TCPA news today: what changed in 2024-2025 and what's next

The FCC's one-to-one consent rule, $500-$1,500 per-violation fines, new exemptions: catch up on TCPA news in under 5 minutes.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-10

Person reviewing compliance documents at a desk with a telephone nearby
Person reviewing compliance documents at a desk with a telephone nearby

TL;DR

The biggest TCPA development of 2024-2025 is the FCC's one-to-one consent rule, effective January 27, 2025. Each seller now needs its own written consent before it texts or calls anyone for marketing. Courts are still fighting over what counts as an ATDS. The FCC is weighing new exemptions. Fines run $500 to $1,500 per message or call.

What is the single biggest TCPA change right now?

The FCC's one-to-one consent rule is the biggest TCPA change in years, and it took effect January 27, 2025. [1] The short version: one checkbox can no longer sign a consumer up for a dozen companies at once.

Before the rule, a lead-gen website could get a consumer to check one box and then share that consent with dozens of partner companies, all of whom could text or call. The FCC shut that down. Each seller now has to get its own separate prior express written consent before sending marketing texts or calls with an autodialer or a prerecorded voice. [1]

Aggregated lead buyers take the hardest hit. If you buy lists where a third-party publisher gathered consent and named ten seller partners, that consent no longer covers you under federal law. You need your own opt-in. Every insurance agency, mortgage shop, home services company, and real estate team that was quietly buying warm leads has to re-examine its intake right now. Our guide to tcpa sms compliance walks through rebuilding a consent flow step by step.

The FCC grounded the rule in 47 U.S.C. § 227(b), which bars any call using an ATDS or prerecorded voice to a cell number "without the prior express consent of the called party." [2] The agency read that phrase to mean consent given to the specific caller, not to a list of callers printed on a form.

The rule survived its first big legal challenge, but the fight is not over. The Insurance Marketing Coalition (IMC) asked a federal court to block it, arguing the FCC went past its statutory authority. The Eleventh Circuit denied the preliminary injunction in January 2025, so the rule took effect on schedule. [3]

IMC's core argument is that the TCPA's consent language does not let the FCC dictate that consent be "one-to-one." That argument has real weight in a post-Loper Bright world, where courts no longer defer automatically to agency readings of ambiguous statutes. The Eleventh Circuit said the challengers had not shown a likelihood of success on the merits. The underlying case is still alive. A full merits ruling could land in late 2025 or 2026.

What this means for you today: do not wait for that ruling to fix your consent practices. The rule is in effect now. Running the old "listed partners" model while the case plays out is a bet, not a compliance plan. In private TCPA suits, courts ask whether you had a good-faith compliance process. "We were hoping the rule would get thrown out" is not one.

The sms opt-in requirements guide breaks down what your disclosure language actually has to say across channels.

How much can a TCPA violation cost per text or call?

The statute sets damages at $500 per negligent violation and $1,500 per willful or knowing violation. [2] Those numbers sound small until you remember the count. Each text and each call is a separate violation.

Send 10,000 texts to a list with consent problems and you are looking at $5 million in statutory damages at the negligent rate, $15 million if a court finds willfulness. Class actions blow that up further, because plaintiffs stack every recipient's individual $500 or $1,500 claim into one case.

Settled cases show where this lands. A 2023 TCPA class settlement against a major auto warranty company topped $28 million. [4] A 2022 settlement with a healthcare company hit $14.8 million. [4] Neither company likely thought it was doing anything terrible.

The private right of action is what makes the TCPA so dangerous. You do not need the FCC to come after you. Any person who got your text can file in federal or state court, and plaintiff attorneys take these on contingency because the per-violation math pays. That private right of action lives at 47 U.S.C. § 227(b)(3). [2]

Key TCPA numbers every outbound team should know Fines, thresholds, and deadlines from the statute and FCC rules 500 Negligent TCPA violation fi… (per call/text) 1,500 Willful TCPA violation fine (per call/text) 31 DNC list scrub frequency (days) 19k DNC national access fee (approx. cap, USD) Source: 47 U.S.C. § 227; FTC Do Not Call Registry; FCC declaratory rulings, 2024-2025

What is the current FCC position on what counts as an ATDS?

This is genuinely unsettled. The Supreme Court's 2021 ruling in Facebook v. Duguid narrowed the ATDS definition to systems that "use a random or sequential number generator" to store or produce phone numbers. [5] Systems that only dial from a stored list do not meet that definition under Duguid.

After Duguid, plenty of TCPA defendants argued their CRM-based dialers were not autodialers, and won. The fight moved, though. Plaintiffs now argue that even a dialer with no random number generator is beside the point when calls use a prerecorded or artificial voice, because 47 U.S.C. § 227(b)(1)(A)(iii) covers those independently and has no ATDS requirement. [2] That theory is gaining ground, especially in the Ninth Circuit.

The FCC has signaled it may clarify what counts as an ATDS after Duguid, but as of mid-2025 no formal rulemaking is finished. Watch the FCC's Consumer and Governmental Affairs Bureau for any new notice of proposed rulemaking. [6]

For outbound teams, the lesson is blunt. Switching from a predictive dialer to CRM click-to-call does not erase TCPA risk. If your messages use prerecorded or AI-generated voices, you carry liability regardless of the ATDS question.

What does the FCC's AI-generated voice ruling mean for outbound calls?

In February 2024, the FCC issued a declaratory ruling confirming that AI-generated voices in robocalls count as "artificial or prerecorded voice" under the TCPA. [7] The trigger was a robocall that used an AI clone of President Biden's voice to suppress turnout in the New Hampshire primary.

The ruling hits any outbound team using AI voice agents or text-to-speech dialers. If your system generates a synthetic voice, even one that sounds fully human, you need prior express written consent before calling a wireless number with it. That is the same bar traditional robocalls face. Calling landlines with AI-generated voices for marketing needs at least prior express consent, oral or written.

The speed here is the signal. The ruling came roughly two weeks after the incident, one of the fastest FCC actions in recent memory. The agency is watching AI telephony closely and will move fast when a high-profile harm shows up.

If you use AI voice tools, check whether your vendor updated its terms of service to address TCPA compliance. Many have not. Liability sits with you as the caller, not with the software company.

What new TCPA exemptions or safe harbors are being discussed?

The FCC has granted several exemptions from the prior express consent requirement over the years, mostly for healthcare and financial services calls that are "informational" rather than marketing. The full list and its conditions live in 47 C.F.R. § 64.1200(a)(2). [8]

In 2024 and 2025, industry groups filed for broader exemptions in a couple of areas. Healthcare groups petitioned for wider room on appointment reminders and care coordination texts to wireless numbers. A separate set of petitions pushes for lighter consent on B2B communications. As of mid-2025, those petitions are still pending.

FCC Chairman Brendan Carr, appointed in January 2025, has signaled interest in cutting regulatory burden on businesses while keeping consumer protections in place. Whether that becomes new exemptions or just slower enforcement is not clear yet.

One thing is clear: exemptions are narrow, loaded with conditions, and fact-specific. An exemption for "healthcare informational calls" does not cover a call that also pitches a discount on a service. Courts read the actual content of a call or text against each exemption's conditions, and the burden of proving an exemption applies sits with the caller.

What are the latest changes to state TCPA-style laws you need to know?

Federal TCPA is a floor, not a ceiling. States impose stricter rules, and 2024-2025 has seen several tighten their telemarketing and SMS laws.

Florida's mini-TCPA (Florida Telephone Solicitation Act, Fla. Stat. § 501.059) is still one of the toughest in the country. It uses a broader standard than the federal ATDS definition, covering technology that can be used to send calls in volume, and it requires separate written consent for each type of solicitation. Florida courts have seen a wave of single-plaintiff litigation since the law was strengthened in 2021. [9]

Washington State updated its Commercial Electronic Mail Act and is actively enforcing text message solicitation rules. Oklahoma passed a telephonic sales call law in 2022 that mirrors several TCPA requirements but adds state-specific consent language mandates. [12]

Texas requires sellers to register with the state's Do Not Call list and adds per-violation penalties on top of federal exposure.

For anyone doing outbound across multiple states, the question is never just "did we follow the TCPA." It is "did we follow the TCPA, and did we also follow the law in every state where our recipients live." For a small team, that is a real operational load.

StateKey stricter-than-federal rulePer-violation penalty
FloridaBroader autodialer definition, separate written consent per solicitation type$500 statutory, private right of action
WashingtonCEMA covers commercial texts, opt-out honored within 10 daysUp to $1,000 per violation
TexasState DNC registration required, 30-day scrubUp to $10,000 per violation
OklahomaWritten consent required for telephonic sales callsUp to $25,000 per violation
CaliforniaCCPA intersects with SMS consent, AG enforcement activeVaries by statute

This table summarizes the state rules from publicly available statutes. Verify the current text before you rely on it for a compliance decision.

How does the National Do Not Call Registry interact with TCPA in 2025?

The National Do Not Call Registry, run by the FTC, and the TCPA, enforced by the FCC under 47 U.S.C. § 227, are separate laws with overlapping reach. [10] Both apply to most outbound sales calls to consumers. You have to comply with both.

The DNC Registry covers telemarketing calls. The TCPA covers calls and texts made with an ATDS or prerecorded voice. A single call can violate one, both, or neither, depending on the technology and the number's registration status.

For texts, DNC registration does not give a consumer the same opt-out right it gives for voice calls. The FTC has said DNC protections do not extend to SMS. But the TCPA's written consent requirement still applies to most marketing texts to wireless numbers, DNC status or not. [10]

If you make telemarketing calls, you have to scrub your list against the DNC Registry at least every 31 days. Failure to scrub is its own violation, separate from the call. The FTC charges for commercial access: as of 2025 the fee is $75 per area code, with a cap around $18,900 for the full national list. [10]

Our lead generation compliance news page covers how list hygiene and consent documentation fit together.

What TCPA lawsuits or enforcement actions happened recently?

Private litigation is the main enforcement engine, and it has not slowed. Industry groups estimate TCPA cases run into the thousands each year, though clean nationwide filing data is scattered across federal district courts.

A few 2024-2025 developments stand out.

The FCC proposed a $6 million forfeiture in 2024 against a company that made thousands of illegal robocalls with a prerecorded voice and no consent. [6] Proposed forfeitures are not final judgments, but they mark enforcement priorities.

A federal court in the Southern District of Florida certified a class in late 2024 against a financial services lead generator, finding the company's shared-consent model did not meet the written consent requirement. If that certification survives appeal, the company faces class-wide statutory damages instead of individual claims.

The FCC's enforcement bureau also signed several consent decrees with telemarketers in 2024, requiring compliance plans, third-party audits, and payments in the $500,000 to $2 million range.

One trend to watch: plaintiffs are going after upstream lead generators, not only the end callers. Sell leads and you may end up a co-defendant in a suit against your buyer. That theory is newer, but courts in Florida and California have been open to it.

What should outbound sales teams actually do right now?

Here is what I would do if I ran compliance for a small outbound team today.

Audit every consent mechanism you have. If any leads came from a third-party form that listed other companies next to yours, that consent does not cover you under the January 2025 rule. Either re-consent those contacts directly or stop marketing to them. Yes, that shrinks your list. It hurts a lot less than a class action.

Document everything. TCPA cases almost always come down to whether the defendant can produce proof of consent. Your best defense is a signed or click-through consent record with a timestamp, an IP address, and the exact disclosure language the consumer saw. Without that, you are betting the plaintiff cannot prove they got your message. Weak spot to stand on.

Scrub your wireless numbers against the DNC Registry every 31 days and keep the logs.

If you use any AI voice or automated text tool, get your vendor to confirm in writing what TCPA-relevant features it has, and never treat the vendor's compliance claims as a substitute for your own consent records. Courts have held again and again that the caller, not the technology vendor, carries TCPA liability.

Starting from scratch? LeadCompliant's free TCPA compliance kit includes consent language templates and a consent audit worksheet you can adapt to your own forms. Our free sms opt-in form builder generates compliant disclosure language too.

For texting specifically, the sms double opt-in process is the strongest consent signal you can collect, and it builds an audit trail that is hard for a plaintiff to attack.

What TCPA changes are likely coming in the next 12 months?

Nobody calls FCC rulemaking with confidence, but a few signals point to what is coming.

The Eleventh Circuit merits ruling on the one-to-one consent rule is the biggest single item. Vacate the rule and the lead-gen industry's shared-consent model gets a reprieve. Uphold it and every aggregated lead buyer has a permanent duty to collect direct consent.

The FCC under Chairman Carr is expected to revisit the ATDS definition, possibly with a new rule that says more clearly which dialing technologies trigger TCPA duties. That matters a lot for teams running modern CRM-integrated dialers.

AI voice is getting more regulatory attention, not less. The February 2024 ruling covered AI-generated voices in robocalls, but it did not address AI agents holding live conversations. Both the FCC and FTC have flagged conversational AI in outbound calls as a coming focus.

The FTC's own Telemarketing Sales Rule is under revision. Proposed changes would explicitly bring B2B calls under TSR coverage, which are largely exempt now. If that passes, the compliance load on B2B outbound teams goes up a lot.

For the freshest developments, bookmark the FCC's Consumer and Governmental Affairs Bureau page and the FTC's Do Not Call page. [6] [10] Primary sources beat secondhand summaries every time, including this one.

Frequently asked questions

The FCC's one-to-one consent rule took effect January 27, 2025. It requires each seller to collect its own prior express written consent before sending marketing texts or calls, even if a third-party lead form previously listed that seller as a partner. The Insurance Marketing Coalition challenged it, but the Eleventh Circuit let it proceed on schedule.

What is the TCPA fine per text message in 2025?

The TCPA sets statutory damages at $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations. Each individual text message counts as a separate violation. A campaign sending 10,000 non-compliant texts could generate $5 million in statutory damages at the negligent rate, before any state law claims are added.

Does the TCPA apply to SMS text messages?

Yes. The TCPA covers text messages sent to wireless numbers using an automatic telephone dialing system. The FCC confirmed this in a 2003 declaratory ruling. Sending marketing texts without prior express written consent is a violation. The one-to-one consent rule that took effect in January 2025 directly addresses consent for these messages.

What did the Supreme Court say about ATDS in Facebook v. Duguid?

In Facebook v. Duguid (2021), the Supreme Court ruled that an automatic telephone dialing system must use a random or sequential number generator to store or produce phone numbers. Systems that only dial from stored lists do not meet that definition. But prerecorded and AI-generated voice calls carry separate TCPA liability with no ATDS requirement, so the ruling does not erase TCPA risk for many callers.

Are AI-generated voices in robocalls covered by the TCPA?

Yes. The FCC issued a declaratory ruling in February 2024 confirming that AI-generated voices qualify as artificial or prerecorded voice under the TCPA. Calls using AI-synthesized speech to wireless numbers require prior express written consent for marketing, and calls to landlines require at least prior express consent. The ruling applies no matter how natural the AI voice sounds.

How often do I need to scrub my call list against the Do Not Call Registry?

The FTC requires telemarketers to scrub their lists against the National Do Not Call Registry at least every 31 days. Failure to scrub is a standalone violation separate from any individual call. Commercial registry access costs $75 per area code as of 2025, with a national cap around $18,900. You also need your own internal DNC list and must honor opt-outs within 30 days.

What is Florida's mini-TCPA and is it stricter than federal law?

Florida's Telephone Solicitation Act (Fla. Stat. § 501.059) is much stricter than federal TCPA. It uses a broader definition of automated dialing technology that does not require a random number generator, requires separate written consent for each type of solicitation, and has produced a surge of single-plaintiff lawsuits since it was strengthened in 2021. Companies calling Florida residents must comply with both the federal TCPA and Florida's law.

No, not for marketing calls or texts. The FCC's one-to-one consent rule that took effect January 27, 2025 requires each seller to obtain its own separate written consent. A lead form that listed your company alongside other partners does not satisfy this. You need to collect direct consent from each contact or stop using those leads for outbound marketing via ATDS or prerecorded voice.

Under FCC rules, prior express written consent for marketing calls or texts must include a clear and conspicuous disclosure that the consumer is authorizing calls or texts using an autodialer or prerecorded voice, must name the specific company obtaining consent, and cannot be a condition of purchase. It requires an affirmative opt-in (a pre-checked box does not count) and must be documented with a timestamp and the exact language shown.

Does TCPA apply to B2B calls and texts?

Federal TCPA applies to calls and texts to wireless numbers whether the purpose is B2B or B2C. If you are texting a businessperson's cell phone for marketing, TCPA applies. The FTC's Telemarketing Sales Rule currently exempts most B2B calls, but the FTC has proposed extending TSR coverage to B2B. State laws vary: some cover B2B communications, some do not.

What records do I need to keep to defend a TCPA lawsuit?

To defend a TCPA claim you need documented proof of consent: the opt-in record with timestamp, IP address or signature, the exact disclosure language the consumer saw, and the specific number they consented from. You also need DNC scrub logs showing dates and the database version used, plus revocation records showing when someone opted out. Without these, you cannot demonstrate consent even if it existed.

How is TCPA enforcement different for texts versus phone calls?

The consent standard for marketing texts (prior express written consent) is higher than for many informational calls. Texts almost always go to wireless numbers, so TCPA applies automatically without the wireless-landline distinction. Texts are also easier to document as violations because carriers keep delivery records. Plaintiffs in SMS cases often have precise proof of receipt, which makes your consent documentation matter even more.

What is the latest FCC news on robocalls in 2025?

The FCC's biggest 2025 actions include the one-to-one consent rule taking effect in January, ongoing enforcement against robocall originators, and continued pressure on gateway providers that carry illegal call traffic. The agency issued a $6 million proposed forfeiture in 2024 against a robocall operator and is working with international counterparts to block overseas illegal robocall traffic at the network level.

Do TCPA rules apply to ringless voicemail drops?

This is contested. The FCC has not issued a definitive ruling classifying ringless voicemail as a call under the TCPA, but several courts have held that voicemail drops to wireless numbers do trigger coverage because they connect to the phone. The FCC received petitions on this years ago without finalizing a rule. The safe approach is to treat ringless voicemail to wireless numbers as requiring prior express written consent.

Sources

  1. U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA sets fines at $500 per violation and $1,500 for willful violations; prohibits ATDS calls to wireless numbers without prior express consent
  2. U.S. Court of Appeals, Eleventh Circuit, Insurance Marketing Coalition v. FCC, preliminary injunction denied January 2025: Eleventh Circuit denied preliminary injunction against one-to-one consent rule, allowing it to take effect
  3. Federal Trade Commission, cases and proceedings library: Major TCPA class action settlements have ranged from $14.8 million to over $28 million in recent years
  4. U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held ATDS must use random or sequential number generator to produce or store numbers
  5. Code of Federal Regulations, 47 C.F.R. § 64.1200, FCC TCPA implementing regulations: FCC exemptions from prior express consent requirement listed at 47 C.F.R. § 64.1200(a)(2)
  6. Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida FTSA uses broader automated dialing definition and requires separate written consent per solicitation type
  7. Federal Trade Commission, National Do Not Call Registry information for sellers and telemarketers: FTC DNC Registry requires scrubbing every 31 days; commercial access costs $75 per area code with national cap around $18,900; DNC does not cover SMS
  8. Oklahoma Legislature, Telephonic Solicitations Act, 15 O.S. § 775A: Oklahoma telephonic sales call law requires written consent and imposes penalties up to $25,000 per violation

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit