TCPA Compliance for Outbound Calling: 2026 Guide
Avoid costly TCPA violations with this 2026 compliance guide covering prior express consent, DNC rules, ATDS definitions, and enforcement trends.
What Is the TCPA and Why Does It Matter in 2026?
The Telephone Consumer Protection Act (TCPA), codified at 47 U.S.C. Section 227, is the primary federal statute governing outbound telephone communications in the United States. Enacted in 1991, the TCPA restricts telemarketing calls, auto-dialed calls, prerecorded or artificial voice calls, unsolicited faxes, and text messages. It is enforced by the Federal Communications Commission (FCC) and through private litigation.
The TCPA matters enormously because of its statutory damages provision: $500 per violation, trebled to $1,500 per willful violation. In high-volume outbound calling operations, a single campaign error can generate millions of dollars in liability. In 2025, TCPA-related lawsuits and settlements exceeded $2.3 billion, making it one of the most litigated consumer protection statutes in the United States.
The regulatory landscape shifted significantly in 2024-2025 following the Supreme Court's decision in Facebook v. Duguid (2021) narrowing the ATDS definition, subsequent FCC rulemaking expanding one-to-one consent requirements, and the growing use of AI voice agents in outbound calling — a technology the FCC addressed directly in its February 2024 Declaratory Ruling.
Core TCPA Prohibitions
Prohibition 1: Calls Using an Automatic Telephone Dialing System (ATDS)
The TCPA prohibits calls to cell phones using an ATDS without the called party's prior express consent.
Post-Facebook v. Duguid ATDS definition: An ATDS is equipment that has the capacity to store or produce telephone numbers to be called using a random or sequential number generator and to dial such numbers. Equipment that merely stores and dials numbers from a pre-existing list does not qualify as an ATDS under this definition.
Practical impact: After Duguid, calls made from predictive dialers using pre-loaded contact lists may not trigger the ATDS provision. However, this does not eliminate TCPA risk — other provisions (prerecorded voice, DNC) still apply, and several states have enacted broader ATDS definitions.
Prohibition 2: Prerecorded or Artificial Voice Calls
The TCPA prohibits calls delivering a prerecorded or artificial voice message to:
- Cell phones: Without prior express consent (for non-telemarketing) or prior express written consent (for telemarketing)
- Residential landlines: Without prior express consent for telemarketing calls
AI voice agent implication: The FCC's February 2024 Declaratory Ruling confirmed that calls made using AI-generated voices are "artificial voice" calls under the TCPA. This means AI voice agent outbound calls are subject to the full TCPA consent requirements for prerecorded/artificial voice calls.
Prohibition 3: Calls to Numbers on the National Do Not Call Registry
The TCPA and FCC rules (47 C.F.R. Section 64.1200) prohibit telemarketing calls to numbers registered on the National Do Not Call Registry, with limited exceptions:
- Established business relationship (EBR): Calls to customers with whom you have an existing business relationship (purchase or transaction within the previous 18 months, or inquiry within the previous 3 months). Note: The FCC's 2023 rulemaking eliminated the EBR exemption for calls using prerecorded voices — even existing customers must provide prior express written consent for prerecorded telemarketing calls.
- Prior express written consent: The consumer has provided signed written agreement (including electronic signature) specifically authorizing telemarketing calls
- Tax-exempt nonprofit organizations: Limited exemption for calls by or on behalf of tax-exempt nonprofit organizations
Prohibition 4: Calls to Numbers on Internal Do Not Call Lists
Organizations that conduct telemarketing must maintain an internal DNC list and honor requests to be placed on it. Procedures must be established for adding numbers within 30 days of a request, and numbers must remain on the internal DNC list for 5 years from the date of the consumer's request.
Prior Express Consent: The Critical Distinction
The TCPA establishes different consent levels depending on the type of call and the technology used:
See AI Voice Agents Handle Real Calls
Book a free demo or calculate how much you can save with AI voice automation.
Prior Express Consent (Non-Written)
Required for:
- Non-telemarketing calls to cell phones using an ATDS
- Non-telemarketing prerecorded voice calls to cell phones
- Informational calls (appointment reminders, account alerts, delivery notifications)
How obtained: The consumer provides their phone number in the context of the business relationship. For example, providing a cell phone number on an account application or registration form constitutes prior express consent for informational calls to that number.
Prior Express Written Consent (PEWC)
Required for:
- All telemarketing calls using prerecorded or artificial voices to any phone number
- All telemarketing calls using an ATDS to cell phones
PEWC requirements (47 C.F.R. Section 64.1200(f)(9)):
- Signed written agreement (including electronic signatures complying with E-Sign Act)
- Clear and conspicuous disclosure that the consumer is authorizing telemarketing calls
- Disclosure that calls may use an autodialer or prerecorded voice
- Disclosure that consent is not a condition of purchase — the consumer cannot be required to consent as a condition of buying goods or services
- Identification of the specific seller authorized to make the calls
- Phone number to which calls may be placed
One-to-One Consent (FCC 2023 Rule)
Effective January 27, 2025, the FCC's updated consent rules require:
- Consent must authorize calls from one specific seller — multi-seller consent forms (lead generators sharing a single consent across multiple callers) are no longer valid
- Consent must be logically and topically related to the interaction that prompted it
- This rule directly impacts lead generation businesses and affiliate marketing models
FCC Enforcement Actions and Trends (2024-2026)
Major Enforcement Actions
| Year | Entity | Violation | Penalty |
|---|---|---|---|
| 2024 | Insurance lead generator | Calling numbers on DNC registry using prerecorded AI voices | $299 million (proposed) |
| 2024 | Political robocaller | AI-generated voice calls impersonating a political candidate | $6 million + criminal referral |
| 2025 | Debt collection agency | Continuing to call after consumer revoked consent | $45 million |
| 2025 | Solar energy company | Calling consumers who opted out; inadequate internal DNC procedures | $82 million (proposed) |
| 2025 | Health insurance marketplace | AI voice calls to cell phones without prior express written consent | $156 million (proposed) |
Enforcement Trends
- AI voice calls under heightened scrutiny: The FCC has made AI-generated voice calls an enforcement priority following the 2024 Declaratory Ruling
- Lead generation consent crackdown: The one-to-one consent rule has eliminated multi-seller consent aggregation
- State attorney general enforcement increasing: State AGs have brought over 40 TCPA-related actions in 2024-2025, often resulting in additional state-law penalties
- Private litigation remains high: Approximately 4,000 TCPA lawsuits were filed in federal court in 2025, with class actions driving the majority of settlement dollars
State-Level TCPA Equivalents
Several states have enacted calling restrictions that exceed federal TCPA protections:
Florida Telephone Solicitation Act (FTSA)
- Applies to calls and text messages to Florida residents
- $500 per violation, $1,500 per willful violation (mirroring federal TCPA)
- Broader ATDS definition than federal TCPA post-Duguid — includes systems that merely have the capacity to dial numbers from a list without human intervention
- Written consent requirement for all telephone solicitations
- Prior express written consent expires after 18 months
Oklahoma Telephone Solicitation Act (OTSA)
- $10,000 per willful violation — significantly higher than federal TCPA
- State AG enforcement authority
California Consumer Calling Protection Act
- Restricts robocalls to California residents
- State AG enforcement with penalties up to $2,500 per violation
- Integrates with CCPA data subject rights
New York Telemarketing and Consumer Fraud Prevention Act
- Requires registration with the New York Department of State for telemarketers
- $11,000 per violation
- Mandatory cooling-off periods for certain telephone sales
Compliance Framework for Outbound Calling
Step 1: Consent Management
Build a consent management system that:
- Records consent at the point of collection with timestamp, method (web form, verbal, written), and the specific language the consumer agreed to
- Associates consent with a single seller (one-to-one consent requirement)
- Verifies consent validity before every outbound call — consent may expire (Florida: 18 months), be revoked, or become stale
- Processes revocations immediately — when a consumer says "stop calling me," consent is revoked. Revocation must be honored within a "reasonable time" (FCC guidance suggests within 24 hours at most)
Step 2: DNC Registry Compliance
- Scrub all outbound lists against the National DNC Registry within 31 days before each calling campaign
- Maintain an internal DNC list updated within 30 days of consumer requests
- Entity-specific DNC: If you operate under multiple brands, each brand should have its own internal DNC list
- Scrub against state DNC registries for states that maintain them (e.g., Indiana, Louisiana, Missouri, Pennsylvania, Texas, Wyoming)
Step 3: Technology Controls
- Time-of-day restrictions: Telemarketing calls may only be made between 8:00 AM and 9:00 PM in the called party's local time zone. Ensure your dialer maps numbers to time zones
- Caller ID transmission: The TCPA requires transmission of caller ID information, including a name and number where the consumer can call to be placed on the DNC list
- Abandoned call rate: FCC rules limit the abandoned call rate (calls connected but not answered by an agent) to 3% per campaign per 30-day period
- Ringless voicemail: The FCC has not issued a definitive ruling on ringless voicemail, but several courts have found it subject to TCPA
Step 4: AI Voice Agent Compliance
For organizations using AI voice agents for outbound calls:
- Obtain PEWC before deploying AI voice agents for telemarketing calls — AI-generated voices are "artificial voices" under the TCPA
- Disclose the AI nature of the call at the beginning of each interaction — FCC guidance recommends clear disclosure
- Provide immediate transfer to a human agent upon request
- Record all AI voice agent interactions for compliance monitoring and dispute resolution
- Monitor AI behavior to ensure it does not make representations that trigger additional liability (false promises, misleading claims)
CallSphere's AI voice agent platform includes built-in TCPA compliance controls: PEWC verification before outbound calls, mandatory AI disclosure at the start of each call, real-time DNC checking, time-zone-aware calling windows, and automated consent revocation processing.
Step 5: Documentation and Record Retention
Maintain the following records for at least 5 years:
- Consent records (original consent, method, timestamp, language)
- DNC scrub records (date of scrub, registry version used, results)
- Internal DNC list and update history
- Calling campaign records (dates, numbers called, agent/AI assigned, outcomes)
- Consumer complaints and resolution records
- Training records for calling personnel
Frequently Asked Questions
Do the TCPA rules apply to B2B calls?
The TCPA's cell phone provisions (ATDS and prerecorded voice restrictions) apply regardless of whether the call is B2B or B2C — the restriction is based on the number called (cell phone), not the relationship. DNC registry restrictions technically apply only to "residential subscribers," but many business owners register their numbers on the DNC registry. Best practice is to treat all outbound calls as subject to TCPA regardless of the B2B context.
Can a consumer revoke TCPA consent by any means?
Yes. The FCC has ruled that consumers can revoke consent by any reasonable means, including verbally during a call, by text message, by email, or in writing. The revoking consumer does not need to use a specific method or channel designated by the caller. Organizations must monitor all communication channels for revocation requests.
What is the liability exposure for a single TCPA violation?
The statutory damages are $500 per violation, trebled to $1,500 per willful violation. Each call to a non-consenting number is a separate violation. A 10,000-call campaign to non-consenting numbers could generate $5 million to $15 million in statutory damages. Class actions can aggregate thousands of individual claims, resulting in settlements in the hundreds of millions of dollars.
How does the one-to-one consent rule affect lead generation?
The FCC's one-to-one consent rule (effective January 27, 2025) requires that prior express written consent specifically authorize calls from one identified seller. Lead generators can no longer obtain a single consumer consent and sell it to multiple callers. Each caller must be individually identified in the consent language. This has fundamentally changed the lead generation business model, requiring either single-seller lead forms or separate consent for each buyer.
Are text messages covered by the TCPA?
Yes. The FCC has ruled that text messages are "calls" under the TCPA, subject to the same ATDS, prerecorded voice (for automated texts), and DNC restrictions as voice calls. The same consent requirements apply: prior express written consent for telemarketing texts, prior express consent for informational texts. The FTSA (Florida) explicitly covers text messages with the same penalty structure as voice calls.
CallSphere Team
Expert insights on AI voice agents and customer communication automation.
Try CallSphere AI Voice Agents
See how AI voice agents work for your industry. Live demo available -- no signup required.