TCPA compliance features every autodialer and predictive dialer needs

Autodialers face up to $1,500 per call in TCPA penalties. Here are the exact compliance features to look for before you buy or deploy any predictive dialer.

LeadCompliant Team
24 min read
In This Article

Last updated 2026-07-09

Empty call center floor with headsets on desks, autodialer compliance concept
Empty call center floor with headsets on desks, autodialer compliance concept

TL;DR

A TCPA-compliant autodialer or predictive dialer needs, at minimum: real-time DNC scrubbing, consent record storage, calling-hour enforcement, abandoned-call rate controls under 3%, and a complete audit log. Missing any one of these features puts you on the hook for $500 to $1,500 per illegal call under 47 U.S.C. § 227.

What does TCPA compliance actually require from an autodialer?

TCPA compliance for a dialer comes down to five things: scrub every number against the DNC lists before you call, store the consent that justifies each call, dial only inside legal hours, keep abandoned calls under 3%, and log all of it. Miss any one and each call becomes a $500 to $1,500 liability.

The Telephone Consumer Protection Act, 47 U.S.C. § 227, was written in 1991. Back then 'autodialer' meant a machine that stored or produced numbers and dialed them automatically. The FCC has issued dozens of orders interpreting that definition since, and courts have pulled it in several directions. Here's the practical read: if your software dials numbers from a list without a human pressing 'call' on each one, you're almost certainly running an automatic telephone dialing system (ATDS) under some reading of the law, and you should treat it that way. [1]

The statute has three enforcement teeth. Calling a cell phone with an ATDS without prior express consent triggers liability of $500 per call, or $1,500 per call if the violation is willful. [2] Calling a number on the National Do Not Call registry without an established business relationship or written consent triggers a separate $500-per-call penalty. Using an artificial or prerecorded voice adds another layer, even without an ATDS.

Predictive dialers sit squarely in scope. The FCC's 2003 order confirmed that predictive dialers qualify as autodialers whether or not the software generates random numbers, because they dial stored lists automatically. [3] That ruling survived even the Supreme Court's 2021 Facebook v. Duguid decision, which narrowed the ATDS definition in federal courts. State mini-TCPA laws in Florida, Oklahoma, and Washington kept the older, broader definition alive at the state level.

So when you evaluate dialer software, you're not shopping for nice-to-haves. You're shopping for the features that keep each call legally defensible.

What are the core TCPA compliance features an autodialer must have?

The non-negotiable set is short and specific: real-time DNC scrubbing, consent record storage, calling-hour enforcement tied to the called party's time zone, an abandoned-call rate cap under 3%, recorded-message compliance, a tamper-evident audit log, real-time opt-out processing, and state-level time-zone mapping. Every one is a legal requirement. None is a differentiator.

FeatureWhat it doesWhy it matters under TCPA
Real-time DNC scrubbingChecks each number against the National DNC list and your internal DNC list before dialing47 U.S.C. § 227(c) prohibits calling registered numbers without a prior business relationship or written consent
Consent record storageLogs who consented, when, how, and via what mechanism (web form, IVR, signed document)Consent is your defense; if you can't produce the record, a court assumes you didn't have it
Calling-hour enforcementBlocks calls before 8 a.m. or after 9 p.m. in the called party's local time zoneFCC rules under 47 C.F.R. § 64.1200(c)(1) set these windows nationwide; some states are tighter
Abandoned-call rate capKeeps the percentage of answered calls with no live agent below 3%, measured per campaign per 30-day periodFCC's 2003 order set this threshold; violations are $500-$1,500 per abandoned call
Recorded-message compliancePlays a required identification message and opt-out prompt on any abandoned or prerecorded call47 C.F.R. § 64.1200(a)(3) requires identification and an opt-out mechanism
Audit log and call recordsTime-stamps every dial attempt, connection, agent assignment, and opt-out requestNeeded to respond to TCPA demand letters and to document a good-faith compliance effort
Opt-out/revocation processingCaptures do-not-call requests in real time and suppresses the number immediatelyTCPA requires honoring opt-outs within a reasonable time; the FCC treats 10 business days as the outer limit
State-level time-zone mappingApplies each state's specific calling-hour rules beyond the federal floorFlorida bans telemarketing calls before 8 a.m. and after 9 p.m. like the federal rule, but Oklahoma bans calls after 8 p.m.

The last three rows are where smaller vendors cut corners. That's exactly where plaintiffs' attorneys find their cases.

How does the FCC's 3% abandoned-call rule work in practice?

The FCC caps abandoned telemarketing calls at 3% of answered calls per campaign per 30-day period, and it defines an abandoned call as one answered by a live person but not connected to a sales rep within two seconds of that person's completed greeting. [3] Two seconds is tight. Undersize your agent pool for your dial rate and you'll blow past 3% fast.

The math runs per campaign, per 30-day rolling period. Run 10,000 connected calls in a month, let 301 hit no agent within two seconds, and you're over the line. At $500 minimum per abandoned call, that's $150,500 in exposure, and that's before you count the 300 calls that stayed under the threshold.

Compliant dialers handle this two ways. One is a real-time abandonment tracker that slows the dial pace automatically as the running rate nears 2.5%. The other is a safe-harbor message. If you do abandon a call, playing a message with your name, phone number, and the date and time of the call gives you a partial defense under FCC rules. It does not erase liability for willful violations. [3]

Some vendors pitch 'pacing algorithms' as a compliance feature. Pacing isn't compliance. Pacing is the tool. Compliance is the dial-rate ceiling and the automatic fallback to safe-harbor messaging when you breach it. Ask vendors the direct question: what happens at 2.9%? Does the system slow on its own, alert the manager, or just log it and keep dialing?

TCPA statutory damages per call by violation type Per-call penalties under 47 U.S.C. § 227 for autodialer violations $500 Standard TCPA violation (per call) $1,500 Willful/knowing TCPA violat… call) $150M 100,000-call class action at $1,500 each Source: Legal Information Institute, Cornell Law, 47 U.S.C. § 227 (2021)

A compliant dialer stores the original consent artifact, ties it to each contact's dialing profile, confirms consent exists before placing the call, tags consent by campaign type, and logs any revocation with a timestamp. TCPA requires 'prior express written consent' for autodialed marketing calls to cell phones, and that record has to be retrievable on demand. [2]

The FCC's 2012 order tightened the standard. Consent has to be in writing (electronic signature counts), it has to clearly disclose the use of an autodialer, and it can't be bundled as a condition of purchase. [4]

Work through what the consent module actually does. It stores the source document, whether that's a form submission, a recorded IVR interaction, or a scanned signature. It attaches that record to the contact so the system can verify consent before the call goes out. It tracks expiration if you set one. It logs every revocation event with a timestamp.

Here's a trap worth understanding: consent for one purpose does not cover another. A consumer who gave written consent for calls about a mortgage application did not consent to calls pitching insurance. Your system needs to tag consent by campaign type, more than by contact.

The practical test is simple. A plaintiff's attorney sends a demand letter tomorrow claiming your dialer called their client's cell without consent. Can you pull up, within 24 hours, a document showing who consented, when, to what, and from what IP address or signed form? If the honest answer is 'probably' or 'we'd have to dig,' your consent management isn't compliant.

How should a predictive dialer handle Do Not Call compliance?

A compliant dialer scrubs every residential telemarketing number against the National DNC registry with data no older than 31 days, and it also checks your internal DNC list, applicable state registries, and any prior stop requests. The federal registry, maintained by the FTC, held more than 249 million phone numbers as of the FY 2023 Data Book. [5] The 31-day rule is law, not best practice. [6]

Beyond the federal registry you need three more lists: your company's own internal DNC list, state DNC registries (Indiana, Texas, Wyoming, and several others run their own [6]), and any numbers that have already sent you a stop via text or a verbal request on a recorded call.

A predictive dialer that scrubs only the national registry is not compliant. Period.

The specific feature to hunt for is automatic re-scrub scheduling. Import a lead list on January 1, keep dialing it on February 15, and your scrub is 45 days old, past the 31-day limit. The dialer should either block any number whose last scrub is older than 30 days or trigger a fresh scrub with no manual reminder.

Real-time scrubbing at the moment of dial is the standard to aim for. Some enterprise dialers integrate directly with the FTC's subscription data feed, so every number is checked against current registry data the instant the algorithm selects it. If your vendor can't do that, the floor you'll accept is a bulk re-scrub every 30 days with an automated gate that blocks any contact whose scrub date has lapsed.

For how large companies have paid for DNC failures, the UnitedHealthcare $2.5M settlement is a useful reference, and the Credit One TCPA settlement shows how consent and dialer evidence played out in litigation.

What call recording and audit log features matter for TCPA defense?

Your audit log is your first line of defense when a demand letter lands. At minimum it should capture every dial attempt (more than connections) with an exact timestamp, the full number dialed, the campaign ID, the consent record tied to that number, the agent who handled the call, whether the call was abandoned and for how long, any opt-out and when it was processed, and the number's DNC status at dial time.

When a TCPA lawsuit or demand letter arrives, your first move is pulling that trail. The more complete it is, the more defensible you are.

Call recording is a separate but related feature. Recorded calls prove what was actually said, which matters a lot in 'called without consent' disputes where the consumer claims they opted out on an earlier call and your agent ignored it. If your dialer records calls, keep the recordings long enough to be useful. TCPA carries a four-year statute of limitations under 28 U.S.C. § 1658 in federal court, so retain recordings for at least that long. [10]

One detail teams skip: the audit log should be tamper-evident. If your compliance team or an opposing attorney has any reason to question whether entries were altered, a plain database with no write-protection turns into a liability. Some enterprise dialers push audit logs to immutable storage or hash each entry. At real volume, that feature earns its cost.

You can see how audit evidence surfaces in real cases in the Truist Bank TCPA class action and the Albertsons Safeway TCPA settlement, both of which turned partly on what the defendants could and couldn't document.

Does the Facebook v. Duguid ruling change what ATDS features matter?

Facebook v. Duguid narrowed the federal ATDS definition, but it did not gut your need for compliance features. The Court held in April 2021 that an ATDS must use a random or sequential number generator to store or produce numbers. [7] So if your dialer only calls from a pre-loaded list and never generates numbers randomly, the argument runs, it may not be an ATDS under federal law.

That sounds like a get-out-of-jail card. It isn't.

Several states run their own autodialer statutes with broader definitions that predate or flatly reject Duguid. Florida's FTSA defines an autodialer as a device that dials numbers without human intervention, which almost certainly covers any predictive dialer. [8] Oklahoma and Washington have similarly wide state statutes. You can win the federal ATDS argument and still eat a state-law class action.

Even if your dialer dodges ATDS liability, DNC rules under 47 U.S.C. § 227(c) still apply, and those don't require an ATDS at all. Calling a registered number for telemarketing is prohibited no matter how you dialed it.

And most TCPA class actions plead both ATDS and non-ATDS theories. Even when the ATDS count gets dismissed, defending through discovery costs real money. The features that protect you against DNC and consent violations matter just as much after Duguid as before.

Do not let a vendor tell you Duguid means you can skip TCPA compliance features. That advice gets expensive.

What time-zone and calling-hour controls should a compliant dialer have?

A compliant dialer maps each number to its local time zone before dialing and enforces the 8 a.m. to 9 p.m. window automatically, based on the called party's time, not yours. [9] That distinction trips up more teams than you'd expect. Call from a Phoenix office at 6 p.m. MST and reach a Florida number, and it's 9 p.m. EST. Legal, barely. Keep dialing 30 more minutes and every Florida call is illegal.

Enforcement has to be dynamic, not manual. The moment a number hits its do-not-call window, it should drop back into the queue for next-day dialing on its own.

Some states tighten the window. Here are states with rules stricter than the federal floor, based on published state telemarketing statutes:

StateEarliest allowedLatest allowed
Federal (all states)8:00 a.m.9:00 p.m.
Oklahoma8:00 a.m.8:00 p.m.
Indiana8:00 a.m.9:00 p.m. (Sundays restricted)
Texas9:00 a.m.9:00 p.m.
California (state AG guidance)8:00 a.m.9:00 p.m.

This table is not exhaustive, and state telemarketing rules change. Your vendor should maintain and update these rules as state law moves, and you should confirm how often that update cycle runs.

One control that's often undervalued: holiday blocking. Some states and industries restrict calling hours on federal and state holidays. Healthcare and financial services teams especially should verify whether their dialer handles holiday schedules.

How do you evaluate and compare TCPA compliance features across dialer vendors?

Ask a vendor 'are you TCPA compliant?' and you'll always hear 'yes.' The question is useless. Better ones dig into behavior: when does the DNC scrub run, what happens at 2.9% abandonment, how are opt-outs logged and for how long, and who owns the compliance obligation in the contract.

Run through the specifics. Does your DNC scrub run at time of dial or only at list import? If at import, what happens when a record ages past 30 days, and what's the automated enforcement action? How are opt-out requests logged, in what format, and for how long are records kept? When you breach the 3% abandoned-call threshold, does the system slow automatically, alert someone, or keep dialing? If your servers fail, can we still retrieve consent records? Do calling-hour rules update automatically when state laws change, and who maintains that rule set?

Read who holds compliance responsibility in the contract. Plenty of vendors call their platform compliant while their Terms of Service dump all TCPA liability on you, the customer. That's standard in the industry, which means a software 'certification' won't protect you in court. You own the compliance obligation. The software is a tool to help you meet it.

A tool like LeadCompliant's free TCPA compliance checker can help you audit your current setup against these benchmarks before a problem surfaces.

For teams running outbound SMS alongside voice, text message marketing compliance has overlapping but distinct consent requirements that your dialer's consent module may not fully cover.

What does a TCPA violation actually cost, and how do lawsuits start?

Statutory damages run $500 per violation for ordinary violations and $1,500 for willful or knowing ones, with no cap in the statute. [2] A class action covering 100,000 calls at $1,500 each is $150,000,000 in exposure before attorney fees. That's the number that keeps founders up at night, and it's real.

Most TCPA lawsuits don't start with a government agency. They start with a plaintiff (sometimes a 'professional plaintiff' who deliberately triggers violations to build a case) getting a call, hiring a plaintiffs' attorney on contingency, and the case either settling or grinding through expensive discovery. The FCC takes complaints and can bring enforcement, but private litigation is far more common and faster.

Settlements in big TCPA cases show the range. The Cash App TCPA class action settlement and the Kaiser TCPA settlement both ran into millions. Smaller companies with modest call volumes have settled for six figures.

The FCC's Enforcement Bureau has also gone after abandoned-call violations directly. In 2012 the FCC collected settlements from several insurance marketing companies for abandoned-call rate violations running into hundreds of thousands of dollars. [3]

One fact that shapes litigation strategy: under 28 U.S.C. § 1658, the statute of limitations for TCPA claims in federal court is four years. [10] State courts set their own windows, some shorter, some longer. Your call records and consent documentation need to cover at least a four-year lookback.

What should a TCPA compliance checklist for your dialer cover?

A working dialer checklist runs on three clocks: per-campaign checks before launch, a monthly review, and an annual audit. Compliance isn't a one-time setup task. It's an operational habit, and it belongs on a recurring schedule, more than in vendor onboarding.

Before launch (per campaign): Confirm consent records exist for every number being dialed. Verify the lead list was scrubbed against the national DNC registry within the past 30 days. Confirm calling-hour rules are active and mapped to each number's actual time zone. Verify abandoned-call rate alerting and auto-slowdown thresholds are set below 3%. Confirm agents are trained on live opt-out handling and know exactly what to do when someone says 'don't call again.'

Ongoing (monthly): Re-scrub any lead lists older than 30 days before continuing to dial. Review the prior month's abandoned-call rate reports by campaign. Audit a random sample of consent records to confirm they're retrievable and complete. Check whether any state calling-hour rules or DNC requirements have changed (the FCC's TCPA filings and state AG websites are the primary sources).

Annually: Review your vendor's Terms of Service to confirm they haven't shifted liability terms. Test your consent record retrieval by simulating a demand-letter scenario. Review your call recording retention policy against the four-year TCPA limitations period.

LeadCompliant's one-time compliance kit maps to exactly this checklist with version-controlled templates, so you can start from a working baseline instead of rebuilding one.

To stay current on regulatory changes that affect dialer configuration, make monitoring TCPA news a monthly habit.

Frequently asked questions

Does a predictive dialer automatically qualify as an ATDS under TCPA?

After the Supreme Court's Facebook v. Duguid decision in 2021, the federal ATDS definition requires a system that uses a random or sequential number generator to produce or store numbers. Many predictive dialers dial from stored lists without generating numbers, which may take them outside the federal ATDS definition. But several states have broader autodialer definitions, and DNC rules still apply regardless of ATDS status.

How often do I need to re-scrub my call list against the National DNC registry?

FTC rules require your DNC data to be no more than 31 days old at the time you make the call. In practice, scrub every 30 days or less to stay inside the window. If your dialer doesn't automatically re-scrub or at least block numbers whose scrub date has lapsed, build that into your manual workflow. There's no grace period after 31 days.

What is the FCC's 3% abandoned call rule and how is it calculated?

The FCC limits telemarketing abandoned calls to no more than 3% of answered calls per campaign per 30-day period. A call is abandoned when a live person answers and no agent connects within two seconds of the person's greeting. You calculate the rate by dividing abandoned calls by total answered calls in the rolling 30-day window, per campaign. Exceeding it exposes you to $500 to $1,500 per abandoned call.

Can I rely on my dialer vendor's TCPA compliance certification to protect me from lawsuits?

No. TCPA liability attaches to the person or company that initiates the call, not the software vendor. Vendor Terms of Service almost universally place compliance responsibility on the customer. A vendor's 'TCPA-compliant platform' marketing means the tools are there, not that you're protected. You have to use the tools correctly, keep records, and train your team. A plaintiff's attorney will sue you, not your dialer vendor.

What states have stricter telemarketing calling-hour rules than the federal TCPA?

Oklahoma prohibits calls after 8 p.m. local time, an hour earlier than the federal 9 p.m. limit. Texas restricts calls to 9 a.m. or later. Indiana restricts Sunday calling. Florida's FTSA adds a broader autodialer definition beyond just calling hours. California follows the federal hours but enforces aggressively under its consumer protection statutes. Your dialer needs state-specific rule sets, more than the federal floor.

The FCC's 2012 rules require prior express written consent for autodialed marketing calls to cell phones. That consent must be in writing or electronic form with a valid signature, clearly disclose that the consumer agrees to receive autodialed calls from a specific company, include the phone number being consented, and not be a condition of purchasing any goods or services. Verbal consent or a bare checkbox without those disclosures is not enough for marketing calls.

The TCPA statute of limitations in federal court is four years under 28 U.S.C. § 1658. Retain consent records and call logs for at least four years from the date of the call. Some state statutes have longer limitations periods, and some state attorneys general have pursued claims outside the federal window. Keeping records for five years is a reasonable conservative practice if storage cost allows.

Does TCPA apply to B2B calls made with a predictive dialer?

TCPA's cell phone provisions apply to the phone number, not the person's role. If you're calling a business contact's personal cell phone, even for B2B purposes, TCPA consent requirements apply. If you're calling a published business landline, DNC rules are less restrictive, though the FCC has signaled these protections apply to all residential lines. B2B calling to direct cell numbers carries meaningful TCPA risk and needs consent documentation.

What happens if a consumer tells a live agent to stop calling and the dialer calls again?

Under TCPA, once a consumer revokes consent or makes a do-not-call request, you must honor it within a reasonable time. The FCC treats 10 business days as the outer limit. If your agent takes a verbal opt-out but doesn't log it in a way that suppresses future dialing, any later call can be a willful TCPA violation at $1,500 per call. Dialers should build verbal opt-out capture into the agent interface with automatic DNC flagging.

What is the safe harbor message requirement for abandoned calls?

When a predictive dialer abandons a call, the FCC requires the system to play a prerecorded message with the name of the business making the call, the business's phone number, and a statement that the call was for telemarketing purposes. This safe harbor reduces but does not eliminate liability. The FCC's rules under 47 C.F.R. § 64.1200(b) spell out the exact requirements; your dialer should let you upload a compliant message for each campaign.

Are there TCPA compliance features specifically required for political or informational calls?

Political calls and informational calls (like appointment reminders) have different TCPA consent thresholds than commercial marketing calls. Political autodialed calls to cell phones require prior express consent but not written consent. Informational calls to cell phones also require prior express consent, not written consent. Calling-hour rules and DNC restrictions still apply. Many dialers have campaign-type settings that adjust consent-check requirements based on call purpose.

How do I know if my current dialer is actually enforcing calling-hour rules or just displaying them?

Test it. Set up a test lead with a phone number mapped to a time zone currently outside the allowed calling window. Try to dial it manually or let the campaign run. If the dialer dials anyway, your calling-hour controls aren't enforcing. Many dialers show the restriction in the UI but let supervisors override it without logging the override. Check your settings for override capability and make sure any override is logged with a supervisor ID and reason.

Express consent means the consumer clearly agreed to receive calls. Express written consent, required for autodialed marketing calls to cell phones under the FCC's 2012 rules, requires a written or electronic signature, a specific disclosure that autodialed calls will be made, the caller's identity, and the consumer's phone number. The written form is the stricter standard. Verbal 'sure, you can call me' consent satisfies express consent but not express written consent for ATDS marketing calls.

Sources

  1. Legal Information Institute, Cornell Law, 47 U.S.C. § 227 full text: Violations carry $500 per call, or $1,500 for willful or knowing violations, with no statutory cap
  2. FTC, National Do Not Call Registry Data Book Fiscal Year 2023: National DNC registry contains over 249 million phone numbers
  3. FTC, Complying with the Telemarketing Sales Rule (business guidance): Sellers must scrub call lists against the DNC registry no more than 31 days before making a call; individual states maintain separate DNC registries
  4. Supreme Court of the United States, Facebook Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held the ATDS definition requires use of a random or sequential number generator to store or produce numbers; narrowed the federal ATDS definition
  5. Florida Legislature, Florida Telephone Solicitation Act (FTSA), § 501.059 Fla. Stat.: Florida FTSA defines an autodialer as equipment capable of dialing numbers without human intervention, broader than the post-Duguid federal definition
  6. FCC, 47 C.F.R. § 64.1200, delivery restrictions for telephone solicitations (eCFR): Federal TCPA regulations prohibit telemarketing calls before 8 a.m. or after 9 p.m. in the called party's local time zone
  7. Legal Information Institute, Cornell Law, 28 U.S.C. § 1658, statute of limitations for federal civil actions: Four-year statute of limitations applies to TCPA claims in federal court
  8. FCC, 47 C.F.R. § 64.1200(b), abandoned call safe harbor requirements (eCFR): Abandoned calls must play a message identifying the caller's name and phone number; the safe harbor requires meeting all conditions under 47 C.F.R. § 64.1200(b)

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit