Last updated 2026-07-10

TL;DR
The Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227, is a federal law from 1991 that restricts how businesses call, text, and fax consumers. It requires prior express consent before you use an autodialer or a prerecorded message, mandates Do Not Call scrubbing, and lets any consumer sue for $500 to $1,500 per violation. No FCC permission is needed to get sued.
What is the Telephone Consumer Protection Act (TCPA)?
The Telephone Consumer Protection Act is a federal statute, codified at 47 U.S.C. § 227, that Congress passed in 1991 after a wave of complaints about unsolicited telemarketing. The law gave the Federal Communications Commission authority to write the rules that put teeth in the statute. It also gave private citizens the right to sue companies directly in state court, without waiting for a government agency to act. That private right of action is why the TCPA fills class action dockets today.
The TCPA bans four categories of conduct. It bars using an automatic telephone dialing system (ATDS) or a prerecorded voice to call or text cell phones without the recipient's prior express consent. It bars prerecorded commercial calls to residential landlines. It created the National Do Not Call Registry, which the FTC now runs in coordination with the FCC. And it restricts unsolicited faxes. Most outbound sales teams collide with the first and third.
The statute defines "automatic telephone dialing system" as equipment with the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial those numbers [1]. Courts fought over that definition for more than a decade. The Supreme Court narrowed it in Facebook v. Duguid, 592 U.S. 395 (2021), holding that a system has to actually use a random or sequential number generator to qualify, more than have the theoretical capacity [2]. That gave predictive dialers running pre-loaded lists some room to breathe. Systems that generate numbers on the fly still carry heavy risk.
Read 47 U.S.C. § 227 directly. It is short. The FCC's implementing rules at 47 C.F.R. Part 64 fill in the operational detail [3].
What does TCPA compliance actually require?
TCPA compliance breaks into four buckets: consent, calling hours, identification, and Do Not Call. Miss any one and you have liability, even if you nail the rest.
Consent. For calls or texts to cell phones using an ATDS or prerecorded voice, you need prior express written consent for telemarketing, and prior express consent (which can be oral) for purely informational calls. The FCC's 2012 omnibus order tightened this, killing the old "established business relationship" exception for cell phones and requiring written consent for marketing calls [4]. If you are selling something, you need a signed (including e-signed) opt-in that names the caller, discloses that automated calls may come, and states that consent is not a condition of purchase.
Calling hours. The TCPA and its rules ban telemarketing calls before 8 a.m. or after 9 p.m. in the called party's local time zone. Not your time zone. Theirs.
Identification. Every artificial or prerecorded voice call has to state the business name and a phone number or address at the start of the message. On live calls, the agent gives their name and the company name on request.
Do Not Call. Scrub your list against the National DNC Registry at least every 31 days. Keep an internal DNC list too, and honor opt-outs within 30 days. One missed scrub can turn a 50,000-call campaign into 50,000 potential violations.
The one-to-one consent rule (2024). The FCC adopted a rule in December 2023 requiring that consent for AI-generated and lead-generator calls be specific to a single seller, not a blanket consent covering a crowd of companies [5]. It effectively ended the "consent farm" model, where one web form handed permission to dozens of unrelated businesses.
One practical note: the TCPA compliance checklist at LeadCompliant helps you map these requirements to your campaign type, whether that is outbound calls, SMS blasts, or both.
What are the TCPA penalties and how much do lawsuits actually settle for?
Statutory damages run $500 per violation for a standard violation and $1,500 per violation if the court finds the conduct willful or knowing [6]. There is no cap. Each call, each text, each fax counts separately. A campaign that sends 100,000 texts without proper consent carries up to $150 million in statutory exposure before a judge even weighs trebling.
Class action math is what makes the TCPA the most lucrative plaintiffs' litigation in the country. One lead list sold to multiple buyers, or a single campaign that skipped a scrub cycle, can balloon into a class of tens of thousands. Settlements follow that math.
Recent settlements show the scale:
| Company | Settlement Amount | Approximate Class Size | Year |
|---|---|---|---|
| UnitedHealthcare | $2.5 million | Not publicly specified | 2024 |
| Credit One Bank | $14.5 million | ~500,000 members | 2023 |
| Truist Bank | Undisclosed | Not specified | 2024 |
| Albertsons / Safeway | $9.5 million | ~4.4 million members | 2023 |
| Cash App (Block) | $15 million | Not specified | 2024 |
You can read the UnitedHealthcare $2.5M settlement details here, and for retail-sector exposure the Albertsons Safeway case is worth your time.
The defendant does not have to be a giant. Individual plaintiffs file single-plaintiff suits in small claims and federal court all the time. Professional TCPA plaintiffs, the "serial litigants," keep active cell numbers they hand to lead aggregators and then sue the callers. Filing costs a plaintiff almost nothing. Defending even a weak single-plaintiff case costs $15,000 to $50,000 in legal fees, which is why most settle fast.
Willfulness changes the size of the check. A company that kept calling after a consumer said "stop" faces treble damages. Courts have found willfulness when a company ignored its own compliance team's warnings, when it bought a known bad list, and when it failed to fix a broken DNC scrub after an earlier suit put it on notice.
Who does the TCPA apply to?
The TCPA applies to any person or entity that initiates or causes to be initiated a covered call or text. That reaches the company whose product is being sold, the call center dialing on its behalf, the lead generator that collected and sold the consent, and sometimes the software vendor whose platform placed the messages.
Size does not matter. The statute does not exempt small businesses, startups, or political campaigns from the auto-dialing rules (political calls to landlines have some exemptions). Nonprofits and charities get limited protection on the residential landline DNC rules but are not exempt from the cell phone consent rules.
B2B calls sit in a gray area. The TCPA does not explicitly exempt business-to-business calls, and calls to a cell phone used for business are generally covered if an individual uses that number. Courts have split. The safer position is to treat any call to a mobile number as potentially covered, whatever the recipient's job title.
If you run outbound sales, the question is not "do I think I'm covered?" It is "can I prove prior express written consent, and can I prove my list was scrubbed in the last 31 days?" If either answer is no, you have exposure.
What is the history of the TCPA and why does it still matter?
Congress passed the Telephone Consumer Protection Act in 1991 in direct response to constituent complaints. The House and Senate records from that period describe robocalling as one of the top consumer grievances of the era. President George H.W. Bush signed it into law on December 20, 1991 [7].
Through most of the 1990s and early 2000s, the TCPA was mostly a landline statute. The FCC's 2003 rulemaking created the National Do Not Call Registry and extended TCPA protections to cell phones for text messages. Litigation stayed modest.
The smartphone era changed all of it. By the late 2000s, marketers had cheap cloud autodialers, cheap contact lists, and millions of cell numbers to hit. TCPA class actions exploded. Federal TCPA filings climbed from roughly 1,000 in 2010 to more than 5,000 a year by the mid-2010s, per data tracked by WebRecon and cited across compliance analyses. Exact annual figures vary by source. The direction of the trend does not.
Regulatory milestones after 1991:
- 2003: FCC expands the rules and creates the DNC Registry alongside the FTC.
- 2012: FCC eliminates the established business relationship exception for cell phones and requires prior express written consent for telemarketing autodials [4].
- 2015: FCC's "Omnibus Declaratory Ruling" reads ATDS broadly and creates the reassigned numbers problem (calling a number reassigned to a new person after the original consent).
- 2021: Supreme Court narrows the ATDS definition in Facebook v. Duguid [2].
- 2023: FCC adopts a Reassigned Numbers Database safe harbor.
- 2024: FCC adopts the one-to-one consent rule, effective January 2025 [5].
For ongoing developments, the TCPA news tracker covers FCC rulemakings and major case outcomes as they land.
How does the TCPA define an automatic telephone dialing system (ATDS)?
This is the most litigated definition in the statute. 47 U.S.C. § 227(a)(1) defines an ATDS as "equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers" [1].
For years, plaintiffs argued that "capacity" meant any dialer that could be modified to spit out random numbers, even if it never did. Under that reading, almost every dialer qualified. Facebook v. Duguid rejected that in 2021, holding that the random or sequential number generator requirement applies to both the storing and the producing functions [2]. The Court said a system that simply stores and dials a pre-set list is not an ATDS under the statute.
What that means in practice:
- A predictive dialer working from a static CRM list is probably not an ATDS after Facebook v. Duguid.
- A system that generates numbers randomly or sequentially and then dials them is still an ATDS.
- A system that does both (pulls from a list or generates random numbers) likely qualifies.
State law muddies this. Florida's Mini-TCPA (FTSA) and Washington's CEMA define auto-dialers more broadly than the federal statute, so a system that is not a federal ATDS can still trigger state liability. The narrowing of the federal definition did not end TCPA exposure. It shifted some of it to state courts.
If your vendor tells you their dialer is "ATDS-safe after Facebook v. Duguid," get it in writing and make them explain exactly what the system does and does not do. Then have your own counsel read it. A vendor's word does not shield you from liability.
What consent do you need before calling or texting?
The TCPA recognizes two tiers of consent for telemarketing, plus a third category for purely informational calls.
Prior express written consent is required for telemarketing calls or texts to cell phones made with an ATDS or prerecorded voice. The FCC's rules at 47 C.F.R. § 64.1200(f)(9) define "written": a signed agreement (including electronic signature under E-SIGN) that clearly authorizes the specific seller to contact the consumer using auto-dialing or prerecorded voice, and that discloses those calls may be made with such technology [4]. The agreement cannot make consent a condition of purchase.
Prior express consent (not written) is enough for non-marketing calls like appointment reminders, fraud alerts, or order confirmations. Handing your cell number to a business for a service relationship is generally sufficient.
No consent is needed for purely informational calls to a residential landline with no commercial pitch. Prerecorded commercial calls to residential landlines still require written consent.
The 2024 one-to-one consent rule adds a layer: starting January 2025, a consumer's consent has to name the specific seller placing the call. A web form that says "I consent to be contacted by [Company] and its marketing partners" no longer covers the downstream partners who were not named [5]. That kills the lead-gen consent daisy-chain that powered a lot of outbound prospecting.
Document every opt-in. Keep:
- Date and time stamp of the opt-in.
- The exact consent language shown to the consumer.
- The URL or form where consent was collected.
- The consumer's IP address.
- The specific seller named in the consent.
Without that record, you cannot defend a TCPA suit. The burden sits on the caller to prove consent, not on the plaintiff to disprove it.
How does the National Do Not Call Registry work under TCPA?
The National DNC Registry, run by the FTC under the TCPA and the Telemarketing Sales Rule, lets consumers register residential or cell numbers to block most commercial telemarketing. Recent FTC reports put registrations at more than 240 million phone numbers [8].
As a telemarketer, you register with the FTC's system, pay an access fee (currently $70 per area code per year, or roughly $19,834 to access all area codes as of 2024, per the FTC fee schedule), download the registered numbers for the area codes you dial, and scrub your list against data no older than 31 days before each campaign [9]. Calling a registered number is a violation unless you have an established business relationship with that specific consumer (a purchase within 18 months, or an inquiry within 3 months) or the consumer gave you prior written consent.
Your internal DNC list matters just as much. When someone tells you to stop calling, add them to your internal list within 30 days and honor the request for at least 5 years. Call them again and that prior request becomes evidence of willfulness.
The FTC and FCC can both levy penalties for DNC violations, separate from private TCPA suits. FTC civil penalties for DNC violations can reach $51,744 per call under the Federal Civil Penalties Inflation Adjustment Act [10]. The FTC updates that figure yearly, so confirm the current number at FTC.gov.
For a plain-English guide to stopping unwanted calls as a consumer, the how to stop robocalls page covers the consumer side.
What is TCPA regulatory compliance in practice for an outbound sales team?
TCPA compliance is not a one-time project. It is a running operation with four continuous parts.
1. List hygiene. Before any campaign, run your list through the National DNC Registry (current download, within 31 days), your internal DNC list, and the FCC's Reassigned Numbers Database (RNDB) to catch numbers that changed hands since you collected consent. The RNDB launched in 2021 and gives a safe harbor: check a number, and if the RNDB shows no reassignment since your consent date, you have a defense against liability to the new number holder [11].
2. Consent documentation. Every number in a dialing campaign needs a consent record tied to it. Store those records in a database you can query by phone number. When a plaintiff's attorney sends a preservation letter or demand, you need to pull the consent record for any number in 24 hours, not 24 days.
3. Technology audit. Know what your dialer actually does. Can it generate random numbers? Does it run in preview, power, or predictive mode? Get written specs from your vendor. Document the mode you use for each campaign. Switch to a mode that functions as an ATDS and your consent requirements change.
4. Training. The agent who hangs up when a consumer says "take me off your list" and then has a supervisor call back has just created two violations. Agents need to know that opt-outs trigger immediate removal, that calling hours follow the recipient's local time, and that false or misleading identification is a separate violation.
LeadCompliant's free TCPA compliance kit walks each of these steps with templates for consent language, scrub logs, and internal DNC procedures. Treat it as a starting point, not a substitute for legal advice.
Text marketing carries its own wrinkles. A text sent through a platform that auto-sends, even from a short code or toll-free number, can trigger ATDS analysis. The text message marketing compliance guide goes deeper on SMS rules, including opt-out keywords and message frequency disclosures.
What are the most common TCPA violations and how do companies get caught?
The pattern across settled cases is remarkably consistent. A handful of failure modes drive most TCPA liability.
Using a dialer without confirming ATDS status. A company switches to a new SaaS dialer to scale outbound. Nobody asks whether the platform qualifies as an ATDS. Nobody collects express written consent. The first plaintiff's attorney who gets a call reverse-engineers the platform, finds a random-dial or sequential-dial capability in the API docs, and files a class action.
Calling reassigned numbers. A consumer gives a company their cell number five years ago, consents to calls, then changes carriers. The number gets reassigned to someone new. The company keeps calling. The new holder consented to nothing. The RNDB safe harbor helps here, but only if you use it.
Skipping the DNC scrub. Campaign lists often come from third-party data vendors. Vendors do not always pre-scrub against DNC. The caller is responsible regardless of what the data vendor claimed.
Ignoring revocation. A consumer says "stop calling me" on a recorded call. The agent marks the account "callback later" instead of flagging it for DNC. The next agent calls back. That second call after a clear revocation is almost always treble damages territory.
Lead generator consent chains. A consumer fills out a form for a home insurance quote. The fine print says they consent to calls from "partners." The list sells to 15 companies. The one-to-one consent rule now makes all 15 calls potentially non-consensual unless the consumer named each company.
The Credit One Bank TCPA settlement and the Joseph Snyder Credit One case show how debt-collection autodials to cell phones became one of the most common class action triggers. The Kaiser TCPA settlement shows that even healthcare companies with large compliance departments trip over the same failures.
How is TCPA enforcement different from FCC fines?
Most TCPA enforcement does not come from the FCC. It comes from private plaintiffs. That is what makes the statute unusual, and unusually dangerous.
The FCC can levy forfeitures for TCPA violations. The statutory maximum forfeiture is $10,000 per violation, up to $1 million per single act or failure to act [12]. The FCC does issue consent decrees and fines, especially for large-scale robocalling and spoofed caller ID cases (which also trigger the Truth in Caller ID Act). But FCC enforcement is slow, short on resources, and aimed at the worst actors.
The private right of action under 47 U.S.C. § 227(b)(3) lets any individual sue in state or federal court with no agency involved. They can seek actual damages or $500 per violation, whichever is greater. Courts can triple that to $1,500 for willful violations. Individual suits carry no class certification requirement, and class certification in TCPA cases is relatively clean because the core question, whether the defendant used an ATDS without consent, applies uniformly across the class.
State attorneys general can also sue on behalf of residents under 47 U.S.C. § 227(g), seeking up to $500 per violation per resident. That path gets used less often but adds another enforcement vector.
The upshot is simple. You are far more likely to face a private lawsuit than an FCC forfeiture. And private suits settle fast because the cost asymmetry favors plaintiffs. A defendant spending $30,000 to $100,000 in defense fees on a case that might settle for $5,000 often just settles to cut losses. That asymmetry is exactly why professional TCPA plaintiffs exist as a business model.
Does the TCPA apply to text messages and what are the SMS-specific rules?
Yes. The FCC ruled in 2003 that text messages are "calls" under the TCPA, and courts have upheld that reading ever since [13]. A text sent via an ATDS to a cell phone without prior express written consent for marketing is a TCPA violation, same as an autodialed voice call.
The SMS rules that matter most:
Opt-out must be instant and permanent. When someone texts STOP (or END, QUIT, CANCEL, UNSUBSCRIBE), you stop sending marketing texts to that number right away. One more message after a STOP request, beyond a single confirmation that the opt-out landed, is a violation.
Double opt-in is the gold standard. Send a confirmation text asking the subscriber to reply YES before you add them to a campaign. It cuts the risk of someone signing up a third party's number without consent.
Message frequency disclosure. The opt-in confirmation should state roughly how many messages per month the subscriber will get and that message and data rates may apply.
Short codes vs. long codes vs. toll-free. Platform type does not change TCPA liability. A 10-digit long code sending automated texts to a list gets the same ATDS analysis as a short code.
If you are building an SMS program, the text messaging marketing compliance guide covers carrier requirements (like Campaign Registry registration for 10DLC numbers) alongside the TCPA rules. Those are separate compliance tracks, and both need handling.
The Cash App class action settlement is a useful case study in how fast SMS campaigns create class liability. Read the details on the Cash App TCPA class action settlement page.
What should a small outbound team do right now to reduce TCPA risk?
Nobody has good data on exactly what share of TCPA suits hit small businesses versus large enterprises. Published settlement data skews toward big defendants because those cases make news. But plaintiff attorneys absolutely target small teams, often because they carry thinner documentation and fewer resources to fight.
Here is what actually moves the needle.
Stop using any dialer before you know its ATDS status. Ask your vendor, in writing: does this platform store or produce numbers using a random or sequential number generator? If the answer is fuzzy, treat it as an ATDS and get express written consent.
Build a consent record for every telemarketing number you call. If you cannot prove consent for a number, do not dial it with an autodialer. Manual dialing to numbers without consent is not a TCPA violation (the ATDS element is missing), but you lose scale. That is the tradeoff.
Scrub every list against DNC before every campaign. Set a calendar reminder. Make it one person's job, not everyone's job. Log the scrub date and the list version you pulled.
Run a same-day internal DNC process. When an agent gets a revocation, it goes into the do-not-call database that business day, not the next CRM sync.
Talk to a TCPA attorney before you scale. A one-hour consult with someone who actually handles TCPA defense, not general business counsel, runs $300 to $600 and can flag the three or four things in your process that are the real exposure. If you are in Kentucky or nearby states, the TCPA lawyer Kentucky page lists practitioners who focus here.
LeadCompliant's free compliance kit includes a scrub log template, a consent language library, and a dialer ATDS checklist. Start there, then have counsel review anything specific to your industry and call volume.
Frequently asked questions
What is the Telephone Consumer Protection Act (TCPA)?
The TCPA is a federal law, 47 U.S.C. § 227, enacted in 1991 that restricts unsolicited telemarketing calls, texts, and faxes. It requires prior express consent before using autodialers or prerecorded messages to reach cell phones, mandates scrubbing against the National Do Not Call Registry, and lets consumers sue for $500 to $1,500 per violation with no government agency involved.
What are the TCPA penalties per violation?
The TCPA sets statutory damages at $500 per violation for standard violations and $1,500 per violation when the court finds the conduct willful or knowing. There is no cap on total damages, so a campaign sending 100,000 texts without consent carries up to $150 million in statutory exposure before any trebling. Each call or text counts as a separate violation.
Does the TCPA apply to text messages?
Yes. The FCC ruled in 2003 that text messages qualify as calls under the TCPA. Sending marketing texts via an automatic telephone dialing system without prior express written consent is a violation carrying the same $500 to $1,500 per-message liability as an autodialed voice call. STOP requests must be honored immediately.
What consent is required under the TCPA for telemarketing calls?
Prior express written consent is required for autodialed or prerecorded telemarketing calls or texts to cell phones. The consent must be a signed agreement naming the specific seller, disclosing that automated calls may be made, and stating that consent is not a condition of purchase. Starting January 2025, a single form cannot grant consent for multiple unnamed companies.
Who enforces the TCPA?
The TCPA has three enforcement channels. Private plaintiffs can sue directly in state or federal court under the statute's private right of action, which is by far the most common path. The FCC can levy forfeitures up to $1 million per act or failure. State attorneys general can sue for residents at up to $500 per violation per resident. Most exposure comes from private class actions, not government enforcement.
What is the National Do Not Call Registry and how often must you scrub it?
The National DNC Registry, run by the FTC, lets consumers register phone numbers to block most commercial telemarketing. As a telemarketer, you download registered numbers for your target area codes and scrub your list against data no older than 31 days before any campaign. Calling a registered number without an established business relationship or prior written consent is a TCPA violation.
What did Facebook v. Duguid change about the TCPA?
The Supreme Court's 2021 decision in Facebook v. Duguid narrowed the TCPA's definition of an automatic telephone dialing system, holding that a system must use a random or sequential number generator, not merely store and dial a pre-set list. This gave predictive dialers working from CRM lists some legal room, but systems that generate numbers randomly still qualify as an ATDS.
Can a company be sued under the TCPA even if it used a third-party call center?
Yes. The TCPA applies to any person or entity that initiates or causes to be initiated a covered call. If your product is marketed through a call center making autodialed calls on your behalf, courts have found both the call center and the brand liable. Outsourcing the calling does not outsource the liability.
What is the one-to-one consent rule the FCC adopted in 2024?
The FCC adopted a rule in December 2023, effective January 2025, requiring that consent for autodialed marketing calls identify a single, specific seller rather than a group of unnamed partners. A web form saying the consumer consents to calls from the company and its marketing partners no longer covers those unnamed downstream callers. It effectively ended the lead-gen consent daisy-chain model.
Does the TCPA apply to B2B calls?
The TCPA does not explicitly exempt business-to-business calls. Calls to a person's cell phone are generally covered if an individual uses that number, regardless of whether the call is business-related. Courts have split on this, but the safer approach is to treat any autodialed call to a mobile number as potentially covered, even if the recipient uses it for work.
How long do you have to honor a Do Not Call or opt-out request?
You must add a consumer's opt-out request to your internal DNC list within 30 days and honor it for at least 5 years. For text messages, a STOP request must stop marketing messages immediately, with at most one confirmation reply. Calling or texting after a clear opt-out is strong evidence of willfulness, which triggers the $1,500 per-violation trebled damages.
What is the Reassigned Numbers Database and why does it matter?
The FCC's Reassigned Numbers Database (RNDB), launched in 2021, lets callers check whether a phone number has been reassigned to a new consumer after the date consent was collected. Check the RNDB before calling, and if it shows no reassignment after your consent date, you have a safe harbor defense against liability to the new holder. Access costs a small per-query fee.
What calling hours does the TCPA require?
The TCPA and its rules ban telemarketing calls before 8 a.m. or after 9 p.m. in the called party's local time zone, not the caller's. Calling an East Coast consumer at 8:30 a.m. from a West Coast office at 5:30 a.m. local time is compliant. Calling a West Coast consumer at 9:30 p.m. their time is a violation even if it is only 6:30 p.m. where you are.
Are there TCPA exemptions for nonprofits or healthcare companies?
Nonprofits and charities have limited exemptions from the residential landline Do Not Call rules for charitable solicitation calls. Healthcare companies get some latitude for patient care messages under an informational call exemption. Neither is exempt from the cell phone consent rules for autodialed marketing calls. The Kaiser and UnitedHealthcare TCPA settlements show that healthcare entities face full TCPA exposure.
Sources
- U.S. Code, 47 U.S.C. § 227 - Telephone Consumer Protection Act statute text: TCPA definition of automatic telephone dialing system as equipment with capacity to store or produce numbers using random or sequential number generator
- Supreme Court of the United States, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held that an ATDS must use a random or sequential number generator; systems dialing from a stored list do not qualify
- FCC, 47 C.F.R. Part 64 - Telecommunications implementing rules: FCC implementing rules for TCPA, including consent requirements, calling hours, and identification rules
- FCC, 2012 TCPA Omnibus Declaratory Ruling and Order (FCC 12-21), regulation codified at 47 C.F.R. § 64.1200: 2012 FCC order requiring prior express written consent for autodialed or prerecorded telemarketing calls to cell phones and eliminating the established business relationship exception
- U.S. Code, 47 U.S.C. § 227(b)(3) - TCPA private right of action and damages: Statutory damages of $500 per violation or actual damages, whichever is greater, trebled to $1,500 for willful violations
- FTC, National Do Not Call Registry Data Book FY2024: More than 240 million phone numbers registered on the National Do Not Call Registry
- FTC, Do Not Call Registry access fee schedule for telemarketers: DNC Registry access fee of $70 per area code per year; approximately $19,834 to access all area codes
- FTC, Civil penalty amounts under the Federal Civil Penalties Inflation Adjustment Act: FTC civil penalties for DNC violations can reach $51,744 per call, subject to annual inflation adjustment
- U.S. Code, 47 U.S.C. § 503 - FCC forfeiture penalties: FCC statutory maximum forfeiture is $10,000 per violation up to $1 million per single act or failure to act