What Is TCPA Compliance?

Talk To An Expert

What is the TCPA?

Passed into law by congress in 1991 and overseen by the Federal Communications Commission (FCC), the Telephone Consumer Protection Act (TCPA) is the primary federal law governing telephone solicitations, including all manner of telephone, fax, and text message solicitations.


As we continue into 2023, the Telephone Consumer Protection Act (TCPA) is a crucial regulation for businesses that engage in telemarketing, text messaging, and pre-recorded calls. TCPA litigation remains prevalent, and compliance is more critical than ever.

Businesses must verify the accuracy of their consumer data and be aware that TCPA requirements apply even in cases of reassigned, ported, or wrong numbers. Vigilant consumer verification is essential in this context.

Here are some updated statistics to consider:

  • 30% of consumer data is inaccurate
  • 100,000 telephone numbers are reassigned daily
  • 30 million phone numbers are disconnected each year

TCPA regulations apply to all companies, regardless of size, and extend to businesses operating call centers outside the US if they contact US consumers. In addition, business-to-business (B2B) calls are also subject to TCPA restrictions.

Text messages are subject to the same TCPA rules as phone calls, as reaffirmed by the FCC's 2015 Omnibus Declaratory Ruling and Order and the Supreme Court's decision in Facebook v. Duguid. The prohibition on using autodialers to send text messages still applies to devices considered autodialers.

It is crucial to understand the differences between the TCPA and the National Do Not Call (DNC) Registry, the implications of calling reassigned numbers and ported wireless numbers, and the potential penalties for TCPA violations.

In recent years, the FCC has announced plans for a reassigned number database and a new safe harbor rule for reassigned numbers, though the implementation is still pending. In addition, the ported wireless numbers safe harbor remains in effect, providing a 15-day window for companies to call numbers ported from wireline to wireless services, as long as the number is not on the DNC Registry or the company's internal Do Not Call list.

Understanding the concept of prior express consent is vital for businesses, as is being aware consumers can revoke consent at any time and by any reasonable means. Furthermore, it is essential to be mindful of the tricks employed by unscrupulous TCPA litigators and professional plaintiffs to induce costly TCPA violations. By staying informed and up-to-date on TCPA regulations, businesses can minimize their exposure to litigation and better protect themselves and their consumers.

Businesses must stay vigilant in compliance efforts to mitigate the risk of costly TCPA litigation. Here are some additional tips and recommendations to help your business maintain compliance:

  • Maintain thorough documentation: Keep detailed records of consumer consent, including the date, time, and authorization method. This documentation can be crucial in the event of a dispute or litigation.
  • Train employees and agents: Ensure that your employees and agents are well-trained on TCPA regulations and best practices. Regularly update training materials to reflect changes in the law or industry practices.
  • Implement strict internal policies: Develop clear, written procedures for your company's telemarketing and text messaging practices that are consistent with TCPA regulations. Then, regularly review and update these policies as needed.
  • Scrub call lists regularly: Regularly remove numbers from your call lists on the National Do Not Call (DNC) Registry or have been reassigned or disconnected. In addition, keep an eye on the development and implementation of the FCC's reassigned number database to take advantage of the proposed safe harbor rule.
  • Use consent management tools: Employ a consent management system to track and manage consumer consent, including revocation requests. This will help ensure that your business is correctly removing consumers who have revoked their authorization or have had their numbers reassigned.
  • Monitor third-party vendors: If you work with third-party vendors for telemarketing or text messaging services, ensure they comply with TCPA regulations. In addition, regularly review their practices and require them to provide documentation of their compliance efforts.
  • Stay informed on legal developments: Keep up-to-date with the latest TCPA-related legal decisions, regulatory updates, and industry best practices. Consider joining industry associations or subscribing to legal newsletters to stay informed.
  • Conduct regular compliance audits: Periodically review your company's telemarketing and text messaging practices to identify any potential areas of non-compliance. Then, make any necessary adjustments to your policies and procedures to maintain compliance with the TCPA.
  • Establish a transparent process for handling complaints: Develop a formal process for handling consumer complaints related to telemarketing and text messaging. Respond promptly to complaints and take appropriate action to resolve issues and prevent future violations.
  • Consult with legal counsel: Engage with counsel experienced in TCPA regulations to help guide your company's compliance efforts and mitigate potential risks.

By proactively addressing TCPA compliance, your business can reduce the likelihood of costly litigation, protect your brand reputation, and foster positive relationships with consumers.

Dual-Purpose Phone Lines
Sometimes referred to as “mixed-use” lines. Litigators will use one phone number for both business and personal purposes, potentially entrapping marketers who believe they are making calls to a business line when, in fact, it is a personal line for TCPA purposes.

Waiting to Receive Multiple Calls Before Threatening Litigation
Because TCPA fines are levied on a per-violation basis, litigators can juice their numbers by intentionally allowing a company to call them multiple times before they take action against the company.

Bullying for an Out-of-Court Settlement
Litigators will ambush defendants by threatening litigation with the intent of forcing an out-of-court settlement.

Taking Advantage of Reassigned Numbers
Litigators and serial plaintiffs will purchase multiple cell phones with the intent of manufacturing claims using phone numbers they know have been reassigned from their original owner.

Personally Targeting Corporate Officers in Lawsuits
By naming corporate officers and owners rather than merely the company itself, a litigator can apply additional pressure on a defendant.

Call Seeding
Litigators and their professional plaintiff accomplices will give consent for their numbers to be called. But rather than answering when called, they will call back from a different cell phone number for which they have not given consent, and talk just enough to identify themselves before hanging up, thus baiting agents into calling back without consent.

Who do TCPA litigators target?

Litigators will often target companies with particular, perceived vulnerabilities. Among the sorts of targets for unscrupulous litigators are the following:

  • Companies with Deep Pockets
    Large companies are often targets of large Telephone Consumer Protection Act (TCPA) lawsuits, resulting in very large payouts.
  • Companies with a History of TCPA Lawsuits
    Once a company has paid out a large settlement or judgment for TCPA violations, it can attract more litigators, like sharks drawn to blood in the water
  • Easy Targets
    Litigators will take advantage of companies who have inadequate opt-in language or collections agencies whose essential business structure puts them at greater risk for TCPA violations.
  • Companies that May Not Know the TCPA Applies to Them
    Many companies operate under the mistaken assumption that they are not bound to TCPA calling restrictions, including companies that focus on business-to-business (B2B), political organizations, schools, non-profits, and public utilities. Another similar category of businesses at risk are those who purchase leads from or outsource calling duties to third-party vendors and do not account for the possibility of their vicarious liability under the TCPA.

What is an autodialer?

The text of the Telephone Consumer Protection Act (TCPA) defines an Automatic Telephone Dialing System (ATDS)—colloquially known as an autodialer—as “equipment which has the capacity—(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” Of course, it is not clear how that relatively vague definition written in 1991 applies to the wide panoply of dialing technology available today. Unfortunately, Federal Communications Commission (FCC) rulemaking and case law have not resolved this and instead have created circumstances where the definition of what constitutes an autodialer varies from jurisdiction to jurisdiction.

Much of the conflict regarding the definition of an autodialer revolves around interpreting the TCPA’s use of the word “capacity.” The FCC’s most recent major overhaul of the TCPA is its 2015 TCPA Omnibus Declaratory Ruling and Order. In that document, it interpreted “capacity” in a broad sense, determining that equipment without the “’present ability’ to dial randomly or sequentially” could still qualify as an autodialer if it had “potential functionalities” to do so. This interpretation essentially meant that any device that could potentially dial numbers from a list might be considered an autodialer and thus subject to the TCPA’s regulations on the use of an ATDS.

In 2018, the D.C. Circuit Court issued a decision in ACA International, et al. v. FCC, et al. that struck down the FCC’s broad definition of autodialer, paving the way for the creation of a more reasonable standard. Noting that the 2015 Order’s interpretation of “capacity” essentially had the effect of designating every smartphone as an ATDS, the court vacated that interpretation. This ruling, fortunately, eliminated the overly broad autodialer definition but unfortunately did not offer another definition as a clear replacement, leaving it up to individual courts to interpret the meaning of “capacity” in the TCPA’s definition of ATDS. Two subsequent circuit court decisions have created two conflicting definitions of what exactly is an autodialer.

Three months after the ACA Int’l decision, the Third Circuit Court issued a ruling in Dominguez v. Yahoo that set forth one of the multiple forking paths of what constitutes an autodialer. Following the D.C. Circuit vacating the FCC Order’s interpretation, the Third Circuit determined that its decision was required to interpret the TCPA’s definition of ATDS. The Third Circuit determined that, based on the facts of the case, there was “a genuine dispute of fact as to whether [Yahoo's system] had the present capacity to function as an autodialer by generating random or sequential telephone numbers and dialing those numbers.” This created the precedent that an autodialer must have the present capacity to both generate and dial numbers either randomly or sequentially.


Three months after the Third Circuit’s Dominguez decision, the Ninth Circuit reached a decision in Marks v. Crunch San Diego, LLC that offered a much more broad interpretation of what “capacity” means in the TCPA’s definition of an autodialer. The Ninth Circuit acknowledged the Dominguez decision but pointedly declined to follow it. Instead, the court found that the TCPA’s statutory definition of an autodialer was ambiguous and “the term ‘automatic telephone dialing system’ means equipment which has the capacity — (1) to store numbers to be called or (2) to produce numbers to be called, using a random or sequential number generator — and to dial such numbers automatically (even if the system must be turned on or triggered by a person).” According to this precedent, an ATDS is any device that has the capacity to automatically dial numbers that are stored in a list.

In early 2020, two new rulings in cases in two different circuits set potential precedents for a third definition of what constitutes an ATDS. In Glasser v. Hilton Grand Vacations Company, LLC, the Eleventh Circuit interpreted a key clause (“to store or produce telephone numbers to be called, using a random or sequential number generator”) in the TCPA’s definition of an ATDS such that the phrase “using a random or sequential number generator” modifies both “produce” and “store”. This essentially means that, in the Eleventh Circuit, dialers are only subject to the TCPA’s restrictions on the use of autodialers if they are dialing phone numbers that are randomly or sequentially generated. This interprets the ATDS definition even more narrowly than the Third Circuit’s Dominguez decision. Less than a month later, the Seventh Circuit issued a decision in Gadelhak v. AT&T Services that reached the same conclusion as the Glasser court, extending that narrow ATDS definition to another jurisdiction.

In March 2020, two different district courts in two different circuits handed down rulings in two different Telephone Consumer Protection Act (TCPA) cases that rejected a common argument that would have essentially rendered any computer-based dialer as an Automatic Telephone Dialing System (ATDS). These cases—Decapua v. Metro. Prop. & Cas. Ins. Co. and Hagood v. Portfolio Recovery Assocs.—generally followed the definitions set forth by the Gadelhak and Glasser decisions.

As if to forestall any possibility of a coherent trend, another early 2020 ATDS ruling went the other direction, favoring a broad interpretation of the ATDS definition. The Second Circuit found, in Duran v. La Boom Disco, that the texting programs used by the defendant should be regulated as autodialers. Following the Marks precedent, the Court determined that any device that can dial from numbers stored in a list is an ATDS, holding that “an ATDS may call numbers from stored lists, such as those generated, initially, by humans.” The court also found that a human hitting a “send” button to initiate the text campaign is insufficient human intervention to preclude an ATDS designation.

In July 2020, the Sixth Circuit staked a claim to the broader definition of an ATDS. In Allan v. Pa. Higher Ed. Assist. Agency, the court adopted the Marks definition of an autodialer as essentially anything that dials numbers from a list.

As a result of these wildly differing interpretations of the TCPA’s definition of an autodialer, there were multiple competing precedents that courts are following. This led to a confusing circumstance where the definition of what constitutes an ATDS depended entirely on the particular court jurisdiction—including a split within the state of Michigan where one district followed the Dominguez precedent while the other followed the Marks precedent.

On April 1 (April fools Day) 2021, the Supreme Court handed down a ruling in Facebook v. Duguid that finally resolved these disparities in favor of the more narrow, statutory definition. In the court's unanimous opinion, Justice Sonia Sotomayor wrote, ““We hold that a necessary feature of an autodialer under [the TCPA] is the capacity to use a random or sequential number generator to either store or produce phone numbers to be called.” Thus, the autodialer is finally properly defined.

What are the provisions of the TCPA?

The main provisions of the Telephone Consumer Protection Act (TCPA) are as follows:

  • Calling Time Restrictions
    Companies can contact residential consumers only between 8:00 AM and 9:00 PM (recipient’s time zone).
  • Automatic Telephone Dialing Systems (ATDS)
    The TCPA restricts autodialed marketing calls and texts to cell phones and other devices where the recipient might be charged for the call without written consent, and non-marketing autodialed calls without prior express consent.
  • Robocalls
    The TCPA does not allow the use of an artificial or prerecorded voice to be used to call a residential landline or wireless number for marketing purposes without prior express written consent.
  • Identification Requirements
    Among other things, the TCPA requires the caller to provide their name, the name of the company on whose behalf they are calling, and a telephone number or address which can be used to contact them again.
  • National Do Not Call (DNC) Registry
    Telemarketers are required to suppress phone numbers on the National Do Not Call Registry. Remember that some states have their own local DNC lists as well, separate from the federal list.
  • Internal Do Not Call List
    Companies are required to maintain an internal DNC list of consumers who asked not to be called or texted.

What is the penalty for violating the TCPA?

TCPA violations can result in penalties of up to $500 per violation, with willful violations trebled up to $1,500 per violation. There is no cap on statutory damages so thousands of violations can result in millions of dollars in penalties.

What are some particular TCPA vulnerabilities for B2B callers?

Businesses that conduct Business-to-Business (B2B) marketing should be aware of the following vulnerabilities specific to their manner of business:

  • Dual Purpose (Mixed Business & Personal Use) Lines
    B2B marketers should be checking their data against state and federal consumer Do Not Call (DNC) lists to reduce the risk of calling or texting dual purpose phone lines.
  • Business Fax Lines
    The Telephone Consumer Protection Act (TCPA) prohibits the use of “any telephone facsimile machine, computer, or other device to send an unsolicited advertisement to a telephone facsimile machine,” which includes business fax lines.
  • Vicarious Liability
    If you use outsourced vendors to make B2B calls or texts on your behalf, you may be held vicariously liable for their potential violations of the TCPA.
  • Individual Employees vs. the “Business Entity”
    Marketing calls that solicit consumers at their place of business rather than the “business entity” itself are not B2B solicitations and would be subject to all normal TCPA and DNC laws.

What are the B2B consent requirements?

Marketers can make Business-to-Business (B2B) calls/texts using an Automatic Telephone Dialing System (ATDS) provided they have proper consent. For marketing purposes, you must have express written consent. The written consent may be an e-signature or button press, but it must include the following disclosures:

  • You must disclose that the calls or texts will be sent for marketing purposes.
  • You must disclose that the calls or texts will be or may be sent using an Automatic Telephone Dialing System.
  • You must indicate that consent to receive the calls or texts is not a condition of any purchase.
  • You must identify which brand will call and which number will be called.

Are there exemptions for B2B calls?

Yes. These exemptions cause much confusion in the industry, leading to devastating fines and settlements. In the face of these exemptions, the vagueness of whether Business-to-Business (B2B) calls are covered under the Telephone Consumer Protection Act (TPCA) often leads reasonable people to think they are not. before making calls.

B2B marketing calls are normally exempt from Telemarketing Sales Rule (TSR) DNC rules. They are also likely to be exempt from the Federal Communications Commission’s (FCC) DNC rules. However, some federal rules still apply and, as above, some state rules may still apply including laws specific to B2B.

What is an automated text message?

An automated text message is a text message sent to a consumer or consumers through the use of an automated text messaging platform. Regardless of whether the message itself is manually or automatically generated, it is treated as an automated text message if an autodialer platform is used to deliver the message.

The courts have been unanimous in the viewpoint that a call is a text and a text is a call. Automated text messages should be treated exactly like calls placed using an autodialer and the same consent rules should be observed.

Even after the Supreme Court's ruling in Facebook v. Duguid, the TCPA's regulations on automated text messages stand. While SCOTUS's decision to adopt the narrow definition of what constitutes an ATDS may well exclude most (or possibly all) current text messaging systems from being considered autodialers, the restrictions on automatic texting still exist.

The Federal Trade Commission (FTC) exempts all solicitation calls between a marketer and a business except marketing of nondurable office or cleaning supplies. This means most B2B are exempt from national Do Not Call (DNC) laws, but not every state exempts B2B calls under state law. Some jurisdictions require B2B marketers to register and place a bond.

How do I avoid a TCPA lawsuit?

The best practices for avoiding Telephone Consumer Protection Act (TCPA) violations and the attendant lawsuits are as follows:

  • Make Sure You Have Clear Consent
    In order for a court to proceed with a class action, the class must first be certified. When it comes to the TCPA, if the defendant can provide evidence of consent procedures, and prove consent for the individual plaintiff, the class as a whole, or a subset of the class, then the class certification may be denied.
  • Make Sure You Have Strong Arbitration Language
    It is critical in consumer contracts to draft clear arbitration agreements, broad enough to cover any and all future disputes. Failure to do so could result in denial of arbitration or even class action lawsuits. When drafting your arbitration clause, be sure to include a detailed opt-out provision that contains specifics on how and where a consumer can opt-out.
  • Have a Well Written Consent Clause
    If you ever need to contact a consumer with an autodialer or pre-recorded voice, make sure your contract includes a well-written TCPA consent clause. The clause should include language that supersedes any existing opt-in or opt-out, clearly indicate the methods of consent revocation, clearly indicate the methods by which you may contact them and include any third parties or affiliates that may contact them as it pertains to the contract.
  • Use Your Dialer Technology Correctly
    If you’re calling or texting a wireless number, the TCPA mandates that you must have express written consent to place those calls or texts using an Automatic Telephone Dialing System (ATDS). The Federal Communications Commission (FCC) defines an ATDS as equipment that has the capacity “(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” The Supreme Court's decision in Facebook v. Duguid may limit which kinds of devices fit this definition but it does nothing to change the ATDS restrictions or the penalties that come with violating them.
  • Document Everything, Follow the Rules, Be Able to Prove It
    The courts may allow you to claim a “Safe Harbor Defense,” a strategy which allows companies to show proof that they have done all the things they can to be compliant with the TCPA. Those things include but are not limited to: 
  • Having written policies and procedures in place and training employees to follow them. 
  • Maintaining an internal do not call list 
  • Scrubbing against the National Do Not Call (DNC) Registry 
  • Scrubbing against the individual state DNC registries 
  • Checking your data for reassigned numbers

What is vicarious liability?

Vicarious liability is defined as an attachment of responsibility to a party for harm or damages caused by another party in a lawsuit or civil action.

It is a common practice for many businesses to market their products through the use of independent sales forces and lead aggregator websites. While these can be great sources for obtaining fresh leads, they can also be a trap for Telephone Consumer Protection Act (TCPA) litigation. 

If your third-party agents violate the TCPA, you can be found vicariously liable for any resulting damages. Examples of possible violations include the third-party agents calling consumers without the proper consent, making calls or texts on your behalf using an Automatic Telephone Dialing System (ATDS) or prerecorded voice, and not honoring opt-out requests. 

When you don’t fully control the strategies that lead generators use to conduct their campaigns, the risk of vicarious liability can be enormous. TCPA violations incurred by independent agents and lead generators acting on behalf of a company will draw that company into any related lawsuits.

If I realize that I may have sent text messages to reassigned numbers, am I required to send notice to those consumers?

No, if you find yourself in this situation, there is no requirement to send notice to consumers.

What is the risk of calling reassigned numbers?

Approximately 100,000 mobile phone numbers are reassigned by wireless carriers every day. Potentially 20% of data in an average consumer contact list could be made up of reassigned phone numbers. Therefore, theoretically, you could be liable for the maximum Telephone Consumer Protection Act (TCPA) violation of $500 per call or text on up to 20% of your entire campaign.

While the Federal Communications Commission (FCC) has promised to create a comprehensive database of reassigned numbers, none exists currently. Your best defense is to scrub for reassigned numbers and to actively maintain your contact database by asking consumers for updated information.

What are the risks of peer-to-peer texting under the TCPA?

The Federal Communications Commission (FCC) issued a declaratory ruling in 2020 affirming that peer-to-peer (P2P) texting systems should not be considered automatic telephone dialing systems (ATDS). The Supreme Court's ruling in Facebook v. Duguid also ensures that P2P systems should not be regulated as autodialers.

Can I obtain verbal consent by asking a consumer to respond affirmatively to an audio recording asking for consent to receive marketing calls?

The Federal Communications Commission (FCC) has held that “written” consent can be obtained on a recorded telephone call, but you must ensure you meet all the requirements of the ESIGN Act or similar state laws regarding electronic signatures.

Can consumers opt in via text message?

Yes, but you cannot send a text from an ATDS that says, “Sign up for our marketing program.” That message would be marketing in and of itself, and you would have already violated the Telephone Consumer Protection Act (TCPA). However, you could do a call to action that says, “For automated offers, text DISCOUNT to XYZ number…” When the consumer responds to your offer, request a double opt-in, and get the consumer to agree to the required disclosures. Always ensure full TCPA disclosures are utilized, as well as an opt-out instruction.

If a customer had previously opted out of receiving calls and/or text messages and I obtain new consent, does that new opt-in supersede the previous opt-out?

Yes. Since they are opting in again, you have consent again.

Do I need consent for Direct Response Text Marketing?

You do not need consent for the initial automated response if the message is consistent with what your direct response offer has promised. The message must be sent immediately, containing only the requested information and nothing more. Any additional marketing messages would require consent.

Am I legally required to let consumers know how to opt-out?

It is not legally required to provide customers with instructions on how to opt-out. But it is a very strongly recommended best practice to provide customers with this information. If you don’t do so, it is possible that people will opt out with their own legally sufficient language that is not recognized by your system, leading you to continue to send messages or make calls which now violates the Telephone Consumer Protection Act (TCPA). You need to be able to recognize and honor opt-outs, so always include a simple opt-out instruction (“Reply STOP to Opt-Out” for example).

If a consumer opts out, can I send a confirmation message?

Yes, you can send one final message confirming the opt-out and offering information on how to opt back in. However, this final message cannot contain any sort of marketing. The Federal Communications Commission (FCC) recommends you send this message no later than 5 minutes after the opt-out occurs.

If my consent language covers both calls and texts, does a consumer opting out of one mean they have opted out of both?

Yes, opting out of one should result in opting out of both unless you’ve made it clear that there are different requirements. However, you can clarify with the consumer whether they are seeking to opt out of one particular program, or all calls and texts to the number.

If a consumer wishes to opt out of receiving marketing texts from campaign A but still wants to get texts from campaign B, are multiple opt-out options allowed?

Yes, you can have multiple campaigns with their own opt-out requirements, but you should make it very clear to consumers how to do it. For example, text “STOP A” to stop receiving messages from campaign A vs. “STOP B” to stop receiving messages from campaign B. It is also best practice to offer an inclusive opt-out option such as “STOP ALL.”

Are purely informational texts exempt?

Purely informational texts follow the same implied consent rules as delivery and service notifications. However, if any part of your informational text could be considered marketing and you are using a device that meets the current standards for what constitutes an automatic telephone dialing system (ATDS), you would need express written consent. Therefore, best practices are to get express written consent even for informational texts.

What is the potential liability of marketing texts that offer consumers discounts or benefits for forwarding offers to their friends?

This specific scenario has not been addressed by the Federal Communications Commission (FCC). In these sorts of circumstances, the FCC looks at a number of factors to determine who is responsible for user-initiated messages such as: Who decides when the text is going to be sent? Is it being used to do an unlawful activity? Are you spoofing? The issue is controlled. In this case, the fact that the consumers are going to be the ones sending the message and are choosing who receives the message makes it seem like the consumer should be responsible. But they are promoting your product, so there could be a vicarious liability issue.

*source- DNC.com Contact Center Compliance*

TSG Global Can Help You Navigate the TCPA Waters