Last updated 2026-07-09

TL;DR
An opt-out mechanism is a required, real-time way for a person to stop your telemarketing calls, during the call or after it. Federal law (47 U.S.C. § 227) and FCC rules require it on every telemarketing call. If your system can't honor an opt-out within 10 business days, you're already exposed to TCPA damages of $500 to $1,500 per call.
What does "opt-out mechanism" actually mean in plain language?
An opt-out mechanism is a way for the person you called to say "stop calling me" and have that request stick. The name sounds regulatory. The idea is simple. Anyone who gets a telemarketing call must be able to end future calls without jumping through hoops.
Under the Telephone Consumer Protection Act (47 U.S.C. § 227), the Federal Communications Commission turned that principle into hard rules. [1] Every telemarketing call has to give the called party a clear, easy way to opt out, and your company has to honor that request fast. There's no grace period for getting to it later.
When compliance people say "opt-out mechanism," they usually mean two related things. One is the automated, real-time keypress opt-out that has to run during a prerecorded call. The other is the company-specific do-not-call request that any person can make at any time, by any reasonable means, during any kind of telemarketing call. Both are required by law. Both carry their own penalty exposure if you miss them.
What does the TCPA specifically require for opt-out mechanisms?
The core statute, 47 U.S.C. § 227(b)(2)(C), directs the FCC to require that prerecorded telemarketing messages include an automated interactive opt-out mechanism available throughout the call. [1] The FCC did that in 47 C.F.R. § 64.1200(b), which says prerecorded messages must "at the beginning of the message, state clearly the identity of the business, individual, or other entity that is responsible for initiating the call" and must include "an automated, interactive voice- and/or key press-activated opt-out mechanism." [2]
That opt-out has to be live at any point in the call, not tacked on at the end after the pitch. Press 9 at second 12 of a 90-second message, and your system has to process it. If your IVR only listens for a keypress at the very end, you're out of compliance.
Live-agent calls run on a separate track. The company-specific do-not-call rules under 47 C.F.R. § 64.1200(d) require you to keep a company-level DNC list, honor removal requests within 10 business days, and train staff to record and process them. [2] The 10-business-day window is a ceiling, not a target. Most class actions that cite do-not-call failures involve companies that either had no procedure at all or had one that broke down in practice.
Damages run $500 per violation and up to $1,500 per willful or knowing violation. [1] In a class action, where a single autodial campaign can touch hundreds of thousands of people, that math turns ugly fast. You can see what "ugly" looks like in real dollars in the cash app tcpa class action settlement and the credit one tcpa settlement.
What are the different types of opt-out mechanisms a caller can use?
There's no single FCC-mandated format for the opt-out, but a handful of approaches consistently hold up.
Keypress opt-out (automated calls). The most common format for prerecorded calls is a keypress instruction early in the message: "To be removed from our call list, press 9 at any time." The system has to process that keypress in real time and route it into your DNC suppression process. A keypress that just drops the call without logging the request is not compliant.
Spoken opt-out request (live agent calls). When a live agent is on the line, any verbal request to stop calling triggers the company-specific DNC obligation. No magic phrase is required. "Don't call me again," "remove me from your list," or "put me on your do-not-call" all count. Your agents need to recognize these and log them on the spot.
Written opt-out (for ongoing SMS or call campaigns). For text marketing specifically, replying STOP is the industry standard, and carriers enforce it. [3] The TCPA applies to SMS the same way it applies to calls, and the opt-out has to be honored.
Online or email opt-out. Some companies offer a web form or email address for DNC requests. That's fine as a supplement. It can't be the only mechanism. A person has to be able to opt out during the call itself.
| Mechanism type | Call type it applies to | Legal requirement | Processing deadline |
|---|---|---|---|
| Automated keypress (e.g., press 9) | Prerecorded/robocall | Mandatory, must be active throughout call | Immediate (call level), 10 business days for DNC list update |
| Live agent verbal request | Live agent telemarketing | Mandatory | 10 business days |
| SMS STOP reply | Text message campaigns | Mandatory (carrier-enforced) | Immediate or near-immediate |
| Web form / email | Any | Optional supplement only | 10 business days if used |
How quickly does a company have to honor an opt-out request?
The FCC rule at 47 C.F.R. § 64.1200(d)(3) says a do-not-call request must be honored "within a reasonable time from the date such request is made, not to exceed 30 days." [2] Later FCC guidance and orders have effectively treated 10 business days as the working standard for company-specific lists, so that's the number to build your process around.
Plenty of plaintiffs' attorneys use the gap after an opt-out to argue willfulness, because "willful" is what turns a $500 statutory penalty into $1,500. A call made one day after an opt-out is still a violation, even if the damages math matches a call made 31 days later.
For prerecorded calls, the opt-out has to work in real time at the call level. Press the opt-out key, and the call should terminate (or at least stop delivering commercial content), and the number has to hit your suppression list before the next campaign runs. That last part is where teams get burned. If your suppression update runs nightly in batch, and you dial the same number again that afternoon, you've got a second violation.
Write opt-out requests to your DNC suppression list synchronously, not in a batch job. That one architectural decision kills off a whole category of liability.
Does the opt-out requirement apply to all telemarketing calls or only robocalls?
Both. The rules split into two parallel tracks.
Track one covers prerecorded messages, often called robocalls or autodials. These carry the strictest opt-out rule. The automated, interactive keypress mechanism has to be present and working throughout the entire call, and it has to connect the called party to a system that processes the opt-out in real time. [2]
Track two covers live-agent telemarketing calls. These fall under the company-specific do-not-call rules, which means your agents have to honor verbal opt-outs, log them, and get the number suppressed before your next run. [2]
A third category is worth flagging. Calls to cell phones using an automatic telephone dialing system (ATDS), whether or not they use a prerecorded message, fall under 47 U.S.C. § 227(b)(1)(A). [1] Those calls carry the same opt-out obligations.
If you run cold calling campaigns or any outbound cold call operation, the live-agent rules apply to you even if you never touch a prerecorded message. Plenty of outbound sales teams assume the TCPA only bites robocallers. That assumption is wrong, and it's expensive.
What happens if a telemarketer does not provide an opt-out mechanism?
Missing the opt-out is a per-call statutory violation. Under 47 U.S.C. § 227(c)(5), a person who gets more than one telephone call within any 12-month period in violation of the regulations can bring a private lawsuit. [1] Damages are $500 per call, or $1,500 per call if the violation was willful or knowing.
Having no opt-out mechanism at all is almost always treated as knowing, because the rule has been in place since 2003 and FCC enforcement has been steady. That pushes the floor to $1,500 per call, not $500.
Now picture that at scale. A robocall campaign that sends 50,000 calls with no opt-out mechanism carries $75 million in theoretical exposure. Real settlements rarely hit the maximum. Class certification fights, individual damage caps, and settlement dynamics all pull the number down. But the headline risk is real, and it's why plaintiff-side attorneys watch this space closely.
FCC enforcement is a separate channel from private litigation. The FCC issues its own fines, sometimes called forfeiture orders, assessed independently of any lawsuit. In 2021 the FCC issued a $225 million fine against a health insurance robocall operation, the largest in the agency's history at the time. [4] That case involved roughly a billion calls, but the mechanism failure (no compliant opt-out, calls to DNC-registered numbers) is the same failure smaller teams make.
For the full picture on the do not call list obligations that sit next to the opt-out rules, that article covers the national registry side.
How does the opt-out mechanism connect to the national do-not-call registry?
They're related but separate. The national DNC registry, run by the FTC at donotcall.gov, is a list of numbers where people have registered a general preference to skip telemarketing calls. [5] You scrub your call lists against it before dialing. That's a pre-call obligation.
The opt-out mechanism is a during-call and post-call obligation. It gives people who answer your call a way to stop future calls from your specific company, even if they're not on the national registry.
Both matter, and they stack. A number can be on the national registry (meaning you never should have called it) and the person can also opt out during your call. That's two separate violations, not one.
Flip it around. A number that isn't on the national registry is still protected by the opt-out requirement. You were allowed to call initially (assuming proper consent or an established business relationship), but the moment they opt out, your permission is gone.
To understand how to access and use the national list, see how do i get the do not call list and the specifics on registering mobile phone do not call list numbers.
What should the opt-out disclosure sound like on an actual call?
The FCC doesn't prescribe exact wording. The requirement is that the opt-out instruction comes at the beginning of the message, is easy to understand, and connects to a working automated system. [2]
A compliant opening for a prerecorded telemarketing call might sound like this: "This is a call from [Company Name]. To be removed from our call list at any time during this message, press 9 now." The message then runs its commercial content, and the keypress option stays live.
Here's what makes opt-out disclosures fail in practice.
Burying the instruction at the end of a long message. By then, most people have hung up or sat through the pitch first.
Giving a call-back number to opt out. If the opt-out forces the consumer to make an outbound call, that's not the "automated, interactive" mechanism the FCC requires for prerecorded messages. It might satisfy the company-specific DNC request rules, but it doesn't satisfy 47 C.F.R. § 64.1200(b)(3). [2]
Offering an opt-out that disconnects the call but never logs the request. The call ends, the consumer thinks they're off the list, and your system has no record. The next campaign dials them again.
For live agents, the disclosure is less formal but no less important. Train agents to catch opt-out language in any form and confirm it: "I've noted that request, and your number will be removed from our call list within 10 business days."
Do opt-out rules apply differently to B2B calls versus consumer calls?
Yes, with real nuance. The TCPA's main protections run to residential subscribers and cell phone users. Business landlines have historically gotten less protection under the statute. [1] But the picture is messier than a clean B2B exemption suggests.
Many B2B calls reach cell phones. Call a salesperson's mobile or a small business owner's personal cell, and you're calling a cell phone. The TCPA applies fully, business purpose or not.
Even for business landline calls, the FTC's Telemarketing Sales Rule (TSR) has its own DNC and opt-out provisions for seller-initiated calls. [6] The TSR reaches a broader set of entities than the TCPA in some respects, and it enforces separately through the FTC.
State laws fill in the gaps too. Several states extend TCPA-style protections to business numbers or run their own telemarketing statutes with opt-out rules. Florida's Telephone Solicitation Act is one example that has driven a wave of class action litigation. [7]
The practical rule: if you're calling any cell phone in a B2B context, treat the call as fully TCPA-covered. If you're calling business landlines only, the risk is lower but not zero, and you should still keep a company-specific DNC list and honor opt-outs as basic hygiene.
How should small teams and outbound sales operations document their opt-out process?
Documentation is what separates a manageable compliance conversation from a bet-the-company lawsuit. If a plaintiff shows you called them after an opt-out, your defense lives or dies on whether you can prove your process was working and that something unusual caused the failure.
The minimum documentation stack for a small outbound team looks like this.
A written do-not-call policy. The FCC rules require it explicitly. [2] It doesn't need to be long. It needs to exist, be in writing, and be available to any employee who handles calls.
An opt-out log. Every opt-out request (keypress, verbal, SMS STOP, or web form) gets logged with a timestamp, the number, and the channel it came in through.
A suppression list with timestamps. Your DNC suppression list should show when each number was added, so you can prove no calls went out after the opt-out was logged.
Call recordings or IVR logs for prerecorded campaigns. If the FCC or a plaintiff asks whether your opt-out keypress was functional, you want system logs that show keypress events and how they were processed.
Agent training records. For live-agent teams, documented training on recognizing and recording opt-outs is evidence of good-faith compliance.
LeadCompliant's free compliance kit includes opt-out policy templates and a suppression log structure that covers these requirements. It's a reasonable starting point if you're building this from scratch.
For text campaigns, opt-out documentation overlaps with text message marketing compliance, which carries its own requirements under the TCPA and carrier guidelines.
What are the most common opt-out mechanism mistakes that lead to TCPA lawsuits?
The pattern in TCPA class actions is consistent. It's rarely one catastrophic decision. It's usually a small operational gap that compounds over thousands of calls.
Gap 1: The opt-out keypress isn't actually wired to the suppression system. The IVR says "press 9 to be removed," the consumer presses 9, the call ends, and there's no API call or database write adding the number to the DNC list. The next campaign runs from the same list. This is the most common failure mode for small teams on off-the-shelf dialers.
Gap 2: Suppression list updates run in batch, not real time. If your list update runs nightly, you can re-contact an opted-out number the same afternoon the opt-out was logged. Second violation.
Gap 3: Different campaigns run off different databases. A consumer opts out of campaign A, but campaigns B and C pull from a different list that never got updated. This happens constantly when teams juggle multiple vendors or CRMs.
Gap 4: Agent-logged opt-outs never reach the master suppression list. Agents note the request in a CRM call-notes field, but nobody built a process to move those notes into the suppression list. The number stays dialable.
Gap 5: Opt-out records aren't kept long enough. If a lawsuit lands two years after the calls, you need records from that period. Standard TCPA discovery requests reach back three to four years. Purge your logs, and you can't prove compliance.
The do not call telemarketer list article covers the national and state DNC suppression obligations that feed the same operational stack.
Are there any exemptions to the opt-out mechanism requirement?
A few call categories are exempt from parts of the TCPA. Knowing which ones apply to you matters, because plenty of callers claim exemptions they don't qualify for.
Prior express written consent lets you dial a number, but consent does not erase the opt-out mechanism requirement for prerecorded calls. Even with consent, 47 C.F.R. § 64.1200(b) still requires the automated opt-out in the message. [2] Consent covers permission to call. It doesn't waive the opt-out disclosure.
Established business relationship (EBR) was once a big TCPA exemption, but the FCC largely eliminated it for calls to cell phones in 2013. [8] For residential landline telemarketing, an EBR can still reduce exposure in some cases, but you can't lean on it to skip the opt-out mechanism.
Non-commercial calls, including purely informational calls with no commercial purpose and fundraising calls by tax-exempt nonprofits, have narrower TCPA coverage. But if your call has any commercial element or is built to generate revenue, you're in the commercial bucket and the full opt-out rules apply.
Emergency calls are exempt from the ATDS restrictions, but that's a narrow category covering things like outages and public safety alerts. It doesn't touch sales or marketing under any reading.
The honest answer: almost no mainstream outbound sales or telemarketing operation qualifies for a meaningful exemption from the opt-out mechanism requirement. If you're calling to sell something, the rule applies.
Frequently asked questions
What is the difference between an opt-out mechanism and the do-not-call registry?
The national do-not-call registry is a government list where consumers pre-register to skip telemarketing calls in general. An opt-out mechanism is a real-time, call-level tool that lets someone stop calls from your specific company during or after a call. The registry is a pre-call scrubbing obligation. The opt-out mechanism is a during-call and post-call obligation. Both are legally required, and both carry their own liability.
How long does a company have to honor a do-not-call request after an opt-out?
FCC rules require the request to be honored within a reasonable time, with 10 business days treated as the working standard under 47 C.F.R. § 64.1200(d)(3). Any call to an opted-out number after that window is a statutory violation at $500 to $1,500 per call. The safest approach is to process opt-outs immediately, not in nightly batches, which removes the risk of a same-day re-contact.
Does the automated opt-out requirement apply to text messages too?
Yes. The TCPA applies to text messages the same way it applies to calls. For SMS marketing, the opt-out standard is a reply of STOP (or similar keywords), which carriers enforce at the network level. You must honor that reply immediately, send a confirmation, and suppress the number before any future campaign runs. Failing to honor an SMS STOP reply is a TCPA violation with the same per-message penalty exposure as a phone call.
Can a company charge a fee or require personal information to opt out of telemarketing calls?
No. The FTC's Telemarketing Sales Rule and FCC rules both bar placing conditions on opt-out requests. You can't require a consumer to give their name, email, or any other information to be removed from a call list. You can't charge a fee. Any process that makes the opt-out more than a single step (for automated calls) or a plain verbal request (for live calls) is likely out of compliance.
What happens if a consumer who opted out calls the company back?
An inbound call from the consumer to your company does not reset their opt-out. But if, during that inbound call, the consumer gives new express written consent to be contacted for telemarketing, you may be able to resume calls under that fresh consent. The old opt-out record should still be retained. This area is fact-specific, and the safer default is to treat any prior opt-out as still in effect unless new written consent is documented clearly.
Do live agents have to offer an opt-out at the start of every call?
The TCPA doesn't require agents to proactively announce an opt-out option at the start of every live call the way prerecorded messages must. But agents must recognize and honor any opt-out request at any point in the call. Many compliance programs train agents to mention the DNC option early as a good-faith practice. The obligation is honoring the request, not necessarily announcing it on every live call.
How does an opt-out mechanism work for prerecorded political calls?
Political calls to residential landlines are generally exempt from TCPA consent requirements, but prerecorded political calls to cell phones still require prior express consent. The automated opt-out requirement under 47 C.F.R. § 64.1200(b) applies to prerecorded messages to any residential line or cell phone if the call has a commercial element. Purely political calls with no commercial purpose sit in a narrower carve-out, but most political campaign vendors still include a keypress opt-out to reduce risk.
Is there a required opt-out phrase or script the FCC mandates?
No specific script is mandated. The FCC requires the opt-out mechanism to be clearly described, available throughout the call, and automated and interactive. Common practice is to announce it at the start of the message with a specific keypress, usually 9. For live agents, any clear language confirming the consumer's request to stop calls is enough. The substance matters more than the exact words.
Can a third-party dialer or vendor handle opt-out compliance on behalf of the seller?
Vendors can build the technical opt-out mechanism for you, but the legal obligation stays with the seller or caller whose goods and services are being promoted. If the vendor's system fails to log opt-outs correctly, you're still the liable party in a TCPA lawsuit. Any vendor contract should include explicit representations about opt-out processing, real-time suppression list updates, and audit log availability. Never assume the vendor has it covered without verifying.
How long should opt-out records be kept?
The TCPA's statute of limitations for private actions is four years under 28 U.S.C. § 1658. FCC enforcement actions can reach further back in some circumstances. Best practice is to keep opt-out logs and suppression records for at least five years from the date of the request. Many teams keep them indefinitely, since storage is cheap and the records double as a compliance reference for new campaigns.
What does a TCPA opt-out violation actually cost in a class action settlement?
Real settlements vary widely based on class size, violation type, and the defendant's ability to pay. The statutory range is $500 to $1,500 per call. Large-scale settlements have run into the hundreds of millions of dollars. Smaller cases involving opt-out failures often settle in the low six figures per class or get resolved individually. The cost of a proper opt-out system is almost always a fraction of even a small settlement.
Do B2B outbound calls need an opt-out mechanism?
If you're calling a cell phone, yes, the TCPA applies fully regardless of business context. For business landline calls, the TCPA's protections are thinner, but the FTC's Telemarketing Sales Rule covers many B2B seller-initiated calls and has its own DNC and opt-out provisions. Several states, including Florida, extend consumer-style protections to business numbers. The safest approach for any B2B outbound team is to keep a company-specific DNC list and honor all opt-out requests regardless of line type.
What is the difference between an opt-out and a revocation of consent under the TCPA?
An opt-out is a request to stop future telemarketing calls. A revocation of consent is the specific withdrawal of prior express written consent that authorized a caller to reach a cell phone using an ATDS or prerecorded message. In practice they usually happen together: the consumer says stop calling, which both revokes consent and triggers the company-specific DNC obligation. The FCC's 2024 order on consent revocation reinforced that consumers can revoke by any reasonable means.
Sources
- U.S. Congress, Telephone Consumer Protection Act, 47 U.S.C. § 227 (Cornell Law LII): TCPA establishes $500 per violation and $1,500 per willful violation penalties, and directs the FCC to require automated opt-out mechanisms on prerecorded telemarketing messages
- FCC, 47 C.F.R. § 64.1200, Delivery Restrictions for Telephone Solicitations (eCFR): FCC rules require prerecorded telemarketing messages to include an automated interactive opt-out mechanism available throughout the call, and require company-specific DNC requests to be honored within a reasonable time
- FTC, National Do Not Call Registry: The national DNC registry is maintained by the FTC and allows consumers to register numbers to avoid telemarketing calls
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: The TSR has its own DNC and opt-out provisions for seller-initiated calls and is enforced separately from the TCPA
- Florida Legislature, Florida Telephone Solicitation Act, F.S. § 501.059: Florida's Telephone Solicitation Act extends TCPA-style opt-out and DNC protections to Florida consumers and has generated significant class action litigation
- Federal Trade Commission, Consumer Advice (homepage): Federal guidance states consumers have the right to opt out of telemarketing calls and that callers must maintain do-not-call lists
- FTC, Complying With the Telemarketing Sales Rule: FTC guidance states sellers cannot impose any fee or condition on a consumer's exercise of a do-not-call request
- U.S. Code, 28 U.S.C. § 1658, Limitations Period for Federal Statutes (Cornell Law LII): The general four-year statute of limitations for private actions under federal statutes enacted after 1990 applies to TCPA private suits