TCPA compliance checklist

You have a product or service you can’t wait to share with potential customers, and you’re ready to market it. Before you start sending out emails or text messages (SMS) or making phone calls, sit down with your legal team and make sure you have considered every marketing law and regulation. One important best practice is checking off the items on your TCPA compliance checklist. 

The Telephone Consumer Protection Act (TCPA) was established in the United States in 1991 and aims to protect consumers from receiving telephone solicitations from businesses without consumers’ consent. Because of concerns with data privacy and data protection, the rules and regulations change constantly; if you aren’t careful, you could face expensive lawsuits or fines if a consumer claims they did not give consent to be contacted. The last thing you want is for a lead to sue your company.

What is TCPA compliance?

TCPA compliance refers to adhering to the Telephone Consumer Protection Act, a crucial regulation designed to protect consumers from unsolicited calls, texts, and faxes. Businesses must obtain explicit consumer consent before initiating telemarketing communications, maintain do-not-call lists, and honor time restrictions on calls to avoid hefty penalties. 

Compliance is not only a legal requirement but also a best practice to foster trust and maintain a positive reputation among consumers. Adhering to TCPA guidelines helps mitigate legal risks and enhances customer relations, making it a fundamental aspect of responsible business operations.

TCPA compliance guide: What’s on the TCPA consent compliance checklist?

By using a TCPA consent compliance checklist as a TCPA compliance guide, you can use more technologies that adhere to TCPA marketing laws and TCPA SMS compliance to make your marketing operations more efficient and cost-effective. 

TCPA checklist

  • Obtain and store prior express written consent
  • Use clear disclosure language
  • Opt-in follow-up requirements
  • Include an opt-out option
  • Only contact during approved hours
  • Scrub against the national DNC (Do-Not-Call) and RND (Reassigned Numbers Database) lists.
  • SMS protections

Maintain that you are properly capturing and storing proof of consent

  • Provide proof that the consumer gave consent by checking the box or completing the form.
  • Provide a visual record of the TCPA disclosure language the consumer viewed with a session replay solution that makes it easy to identify consent language and the consumer’s action of providing their consent (i.e., entering requested information, checking the consent box, and pressing the “Submit” button).
  • Documentation should be collected and stored by a reliable, independent third party so that it can’t be manipulated.
  • Documentation should be easily accessible and shareable.
  • Perform periodic audits (spot checks) of your consent documentation to confirm that your protection is reliable.
  • If buying leads from partners, make sure your document of consent matches the lead you purchased.
  • If buying leads from partners, verify consent in real time before you call or text the lead. 

Learn more about the importance of TCPA consent.

Use clear, concise, and informative disclosure language 

  • The disclosure language (i.e., the terms and conditions the customer is agreeing to by submitting the form) is clear and easy to understand (avoid “legalese”).
  • The disclosure statement is clearly visible in the immediate vicinity of the opt-in button. 
  • The disclosure statement states the identity of the company that will contact the consumer.
  • The disclosure statement states that communication may be in the form of an SMS (text) or automatic telephone dialing system (ATDS).
  • If you’re using a pre-recorded voice in the call, this is clearly stated in the disclosure.
  • The disclosure states that opting in to receiving messages is not a requirement to take advantage of the offer.
  • The disclosure states the approximate number of calls and text messages the consumer may receive.
  • Work with your privacy, legal, and design teams to determine the most reasonable, balanced way to meet webpage notice and consent language compliance requirements.
  • Review any TCPA disclosure statements with your legal department to make sure that the statement follows your company’s legal and compliance requirements.

TCPA opt-in requirements

Once a customer opts in to your messages (either sales/marketing or transactional messages), send a detailed disclosure message. The opt-in confirmation should include:

  1. Your business name.
  2. The purpose of the messages.
  3. How often texts will be sent (daily, weekly, monthly).
  4. Notification of possible text and data rates.
  5. A link to the full terms and conditions.
  6. Directions for getting help if needed.
  7. Steps to opt out of future messages.

TCPA opt-out requirements

  • Under the TCPA, make sure that your business offers a straightforward opt-out method for messages.
  • Implement a ‘STOP’ response feature that allows customers to text ‘STOP’ to halt SMS communications.
  • Regularly remind subscribers of the opt-out process by including ‘STOP’ instructions routinely in messages.

Discover the latest requirements of consent revocation now.

TCPA calling hours

  • Businesses should not text or call subscribers before 8:00 AM or after 9:00 PM. Be aware that some states have slightly different time allowances and restrictions. Also, be mindful of time zone differences in and across states.  
  • Avoid contacting customers outside these hours to prevent complaints and potential issues.

TCPA compliance checklist (SMS)

Under the TCPA case law and FCC interpretations, text messages are considered similar to phone calls. Current compliance best practice is to treat text messages in the same way or under the same scope of requirements as phone call outreach. To stay compliant and avoid costly legal penalties, businesses must follow all TCPA guidelines. A TCPA compliance checklist for texting will help you meet all requirements before sending SMS communications.

Here are the key steps to keep your marketing texting efforts TCPA-compliant:

  • Obtain prior express written consent – Before sending any marketing or promotional campaign texts, you must have clear, written consent from the recipient. 
  • Provide clear disclosures – Consumers should know what they are opting into, including messaging frequency, possible costs, and opt-out instructions at the point of consent.
  • Offer easy opt-out options – The law requires businesses to provide a simple and effective way for consumers to unsubscribe. The most common method is allowing users to reply with “STOP” to end communications. Opt-out requests must be honored promptly and must comply with the latest revocation requirements that were updated in April 2025.
  • Respect timing and frequency limits – Avoid excessive messaging and only send texts during TCPA-approved hours to respect consumer privacy.
  • Keep accurate records – Document consent, message logs, and opt-out requests to bolster compliance.

TCPA trends for 2025

TCPA compliance in 2025 has become increasingly more fragmented as new state-level consumer protection laws introduce variations that go beyond the federal TCPA. While federal rules remain the foundation, states like Florida, Oklahoma, Texas, and Maryland have passed their own mini-TCPA laws with stricter consent requirements, broader definitions of autodialers, and enhanced penalties. This trend is expected to continue, making it essential for businesses to monitor both federal and state-specific telemarketing and TCPA related laws to maintain full compliance.

At the same time, regulators and litigators are placing increased scrutiny on the evolution and implementation of how AI is covered under the TCPA. As more companies adopt artificial intelligence and automated systems for lead generation, dialing, and message personalization, the legal focus is shifting toward how these technologies impact consumer consent, disclosure, and compliance. 
Staying ahead on TCPA compliance trends means designing systems that are not only scalable and automated but also built to meet rising legal expectations around emerging technologies.

What happens if you violate TCPA regulations?

Your company could face up to a $1,500 fine per call or text message

Not all lawsuits are large class-action ones; individuals file smaller lawsuits as well. The ones who file the most lawsuits are known as “serial litigators.” They claim TCPA violations and usually settle out of court for amounts ranging from $10,000 to $250,000. 

What is the best way to comply with the TCPA?

Many marketers think obtaining consent is too complicated, so they follow ineffective strategies, such as mixing transactional-alert message campaigns with marketing campaigns, or avoiding the use of SMS technologies or pre-recorded messages; however, these methods waste a lot of time and money, plus, they open companies up to the risk of legal issues.

The best way to comply is to only reach out to opt-in leads who have given their consent to be contacted–and make sure you have documented that consent. 

Prior express written consent: Why do I need it?

The best proof of consent a business can have is prior express written consent. “Written” means language can be hardcopy or electronic. “Consent” is the acknowledgment of the language by an opt-in action from the consumer (i.e., checking a checkbox) near their contact info and/or the submit button on a web page form. Be careful with the use of pre-checked checkboxes on web forms as, depending on design, they may not always meet the opt-in or “express” consent action requirements. This is a written agreement, acknowledged by the consumer, to receive a phone call or text message from your company; this agreement includes a clear and obvious disclosure that permits your business to send marketing communications. Save a record of this consent to contact for a period of 2 to 5 years in case there is an inquiry or legal action.

Prior express written consent can also supersede the national DNC list, but scrubbing against it, as well as the RND (which reduces the risk of calling an old mobile number with a new owner), is still recommended. The biggest benefit? Contacting people who want to be contacted, which ultimately improves your conversion rates. 

What can you do to protect your business from TCPA consent litigation?

Some litigators hope you’re not going to have compliant, documented written consent, and if they bring a lawsuit and you may consider a settlement as a less expensive alternative. If you want to avoid paying hefty settlements or lawsuit expenses, you need to properly present and collect consent, document consent transactions, and be able to quickly access the documentation for proactive compliance or legal defense.

TrustedForm is a lead certification product that documents the consent for each individual webform lead or social lead ad. When our Web SDK (also known as a web script) is placed on a web form, ActiveProspect is able to independently document where and when consumers provided their information and consent to contact using a web form by capturing the events and providing an instant session replay showing the consumers’ exact actions.

With TrustedForm, you can verify, document, and archive the consent transaction for compliance with data regulations like TCPA; verify you are receiving authentic leads from interested consumers; and verify your brand is being properly represented on approved sites.

Our TrustedForm certificates provide unbiased third-party documentation of consent. This proof of consent can protect you in the event of litigation while giving you new confidence that your leads have actually asked you to contact them.

DISCLAIMER: This page and all related links are provided for general informational and educational purposes only and are not legal advice. ActiveProspect does not warrant or guarantee this information will provide you with legal protection or compliance. Please consult with your legal counsel for legal and compliance advice. You are responsible for using any ActiveProspect Services in a legally compliant manner pursuant to ActiveProspect’s Terms of Service. Any quotes contained herein belong to the person(s) quoted and do not necessarily represent the views and/or opinions of ActiveProspect.

Stay in the loop! Subscribe to the recAP email list to get our latest updates and insights.