Last updated 2026-07-10

TL;DR
The Telephone Consumer Protection Act (47 U.S.C. § 227), enacted in 1991, establishes federal restrictions on robocalls, auto-dialed calls, prerecorded messages, and unsolicited fax and text messages. It sets consent standards, quiet-hours limits, a do-not-call registry, and statutory damages of $500 to $1,500 per violation. The FCC writes the implementing rules.
What exactly does the TCPA establish?
The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, is a federal statute enacted on December 20, 1991 [1]. It establishes four things. Who you can call and text (consent). When you can call (time-of-day limits). What technology you can use without extra consent (the autodialer and prerecorded-voice rules). And what it costs you when you get it wrong (statutory damages).
The FCC administers the TCPA and has the authority to write implementing regulations under 47 U.S.C. § 227(b)(2) [2]. That matters because the statute itself is short. Most of the detailed rules, like the definition of an automatic telephone dialing system (ATDS) and how consent must be documented, live in FCC orders, not in the original text of the law.
Congress passed the TCPA after decades of complaints about telemarketing calls that disrupted dinner, woke up families, and rang through the night. The statute answered that frustration by giving consumers a private right of action, meaning individuals can sue callers directly without waiting for the government to act [1]. That private right of action is why TCPA litigation has exploded since the 2010s.
One more thing worth knowing from the start: the TCPA applies to businesses calling consumers and, in some cases, to calls placed to business lines. The B2B picture is genuinely more complicated, and the exemptions are narrower than most sales teams assume. The TCPA B2B exemption for AI calls guide covers that in detail.
What technology does the TCPA restrict?
The statute restricts three categories of technology [1]:
1. Automatic telephone dialing systems (ATDS), defined in the statute as equipment with the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial those numbers. 2. Prerecorded or artificial voice messages. 3. Unsolicited fax advertisements.
The ATDS definition is the single most litigated phrase in the statute. The Supreme Court settled part of the fight in Facebook, Inc. v. Duguid (2021), holding that a system qualifies as an ATDS only if it uses a random or sequential number generator to store or produce the numbers it dials [3]. That decision narrowed the definition and killed a wave of cases where plaintiffs argued any database-driven dialer counted. Prerecorded-voice calls stay restricted no matter how the number was generated, so Facebook matters less for robocall cases than for cases about live-agent dialers.
Text messages count as "calls" under the TCPA. The FCC took that position in 2003, and courts have agreed ever since [2]. Every SMS or MMS you send with an automated or bulk-messaging platform is subject to the same consent rules as a phone call to a cell number.
Fax restrictions under 47 U.S.C. § 227(b)(1)(C) apply to "unsolicited advertisements" sent by fax, even to established business contacts, unless the sender has an existing business relationship and includes a specific opt-out notice. Fax rules come up far less often than cell and text rules. They still generate lawsuits.
What consent does the TCPA require?
This is where most compliance failures happen. The TCPA does not use one consent standard for everything. It uses three tiers depending on the type of call or message and the type of line being called [2].
| Call/Text Type | Line Type | Consent Required |
|---|---|---|
| Prerecorded or ATDS call | Residential landline | Prior express consent (any written or oral agreement) |
| Prerecorded or ATDS call | Cell phone | Prior express consent (any clear agreement) |
| Telemarketing prerecorded or ATDS call | Cell phone or residential | Prior express written consent (signed, specific, and identifying the seller) |
| Live agent, non-ATDS call | Any | No TCPA consent required (DNC rules still apply) |
The FCC's 2012 order tightened the standard for telemarketing calls and texts [8]. Before that order, an established business relationship was enough to skip consent. After it, you need prior express written consent for any marketing call or text to a cell phone using an ATDS or prerecorded message, no matter whether you've done business with that person before.
"Prior express written consent" means an agreement, in writing, that bears the signature of the person called and clearly authorizes calls to a specific phone number using an autodialer or prerecorded message, and that discloses that agreeing is not a condition of purchase [2]. The FCC allows electronic signatures under the E-SIGN Act. A pre-checked checkbox does not satisfy this standard. The person has to affirmatively check the box or take some other action that signals agreement.
One area where honest uncertainty still exists: how specific does the consent need to be about who will be calling? A 2024 FCC order tried to require one-to-one consent (one consent form, one named seller), but the Eleventh Circuit vacated that rule in January 2025 in Insurance Marketing Coalition v. FCC [4]. As of mid-2025, the lead-generation consent landscape is back to the pre-2024 standard. That standard is less restrictive but still requires the consumer to clearly agree to receive calls from the company doing the calling.
What calling-hour restrictions does the TCPA establish?
The TCPA and its implementing regulations prohibit telephone solicitations to residential numbers before 8 a.m. or after 9 p.m. local time at the called party's location [2]. That last phrase matters. You use the time zone of the person you're calling, not your own.
These restrictions apply to telephone solicitations, which the regulations define as calls or messages to encourage a person to buy goods or services. Informational calls, debt collection calls, and survey calls follow different rules (though they may still hit Do Not Call restrictions or state laws that go further).
The FCC and FTC's National Do Not Call Registry rules, which apply alongside the TCPA, use the same 8 a.m. to 9 p.m. window [5]. Some states set tighter hours. Florida's Mini-TCPA (the Florida Telephone Solicitation Act, amended in 2021) restricts calls to 8 a.m. to 8 p.m. [6]. If you're calling into states with tighter rules, honor the state window, not the federal one.
A practical note: the regulation says "local time at the called party's location." Area codes are a poor proxy for time zone after number portability. If you can't reliably map the number to a time zone, default to the most restrictive reasonable assumption or run a carrier lookup to get the state before you dial.
What does the TCPA establish about the Do Not Call list?
The TCPA authorized the creation of a national Do Not Call (DNC) registry [1]. The FTC built and operates the registry under the Telemarketing Sales Rule (16 C.F.R. Part 310), but TCPA enforcement reaches DNC violations through the FCC's implementing regulations at 47 C.F.R. § 64.1200 [2][5].
Any residential phone subscriber can register a number at donotcall.gov. Telemarketers have to access the registry, remove registered numbers from their lists, and honor registrations within 31 days of the consumer signing up [5]. Numbers stay on the registry permanently. A 2007 rule removed the old five-year expiration [9].
The TCPA also requires every telemarketing organization to keep its own internal DNC list. If a consumer asks to stop receiving calls, the company must honor that request and add the number to its internal suppression list. The FCC's rules say companies must honor internal DNC requests for five years from the date of the request [2].
For a look at how enforcement plays out in real life, the UnitedHealthcare $2.5M TCPA settlement and the Albertsons/Safeway TCPA settlement show what happens when DNC compliance breaks down at scale.
What are the TCPA's penalties and who can enforce them?
The TCPA establishes statutory damages of $500 for each call, text, or fax made in violation of the statute [1]. If a court finds the violation was willful or knowing, it may treble damages to $1,500 per violation [1]. The statute puts no cap on total damages in a class action, which is why TCPA class actions regularly settle in the tens of millions.
The statutory text at 47 U.S.C. § 227(b)(3) reads: "A person or entity may, if otherwise permitted by the laws or rules of court of a State, bring in an appropriate court of that State an action based on a violation of this subsection or the regulations prescribed under this subsection to recover actual monetary loss from such violation, or to receive $500 in damages for each such violation, whichever is greater." [1]
Three groups can bring enforcement actions. The FCC can act against violators. State attorneys general can bring parens patriae actions on behalf of residents. And private plaintiffs, most often, can sue individually or as a class. The private right of action is the engine of TCPA litigation. Plaintiffs don't have to prove actual harm, only that a violation occurred.
Real settlements show the exposure. The Credit One TCPA settlement reached $12.5 million. The Cash App TCPA class action and the Truist Bank settlement are recent examples of how fast liability compounds when a company makes even a small number of improper calls to a large list.
One distinction to hold onto: you don't have to intend to break the law to owe the $500 penalty. Strict liability applies to most violations. Willfulness, which triggers the $1,500 treble, means you knew or should have known the calls were prohibited.
What exemptions does the TCPA establish?
The statute and FCC rules carve out several categories of calls that are exempt from some or all restrictions [1][2].
Emergency calls get a blanket exemption. Calls made with the prior express consent of the called party are permitted (consent is the main pathway for marketers). Calls that aren't made for a commercial purpose are exempt from the telemarketing consent standard, though other restrictions may still apply.
The FCC has granted more exemptions by order over the years, including certain healthcare-related calls (appointment reminders, prescription notifications), calls from financial institutions about fraud alerts, and free calls from package delivery services about deliveries in progress [2]. These exemptions are specific and conditional. A healthcare company can't assume all its calls are exempt just because some are.
Government calls are exempt from the TCPA's robocall restrictions. Calls made by or on behalf of tax-exempt nonprofits are also exempt from the DNC registry rules, though they still can't use prerecorded voices to call cell phones without consent.
The "established business relationship" (EBR) exemption is one people misread constantly. After the FCC's 2012 order, an EBR no longer exempts you from the prior express written consent requirement for autodialed or prerecorded telemarketing calls to cell phones [8]. An EBR still gives you some protection for calls to residential landlines, up to 18 months after the last transaction or 3 months after an inquiry, but cell phones are a different story [2]. The TCPA existing business relationship guide covers this in full.
How has the TCPA been updated since 1991?
The statute has been amended a few times, but most of the law's evolution has come through FCC rulemaking and court decisions rather than acts of Congress [2].
The big legislative additions came in 1992 and 2005 through the Junk Fax Prevention Act, which shaped the fax advertising restrictions. The FTC's creation of the National DNC Registry in 2003 was a regulatory expansion, not a statutory amendment, though Congress later codified DNC protections [9].
The TRACED Act (Telephone Robocall Abuse Criminal Enforcement and Deterrence Act), signed in December 2019, strengthened enforcement by raising penalties and requiring carriers to implement STIR/SHAKEN caller ID authentication [7]. It also extended the FCC's enforcement statute of limitations from one year to four years.
The Supreme Court's Facebook v. Duguid decision in 2021 narrowed the ATDS definition, shrinking the reach of the law in some ways [3]. The FCC's 2024 one-to-one consent rule, vacated by the Eleventh Circuit in 2025, tried to expand protections for consumers in the lead-generation context [4]. That back-and-forth tells you something honest about where the law sits. It's actively contested, and neither the FCC nor the courts have settled every question.
For current developments, the TCPA 2025 update guide and our telemarketing rules news section track FCC orders and court decisions in near-real time.
What does the TCPA establish for text message marketing?
Text messages sent through any automated or bulk platform are treated as calls to a telephone number under the TCPA. The FCC took that position in its 2003 report and order, and courts have applied it consistently [2]. All the same consent, time-of-day, and DNC rules apply to texts.
For marketing texts, you need prior express written consent before the first message. That consent has to name your company (or clearly identify the sender), describe the type of messages the consumer will get, and include a disclosure that message and data rates may apply. You also have to provide an easy opt-out and honor opt-outs right away.
The opt-out piece trips companies up more than the initial consent does. If someone texts STOP and you send one more message that goes beyond a clean confirmation, that can be a violation. The FCC permits one final confirmation message after an opt-out, as long as it has no marketing content and no links to websites [10].
Most professional SMS platforms handle STOP and HELP responses automatically. The risk usually hides in how companies handle list imports from outside sources, where consent was supposedly obtained but the documentation is thin. The text message marketing and text messaging marketing guides go deeper on compliant campaign setup.
At LeadCompliant, the free TCPA compliance kit includes a consent-documentation checklist built for SMS programs. Run through it before you launch any new text campaign.
What is the practical impact of the TCPA on outbound sales teams?
The TCPA does not ban outbound calling or texting. It regulates how you do it. A small outbound team that follows three core practices will avoid most of the statute's bite.
Scrub your lists. Before every campaign, check your calling list against the national DNC registry (commercial access requires a subscription through donotcall.gov) and your internal suppression file [5]. Skip this step and call a registered number for marketing, and you have no defense.
Document consent. For any campaign using an autodialer, predictive dialer, or prerecorded message, you need written consent records that show when and how the consumer agreed, what they agreed to, and which number they gave you. If you can't produce that record in litigation, you lose.
Treat opt-outs as immediate obligations. The moment someone says stop, you stop. That applies to calls and texts both. Internal DNC lists have to be kept for at least five years [2].
The cost of getting this wrong is not theoretical. The Joseph Snyder v. Credit One case and the Kaiser TCPA settlement show how individual cases and class actions develop. Neither started as a massive enforcement action. Both grew from routine outbound calling that ignored consent or DNC obligations.
If you want help structuring these practices, the TCPA guidelines resource and the LeadCompliant free compliance kit are the clearest starting points we know. Neither substitutes for actual legal counsel if you're facing a lawsuit or a regulatory inquiry.
Where can you find a TCPA lawyer if something goes wrong?
If you get a demand letter alleging TCPA violations, or you're served in a class action, you need a lawyer who handles TCPA defense specifically, more than a general business litigator. The statute's technical definitions and the pile of FCC orders behind them take real familiarity.
State-specific resources matter because TCPA cases usually land in federal district court, but the plaintiff's home state drives where. Start with your state bar's referral service or look for attorneys with verifiable TCPA defense experience. The TCPA lawyer Kentucky directory is one example of a state-specific resource that can point you toward practitioners in a given jurisdiction.
Nobody has good data on the average cost of defending a TCPA class action start to finish. Settlement data is easier to find. The median TCPA class action settlement in recent years has ranged from around $1 million to over $10 million depending on the size of the alleged call universe. Individual cases that never become class actions often settle in the $1,000 to $10,000 range per plaintiff, which sounds manageable until you realize the plaintiffs' bar files these in volume.
To stay ahead of litigation and read the current threat landscape, the TCPA news section covers new filings and settlements on a rolling basis. The how to stop robocalls guide is more consumer-facing but useful for understanding what triggers complaints in the first place.
Frequently asked questions
What does the TCPA establish for cell phones specifically?
For cell phones, the TCPA prohibits autodialed calls, prerecorded or artificial voice calls, and marketing texts without prior express consent. For telemarketing calls or texts, the standard is prior express written consent, meaning a signed, affirmative agreement that names the company and the type of messages. A residential landline faces slightly more relaxed rules. A cell phone does not.
What year was the TCPA enacted and by whom?
Congress enacted the Telephone Consumer Protection Act on December 20, 1991. President George H.W. Bush signed it into law. Senator Fritz Hollings of South Carolina sponsored it in the Senate. It answered widespread consumer complaints about unsolicited telemarketing calls flooding home phones in the late 1980s and early 1990s.
Does the TCPA apply to business-to-business calls?
Generally yes, with narrower application. The TCPA's residential DNC rules explicitly cover residential subscribers, so calling a business line for B2B purposes does not trigger the registry rules. But prerecorded or autodialed calls to business cell phones are still covered by the TCPA's cell-phone consent requirements. The B2B exemption is real but narrower than most sales teams assume.
What does TCPA stand for?
TCPA stands for Telephone Consumer Protection Act. It's codified at 47 U.S.C. § 227. The Federal Communications Commission (FCC) administers it through implementing regulations at 47 C.F.R. § 64.1200. The FTC administers the related National Do Not Call Registry under the Telemarketing Sales Rule, 16 C.F.R. Part 310.
What is the difference between TCPA and the Telemarketing Sales Rule?
The TCPA is a federal statute administered by the FCC, focused on the technology used to call (autodialers, prerecorded voices) and on cell phone and residential line protections. The Telemarketing Sales Rule (TSR) is an FTC regulation focused on deceptive and abusive telemarketing practices, disclosure requirements, and the National DNC Registry. Both apply to most outbound telemarketing at once.
How much can someone sue for under the TCPA?
The TCPA allows $500 per violation in statutory damages, with no requirement to prove actual harm. Courts can triple that to $1,500 per violation if the conduct was willful or knowing. In a class action where thousands of people got the same improper calls or texts, total liability can reach the tens of millions. There is no statutory cap on aggregate damages.
Does the TCPA cover email?
No. The TCPA covers telephone calls, text messages, and fax advertisements. Email is governed separately by the CAN-SPAM Act, administered by the FTC. If a message goes to a phone as a text, it falls under the TCPA. If it goes to an email inbox, even a mobile one, CAN-SPAM applies instead.
What does prior express written consent mean under the TCPA?
Prior express written consent means an agreement, in writing (electronic signatures count), where the consumer authorizes calls or texts using an autodialer or prerecorded voice to a specified number, knowing they're agreeing to receive marketing, and that agreement is not a condition of any purchase. Pre-checked boxes don't satisfy this standard. The consumer has to take a clear affirmative action.
Can you call someone who gave their number on a contract even if they're on the DNC list?
Giving a phone number in a transaction creates an established business relationship (EBR), which under FCC rules still protects residential landline calls for up to 18 months after the last transaction. But for autodialed or prerecorded telemarketing calls to cell phones, an EBR alone is not enough after the FCC's 2012 order. You still need prior express written consent for those calls, EBR or not.
What does the TCPA say about abandoned calls or call abandonment rates?
The FCC's implementing rules under the TCPA require telemarketers using predictive dialers to abandon no more than 3 percent of answered calls, per campaign, per day. An abandoned call is one where the system disconnects before a live agent connects. When a call is abandoned, the system has to play a prerecorded identification message before hanging up. Going past the 3 percent threshold is a TCPA violation.
Does the TCPA require identification during a call?
Yes. FCC regulations under the TCPA require telemarketers to state the caller's name and the name of the company the call is made for, and to give a phone number or address where the company can be reached. This applies to both live agent calls and prerecorded messages. Failing to identify yourself is a separate violation from failing to honor consent or DNC rules.
What is the statute of limitations for TCPA claims?
Federal courts apply a four-year statute of limitations to private TCPA claims under 28 U.S.C. § 1658, the general federal statute of limitations. Some circuits have applied a shorter period based on analogous state law, but the four-year rule is the most common in practice. The TRACED Act extended the FCC's own enforcement window to four years as well.
Are political calls covered by the TCPA?
Political calls are not exempt from the TCPA's autodialer and prerecorded-voice restrictions. A prerecorded political robocall to a cell phone without prior express consent violates the TCPA just as a commercial robocall does. Political calls are exempt from the National DNC Registry rules (the DNC rules only cover solicitations for goods or services), but that does not exempt them from the consent requirements.
What does the TCPA mean for small businesses doing their own outreach?
Small businesses are not exempt from the TCPA. The statute applies equally to a one-person shop and a Fortune 500 company. If you use a platform that auto-dials or sends bulk texts, you need consent from each recipient for marketing messages. If you call manually without an autodialer and without a prerecorded message, the TCPA's consent requirements don't apply, though DNC registry rules still do.
Sources
- U.S. Government Publishing Office, 47 U.S.C. § 227 (TCPA statutory text): TCPA enacted December 20, 1991; establishes $500 per violation statutory damages, trebled to $1,500 for willful violations; private right of action language at 47 U.S.C. § 227(b)(3)
- FCC, 47 C.F.R. § 64.1200 (TCPA implementing regulations): FCC rules establish 8 a.m. to 9 p.m. calling window, prior express written consent standard for telemarketing, internal DNC list maintenance for 5 years, and one final confirmation text permitted after opt-out
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 651 (2021): Supreme Court held that an ATDS must use a random or sequential number generator to store or produce numbers dialed, narrowing the definition
- U.S. Court of Appeals, Eleventh Circuit, Insurance Marketing Coalition v. FCC, No. 24-10277 (2025): Eleventh Circuit vacated the FCC's 2024 one-to-one consent rule in January 2025, reverting the lead-generation consent standard to pre-2024 requirements
- FTC, National Do Not Call Registry (donotcall.gov): Telemarketers must access the DNC registry, remove registered numbers, and honor registrations within 31 days; numbers stay on the list permanently
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), § 501.059 Fla. Stat.: Florida's FTSA restricts telephone solicitations to 8 a.m. to 8 p.m. local time, tighter than the federal 8 a.m. to 9 p.m. window
- U.S. Congress, TRACED Act, Public Law 116-105 (2019): TRACED Act signed December 2019 requires STIR/SHAKEN caller ID authentication and extended FCC enforcement statute of limitations to four years
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: The TSR governs the National DNC Registry alongside the TCPA and covers deceptive telemarketing practices; DNC registrations are permanent since a 2007 rule removed the five-year expiration