that implies you might call, courts and the FCC have generally found that enough [3].
"Prior express written consent" (PEWC) is the harder standard, and it applies to any call or text sent for advertising or telemarketing using an autodialer or prerecorded voice. The FCC's 2012 order made written consent mandatory for marketing messages, and that requirement has survived multiple rulemaking cycles [3]. Written does not mean ink on paper. It means a clear written agreement (digital is fine) that:
- Identifies the seller
- Describes the type of messages the consumer will receive
- States the consumer is not required to agree as a condition of purchase
- Includes the consumer's signature (an electronic signature qualifies under the E-SIGN Act)
In January 2025, an FCC rule took effect requiring PEWC on a "one-to-one" basis, meaning one consent record names one specific seller rather than a whole network of lead buyers [4]. Lead aggregators that collected blanket consent naming dozens of companies are now in violation if they sell those leads for TCPA-covered marketing. This is the single biggest TCPA change for outbound sales teams in recent memory. See TCPA 2025: what changed, what it costs, and how to stay compliant for the full breakdown.
The TCPA existing business relationship exemption is narrower than most sales teams assume. An existing business relationship does not substitute for written consent when you market to cell phones by call or text.
How much does a TCPA violation actually cost per message?
The statutory damages under 47 U.S.C. § 227(b)(3) are $500 per violation, or up to $1,500 if the court finds the violation willful or knowing [1]. Each individual call or text is one violation. Send 10,000 marketing texts without proper consent and the theoretical exposure runs $5 million to $15 million.
Class actions amplify this fast. The TCPA has a private right of action, so any recipient can sue, and certification is common because TCPA claims look nearly identical across large groups of recipients. Recent settlements show how quickly the numbers climb:
- UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations
- Albertsons and Safeway reached a settlement over text message marketing claims
- Cash App's TCPA class action settlement drew wide attention in the fintech space
- Truist Bank's TCPA class action shows even large banks are not immune
Nobody has clean aggregate data on average TCPA settlement size across all cases. The closest published tracking, from the WebRecon lawsuit database, shows consumer law filings including TCPA suits running in the tens of thousands annually since 2015, though individual settlement values are often confidential [5]. What is publicly verifiable: the FCC can stack civil forfeitures on top of private damages in egregious cases, and state attorneys general can bring separate enforcement actions.
What are the calling hours and DNC rules for TCPA marketing?
The TCPA regulations at 47 C.F.R. § 64.1200 set a national calling window of 8 a.m. to 9 p.m. in the called party's local time [6]. Call outside that window and you have a per-call violation even if consent is perfect otherwise.
The National Do Not Call Registry, run by the FTC, is a separate but tangled-together system. Telemarketers must scrub their call lists against the registry every 31 days and cannot call registered numbers without a written agreement from the consumer or an established business relationship [7]. Access to the registry data costs money. As of 2024, the fee is $75 per area code per year, capped at $18,044 for all area codes [7].
Many states run their own do-not-call lists with tighter rules. Florida imposes extra restrictions under the Florida Telephone Solicitation Act that go beyond federal TCPA requirements [8]. Market to Florida numbers and you need both federal and state compliance.
For a broader picture of how these rules layer, the TCPA guidelines guide and telemarketing rules news pages cover the current state in detail.
One practical note: cell phone time zones follow the area code's assigned geography, not where the phone physically sits at that moment. A 312 Chicago number called at 8:45 a.m. Eastern is a potential violation if the caller assumed Eastern time applied.
How does the TCPA apply to text message marketing specifically?
The FCC confirmed in its 2003 order that text messages to cell phones count as "calls" under the TCPA, so every rule that applies to autodialed calls applies to marketing texts [3]. Prior express written consent, DNC scrubbing, and the 8-to-9 window all apply to SMS campaigns.
SMS carries a few extra layers worth knowing. The CTIA (the wireless industry association) publishes messaging guidelines that carriers enforce through filtering. Campaigns that break CTIA rules get blocked at the carrier level, which means you can have perfect TCPA compliance and still get filtered if you have not registered your campaign with the 10DLC (10-digit long code) system or obtained a short code [9]. TCPA compliance and carrier compliance are different problems. You need both.
Opt-out mechanics matter here too. FCC guidance expects SMS marketers to honor opt-out requests promptly. Industry practice, backed by CTIA standards, is to process a STOP request within one message cycle and confirm the opt-out with a single text. After that, silence. One more marketing text after a STOP is a clean TCPA violation.
For a full breakdown of how to run a compliant SMS program, see text message marketing and text messaging marketing.
What is the TCPA's autodialer definition and why does it keep changing?
This is the most contested technical question in TCPA litigation. The FCC has gotten it wrong, reversed itself, and been reversed by courts more than once.
The statute defines an automatic telephone dialing system (ATDS) as equipment that "has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial such numbers" [1]. The Supreme Court in Facebook, Inc. v. Duguid (2021) read that definition narrowly: to qualify as an ATDS, the equipment must use a random or sequential number generator to store or produce the numbers [10]. That reading pulled many modern predictive dialers out of the ATDS definition, because they dial from a stored list rather than generating numbers randomly.
The practical result: if your dialer pulls numbers from a CRM list instead of generating them randomly, you have a stronger argument that it is not an ATDS. But this is not a safe harbor. The Ninth and Eleventh Circuits have split on edge cases, and the FCC has signaled it may revisit the ATDS definition in future rulemaking. Do not read Duguid as permission to ignore consent. Prerecorded voice calls trigger their own TCPA liability regardless of whether an ATDS is involved.
The TCPA b2b exemption for AI calls article covers how AI voice systems interact with these definitions, which matters more every quarter as sales teams adopt AI dialers.
Does TCPA apply to B2B marketing calls?
Partially. The TCPA does not protect businesses as a class the way it protects consumers. But the cell phones of business employees are personal devices registered to individuals, and those individuals carry TCPA rights. Autodial a sales prospect's cell phone and the fact that you sell a B2B product does not shield you.
For calls to business landlines, the autodialer restrictions are narrower. The main concern there is prerecorded voice calls, not live-agent dialing. Many B2B teams assume calling a company's main line with a live agent is TCPA-exempt, which is largely correct. The moment you switch to a prerecorded voice or blast-dial a list of business cell phones with an ATDS, you are back inside TCPA territory.
The FCC has never issued a blanket B2B exemption for autodialed calls to cell phones. Some FCC orders have acknowledged that certain business-to-business contexts may be treated differently, but no clean statutory carve-out exists. Treat every cell number as a consumer number unless you have specific FCC guidance covering your exact scenario.
What records do you need to defend a TCPA marketing claim?
If a plaintiff files a TCPA suit, you have to prove consent existed and was properly obtained. Your records need to show:
- The exact consent language the consumer saw
- A timestamp and IP address for when and where consent was given
- Which seller or brand the consumer agreed to hear from (this is the fields that matters most after the 2025 one-to-one consent rule)
- That the number was scrubbed against the federal and applicable state DNC lists before the call or text went out
- That the contact happened inside the 8 a.m. to 9 p.m. window in the recipient's time zone
The FTC's Telemarketing Sales Rule requires telemarketers to keep records of do-not-call requests and other compliance documents for 24 months [11]. The TCPA itself sets no retention period, but plaintiff attorneys reach back years in discovery, and a class action can cover a four-year limitations window.
LeadCompliant's free compliance kit includes consent record templates and a DNC scrub log format covering the fields most courts and defense attorneys expect. Keeping these records in a format you can actually produce in litigation is the difference between a defensible case and a quick settlement.
For a real example of what happens when records are missing or sloppy, the Joseph Snyder vs. Credit One TCPA case is instructive reading.
How do TCPA class action settlements actually play out?
Most TCPA class actions settle before trial. The defendant negotiates a settlement fund, class members get notice and a claims period, and plaintiffs' attorneys take roughly 25 to 33 percent of the fund in fees. Individual payouts are usually modest, often $25 to $150 per person, because the fund gets divided across thousands or millions of claimants.
The settlement process matters for compliance teams because claim deadlines are real. The Kaiser TCPA settlement claim deadline drew attention because many class members missed the window to file. If your company received marketing texts from a company later sued under the TCPA, you may have a live claim worth filing.
From the defendant's side, two things drive settlement value: the size of the alleged class (how many phone numbers got the messages) and whether the violation looks willful. Willful violations trigger the $1,500 ceiling rather than $500. Plaintiffs' attorneys argue willfulness hard because it triples the potential damages and, with them, the settlement pressure.
The TCPA basics hub keeps a running digest of notable settlements if you want to benchmark what companies in your sector have paid.
What practical steps reduce TCPA marketing risk right now?
Start with consent architecture. Every lead source feeding your outbound calling or texting list needs a documented consent record that names your company specifically, describes the message types, and was obtained without bundling consent into a purchase. Audit your lead vendors against the 2025 one-to-one consent rule today.
Scrub against the National DNC Registry every 31 days at a minimum, and check state lists for Florida, Texas, Indiana, and any other state where your lead volume runs high. Some scrubbing tools check both at once. That is worth paying for.
Set your dialer's time zone logic to the called party's area code, not your office's time zone. Enforce the 8 a.m. to 9 p.m. window as a hard stop in the system, more than a line in a policy document.
For SMS, register your 10DLC campaigns before you send. Carrier filtering is fast and ruthless. An unregistered campaign that gets blocked leaves a trail of attempted contacts with zero delivery confirmation, which reads badly in discovery.
If you use AI voice or robocall technology, pay a compliance attorney for an opinion on whether your system counts as an ATDS after Duguid. The answer turns on your specific architecture. Do not treat your vendor's marketing materials as legal analysis.
LeadCompliant's free tools, including the DNC checker and consent audit template, are at leadcompliant.com. They do not replace legal counsel, but they give you a documented baseline that shows good-faith compliance effort, which matters in settlement talks.
In a state with aggressive plaintiff bars, bring in a local specialist. The TCPA lawyer Kentucky page is one example of where to start finding regional counsel who knows the plaintiff-side tactics in your market.
How to stop robocalls if you are on the receiving end
This section is for individuals who landed here because they keep getting unwanted marketing calls, not for compliance teams.
Register your number at donotcall.gov. Registration is free and permanent, though telemarketers get 31 days to comply after you register [7]. If calls continue past that window, file a complaint at donotcall.gov or through the FCC at fcc.gov.
For a practical consumer guide with more options, see how to stop robocalls.
If you receive calls that clearly break the TCPA (autodialed, prerecorded, or after you asked them to stop), you have a private right of action under 47 U.S.C. § 227(b)(3). Small claims court handles individual TCPA suits in many states with no attorney required for the $500 per-violation statutory damages. Some plaintiff attorneys take TCPA cases on contingency when the call volume is high.
Frequently asked questions
Does the TCPA apply to email marketing?
No. The TCPA covers telephone calls, text messages, and faxes. Email marketing falls under the CAN-SPAM Act of 2003, enforced by the FTC. The two laws are entirely separate. The TCPA's private right of action, which lets anyone sue for $500 to $1,500 per violation, does not reach email campaigns.
Does TCPA apply to emails at all, even indirectly?
Only in one edge case: if your email platform fires an SMS notification to the recipient's cell phone through an autodialer, that text leg can be TCPA-covered. The email itself is not. But the resulting text is. Check your email platform's notification settings so automated texts are not going out alongside your emails without proper TCPA consent.
What is prior express written consent under the TCPA?
It is a signed agreement (electronic signatures count) where the consumer clearly authorizes one identified seller to send marketing calls or texts via autodialer or prerecorded voice. The agreement must state the consumer is not required to consent as a condition of purchase. Since January 2025, one consent record can name only one seller.
How much can a TCPA violation cost per text message?
The statute sets $500 per violation for standard violations and $1,500 per violation if the court finds the violation willful or knowing. Each text or call counts as one violation. A campaign of 50,000 texts without consent creates theoretical exposure of $25 million to $75 million, which is why TCPA class actions settle in the millions.
Does the TCPA apply to B2B marketing calls?
There is no blanket B2B exemption. Calls to business cell phones carry TCPA risk because the phone belongs to an individual, not the company. Calls to business landlines with a live agent are lower risk, but prerecorded voice calls to any number, business or consumer, trigger liability. Treat a cell number as TCPA-covered regardless of business context.
What hours can I make TCPA marketing calls?
Federal TCPA regulations at 47 C.F.R. § 64.1200 permit calls only between 8 a.m. and 9 p.m. in the called party's local time. The relevant time zone comes from the recipient's area code, not your office location. Calls outside that window are per-violation violations even with perfect consent.
Do I need to scrub against the Do Not Call registry for TCPA compliance?
Yes. Telemarketers must access the National DNC Registry and scrub their lists every 31 days before calling or texting registered numbers. Access costs $75 per area code per year, capped at roughly $18,000 for all area codes. Calling a registered number without a written agreement or established business relationship is a separate violation from other TCPA rules.
How did the 2025 FCC one-to-one consent rule change TCPA marketing?
Starting January 2025, prior express written consent for marketing calls and texts must name one specific seller. The old practice of collecting blanket consent covering dozens of lead buyers in one form is no longer valid. Lead aggregators and their buyers face the highest risk. Any lead bought from a multi-seller opt-in form now lacks valid TCPA consent.
What is the statute of limitations for a TCPA claim?
The TCPA sets no limitations period of its own. Federal courts generally apply a four-year statute of limitations under 28 U.S.C. § 1658, so plaintiffs can reach back four years from the filing date. Some states apply shorter periods under state analogues. In practice, class actions often cover the full four years, which compounds potential damages.
Can the TCPA apply to AI-generated marketing calls?
Yes. The FCC has confirmed that AI-generated voices in telemarketing calls qualify as artificial or prerecorded voices under the TCPA. A February 2024 FCC declaratory ruling made clear that calls using AI-generated voice content require prior express written consent for marketing purposes, the same standard as traditional prerecorded calls.
Does the existing business relationship exemption cover TCPA marketing?
For residential landlines, an established business relationship is a partial shield for prerecorded calls under certain conditions. For cell phone marketing calls or texts via autodialer, it is not a substitute for prior express written consent. The exemption is narrower than most sales teams assume and has been chipped away by FCC rulemaking over the years.
What records do I need to defend a TCPA marketing lawsuit?
You need the exact consent language shown to each consumer, a timestamp and IP for when consent was given, documentation that the consent named your specific company, proof of DNC scrubbing within 31 days of the contact, and logs showing contacts happened within calling-hours windows. Courts look for this in discovery. Missing records push defendants toward settlement.
Are text message marketing campaigns treated differently than calls under TCPA?
Not for consent requirements or fines. The FCC ruled in 2003 that texts are calls under the TCPA. But text campaigns also face carrier-level enforcement through the 10DLC registration system, which is separate from TCPA compliance. You can be fully TCPA-compliant and still have your messages filtered by carriers if 10DLC registration is missing.
What is the difference between TCPA and CAN-SPAM?
TCPA covers phone calls, texts, and faxes. CAN-SPAM covers commercial email. TCPA carries a private right of action at $500 to $1,500 per violation, enforced by individual plaintiffs and class actions. CAN-SPAM is enforced mainly by the FTC and state AGs, with civil penalties per email but no private right of action for individual recipients.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: Statutory damages of $500 per violation or up to $1,500 for willful violations; definition of covered equipment and practices
- FTC, CAN-SPAM Act: A Compliance Guide for Business: CAN-SPAM Act of 2003 governs commercial email; separate from TCPA
- WebRecon LLC, Consumer Lawsuit Statistics: Consumer law filings including TCPA suits have run in the tens of thousands annually since 2015
- Code of Federal Regulations, 47 C.F.R. § 64.1200, Delivery Restrictions: Federal calling hours restricted to 8 a.m. to 9 p.m. in the called party's local time
- FTC, Telemarketing Sales Rule (National Do Not Call Registry provisions): Telemarketers must scrub lists every 31 days; registry access fee $75 per area code, capped at approximately $18,044 for all area codes
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida imposes additional telemarketing restrictions beyond federal TCPA requirements
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held ATDS definition requires use of random or sequential number generator; narrowed scope of covered equipment
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: Telemarketers must retain records of do-not-call requests and compliance documents for 24 months