What are the provisions of the TCPA? A plain-language breakdown

The TCPA has 6 core provisions covering robocalls, auto-dialers, prerecorded messages, fax, consent, and DNC rules. Violators face $500, $1,500 per call.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-09

Compliance officer reviewing call logs at a desk beside a telephone at dusk
Compliance officer reviewing call logs at a desk beside a telephone at dusk

TL;DR

The Telephone Consumer Protection Act (47 U.S.C. 227) has six main provisions: restrictions on automated dialers and prerecorded calls to cell phones, rules for calls to residential landlines, a national Do Not Call registry, limits on unsolicited fax advertising, opt-in consent requirements, and a private right of action that lets consumers sue for $500 to $1,500 per violation.

What is the TCPA and why does it exist?

The Telephone Consumer Protection Act became law on December 20, 1991, signed by President George H.W. Bush as Pub. L. 102-243 and codified at 47 U.S.C. 227 [1]. Congress passed it after years of consumer complaints about intrusive telemarketing calls, junk faxes, and the rise of automatic dialing equipment that could hammer hundreds of numbers per hour without a human touching a phone.

The law gave the FCC authority to write implementing rules, which now fill 47 C.F.R. Part 64 Subpart L [5]. It also gave individual consumers a private right of action. That's the part that keeps compliance officers up at night. You don't need the FCC or FTC to sue you. Any individual consumer can file in state or federal court, and class actions are common.

The statute has been amended several times. The Junk Fax Prevention Act of 2005 tightened fax rules. The FCC has issued dozens of orders interpreting the statute, most recently focusing on what counts as an automatic telephone dialing system after the Supreme Court's 2021 decision in Facebook v. Duguid [3]. The law is older than the modern smartphone, which is exactly why its application to modern outbound sales keeps generating litigation.

What are the six core provisions of the TCPA?

The statute organizes itself around the type of technology used and the type of number called. Here is how the provisions stack up:

ProvisionTechnology / ChannelWho it coversConsent required
1. ATDS calls/texts to cell phonesAuto-dialer or prerecorded voiceAny person with a cell numberPrior express written consent
2. Prerecorded calls to residential linesPrerecorded or artificial voiceResidential landline subscribersPrior express consent (oral or written)
3. Do Not Call rulesLive or automated callsAny telemarketerHonoring DNC requests within 30 days
4. National DNC RegistryLive or automated callsTelemarketersProhibition on calling registered numbers
5. Unsolicited fax advertisingFax machinesAny fax numberPrior express invitation or permission
6. Emergency and certain exempted callsAnyNarrow carve-outsNo consent required

Each provision carries its own consent standard, its own exemptions, and its own penalty exposure. A single outbound call can violate more than one provision at once. That's why class action settlements often reach into the millions even for relatively small calling campaigns. The credit one tcpa settlement and the truist bank tcpa class action settlement both show how fast per-call penalties compound when a company runs automated calling at scale.

What does the TCPA say about automatic telephone dialing systems?

Section 227(b)(1)(A) drives the most litigation of any provision in the statute. It prohibits using an automatic telephone dialing system (ATDS) or an artificial or prerecorded voice to call or text any cell phone number without the prior express consent of the called party [1].

The definition of ATDS in the statute reads: "equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator; and to dial such numbers." [1] That exact language from 47 U.S.C. 227(a)(1) became the center of a circuit split that the Supreme Court resolved in Facebook, Inc. v. Duguid, 592 U.S. 395 (2021) [3]. The Court held that a device must use a random or sequential number generator to both store and produce numbers in order to qualify as an ATDS under the statute. That ruling narrowed the definition a lot, though many dialers used in outbound sales still meet it, and plaintiffs' lawyers have found creative arguments around it.

For cell phone calls and texts, the consent standard is prior express consent at minimum for informational messages, and prior express written consent for marketing messages. The FCC's 2012 order (FCC 12-21) defined prior express written consent as an agreement that is signed (including electronically), clearly authorizes the seller to send autodialed or prerecorded calls or texts, and discloses that consent is not a condition of purchase [6]. If your consent language is buried in a terms-of-service paragraph that nobody reads, that is exactly the gap plaintiffs look for.

Texting is treated the same as calling under this provision. If your system sends marketing texts using any kind of automated platform that stores and dials numbers, you need written consent before you send the first message. See our breakdown of text message marketing for what that consent workflow actually looks like in practice.

TCPA key thresholds at a glance Statutory numbers every outbound team needs to know 500 $500 per violation (statuto… minimum damages) 1,500 $1,500 per violation (willf… violations) 31 31 days (max DNC scrub age before a 30 30 days (max time to honor internal DNC Source: 47 U.S.C. 227 and 47 C.F.R. Part 64 Subpart L

What are the TCPA rules for prerecorded calls to residential landlines?

Section 227(b)(1)(B) covers artificial or prerecorded voice calls to residential landline numbers. The rule is a bit less strict than the cell-phone provision. It requires prior express consent (not necessarily written consent) for non-commercial calls, but for commercial calls or calls that include an advertisement, the consent standard matches the cell-phone rule.

The FCC carved out several exemptions for this provision. Emergency calls that affect the health or safety of the consumer are exempt. Calls made for non-commercial purposes are generally exempt. Calls by or on behalf of tax-exempt nonprofit organizations get a carve-out. And calls to businesses are not covered by this particular subsection at all, though other provisions and state laws may apply.

One practical trap. If a residential number has been reassigned to a new subscriber who never consented to your calls, you can still face liability even though you had consent from the prior subscriber. The FCC's Safe Harbor for reassigned numbers provides one attempt at calling an unrecognized reassigned number before liability attaches, but the safest practice is to run your lists through a reassigned number database before each campaign [7].

What does the TCPA say about the Do Not Call Registry?

Section 227(c) directs the FCC to establish rules protecting residential telephone subscribers' rights to avoid unwanted calls. That authority produced the National Do Not Call Registry, now jointly administered by the FCC and FTC under 47 C.F.R. 64.1200(c) and 16 C.F.R. Part 310 [4].

The specific rules are:

  • Callers must scrub their call lists against the DNC Registry before making telemarketing calls to residential or wireless numbers.
  • The scrub must happen no more than 31 days before the call date.
  • Consumers who ask to be placed on your internal company-specific DNC list must be added within 30 days, and you must honor that request for at least 5 years [5].
  • You must maintain a written internal DNC policy and have it available on request.
  • Safe harbor exists if you can show you had established procedures, a written policy, trained staff, and accessed the Registry within the required window, and the call was a clerical error.

Registering to access the DNC Registry costs nothing for the first 5 area codes. Beyond that, the FTC charges annual fees (currently around $79 per area code, though this changes; check the FTC's site for current pricing) [4]. Failing to scrub is one of the simplest ways to get dragged into a TCPA suit. DNC violations are easy to prove and hard to defend.

What are the TCPA's fax advertising provisions?

Section 227(b)(1)(C) prohibits sending unsolicited advertisements to fax machines. An "unsolicited advertisement" is any material advertising the commercial availability or quality of property, goods, or services that is transmitted without the recipient's prior express invitation or permission [1].

The Junk Fax Prevention Act of 2005 added an established business relationship (EBR) exemption, but it comes with conditions [9]. Even if an EBR exists, the fax must include a clear and conspicuous opt-out notice on the first page, with a working fax number or cost-free mechanism to opt out, and the sender must honor opt-outs within 30 days.

Fax rules matter less than they did in 1991. But healthcare companies, insurance firms, and financial services companies still send fax communications at volume, and plaintiffs' firms specifically target this channel because the violations are easy to document. The albertsons safeway tcpa settlement shows that even large, sophisticated companies get caught in TCPA actions across multiple channels.

The consent requirements depend on the channel (fax, voice, text), the technology (ATDS vs. live dial), and the purpose (marketing vs. informational). Here is the practical hierarchy:

Prior express written consent (highest bar): Required for autodialed or prerecorded telemarketing calls and texts to cell phones. The FCC's 2012 order requires the written agreement to clearly authorize calls to a specific number, name the seller, and disclose that consent is not required for a purchase [6].

Prior express consent (middle bar): Required for autodialed or prerecorded informational calls to cell phones, and for prerecorded calls to residential landlines for commercial purposes. A consumer providing their phone number in connection with a transaction can often satisfy this, depending on context.

No consent required (lowest bar): Emergency calls, calls by non-profits for non-commercial purposes, and calls made with a live agent to a non-cell number where no prerecorded message is used.

The FCC in 2023 also adopted a one-to-one consent rule under the lead generation context, requiring that consent name the specific seller rather than a broad category of sellers [5]. This rule was challenged and vacated by the Eleventh Circuit in January 2025 on procedural grounds, so the prior multi-seller consent model is still in play, but litigation risk around broad consent language remains real. If you want to double-check your own consent language against current FCC guidance, LeadCompliant's free consent checker is a reasonable starting point.

The consent chain matters enormously in lead-generation scenarios. If a consumer fills out a form on a third-party website and you buy that lead, you need to verify that the consent captured actually names you (or your category) and was not obtained through deceptive means. Ignorance of a lead vendor's practices is not a defense.

What exemptions and safe harbors exist under the TCPA?

The statute and FCC rules create several genuine exemptions worth knowing:

Emergency calls: Calls "made necessary in any situation affecting the health and safety of consumers" are exempt from the ATDS and prerecorded voice restrictions [1]. Healthcare systems use this for appointment reminders after medical emergencies, but the exemption is narrow. Routine appointment reminders usually don't qualify.

Healthcare calls: The FCC has exempted certain healthcare-related calls from the prior express written consent requirement, reducing it to prior express consent when the call is made by a HIPAA-covered entity for certain treatment-related messages. Billing and marketing calls by healthcare companies do not get this exemption.

Established Business Relationship (EBR): The EBR exemption for residential landlines allows calls to someone who has made a purchase, inquiry, or application within the previous 18 months, or had a transaction within 3 months. This exemption does NOT apply to cell phones. Many callers make the mistake of thinking an EBR protects them for cell calls. It does not.

Reassigned number safe harbor: As noted above, one good-faith call to a number you did not know was reassigned can qualify for protection if you accessed an approved reassigned number database [7].

Internal EBR for DNC: You may call a residential number on the National DNC Registry if you have an established business relationship with that person (purchase or inquiry within 18 months; written request for information within 3 months) and the consumer has not asked to be placed on your internal DNC list.

Safe harbors are real but narrow. Courts scrutinize them closely, and the burden of proving you qualify falls on you.

What are the TCPA penalties per violation?

Section 227(b)(3) sets the private right of action: consumers can sue for actual damages or $500 per violation, whichever is greater. If the court finds the violation was willful or knowing, the court can triple damages to $1,500 per violation [1].

The TCPA has no cap. Each call is a separate violation. Each text message is a separate violation. A company that runs an autodialed campaign to 100,000 cell phone numbers without proper consent faces theoretical exposure of $50 million at $500 per call, or $150 million if a court finds the violations were willful.

State attorneys general can also sue on behalf of residents and seek injunctive relief. The FCC can pursue its own enforcement actions. But private class actions are by far the most common enforcement mechanism, and they dominate TCPA litigation. Settlement values range from a few hundred thousand dollars for small companies to hundreds of millions for large ones. The unitedhealthcare to pay $2.5m for alleged tcpa violations case, and the cash app tcpa class action settlement, both show how these cases resolve in practice.

The $500 per violation floor with no cap is the feature that makes TCPA the preferred statute for plaintiffs' class action firms. A single botched calling campaign can generate thousands of individual claims.

What calling hours and identification rules does the TCPA require?

The FCC's implementing rules at 47 C.F.R. 64.1200(c)(1) prohibit telemarketing calls before 8:00 a.m. or after 9:00 p.m. local time at the called party's location [5]. You go by the recipient's time zone, not yours. A call center in California calling a Florida number at 7:00 p.m. Pacific time is calling at 10:00 p.m. Eastern, which is a violation.

The rules also require that any person or entity making a telephone solicitation must provide their name, the name of the company on whose behalf the call is being made, and a telephone number or address at which that company can be contacted [5]. For prerecorded messages, this information must be provided at the beginning of the message or at the end.

Live calls must allow consumers to make real-time opt-out requests. Prerecorded messages must include an automated opt-out mechanism that is available throughout the call and lets a consumer opt out immediately. This applies to calls to both cell and residential numbers.

Abandonment rate rules under the FTC's Telemarketing Sales Rule (which runs parallel to the TCPA for many outbound scenarios) limit abandoned calls to 3% of all calls answered by a live person per campaign per day [8]. The TCPA and TSR often apply at the same time, so compliance teams need to track both.

How has the FCC updated TCPA rules in recent years?

The FCC has been active. A few changes you need to know about:

2021, Facebook v. Duguid: The Supreme Court narrowed the ATDS definition, holding that a dialer must use a random or sequential number generator to both store and produce numbers to qualify [3]. This helped some defendants, but litigation over what specific systems qualify continues across the circuits.

2023, FCC Declaratory Ruling on one-to-one consent: The FCC adopted rules requiring that TCPA consent in lead generation name the specific seller, not a category [5]. The Eleventh Circuit vacated it in January 2025 on procedural grounds, finding the FCC did not follow required notice-and-comment procedures. The substance of the rule may return through proper rulemaking.

2021, Reassigned Numbers Database: The FCC launched its official Reassigned Numbers Database (RND), which callers can use to check whether a number has been reassigned since they last had consent. Using the RND before calling provides a safe harbor for good-faith errors [7].

2024, AI-generated voices: The FCC issued a declaratory ruling in February 2024 clarifying that AI-generated voices in robocalls are "artificial" voices under the TCPA, meaning calls using cloned or synthesized voices require the same consent as any other prerecorded call [11].

The FCC's rules evolve through orders, declaratory rulings, and rulemaking proceedings. Checking tcpa news regularly is the most practical way for compliance teams to stay current without reading every FCC docket filing.

What should outbound sales teams actually do to comply with the TCPA?

Compliance is not complicated in theory, though it takes real process discipline in practice. Here is what actually reduces liability:

Get written consent before you market by phone or text. The consent record needs to be timestamped, tied to a specific phone number, and stored in a way you can retrieve it in discovery. Verbal consent logs and screenshot-based records are better than nothing but are hard to authenticate under cross-examination.

Scrub your lists. Run every list against the National DNC Registry within 31 days of the campaign. Run against your internal DNC list. If you're calling cell phones, run against a reassigned number database. LeadCompliant's free DNC checker handles the registry scrub and flags numbers you may need to review.

Know your technology. If your dialing platform stores numbers and dials them without a human manually initiating each call, talk to a lawyer about whether it qualifies as an ATDS under the post-Duguid standard. The answer depends on the specific system's architecture, not its marketing materials.

Call only during permitted hours in the recipient's time zone. Build this check into your campaign setup, not your training materials.

Honor opt-outs immediately. When a consumer says stop, the call ends. Prerecorded messages need an automated opt-out mechanism. Your internal DNC suppression must update within 30 days, but best practice is same-day.

Document everything. Consent records, DNC scrub logs, opt-out logs, employee training records, and your written DNC policy. These records are your defense in litigation. Without them, the safe harbor arguments fail.

If you want a structured starting point, the LeadCompliant compliance kit walks through consent language, scrub cadence, and opt-out workflows in one place. It's not a substitute for legal counsel on specific situations, but it gets small teams from zero to documented faster than starting from scratch. For geography-specific questions, a tcpa lawyer kentucky or any TCPA-experienced attorney in your state can review your specific setup.

And if you get sued despite doing everything right, knowing what a real TCPA class action looks like helps. The joseph snyder credit one tcpa case and the kaiser tcpa settlement claim deadline are both worth reading as case studies in how these actions play out from filing through settlement.

This article is not legal advice. If you're facing a TCPA claim or designing a high-volume calling program, retain qualified counsel.

Frequently asked questions

What are the main provisions of the TCPA?

The TCPA has six core provisions: restrictions on autodialed and prerecorded calls or texts to cell phones, rules on prerecorded calls to residential landlines, Do Not Call registry requirements, obligations to maintain an internal DNC list, limits on unsolicited fax advertising, and a private right of action allowing consumers to sue for $500 to $1,500 per violation. Each provision has its own consent standard and exemptions.

Does the TCPA apply to text messages as well as phone calls?

Yes. The FCC and courts have consistently held that text messages sent via an automatic telephone dialing system are 'calls' under 47 U.S.C. 227(b)(1)(A). That means marketing texts to cell phones require prior express written consent, the same standard as autodialed marketing voice calls. Informational texts require prior express consent at minimum.

Prior express consent means the consumer provided their number and agreed to be contacted, either verbally or in writing, in a context that made the type of call expected. Prior express written consent is a higher standard: a signed agreement (including electronic signatures) that specifically authorizes autodialed or prerecorded marketing calls or texts, names the caller, and states that consent is not required for a purchase.

What counts as an automatic telephone dialing system (ATDS) after Facebook v. Duguid?

After the Supreme Court's 2021 ruling in Facebook v. Duguid, a system qualifies as an ATDS only if it uses a random or sequential number generator to both store and produce the numbers it dials. Systems that simply dial numbers from a static uploaded list without generating numbers randomly may not qualify, though litigation over specific systems continues and the legal landscape is still developing.

How much can a company be fined per TCPA violation?

Each violation carries a minimum of $500 in statutory damages in a private lawsuit. If the court finds the violation was willful or knowing, damages can be trebled to $1,500 per call or text. There is no statutory cap, so a campaign reaching tens of thousands of consumers without consent can generate liability in the tens or hundreds of millions of dollars.

Does the established business relationship exemption apply to cell phone calls?

No. The established business relationship exemption applies only to calls to residential landlines registered on the National DNC Registry. It does not protect autodialed or prerecorded calls to cell phones. Many outbound teams make this mistake and expose themselves to significant liability when they assume a prior transaction excuses them from getting cell phone consent.

What are the required calling hours under the TCPA?

FCC rules at 47 C.F.R. 64.1200(c)(1) prohibit telemarketing calls before 8:00 a.m. or after 9:00 p.m. local time at the called party's location. The recipient's time zone controls, not the caller's. A call that is within hours in California but after 9:00 p.m. in Florida is still a violation.

Can consumers opt out of TCPA-covered calls and texts?

Yes, and honoring opt-outs is mandatory. Consumers can request to be placed on your internal Do Not Call list at any time. You must honor that request within 30 days and keep them suppressed for at least 5 years. Prerecorded calls and texts must include an automated opt-out mechanism that works in real time. Ignoring opt-out requests often turns a manageable TCPA exposure into a willfulness argument.

Are calls to businesses covered by the TCPA?

Mostly no. The TCPA's cell phone ATDS provision (Section 227(b)(1)(A)) and the residential landline prerecorded call rule (Section 227(b)(1)(B)) both focus on calls to residential subscribers and personal cell phones. Calls to business landlines with a live agent generally fall outside these provisions, though unsolicited fax advertising to businesses is still covered, and state laws may impose additional rules.

What is the TCPA's requirement for identifying the caller?

FCC rules require any person or entity making a telemarketing call to state their name and the name of the company on whose behalf the call is made, along with a phone number or address where that company can be reached. For prerecorded messages, this information must appear at the beginning or end of the message. Failure to identify the caller is itself a separate violation.

Yes. The FCC issued a declaratory ruling in February 2024 clarifying that AI-generated or cloned voices are 'artificial voices' under the TCPA. Any prerecorded or AI-synthesized voice call to a cell or residential number requires the same prior express consent that a human-recorded prerecorded message would require. The ruling closed a gap that some callers had tried to exploit.

How do you stop unwanted robocalls if you're a consumer?

Register your number on the National Do Not Call Registry at donotcall.gov. That covers most telemarketing calls. For calls that ignore the registry, you can file a complaint with the FCC or FTC. You also have the right to demand placement on a company's internal DNC list, and if calls continue after a documented request, you may have a TCPA claim worth pursuing. See our guide on how to stop robocalls for step-by-step instructions.

What records do you need to keep to defend a TCPA claim?

You need: timestamped consent records tied to specific phone numbers, DNC registry scrub logs showing the date of each scrub, internal DNC list records with opt-out timestamps, your written internal DNC policy, employee training records, and campaign-level dialing logs. Without these records, safe harbor defenses fail and courts tend to treat the absence of records as evidence of willfulness.

What is the TCPA's private right of action?

Section 227(b)(3) allows any individual consumer to sue in state or federal court without needing to first complain to a government agency. Consumers can seek actual damages or $500 per violation, whichever is greater, and up to $1,500 per violation for willful violations. Class action lawsuits aggregate thousands of individual claims, which is why TCPA class settlements often reach into the millions even for companies that ran relatively small campaigns.

Sources

  1. U.S. House of Representatives Office of Law Revision Counsel, 47 U.S.C. 227 (Telephone Consumer Protection Act): TCPA statutory text including ATDS definition, private right of action, and $500/$1,500 per-violation damages provision
  2. U.S. Supreme Court, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held ATDS must use random or sequential number generator to both store and produce numbers; narrowed the ATDS definition
  3. FTC, National Do Not Call Registry: DNC registry access fees, scrub requirements, and registration process for telemarketers
  4. FCC, 47 C.F.R. Part 64 Subpart L (Restrictions on Telemarketing and Telephone Solicitation): FCC implementing regulations for TCPA including calling hours (8am-9pm local), identification requirements, internal DNC list rules, 5-year suppression, and one-to-one consent rulemaking
  5. FCC, Reassigned Numbers Database: FCC's official Reassigned Numbers Database launched 2021; using it provides safe harbor for good-faith errors on reassigned numbers
  6. FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: TSR 3% call abandonment rate limit and DNC rules that run parallel to TCPA for outbound telemarketing
  7. GovInfo, Junk Fax Prevention Act of 2005, Pub. L. 109-21: 2005 amendment adding established business relationship exemption for fax advertising with required opt-out notice conditions
  8. GovInfo, Telephone Consumer Protection Act of 1991, Pub. L. 102-243: Original TCPA enacted December 20, 1991, including Congressional findings about consumer harm from automated calls and junk faxes

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit