Last updated 2026-07-09

TL;DR
The Telephone Consumer Protection Act was enacted on December 20, 1991, when President George H.W. Bush signed Public Law 102-243. It took effect February 1, 1992. Congress added the Do Not Call Registry framework in 2003, and the FCC has issued dozens of orders expanding the law's reach since. It sits at 47 U.S.C. § 227.
When exactly was the TCPA enacted?
The Telephone Consumer Protection Act was signed into law on December 20, 1991, by President George H.W. Bush. It became Public Law 102-243 and took effect on February 1, 1992. [1]
The statute lives at 47 U.S.C. § 227. That citation is where you go any time someone hands you a version they found on a random website. The Cornell Legal Information Institute keeps a clean, current copy of the full text. [2]
The law did not spring from nowhere. By the late 1980s, fax machines were everywhere in offices, and predictive dialers let telemarketers blast hundreds of households per hour. Congress heard years of testimony about unwanted calls and faxes before the bill moved. Senator Ernest Hollings of South Carolina sponsored the Senate version, and the legislation passed both chambers with broad bipartisan support before landing on Bush's desk that December.
What did the original 1991 TCPA actually prohibit?
The original text had four targets. It restricted autodialers and prerecorded voice messages from calling residential lines without prior express consent. It banned unsolicited fax advertisements outright. It told the FCC to write rules protecting residential subscribers, including time-of-day limits. And it gave the FCC authority to build a database of numbers where residents objected to solicitation calls. [1]
The statute says callers may not "initiate any telephone call to any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party." [2] That language, plus the parallel restriction on autodialers to cellular numbers, is why TCPA cases still turn on two questions. Did the caller use covered equipment? Did they have proper consent?
One thing the 1991 law did not create was a federal do-not-call list with teeth. That came more than a decade later. The original statute told the FCC to study a national database, but both Congress and the FCC moved slowly until public pressure forced the issue around 2003.
What is the TCPA's timeline of major changes from 1991 to today?
The TCPA has been amended or reinterpreted more times than most practitioners realize. The chart below captures the major milestones.
| Year | Event | What changed |
|---|---|---|
| 1991 | Public Law 102-243 signed | Original statute; autodialers, prerecorded calls, fax restrictions |
| 1992 | FCC issues first TCPA rules | 47 C.F.R. § 64.1200; defined "established business relationship" exemption |
| 2003 | Do Not Call Implementation Act (P.L. 108-10) | Authorized FTC/FCC to create the National DNC Registry [3] |
| 2003 | FCC Order 03-153 | FCC created its own DNC rules and required wireless number protections |
| 2012 | FCC Order 12-21 | Eliminated the "established business relationship" exemption for prerecorded calls; required written consent for telemarketing |
| 2013 | Written consent requirement takes effect | Consent must be signed and unambiguous; oral consent no longer valid for telemarketing calls |
| 2015 | TCPA amendment (Bipartisan Budget Act) | Carved out an exception for calls made to collect federal debts |
| 2015 | FCC Order 15-72 | Expanded autodialer definition; addressed reassigned numbers and opt-out rules |
| 2018 | ACA International v. FCC (D.C. Circuit) | Court vacated the FCC's expansive autodialer definition from 2015 [4] |
| 2021 | Facebook, Inc. v. Duguid (Supreme Court) | Court narrowed autodialer definition to equipment using a random or sequential number generator [5] |
| 2023 | FCC Order 23-107 | Required one-to-one consent; a single consent cannot cover multiple sellers |
| 2025 | One-to-one consent rule effective | Consent obtained after Jan 27, 2025 must be seller-specific [6] |
The 2021 Supreme Court ruling in Facebook v. Duguid is arguably the biggest interpretive shift since the statute passed. The Court held that an autodialer must "use a random or sequential number generator" to either store or produce numbers. [5] That narrowed the definition sharply from what the FCC had argued for years.
The one-to-one consent rule is the most recent major change. The FCC's ruling requires that consent for telemarketing calls or texts go to a single, named seller, not to a lead-generation form that farms one consent to dozens of companies. [6]
Why was the TCPA passed in the first place?
Congress passed the TCPA because the telephone had become, by the early 1990s, genuinely hard to use for many Americans. Predictive dialers could reach thousands of households a day. Answering machines meant recorded messages delivered themselves without any human on the line. Fax machines in small offices were swamped with ads that wasted paper and tied up the line.
The House Report for the bill noted Americans received roughly 30 billion calls from telemarketers in 1991, based on industry estimates at the time. [1] Whether that figure was precise is debatable. The direction was not. Calling technology had outpaced the existing rules, which were mostly voluntary industry guidelines.
The statute was also a compromise. The direct marketing industry lobbied hard to preserve the "established business relationship" exemption, which let companies call existing customers without fresh consent. That exemption survived in the original law and in FCC rules until 2012, when the FCC finally killed it for prerecorded telemarketing calls. [7]
Know this too: the TCPA was not primarily a privacy law. Congress framed it as consumer protection and communications regulation. That framing matters in litigation. It explains why the private right of action (the part that lets individuals sue for $500 to $1,500 per violation) sits in a communications statute rather than a privacy statute.
What are the penalties under the TCPA and where do they come from?
The TCPA gives private plaintiffs $500 per violation, trebled to $1,500 per willful or knowing violation. [2] Those numbers come straight from 47 U.S.C. § 227(b)(3) and have not changed since 1991. There is no inflation adjustment built in.
The FCC can assess forfeitures that adjust for inflation under the Federal Civil Penalties Inflation Adjustment Act; as of 2024 enforcement actions the agency cites per-violation figures near $25,893. [8] In practice, FCC forfeitures against major violators have run into the millions. The agency proposed a $225 million forfeiture against a health insurance robocaller in 2020, though collected amounts often differ from proposed amounts after litigation. [8]
Because every text or call is a separate violation, class actions are where the real exposure lives. Settlements routinely run into the tens of millions. UnitedHealthcare paid $2.5 million to resolve alleged TCPA violations. The Credit One Bank litigation and Truist Bank's class action are recent examples of how fast exposure compounds when a dialing campaign touches millions of numbers. The Cash App TCPA settlement is another case of a tech company finding out the hard way that the TCPA applies no matter how modern your platform is.
The private right of action is the engine. The FTC and FCC enforce the DNC and autodialer rules, but most TCPA litigation is plaintiff-side, filed by individuals or their attorneys in federal district court.
How did the National Do Not Call Registry change the TCPA landscape?
The National DNC Registry came from the Do Not Call Implementation Act of 2003, Public Law 108-10, which Congress passed to give the FTC explicit authority to run it. [3] The FCC issued parallel rules that same year, since the TCPA sits with the FCC rather than the FTC. The two agencies coordinate, and the FTC maintains the registry itself at donotcall.gov.
Callers must scrub their lists against the registry every 31 days. Calling a registered number is a separate violation from the autodialer and prerecorded call restrictions, with penalties up to $51,744 per violation under the FTC's current adjusted figures. [3]
The registry launched on June 27, 2003, and by 2025 holds over 240 million registered numbers, though the FTC does not publish a single audited count refreshed in real time, so exact totals vary by report. [3]
For outbound sales teams, the practical takeaway is simple. The DNC Registry and the TCPA's autodialer rules are related but separate frameworks. You can violate one without violating the other. A manually dialed call to a DNC-registered number is a DNC violation. An autodialed call to someone who gave consent is still a potential TCPA problem if the consent was defective.
How did the FCC's 2012 rule change consent requirements?
Before 2012, the FCC let telemarketers lean on the "established business relationship" (EBR) exemption to skip fresh consent. If you bought something from a company in the last 18 months, or submitted an inquiry in the last three, the company could send you prerecorded messages without new permission. [7]
The FCC's 2012 Order 12-21, effective October 2013, ended that. For any call that includes or introduces an advertisement or constitutes telemarketing, prerecorded messages now require "prior express written consent." [7] The FCC counts electronic signatures and checkbox agreements as written consent, but it has to be an unambiguous, affirmative act. Not a pre-checked box. Not buried fine print.
This is the rule that set off an enormous wave of TCPA class actions starting around 2013 and 2014. Lead generation companies that had been using a single consent to authorize calls from many downstream buyers suddenly had real exposure. The Albertsons and Safeway TCPA settlement shows a large retailer facing consequences for consent practices that would have been borderline acceptable before the 2012 change.
If you are building or auditing a consent flow today, the 2012 rule and the 2024 one-to-one consent rule are the two documents to read first.
What did Facebook v. Duguid (2021) do to the TCPA?
Facebook, Inc. v. Duguid is a unanimous 2021 Supreme Court decision that settled years of circuit splits over what counts as an "automatic telephone dialing system" (ATDS) under the TCPA. [5]
The Court held that the statutory definition requires equipment that "use a random or sequential number generator" to store or produce telephone numbers. The plain text of 47 U.S.C. § 227(a)(1) had always included that phrase, but several courts had read the statute more broadly to cover any system that could automatically dial from a stored list.
After Duguid, if you dial from a list of specific known numbers and your system does not generate those numbers randomly or sequentially, the autodialer restriction may not reach your calls. Plaintiffs have pushed back hard on what "using" a random or sequential generator means, and litigation over systems that import pre-generated lists is ongoing. Nobody should treat Duguid as a green light to skip TCPA compliance. The prerecorded voice restrictions still apply regardless of your equipment. And many states have their own mini-TCPA laws that use broader definitions. [9]
The FCC has signaled it may revisit the autodialer definition through rulemaking to bring it back toward what the agency considers the statute's original intent. Nothing final had been published as of mid-2025, so this is one area to track TCPA news actively.
What is the FCC's 2024 one-to-one consent rule and when does it apply?
The FCC's Report and Order released in December 2023 (FCC 23-107) adopted a one-to-one consent requirement that took effect January 27, 2025. [6] The rule says prior express written consent for telemarketing must come to a single seller, named in the consent agreement, and that consent cannot be bundled or shared across companies.
This targets lead generation directly. Before the rule, a consumer who filled out a form to compare insurance quotes might technically be consenting to calls from dozens of carriers because the form listed them or referenced a class of companies. The FCC said that is over. The consent must name the specific seller making the contact.
The rule also added a "logically and topically associated" requirement. The call or text must relate to the subject the consumer was engaging with when they gave consent. You cannot get someone to consent to home improvement quotes and then sell that consent to a debt collector.
For outbound teams running any volume on purchased leads, this is probably the most operationally significant change since the 2012 written consent requirement. If your lead vendor cannot show you a consent record that names your company specifically and was created after January 27, 2025, that lead has a real legal problem attached to it.
LeadCompliant's free consent checker lets you audit your opt-in flows against the new standard before a plaintiff's attorney does it for you.
How does the TCPA compare to similar laws in other countries?
The TCPA is distinctly American in one way. It gives individual consumers a private right to sue, without proving actual damages, and without a regulator's involvement. That combination makes it uniquely litigation-heavy compared to analogous laws elsewhere.
Canada's anti-spam and telemarketing framework lives mainly in the CRTC's Unsolicited Telecommunications Rules and the Canadian Anti-Spam Legislation (CASL). CASL covers commercial electronic messages broadly and has a private right of action, but enforcement has been more administrative than class-action driven. [10]
In the European Union, the ePrivacy Directive and GDPR govern unsolicited electronic communications. Consent requirements under GDPR are arguably stricter than TCPA written consent, but EU enforcement is regulatory rather than plaintiff-driven, so the litigation exposure model is very different. [10]
Australia's Spam Act 2003 and the Do Not Call Register Act 2006 create a similar framework to the U.S. system, but with administrative penalties instead of a per-call private right of action.
The practical point for U.S.-based companies operating abroad: the TCPA's private right of action and its $500 to $1,500 per-violation statutory damages exist almost nowhere else. That is why a mid-sized telemarketing campaign that violates the TCPA can produce a class action settlement in the tens of millions, while a comparable campaign in, say, Germany would produce a regulatory fine.
Does the TCPA apply to text messages?
Yes. The FCC ruled in 2003 that text messages sent to wireless numbers are covered by the TCPA under the same autodialer restrictions as calls. [7] The statute refers to "calls" and never mentioned SMS, but the FCC concluded that texts are a form of "call" for purposes of 47 U.S.C. § 227(b)(1)(A).
Courts have upheld this consistently. Every major circuit to reach the question has agreed that an autodialed or prerecorded text to a wireless number requires prior express written consent for telemarketing, just like a voice call.
For businesses running text message marketing programs, that means the same consent, time-of-day, and opt-out rules that apply to calls apply to texts. The opt-out rule is especially strict. If someone texts STOP, you must honor it within a reasonable time and send one final confirmation message only. Any further texts after an opt-out are violations. Text messaging marketing at scale without a compliant opt-out mechanism is one of the fastest ways to generate a class action today.
If you are getting unwanted texts yourself, the same rules that create business exposure give you remedies. See our guide on how to stop robocalls for the practical steps.
What should outbound teams actually do right now given the TCPA's history?
The 34-year history of the TCPA tells you one thing that matters: the law only tightens. Every major rulemaking and court decision since 1992 has either widened the definition of covered equipment, tightened consent, or added new obligations. The lone exception is Facebook v. Duguid, which narrowed the autodialer definition, and even that gave less breathing room than compliance teams hoped, because prerecorded voice rules still apply and state laws filled the gap.
Here is what I would actually do running compliance for a small outbound team today.
Get your consent documentation in order. Every lead you call or text should have a consent record that is date-stamped, names your company specifically, and relates to the topic of your outreach. If you buy leads, demand the vendor hand over the consent record with each lead. If they can't, that lead is a liability.
Scrub against the National DNC Registry every 31 days. This has not been optional since 2003. A DNC scrubbing service costs a rounding error next to one class action settlement.
Know your state law. At least a dozen states have laws that go past the TCPA in some way, on the autodialer definition, on consent, or on the private right of action. Florida, Oklahoma, and Washington run particularly aggressive statutes. If you need help in a specific jurisdiction, finding a TCPA lawyer in Kentucky or your home state who focuses on this area is worth the consultation fee.
Build a compliant opt-out process and test it. Every SMS and call campaign should have a clear, working opt-out mechanism, and your system should suppress opted-out numbers from future sends immediately.
LeadCompliant's free TCPA compliance checklist walks through each step in detail. Running a structured checklist before every campaign launch is the single cheapest thing you can do to cut exposure.
Frequently asked questions
When was the TCPA enacted?
The TCPA was enacted on December 20, 1991, when President George H.W. Bush signed Public Law 102-243. It took effect on February 1, 1992. The statute is codified at 47 U.S.C. § 227. Congress has amended it since, and the FCC has issued dozens of implementing orders, with the most recent major rule change taking effect January 27, 2025.
What does TCPA stand for?
TCPA stands for Telephone Consumer Protection Act. It is a federal law administered primarily by the Federal Communications Commission (FCC) and codified at 47 U.S.C. § 227. It restricts automated calls, prerecorded voice messages, unsolicited fax advertisements, and telemarketing calls to numbers on the National Do Not Call Registry.
Who signed the TCPA into law?
President George H.W. Bush signed the TCPA on December 20, 1991. The bill's primary Senate sponsor was Senator Ernest Hollings of South Carolina. It passed both the House and Senate with broad bipartisan support before going to the president.
What was the original purpose of the TCPA?
Congress passed the TCPA to protect residential consumers from the surge in unwanted telemarketing calls and junk faxes that automated telephone equipment made possible in the late 1980s and early 1990s. Predictive dialers could reach thousands of households daily, and office fax machines were flooded with unsolicited ads. The law set consent and equipment-use requirements to curb those practices.
When did the National Do Not Call Registry start?
The National Do Not Call Registry launched on June 27, 2003, after Congress passed the Do Not Call Implementation Act (P.L. 108-10) earlier that year. The FTC maintains the registry at donotcall.gov. Telemarketers must scrub their lists against it every 31 days and face penalties up to $51,744 per violation for calling registered numbers.
Has the TCPA been amended since 1991?
Yes, several times. The most significant Congressional amendment was the 2003 Do Not Call Implementation Act. In 2015, the Bipartisan Budget Act carved out an exception for calls to collect federal debts. The FCC has also issued major rule changes in 1992, 2003, 2012, 2015, and 2023 that substantially changed how the TCPA operates in practice.
What did the Supreme Court's Facebook v. Duguid decision change about the TCPA?
In April 2021, the Supreme Court unanimously held that an automatic telephone dialing system (ATDS) under the TCPA must use a random or sequential number generator to store or produce numbers. This narrowed the autodialer definition, potentially excluding systems that dial from a pre-loaded list. But prerecorded voice restrictions still apply regardless of equipment type, and state laws may use broader definitions.
What are the penalties for violating the TCPA?
Individual plaintiffs can recover $500 per violation or actual damages, whichever is greater. For willful or knowing violations, a court can triple that to $1,500 per call or text. The FCC can assess forfeitures in the millions for large-scale violations. Because each call or text is a separate violation, class actions can produce settlements in the tens of millions of dollars even at $500 per incident.
Does the TCPA cover text messages?
Yes. The FCC ruled in 2003 that text messages to wireless numbers are covered under the same TCPA autodialer restrictions as voice calls. Courts have consistently upheld this interpretation. Autodialed or prerecorded texts for telemarketing purposes require prior express written consent, and recipients must be able to opt out easily.
What is the TCPA's one-to-one consent rule?
The FCC's December 2023 order (FCC 23-107), effective January 27, 2025, requires that written consent for telemarketing calls and texts name the specific seller who will contact the consumer. A single consent form can no longer authorize calls from multiple companies. The contact must also be logically and topically related to whatever the consumer was doing when they consented.
How often must I scrub my calling list against the DNC registry?
At least every 31 days. The FCC and FTC both require telemarketers to check the National Do Not Call Registry no less frequently than every 31 days and to honor removal requests within a reasonable time. Calling a DNC-registered number is a separate violation from TCPA autodialer violations and carries its own per-call penalty.
Are there state laws that go beyond the TCPA?
Yes, at least a dozen states have enacted stricter telemarketing or robocall statutes. Florida's Telephone Solicitation Act, for example, applies a broader autodialer definition than the post-Duguid federal standard. Oklahoma and Washington also have notable state-level rules. State law violations can run alongside TCPA claims, multiplying exposure for multi-state calling campaigns.
Can I still call someone I have an existing business relationship with?
For prerecorded telemarketing calls, no. The FCC eliminated the established business relationship exemption for prerecorded calls in its 2012 order, which took effect in October 2013. For manually dialed live calls, the EBR still offers some protection in certain contexts, but the DNC Registry rules still apply regardless of the relationship.
Where can I read the actual TCPA statute text?
The statute is at 47 U.S.C. § 227. The Cornell Legal Information Institute maintains a reliable, free, and current version at law.cornell.edu. The FCC's implementing regulations are at 47 C.F.R. § 64.1200. For FCC orders and rulemaking documents, the FCC's own website at fcc.gov is the primary source.
Sources
- U.S. Congress, Public Law 102-243, Telephone Consumer Protection Act of 1991: TCPA signed December 20, 1991 as P.L. 102-243; Congress cited approximately 30 billion telemarketer calls annually in supporting materials
- Cornell Legal Information Institute, 47 U.S.C. § 227: Statute text: $500 per violation, $1,500 for willful violations; prohibition on prerecorded calls without prior express consent
- Federal Trade Commission, National Do Not Call Registry: Registry launched June 27, 2003 under P.L. 108-10; callers must scrub every 31 days; penalties up to $51,744 per violation
- U.S. Court of Appeals D.C. Circuit, ACA International v. FCC, No. 15-1211 (2018): D.C. Circuit vacated the FCC's 2015 expansive autodialer definition in ACA International v. FCC
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Unanimous ruling that ATDS must use random or sequential number generator to store or produce numbers; narrowed TCPA autodialer definition
- FCC Report and Order FCC 23-107, December 2023, one-to-one consent rule: One-to-one consent rule effective January 27, 2025; consent must name specific seller and be logically/topically associated
- FCC Report and Order 12-21, February 2012 (TCPA rules update): Eliminated established business relationship exemption for prerecorded telemarketing calls; required prior express written consent; FCC 2003 order confirmed texts are covered as calls
- FCC Enforcement Bureau, Forfeiture Order and Notice of Apparent Liability (2020 robocall action): FCC proposed $225 million forfeiture against health insurance robocaller in 2020; maximum per-violation forfeiture adjusts for inflation under Federal Civil Penalties Inflation Adjustment Act
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's state telemarketing law uses a broader autodialer definition than the post-Duguid federal TCPA standard
- Canadian Radio-television and Telecommunications Commission, Unsolicited Telecommunications Rules: Canada's telemarketing framework is primarily administrative rather than plaintiff-driven class action, contrasting with the TCPA's private right of action
- Legal Information Institute, 47 C.F.R. § 64.1200 (FCC TCPA regulations): FCC implementing regulations for the TCPA are codified at 47 C.F.R. § 64.1200