Glossary · TCPA

What is the TCPA?

The TCPA (Telephone Consumer Protection Act of 1991) is a US federal law that restricts unsolicited telemarketing calls, auto-dialed calls, prerecorded calls, text messages, and junk faxes. Enforced by the FCC and through private rights of action, TCPA violations carry statutory damages of $500 to $1,500 per violation. Businesses running outbound dialing or SMS campaigns must comply with consent, opt-out, and caller-identification requirements or face class-action exposure that has historically reached tens of millions of dollars per case.

Core TCPA requirements

For telemarketing calls or SMS to mobile phones, the sender must have prior express written consent from the recipient. The consent must:

Be in writing (physical signature or E-SIGN electronic consent)
Clearly identify the sender
Disclose that the message may be delivered by autodialer or prerecorded voice
Note that consent is not a condition of purchase

For non-marketing informational calls/SMS, prior express consent (less formal, can be implied from giving a phone number for that purpose) is often sufficient.

Honor opt-out / STOP

Recipients must have a clear way to opt out. For SMS, any reply with STOP, STOPALL, UNSUBSCRIBE, CANCEL, END, or QUIT must immediately suppress further messaging. For voice, the caller must have a way to revoke consent.

DialPhone handles STOP keywords automatically with no setup required.

Time-of-day restrictions

Telemarketing calls (and SMS by analogy) are restricted to between 8 AM and 9 PM in the recipient’s local time zone. Time-zone-aware scheduling is required for campaigns across regions.

Caller identification

Callers must identify themselves, the business they represent, and (for sales calls) provide a callback number.

Do Not Call Registry

TCPA incorporates the National Do Not Call (DNC) Registry. Callers must scrub outbound lists against the DNC Registry and suppress numbers present on it. Exceptions: prior business relationship (up to 18 months), existing customer relationship, and prior express consent.

Consent can be revoked by the recipient at any time through any reasonable means. Senders must honor the revocation within 30 days.

Who must comply with TCPA

Telemarketers — anyone making outbound sales calls
Debt collectors — subject to TCPA plus FDCPA
Political campaigns — TCPA applies to autodialed political calls (though with some exemptions)
Nonprofits — have some exemptions for tax-exempt calls but not unlimited
B2B sales — historically a partial exemption; evolving case law is narrowing this
Mobile SMS senders — every business texting US mobile numbers
Healthcare providers — appointment reminders have limited TCPA exceptions with conditions

Essentially anyone making outbound calls or SMS to US phone numbers at any scale needs a TCPA compliance posture.

TCPA penalties

Statutory damages: $500 per violation
Willful or knowing violations: up to $1,500 per violation (triple damages)
No cap per plaintiff
Class actions common — combining thousands of violations per case
Historical settlements have reached $75M, $125M, $1.5B

One “violation” can be one call or one SMS. A 10,000-recipient campaign with bad consent is potentially $5M in statutory damages before triple-damages.

Autodialer and ATDS definition

TCPA restricts use of an “automatic telephone dialing system” (ATDS). The Supreme Court’s Facebook v. Duguid (2021) decision narrowed the ATDS definition to systems using a random or sequential number generator. This reduced TCPA exposure for many business dialers that dial from a stored list. But:

State-level mini-TCPAs (Florida, Oklahoma, Washington) have broader definitions
Prerecorded voice calls remain strictly regulated regardless of ATDS
Many courts are still interpreting Duguid
SMS rules are largely unaffected by Duguid

The safest posture is still: obtain prior express written consent before using any automated system to call or text US mobile numbers.

TCPA compliance checklist

DialPhone’s TCPA features

Consent audit trail — every opt-in tracked with timestamp, source, and form language
DNC list scrubbing — automatic suppression against National DNC Registry on every outbound campaign
STOP keyword handling — automatic honoring of STOP/STOPALL/UNSUBSCRIBE on SMS
Quiet hours enforcement — calls and SMS blocked outside 8am–9pm recipient local time
On-screen TCPA alerts — DialPhone’s outbound dialer warns reps in real time if they are about to call a DNC-listed number
Time-zone-aware scheduling — campaigns automatically split by recipient time zone
Revocation handling — opt-out propagates across all channels within 30 seconds (well under the 30-day requirement)

See DialPhone outbound dialing compliance → · See business SMS compliance →

State-level mini-TCPAs

Several states have enacted their own versions of TCPA with broader definitions, higher penalties, or additional requirements:

Florida Telephone Solicitation Act — broader ATDS definition; $500-$1,500 per violation
Oklahoma Telephone Solicitation Act — similar to Florida
Washington State — automated call restrictions

Check state law in every state you call. Outbound campaigns targeting multiple states should apply the strictest rule across all.

Example

A health-and-wellness SaaS platform bought a B2C email list “with SMS consent” from a third party and launched a 50,000-recipient SMS marketing campaign without checking consent provenance or DNC scrubbing. Four recipients on the Do Not Call Registry filed complaints, which became a class action. Settlement: $6.8M after three years of litigation — plus legal fees of roughly $2M. They would have paid a vendor a few thousand dollars for proper consent verification + DNC scrubbing and avoided the entire exposure.