Last updated 2026-07-09

TL;DR
The TCPA ground shifted hard in 2024-2025. The FCC's one-to-one consent rule went effective in January 2025, then got stayed by the Eleventh Circuit the same month. Class-action settlements crossed $100M in aggregate. Courts still split on what counts as an ATDS after Facebook v. Duguid. The consent playbook you trusted two years ago may not hold today.
What is the TCPA and why does telemarketing news matter right now?
The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, was signed in 1991. Its core structure has barely moved since [1]. What moves constantly is how the FCC reads it, how courts apply it, and what plaintiffs' lawyers decide to chase this quarter. The gap between the statute and its real-world enforcement is where your risk lives.
The statute makes it unlawful to use an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice to call or text a cell number without prior express consent [1]. Violators pay $500 per negligent violation and $1,500 per willful one. No cap per campaign. A single text blast to a million unconsented numbers is, on paper, $1.5 billion in exposure. That math is why this beat matters.
Recent years have been loud. The FCC issued a new consent rule in late 2023. Courts split on what qualifies as an ATDS after the Supreme Court's 2021 Facebook v. Duguid decision. Settlement dollars keep climbing. State attorneys general piled on with their own enforcement. If you run an outbound program, staying current is the job, not a nice-to-have.
What did the FCC's one-to-one consent rule actually require?
In December 2023, the FCC released a Report and Order that rewrote how lead generators share consent. It required prior express written consent for robotexts and robocalls to be obtained on a "one-to-one" basis. A consumer's single opt-in could no longer authorize contact from a list of unrelated sellers [2]. The old practice of bundling consent across dozens of companies in one disclosure was, in the agency's view, no real consent at all.
The rule took effect January 27, 2025. It lasted barely a day. The Eleventh Circuit stayed it that same month while a legal challenge proceeds [3]. So the one-to-one requirement is not in force right now. But the FCC's reading of what lawful consent means is on the record, and it will almost certainly return in some form. Teams that already rebuilt their consent flows are in better shape either way.
Here is the practical read. If your lead vendor sends you a shared opt-in that covers 20 other companies, you are still in gray territory even with the stay in place. Courts deciding individual cases can treat the FCC's reasoning as persuasive, no formal rule required. The stay killed the deadline. It did not bless bundled consent.
What happened to the ATDS definition after Facebook v. Duguid?
The Supreme Court's 2021 decision in Facebook, Inc. v. Duguid (592 U.S. 395) narrowed the ATDS definition to systems that use a random or sequential number generator to produce or store numbers [4]. Many industry lawyers read it as a win. Predictive dialers pulling from pre-loaded lists looked like they fell outside the definition.
Circuit courts since then have not agreed with each other. The Ninth Circuit generally follows the narrowed reading. Some district courts, especially in Florida and Illinois, have found that systems storing numbers produced by a random or sequential generator still qualify even when the generator is not firing in real time. The result is uncertainty that varies by zip code.
One thing does not turn on the ATDS fight at all. The prerecorded or artificial voice prohibition applies on its own [1]. If your dialer leaves a recorded voicemail, drops a ringless voicemail, or uses AI-generated speech, you need consent whether or not your system counts as an ATDS. Sellers who thought Duguid solved everything and stopped worrying about consent got caught by exactly this.
For how courts in your region are reading the ATDS question, check TCPA news regularly. The picture changes at the circuit level faster than most compliance calendars can track.
What are the biggest TCPA settlements in recent years?
Settlement dollars are the clearest signal of where plaintiffs' lawyers are hunting. These numbers are public.
| Company | Settlement Amount | Year | Core Allegation |
|---|---|---|---|
| Kaiser Permanente | $25M fund | 2024 | Calls to healthcare consumers |
| Wells Fargo | $18.5M | 2023 | Calls to reassigned numbers |
| Albertsons/Safeway | ~$9.5M | 2023 | Text messages without consent |
| Credit One Bank | ~$8M | 2022-2023 | Repeated calls after opt-out |
| UnitedHealthcare | $2.5M | 2023 | Automated marketing calls without consent |
| Truist Bank | TBD (active) | 2024 | Debt-collection robocalls |
| Cash App | Settled (active claims) | 2024 | Text messages to non-customers |
The UnitedHealthcare TCPA case, the Albertsons and Safeway TCPA settlement, and the Cash App TCPA class action all reward a close read. They show the exact fact patterns that lead to eight-figure exposure.
The Credit One settlement teaches a different lesson. The Joseph Snyder v. Credit One case (details here) shows how one persistent individual plaintiff, not a class, can drive real liability. And the Kaiser TCPA settlement is proof that healthcare organizations get no free pass.
The thread runs through all of them. Dirty opt-out records. Shared lead-gen consent. Calls that kept going after someone said stop.
What TCPA enforcement actions has the FCC taken recently?
The FCC's Enforcement Bureau has been busy on robocalls, but its cases mostly target upstream gateway carriers and spoofing operations, not individual marketers. The TRACED Act of 2019 (Pallone-Thune) gave the FCC authority to levy penalties up to $10,000 per call for intentional violations and stretched the enforcement statute of limitations to four years [5].
Across 2023 and 2024, the FCC issued multiple Notices of Apparent Liability against voice service providers that carried illegal robocall traffic. The Commission also mandated STIR/SHAKEN call authentication across all voice providers. That matters to outbound teams directly: unauthenticated calls get flagged or blocked by carriers more and more [6].
Here is a development worth flagging. The FCC finalized rules requiring voice providers to block calls appearing on a Reasonable Do Not Originate list. If your outbound caller ID matches numbers tied to prior enforcement, your calls may never reach a human, consent or no consent.
States moved on their own too. The National Association of Attorneys General coordinates multi-state robocall investigations. Texas, Florida, and Indiana have been among the most aggressive at bringing state-level telemarketing actions that run parallel to federal TCPA exposure.
How did the Eleventh Circuit stay of the one-to-one consent rule affect lead generators?
The Eleventh Circuit granted a stay in January 2025 after a coalition of insurance marketing organizations challenged the FCC's one-to-one consent rule as beyond the agency's statutory authority [3]. The core argument: the FCC cannot redefine "prior express consent" in ways the statute does not support, especially now that courts no longer automatically defer to agency readings of ambiguous law.
That last point comes from Loper Bright Enterprises v. Raimondo, decided in June 2024, which overruled the Chevron doctrine [7]. It matters enormously for TCPA rulemaking. The FCC can no longer count on courts deferring to its reading of what "consent" means or who counts as a "called party." Every FCC TCPA rule is now open to de novo judicial review.
For lead generators, the stay means the one-to-one rule is not enforceable today. It does not mean shared consent is safe. Individual plaintiffs and class counsel can still argue that consent obtained through a multi-seller disclosure is not "prior express written consent" as a matter of contract law and plain sense. Courts have bought that argument in individual cases without any FCC rule behind it.
The smarter play, even with the stay: collect consent as if one-to-one is coming, because the FCC's intent is clear and the legal current runs toward tighter consent specificity. Build for the rule you expect, not the gap you got.
What do recent cases say about consent revocation?
Consent revocation is one of the hottest sub-issues in TCPA litigation right now. The FCC issued a declaratory ruling in 2015 confirming that consumers can revoke consent at any time through any reasonable means [8]. Courts have enforced this broadly ever since.
A 2024 FCC Report and Order tightened the standard. Companies must honor opt-out requests within 10 business days and cannot force consumers into a single specified revocation channel [8]. The rule lets you send one text confirming the opt-out, then bars further texts after that confirmation.
Trouble lives in the gap between what your customer service reps hear and what actually updates in the dialer. A consumer says "stop calling me" to a live agent, then gets an automated call two weeks later. That is a lawsuit waiting for a filing fee. This process failure, not the original call, is what drives many settlements.
The Truist Bank TCPA class action turns on exactly this pattern: calls that continued after consumers asked for no further contact. Watch it. How the court treats effective revocation will ripple outward.
If you are building or auditing a compliance process, LeadCompliant's free consent and opt-out checker tools help you spot gaps in your revocation workflow before a plaintiff spots them for you.
What does TCPA compliance look like for text message marketing in 2025?
Text marketing sits where three things overlap: the TCPA's cell phone protections, the FCC's consent rules, and carrier-level filtering that has nothing to do with the law and everything to do with whether your message lands. The statute treats texts like calls to cell phones. You need prior express written consent to send marketing texts using an ATDS [1].
Compliant text marketing needs a clear opt-in that names the company texting, a description of message type and frequency, disclosure of data rates, and an easy opt-out (STOP works, and you cannot require more) [2]. Double opt-in is not legally required, but it cuts dispute risk a lot because it creates a timestamped record of affirmative consent.
Carrier filtering is a separate layer entirely. The major carriers run messages through spam detection and can block or throttle campaigns they flag as high-volume or complaint-heavy. This happens even when your campaign is fully legal. For the mechanics, both text message marketing and text messaging marketing guides go deeper.
The 10DLC registration system, required since 2023, is a carrier requirement, not a TCPA one. Unregistered 10DLC campaigns get filtered hard. If your delivery rates are sliding, that is usually the problem, not a legal one.
Nobody has clean industry-wide data on what share of text campaigns carry TCPA exposure. The closest proxy is complaint volume. The FCC logged over 65,000 TCPA-related complaints in fiscal year 2023, a large chunk involving texts [9].
What are the current rules on calling numbers on the National DNC Registry?
The National Do Not Call Registry, run by the FTC under 16 C.F.R. Part 310, bars telemarketing calls to registered numbers unless the caller has an established business relationship (EBR) with the consumer or the consumer gave express written consent to be called [10]. The EBR exception lasts 18 months after the last purchase or 3 months after an inquiry.
Companies must access the registry at least every 31 days to scrub their calling lists. The FTC can impose civil penalties up to $51,744 per violation (the 2024 inflation-adjusted figure) [10]. The FCC keeps its own DNC rules under 47 C.F.R. § 64.1200 that mirror the FTC's but apply to telephone solicitations specifically.
Here is the risk people forget. The internal do-not-call list requirement. The TCPA requires companies to maintain their own company-specific DNC list and honor requests immediately. A consumer who asks not to be called must be added within a reasonable time. Failing to keep this list is independently actionable, national registry or not.
Trying to stop robocalls hitting your own phone? The registry process and its limits are laid out at how to stop robocalls. For businesses, scrubbing against the registry is table stakes. It is no substitute for consent-based outreach on cell phones.
How are state TCPA-equivalent laws changing the compliance picture?
The federal TCPA is a floor, not a ceiling. Several states have telemarketing laws stricter in specific ways, and the trend runs toward more state action, not less.
Florida's Telephone Solicitation Act (FTSA), amended in 2021, created a private right of action for consumers who get unsolicited calls or texts made using an auto-dialer (defined more broadly than the federal ATDS) without prior express written consent [11]. The law set off a flood of litigation in 2022-2023 before the legislature tightened standing requirements in 2023. It is still a separate layer of exposure.
California runs the CCPA/CPRA alongside the TCPA, so data you collect during consent flows carries its own compliance obligations. Texas, Washington, and Oklahoma all have active telemarketing statutes that add registration or consent requirements.
The practical point that matters most: if your outbound program targets consumers in multiple states, you cannot design compliance around the federal minimum. Do a state-by-state review for your highest-volume calling states. For Kentucky-specific questions, including local counsel resources, see TCPA lawyer Kentucky.
State attorneys general have been aggressive here too. In 2024, a coalition of AGs sent a letter to major lead generators warning about consent practices, which usually reads as a precursor to enforcement.
What should outbound sales teams actually do differently right now?
Here is what the evidence says, stripped of the usual compliance theater.
Audit your consent records first. Not your consent language, your records. Can you pull a timestamped, source-attributed consent record for any number in your dialing pool inside 48 hours? If not, you have an evidence problem no policy document fixes.
Build revocation into your CRM, more than your dialer. When a consumer tells anyone on your team to stop calling, that has to propagate to every outbound system before the next campaign fires. The 10-business-day rule gives you a window. Courts look at whether you moved promptly, not whether you technically stayed inside it.
Stop buying shared lead-gen consent unless you can independently verify the consent named your company and your category. The one-to-one rule is stayed, but the logic behind it is steering courts today. A lead that costs $12 from an aggregator is a bad deal if it carries embedded TCPA exposure.
Get a real-time DNC scrub in place, not a monthly batch. The 31-day rule is a maximum interval, not a target. If a consumer registers today and you call them tomorrow off a 30-day-old list, you are technically in violation.
LeadCompliant's free TCPA compliance kit and DNC checker tools are built for small outbound teams that cannot afford enterprise legal ops. Use them to pressure-test your process before a plaintiff does it for you.
Document your internal DNC list and treat it as a legal record, not a marketing suppression file. In litigation, it is one of the first things produced in discovery.
What TCPA developments should you watch in the second half of 2025?
The Eleventh Circuit litigation over the one-to-one consent rule should reach a merits decision in late 2025 or early 2026. If the court kills the rule, the FCC will almost certainly rewrite it. The direction of travel is not in doubt. Only the timeline is.
The post-Loper Bright effects on TCPA rulemaking are still working through the courts [7]. Several pending cases challenge whether the FCC's prior declaratory rulings on consent revocation, ATDS definitions, and reassigned numbers carry the force of law without proper notice-and-comment rulemaking. If courts start vacating those rulings, the landscape gets less certain and, in some respects, more favorable to callers at the same time.
AI in outbound calling is the next front. AI-generated voices almost certainly count as "artificial" voices under the statute [1]. The FCC issued a declaratory ruling in February 2024 confirming that AI-generated voices in robocalls fall under the TCPA, prompted directly by a cloned voice used in political robocalls [12]. If your sales team is piloting AI voice agents, you need consent before the first word. No exceptions.
Watch for FTC rulemaking on click-to-call and lead generation disclosures. It sits apart from the TCPA but keeps bumping into consent practice.
Federal TCPA filings stayed high. WebRecon's litigation data shows TCPA was consistently among the top five consumer protection statutes by federal filing volume in 2023 and 2024 [13]. Settlement pressure keeps the class action machine running.
Frequently asked questions
What is the current penalty per TCPA violation in 2025?
The TCPA sets statutory damages at $500 per negligent violation and $1,500 per willful violation. There is no per-campaign cap. The FCC can impose separate administrative fines under the TRACED Act of up to $10,000 per call for intentional violations. The FTC enforces DNC rules with civil penalties currently set at up to $51,744 per violation, adjusted annually for inflation.
Is the FCC's one-to-one consent rule currently in effect?
No. The rule took effect January 27, 2025, then the Eleventh Circuit stayed it the same month while litigation over its legality proceeds. The rule required marketing consent to be specific to each individual seller rather than shared across multiple companies through a single opt-in. It is not enforceable now, but the FCC's stated interpretation of lawful consent remains on the record and can influence courts in individual cases.
Does the TCPA cover AI-generated voice calls?
Yes. The FCC issued a declaratory ruling in February 2024 confirming that AI-generated voices qualify as 'artificial' voices under 47 U.S.C. § 227. Calls using AI voice technology to cell phones require prior express consent, the same as any prerecorded message. The ruling was prompted by the use of a cloned voice in political robocalls during the 2024 primary season.
What counts as prior express written consent under the TCPA?
Under 47 C.F.R. § 64.1200, prior express written consent for marketing calls or texts requires a signed agreement (electronic signatures qualify) that clearly authorizes the specific seller to contact the consumer using an ATDS or prerecorded voice, includes the consumer's phone number, and is not a condition of purchase. A pre-checked box does not satisfy this standard. The consent must name the company, not a generic category.
How long do I have to honor a do-not-call request?
The FCC's 2024 consent revocation rules require companies to honor opt-out requests within 10 business days. Courts have historically expected faster action and have found companies liable for continuing calls after a clear revocation request even within the 10-day window. Most litigation arises from process failures, not response speed. The request must propagate to every dialing system, not only the one that received it.
What did Facebook v. Duguid decide about ATDS?
The Supreme Court held in 2021 that an ATDS must use a random or sequential number generator to store or produce telephone numbers. Systems that dial from pre-loaded lists without generating numbers randomly do not qualify as an ATDS under this reading. The ruling did not touch the prerecorded voice prohibition, which applies independently, and circuit courts have varied in how they apply Duguid to specific dialer architectures.
Can I still call cell phones for debt collection without consent?
Debt collection calls to cell phones using an ATDS or prerecorded voice require prior express consent. The consumer's provision of their cell number in connection with the debt generally establishes consent, but courts have been strict about which transactions establish that link. Debt collection is not exempt from the TCPA; it is only partially exempt from the FTC's Telemarketing Sales Rule. If you are calling on a debt with automated technology, you need a documented consent basis.
What is the TRACED Act and how does it affect outbound callers?
The TRACED Act, signed in 2019, raised maximum civil penalties to $10,000 per intentional robocall violation, extended the FCC's enforcement window to four years, and mandated STIR/SHAKEN call authentication across voice providers. For outbound teams, STIR/SHAKEN matters practically: calls without authentication are increasingly flagged as spam by carrier networks and may not reach consumers regardless of legal compliance.
Do state telemarketing laws add requirements beyond the federal TCPA?
Yes, significantly. Florida's Telephone Solicitation Act uses a broader auto-dialer definition than federal law and created a private right of action that set off mass litigation in 2022-2023. California's CCPA applies to data collected in consent flows. Texas, Washington, and Oklahoma have separate telemarketing registration and consent requirements. Outbound programs operating nationally need a state-by-state review for their highest-volume states, more than federal minimum compliance.
How do TCPA class actions typically get certified?
TCPA class actions are among the easiest consumer cases to certify because statutory damages are fixed (no need to prove individual harm amounts) and the class can be defined by call records the defendant already holds. Plaintiffs typically need a common question, like whether a specific text blast went out without consent, that applies to all class members. The $1,500 per willful violation figure makes even small classes economically significant for plaintiffs' firms.
What is the Loper Bright decision and why does it matter for TCPA compliance?
Loper Bright Enterprises v. Raimondo (2024) overruled the Chevron doctrine, so courts no longer automatically defer to federal agencies' interpretations of ambiguous statutes. For TCPA compliance, FCC rules and declaratory rulings are now subject to de novo judicial review. Every FCC interpretation of what counts as an ATDS, lawful consent, or proper revocation can be challenged in court without the FCC getting automatic deference. Expect more rulemaking litigation.
Does the National DNC Registry protect me from TCPA liability?
No. The National DNC Registry and the TCPA are separate frameworks. Scrubbing against the DNC Registry protects against FTC enforcement under the Telemarketing Sales Rule. The TCPA requires separate consent to use an ATDS or prerecorded voice for cell phone calls, regardless of DNC status. A number can be absent from the national registry and still require express written consent before you call it with automated technology.
What records should I keep to defend a TCPA lawsuit?
At minimum: timestamped consent records with the IP address, form URL, and exact consent language shown at opt-in; DNC scrub logs showing when each number was checked against the national registry and your internal list; opt-out logs showing when revocation requests came in and when the number was suppressed; and call records showing campaign timing relative to consent and revocation events. Courts scrutinize the gap between revocation and the last call most heavily.
Are ringless voicemails covered by the TCPA?
This is unsettled, but the FCC's position, stated across multiple proceedings, is that ringless voicemails are calls under the TCPA and require consent when delivered to cell phones. Several district courts have agreed. The argument that they are not 'calls' because the phone never rings has not prevailed in most courts that considered it. Treating ringless voicemails like any other cell phone contact is the conservative, defensible position.
Sources
- U.S. Government, 47 U.S.C. § 227 (Telephone Consumer Protection Act): The TCPA prohibits using an ATDS or prerecorded voice to call or text a cellular number without prior express consent; statutory damages are $500 per violation and $1,500 for willful violations.
- U.S. Court of Appeals, Eleventh Circuit, Insurance Marketing Coalition v. FCC (stay order, January 2025): The Eleventh Circuit stayed the FCC's one-to-one consent rule in January 2025 while litigation over its legality proceeds.
- U.S. Supreme Court, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): The Supreme Court held that an ATDS must use a random or sequential number generator to produce or store telephone numbers, narrowing the definition.
- Congress.gov, TRACED Act (Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act), Pub. L. 116-105: The TRACED Act increased FCC penalties to $10,000 per intentional robocall violation and extended the enforcement statute of limitations to four years.
- U.S. Supreme Court, Loper Bright Enterprises v. Raimondo, 603 U.S. 369 (2024): The Supreme Court overruled Chevron deference in June 2024, meaning courts no longer defer to federal agency interpretations of ambiguous statutes, affecting all FCC TCPA rulemaking.
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310 (National Do Not Call Registry): The FTC's Do Not Call rules impose civil penalties of up to $51,744 per violation (2024 inflation-adjusted figure) and require list scrubbing at least every 31 days.
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida's FTSA uses a broader auto-dialer definition than federal law and created a private right of action for consumers receiving unsolicited automated calls or texts.
- WebRecon LLC, Consumer Complaint and Litigation Statistics (2023-2024 Annual Report): TCPA filings were consistently among the top five consumer protection statutes by federal filing volume in 2023 and 2024.