Last updated 2026-07-11

TL;DR
The best TCPA update sources are the FCC's rulemaking docket at fcc.gov, the FTC's Do Not Call resources, PACER for case law, and a few specialty law blogs that track FCC orders within a day. Founders who skip this monitoring get blindsided by rule changes, like the FCC's one-to-one consent rule that took effect January 2025, and end up paying $500 to $1,500 per call or text.
Why do founders need to track TCPA updates at all?
The TCPA is not a set-and-forget law. Congress passed 47 U.S.C. 227 in 1991, but the FCC rewrites the implementing rules constantly through orders, declaratory rulings, and public notices. [1] A consent process that was clean in 2022 can be illegal by 2025. That is not hyperbole. The FCC's December 2023 one-to-one consent order, which took effect January 27, 2025, killed the lead generator loophole where a single checkbox could funnel one consumer to dozens of sellers. [2] If you were not tracking FCC rulemaking, you probably heard about that change from a plaintiff's attorney rather than your own.
The penalty math makes monitoring non-negotiable. A TCPA violation costs $500 per call or text for negligent violations and $1,500 for willful ones, with no statutory cap on class actions. [1] The Cash App TCPA settlement landed at $15 million. [3] Our cash app tcpa class action settlement breakdown shows how a company gets there from a single consent gap.
Small outbound teams often say they cannot afford a compliance attorney on retainer. Fair. But you can afford 20 minutes a week reading the right three or four sources. That is genuinely all it takes to stay current.
What are the most reliable primary sources for TCPA rule changes?
Primary sources are the regulators themselves. Read these before you read anyone's analysis of them.
FCC Electronic Comment Filing System (ECFS) is where every rulemaking proceeding lives. Go to fcc.gov and open the ECFS tool, then search docket 02-278 (the core TCPA docket) or 18-152 (the robotext docket). You can subscribe to email alerts for a specific proceeding. It is free, a little clunky, and completely authoritative. [4]
The FCC Consumer and Governmental Affairs Bureau posts finalized orders and public notices at fcc.gov. The bureau also publishes the full text of declaratory rulings, which matter a lot because courts treat them as binding interpretations of the statute.
FTC Do Not Call resources matter because the FTC enforces the Telemarketing Sales Rule alongside the FCC's TCPA rules, and the National Do Not Call Registry is an FTC program. [5] The FTC's annual reports to Congress on registry data tell you how many numbers are registered and where enforcement is heading. Find them at ftc.gov. For a plain-English explainer on what the registry actually covers, start with our do not call list page.
PACER at pacer.gov is where federal case law lives. TCPA class actions are filed in federal district courts. You do not need to read every complaint, but searching new filings for "TCPA" once a quarter gives you a real picture of the theories plaintiffs are winning on right now. [6]
Which law firm and practitioner blogs actually track TCPA changes in real time?
Secondary sources are where most founders should spend their daily reading time. A handful of blogs translate FCC orders into plain English, usually within 48 hours of a ruling.
Eric Troutman's TCPAWorld (tcpaworld.com) is the most active. Troutman is a defense-side TCPA attorney who publishes case summaries and FCC analysis almost daily. His takes skew toward the defense perspective, which is the perspective most relevant to outbound teams. There is a free newsletter.
Klein Moynihan Turco's blog covers TCPA and TSR enforcement. Lower volume than TCPAWorld, but a good signal-to-noise ratio. Strong on FTC enforcement actions, which TCPAWorld sometimes underweights.
Foley and Lardner's TCPA blog and Kelley Drye's Ad Law Access both cover FCC proceedings thoroughly. Kelley Drye has been embedded in FCC TCPA rulemaking for years, and their attorneys often file comments in the proceedings themselves, so their analysis tends to run ahead of the pack.
One honest caveat. All of these blogs are law firms looking for clients. Their analysis is generally accurate, but they have an incentive to make the regulatory environment sound scarier than it sometimes is. Read them for facts and citations, then form your own risk assessment.
Before you read these, our tcpa overview covers the statute's structure so you know what you are reading about.
How do you monitor FCC proceedings before they become final rules?
This is the real edge for founders: catching rule changes while they are still proposals, not after they are locked in.
The FCC's ECFS email alert system lets you subscribe to any docket number. When a new filing lands, whether a comment, a reply comment, or a Commission order, you get an email. For TCPA, set alerts on dockets 02-278, 18-152, and 21-402. That covers the core TCPA rulemaking, the robotext proceeding, and the one-to-one consent rulemaking.
FCC open meeting agendas post at least a week before each meeting at fcc.gov. Items that touch TCPA are listed by title. You do not need the full draft order (which is often not public before the vote anyway), but seeing a TCPA item on the agenda gives you a week to find analysis and start planning.
The FCC's news releases go out by email if you subscribe at fcc.gov. This is less granular than docket alerts, but it catches things that fall outside the main TCPA dockets.
Industry associations file heavily in TCPA proceedings, and their comment letters summarize the issues well. The Association of National Advertisers files in major TCPA proceedings, and its comment letters, public on ECFS, read like clean summaries of the questions at stake. That is free reading from lawyers who bill hundreds an hour.
What state-level sources should you track alongside federal TCPA updates?
Federal TCPA preempts state law in some areas but not all, and several states have telemarketing statutes stricter than the federal floor. If you skip state law, you are seeing half the picture.
California's Invasion of Privacy Act (CIPA), codified at Cal. Penal Code 630 and following, has been expanding through case law to reach chat bots, session replay tools, and voicemail drops in ways the TCPA does not. [7] Florida's Telephone Solicitation Act (FTSA), amended in 2021, added a private right of action for automated calls to Florida consumers with per-call damages. [8] Oklahoma, Texas, and Washington each run separate do-not-call regimes worth checking if you call those states hard.
The National Conference of State Legislatures at ncsl.org tracks state telemarketing legislation as bills move. Its legislation database updates as bills advance, and it is free. [13]
State attorney general sites are primary sources too. The AG offices in California, Florida, Texas, and New York issue press releases on telemarketing enforcement that signal where they are putting investigative resources. Those releases usually sit under "press releases" or "enforcement actions" on the AG's .gov domain.
For a closer look at state-level rules, our mobile phone do not call list page covers how mobile numbers interact with both state and federal DNC regimes.
How often do TCPA rules actually change, and what was the biggest recent change?
The FCC issues several TCPA-related orders per year. Not all are seismic, but one or two a year usually force you to update a process or a consent form.
Here is a rough timeline of the major changes in recent years:
| Year | FCC or Court Action | What Changed |
|---|---|---|
| 2015 | Omnibus TCPA Order | Broadened the ATDS definition; created a one-time opt-out safe harbor |
| 2018 | ACA International v. FCC | D.C. Circuit struck down the FCC's broad ATDS interpretation |
| 2021 | Facebook v. Duguid (SCOTUS) | Supreme Court narrowed ATDS to devices using random or sequential number generation [9] |
| 2023 | FCC one-to-one consent order | Required consent to be specific to one seller, effective Jan 27, 2025 [2] |
| 2024 | AI-generated calls ruling | FCC declared AI-generated voices in robocalls are "artificial" voices under the TCPA [10] |
The biggest recent change is the one-to-one consent rule. The FCC's December 2023 order said a consumer's consent to hear from a lead generator cannot be reused by multiple sellers downstream. The order requires consent to be "logically and topically associated with" the website where it was given, in the FCC's own words. [2] That single phrase invalidated most affiliate and co-registration consent flows the lead generation industry had leaned on for over a decade.
The AI voice ruling from February 2024 is the other big shift. The FCC held unanimously that AI-generated voices qualify as "artificial or prerecorded" voices under 47 U.S.C. 227(b)(1)(B), so any AI voice robocall to a cell phone or residential line without prior express consent is illegal. [10]
Are there newsletters or listservs worth subscribing to for TCPA news?
Yes, and a few are genuinely useful rather than pure promotion.
TCPAWorld has a free daily digest. High volume, but you can skim the headlines in two minutes. Worth subscribing even if you read 20 percent of it.
The International Association of Privacy Professionals (IAPP) at iapp.org publishes a daily privacy tracker that often catches TCPA-adjacent developments like state biometric laws and AI voice rules. The free tier covers most of what a small team needs.
FCC email news releases, direct from fcc.gov, belong on every compliance owner's list. Set it and forget it. When something important happens, you get a government-sourced email before any analysis exists.
For cold calling teams, the Sales Hacker and RevOps Co-op communities sometimes share TCPA news in their Slack channels. Quality varies wildly, so treat those as pointers to go verify, not as answers.
One thing worth saying flat out: LinkedIn is a terrible primary source for TCPA compliance. People post wrong information constantly, often because they read a law firm post that was itself wrong or outdated. See something on LinkedIn, find the underlying FCC order or court decision before you act on it.
How should a small team build a practical monitoring routine?
Most founders overcomplicate this. Here is what actually works for a team without a full-time compliance attorney.
Weekly, spend 15 minutes. Read the FCC news release email from the week. Skim the TCPAWorld headlines. If anything looks relevant, open it and read.
Monthly, spend one hour. Pull up PACER and search "TCPA" in your district court for new filings. Note the theories plaintiffs are using. Check your ECFS docket alerts for anything that hit the TCPA dockets. Review your consent flow against any new guidance.
Quarterly, do a structured review. Read the FCC's open meeting recaps from the past three months. Check NCSL for new state telemarketing bills that passed. If you call Florida or California heavily, check those state AG sites for enforcement actions in the past 90 days.
Once a year, pay an attorney. This does not have to cost tens of thousands of dollars. A single 90-minute TCPA compliance review with a specialist, running roughly $500 to $2,000 depending on complexity, catches things your own monitoring missed. Treat it as an insurance audit, not a luxury.
While you build the routine, LeadCompliant's free TCPA compliance checkers cover consent, DNC scrubbing, and call time windows, and the compliance kit gives you template consent language to adapt. That is a reasonable starting point before the attorney call.
How do major TCPA court cases signal where enforcement is heading?
FCC rules and court decisions are both primary law, and they sometimes point in different directions. Reading case law trends helps you see where the next litigation risk is sitting.
Facebook v. Duguid (2021) is the clearest example of a Supreme Court decision reshaping the compliance landscape more than any FCC order that year. [9] The Court's narrow reading of "automatic telephone dialing system" gave many predictive-dialer users a temporary sigh of relief. But plaintiffs' attorneys pivoted fast to consent and reassigned-number theories that do not require proving ATDS status, so litigation volume barely dropped.
Credit One Bank's TCPA settlement reached $12.5 million, a clean case study in how cell phone consent gaps turn into class action exposure. [11] Our credit one tcpa settlement page walks through what went wrong. The pattern in that case and dozens like it: a company had written consent for account-servicing calls but reused it for collections calls to reassigned numbers.
For current circuit-level decisions, Westlaw and LexisNexis are the gold standard but cost real money. On a budget, Justia (justia.com) indexes federal circuit and district court TCPA opinions for free, with full text. Set a Google Alert for "TCPA" plus "circuit" or "class certification" and you will catch most major opinions within a day or two.
The trend worth watching right now: courts increasingly scrutinize whether consent disclosures were clear enough to be enforceable, apart from whether they technically existed. A checkbox buried in a 47-paragraph privacy policy is not the same as informed consent in the eyes of most circuits.
What are the best sources specifically for SMS and text message TCPA compliance updates?
SMS compliance sits at the intersection of TCPA law, FCC carrier rules, and CTIA guidelines. You need sources that cover all three layers.
The CTIA, the wireless industry trade group, publishes its SMS and MMS messaging principles and best practices at ctia.org. Carriers like AT&T, Verizon, and T-Mobile apply CTIA guidelines when deciding whether to block or allow traffic. CTIA guidelines are not law, but carriers enforce them as if they were, so a practice that breaks CTIA guidelines will get your short code or 10DLC campaign suspended even if it does not break the TCPA directly. [12]
The Campaign Registry (tcr.com) is the 10DLC registration authority. It publishes status updates and rule changes for 10DLC campaigns on its site and by email to registered brands. If you run 10DLC for text marketing, subscribe.
FCC robotext proceedings (docket 18-152) are where the Commission handles text-specific issues. The FCC's 2023 robotext order strengthened carrier obligations to block texts flagged on tracking databases. [4]
For text message compliance in plain English, our text message marketing page is a good companion to the primary sources above.
One nuance that trips teams up: the one-to-one consent rule applies to texts exactly as it does to calls. If your SMS consent came through a co-registration flow, it almost certainly needs to be replaced. Do not wait to fix that.
How do you evaluate whether a source is actually reliable?
The TCPA information ecosystem has a real misinformation problem. Vendors with a financial stake in your compliance spending (dialers, lead platforms, text platforms) often publish compliance guides that understate their own product's risk or oversell how easy compliance is. That is not always dishonest. Sometimes it is just motivated reasoning. Either way, you need to spot it.
A reliable source has three traits. It cites the actual FCC order or statute section, not a description of it. If a post says "the FCC requires X" without citing the order, find the order yourself before relying on it. It separates what is legally required from what is best practice, because many guides blur the two. And it admits uncertainty. TCPA law has genuinely unsettled areas, especially around AI-generated content, reassigned numbers, and text-to-landline calls. A source that presents everything as clear-cut is oversimplifying.
For the DNC side, government sources are cleanest. The FTC's Do Not Call registry pages and annual reports are authoritative on how the registry works and which exemptions apply. [5] Our how do i get the do not call list and do not call telemarketer list pages cover the mechanics for outbound teams.
When in doubt, go one layer up. Find the actual FCC order, read the relevant paragraph, then read the blog's description of it. That takes five extra minutes and saves you from building a process on a misreading.
This article is not legal advice. It is a guide to finding reliable legal sources. For decisions that carry real financial exposure, talk to a TCPA attorney.
Frequently asked questions
Is there one single best TCPA update source for founders with no legal background?
TCPAWorld (tcpaworld.com) is the most accessible starting point. It publishes daily summaries of FCC actions and court decisions in reasonably plain language, and the free newsletter gets you most of what you need. Pair it with direct FCC email alerts from fcc.gov to catch things TCPAWorld might not flag right away. Between the two you cover the vast majority of material changes.
How do I set up an FCC alert so I know when TCPA rules change?
Go to fcc.gov, open the ECFS filing tool, and search for docket 02-278. On the docket page, subscribe to get email notifications when new filings arrive. Also subscribe to FCC news releases at fcc.gov. Together these two alerts cover formal rule changes and major announcements without making you check the site by hand.
What is the one-to-one consent rule and when did it take effect?
The FCC's December 2023 order requires consumer consent for telemarketing calls and texts to be specific to a single seller, not sharable across multiple companies through a lead generator. It took effect January 27, 2025. If your consent came through a co-registration or affiliate flow that listed multiple partners, that consent is likely invalid under the new rule.
Do I need to track state TCPA laws separately from federal rules?
Yes. Florida's FTSA, California's CIPA, and several other state statutes create independent liability even when your federal TCPA compliance is solid. The NCSL telemarketing legislation tracker at ncsl.org is a free way to monitor new state bills. State AG enforcement press releases are also worth checking quarterly if you have heavy call volume in California, Florida, Texas, or New York.
How did Facebook v. Duguid change TCPA compliance in 2021?
The Supreme Court's unanimous 2021 ruling in Facebook v. Duguid narrowed the definition of 'automatic telephone dialing system' to devices that use a random or sequential number generator. That meant many modern predictive dialers working from stored lists did not qualify as ATDS under the statute. Plaintiffs shifted to consent and reassigned-number theories, so litigation volume stayed high.
What does PACER have to do with TCPA compliance monitoring?
PACER (pacer.gov) is the federal courts' public records system. TCPA class actions are filed in federal district courts, and their complaints and class certification decisions are public on PACER. Monitoring new TCPA filings quarterly shows you which consent gaps and calling practices plaintiffs are targeting now, which beats waiting for a published law review article on the trend.
Are CTIA guidelines legally binding for SMS compliance?
CTIA guidelines are not law, but carriers treat them as enforceable conditions of their networks. Breaking CTIA's SMS messaging principles can get your 10DLC campaign or short code suspended, which effectively shuts down your text program. Because carrier enforcement moves faster than FCC enforcement, CTIA guidelines matter operationally even though they carry no statutory penalty on their own.
How much does a TCPA class action typically settle for?
Settlement amounts vary enormously by class size and whether willful violations are alleged. Major settlements include Cash App at $15 million and Credit One at $12.5 million. Smaller cases settle in the low millions or mid-six figures. Statutory damages of $500 to $1,500 per violation multiply fast in a class action, which is why settlement pressure runs high even when defendants believe they have strong defenses.
What is the FCC's ruling on AI-generated voices and TCPA?
In February 2024, the FCC unanimously ruled that AI-generated voices in robocalls qualify as 'artificial or prerecorded' voices under 47 U.S.C. 227(b)(1)(B). Any AI voice robocall to a cell phone or residential line without prior express written consent is illegal under existing TCPA rules. No new statute was needed; the FCC applied existing law to the new technology.
How often should a small outbound team review its TCPA compliance process?
A 15-minute source check each week, a one-hour deeper review monthly, and a structured audit quarterly is a reasonable cadence for a small team. Once a year, pay a TCPA specialist for a 90-minute review. The FCC issues material rule changes several times per year, and even a quarterly cycle catches most of them before they create liability.
Can I rely on my dialer or SMS platform vendor to keep me TCPA compliant?
No. Vendors are responsible for their tools, not your use of them. Courts have consistently held that the entity initiating the call or text is the one liable under TCPA, not the technology provider. Vendor compliance guides are useful starting points, but they have obvious incentives to understate risk. Always verify vendor claims against FCC orders or case law before building a process on them.
Where can I find the full text of the TCPA statute?
The full text of 47 U.S.C. 227 is available at uscode.house.gov. Search Title 47, Section 227. The FCC's implementing regulations sit at 47 C.F.R. Part 64, Subpart L, available at ecfr.gov. Read the actual statute at least once. Much of what circulates online as 'TCPA law' is a simplified version that drops important qualifications.
Sources
- Cornell Law School LII, 47 U.S.C. 227 (TCPA statute text): TCPA provides for $500 per violation for negligent violations and $1,500 for willful violations, with no statutory cap on class actions
- FTC, National Do Not Call Registry information: The FTC operates the National Do Not Call Registry and publishes annual reports on registry data and enforcement
- PACER, Public Access to Court Electronic Records: Federal TCPA class action complaints and decisions are publicly accessible through PACER
- California Legislative Information, Penal Code (California Invasion of Privacy Act, Section 630 and following): California CIPA creates separate state-law liability for wiretapping and eavesdropping that courts have applied to digital communications tools
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. 501.059: Florida FTSA as amended in 2021 added a private right of action for automated calls to Florida consumers
- Supreme Court of the United States, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court unanimously narrowed ATDS definition to devices using random or sequential number generation
- LeadCompliant, Credit One TCPA Settlement overview: Credit One TCPA settlement reached $12.5 million, driven by consent gaps in cell phone call programs
- National Conference of State Legislatures, Telemarketing legislation tracker: NCSL tracks state telemarketing legislation as bills move through state legislatures