TCPA rules: What is changing and how to adapt to the new regulations

The TCPA (Telephone Consumer Protection Act) regulations are constantly evolving to keep up with the ever-changing paradigms of online marketing and online consumer habits. As a marketer, it’s important for you to stay up-to-date and alert, because you need to know how these changes are going to impact your business, for better or for worse.

We’ve had the pleasure of chatting with Eric J. Troutman of the Troutman Amin Firm and TCPAWorld.com, one of the best-known lawyers in the U.S. telecom legal space, and in this article, we will go over the new TCPA rules and regulations to see what’s changing and how to be prepared for it.

TCPA rules: A general overview

If you’re not familiar with the TCPA, here is a high-level definition to help you understand what it is. In Eric Troutman’s own words: “The TCPA is part of the federal response to the robocall epidemic. It’s the statute that prevents the use of certain regulated technology to make calls to cell phones and landlines without certain levels of consent – that are use-case specific – and prevents unsolicited marketing calls to phone numbers that are residential lines on the national DNC (Do Not Call) list.”

Violating the TCPA can result in a penalty ranging from $500 to $1,500 per violation. The TCPA includes a four-year statute of limitations, meaning that every call that is made by a company can be used to initiate legal proceedings up to four years after it was made. Also, class actions are enabled, which means that one call could result in a class involving millions of different consumers who received similar calls. And millions of consumers involved equal millions of dollars in fines.

To learn more about the TCPA and why it’s so important (for everyone, but especially for lead vendors) to comply with it, read this article: Why obtaining TrustedForm certificates is vital to keep your lead-selling business running smoothly.

New TCPA rules in 2024

The FCC’s 2024 TCPA updates bring significant changes to consent and compliance for businesses engaging in telemarketing or SMS outreach. These rules are aimed at strengthening consumer protection and impact how businesses handle consent revocations. 

Key changes include:

  • Closing the lead generator loophole: The FCC’s updated TCPA one-to-one consent rule, effective January 27, 2025, requires businesses to secure prior express written consent from consumers before using robocalls or texts for marketing, specifying each advertiser individually. Updated key compliance requirements include documenting individual consent, clear disclosure of communication nature, logical relevance to initial consumer interaction, and maintaining records for at least five years.
  • Flexible opt-outs: Effective April 11, 2025, consumers can revoke consent in “any reasonable manner,” meaning businesses must be prepared to recognize and process a variety of opt-out messages beyond standard keywords like “STOP.”
  • 10-day compliance window: Businesses are required to honor do-not-call (DNC) and consent revocation requests within 10 business days, ensuring faster removal from contact lists.
  • Confirmation of opt-outs: Companies are allowed a one-time confirmation SMS to clarify an opt-out, provided it is sent within five minutes of the request and contains no promotional content.

These changes underscore the importance of a consumer-centric approach in telemarketing and SMS outreach, with robust systems to manage consent efficiently.

Best practices for 2025

As we approach 2025, significant changes are coming to the lead generation industry with the FCC’s updated Telephone Consumer Protection Act (TCPA) regulations. The new rules place a heavier emphasis on consent management, consumer privacy, and timely responses to opt-out requests. To stay compliant and maintain consumer trust, businesses need to align their strategies with these new regulations, which begin to take effect in early 2025. Here are some best practices that companies can implement to prepare effectively for these updates.

1. Collect and document one-to-one consent

With the FCC’s closing of the lead generator loophole, businesses must now obtain explicit, written consent from consumers before engaging in any form of robocalling or automated texting. Each advertiser must be specified individually, which means blanket permissions won’t be enough. Here’s how to prepare:

  • Update consent forms: Verify that consent forms or digital agreements clearly list each individual advertiser, so consumers know exactly who will contact them.
  • Document consent thoroughly: Implement systems such as TrustedForm that log and store detailed records of each consent, including timestamps, the nature of communication consented to, and relevant consumer interactions. This documentation must be accessible and securely stored for at least five years to meet regulatory requirements.
  • Enhance transparency: Clearly disclose the purpose and frequency of communications at the point of consent, reinforcing trust and setting accurate expectations for consumers.

2. Create flexible opt-out systems

As of April 11, 2025, consumers can revoke their consent in any reasonable manner, not just by texting standard keywords like “STOP.” This means businesses will need to be agile and responsive in recognizing and processing various opt-out messages, whether through text, email, or even social media. Key preparations include:

  • Diversify opt-out channels: Enable consumers to opt out through multiple methods, including SMS, email, or chat, and ensure that staff is trained to recognize these requests.
  • Automate non-standard responses: Implement AI-driven customer service tools that can detect different expressions of consent revocation (e.g., “I don’t want to receive messages” or “please stop contacting me”) and automatically process them as valid opt-out requests.
  • Test and refine opt-out processes: Regularly audit and test opt-out mechanisms to confirm they are functioning across all platforms and message types.

3. Adopt a 10-day compliance window for opt-outs and Do-Not-Call requests

The FCC now requires businesses to honor DNC and opt-out requests within 10 business days, significantly speeding up the time allowed for compliance. Failing to meet this window could result in regulatory penalties, so establishing a prompt and reliable process is essential:

  • Automate list management: Use software that automatically updates contact lists to exclude numbers as soon as an opt-out or DNC request is received.
  • Set alerts and reminders: For manually handled requests, be sure to provide teams have reminders and alerts to remove numbers from contact lists within the 10-day window.
  • Maintain a centralized DNC database: Keep all DNC requests in a centralized, secure system to prevent any oversights and streamline audits.

4. Utilize one-time opt-out confirmations effectively

The new rules permit businesses to send a one-time confirmation SMS to acknowledge an opt-out request. This message must be sent within five minutes of the opt-out and must contain no promotional material. Done right, this confirmation can reassure customers that their preferences have been respected:

  • Standardize confirmation messages: Pre-write compliant, non-promotional templates for opt-out confirmation messages, ensuring they are concise and purely informational.
  • Automate timing controls: Maintain that confirmation messages are sent within the five-minute window through automation software, avoiding delays that could lead to non-compliance.
  • Educate staff on limitations: Train employees handling these messages to avoid any additional content beyond the basic confirmation, thus reducing the risk of accidental non-compliance.

By proactively adopting these best practices, businesses can not only remain compliant but also build stronger consumer relationships through transparent communication, timely opt-out processing, and respect for consumer preferences. Preparing ahead of these deadlines will ensure a smoother transition and set a high standard for consumer experience in 2025 and beyond.

TCPA rules: What changes in the regulations

Considering his great knowledge of the matter and hands-on experience, we asked Eric J. Troutman to share with us the newest trends regarding the TCPA rules and regulations.

New limitations for non-marketing calls to landlines

There is a new limitation that is being put into place with regard to non-marketing pre-recorded calls made to a landline.

Prior to December 2020, these calls were all categorically exempt from the TCPA, while following December 2020, the FCC issued a ruling that only three such calls can be made per month without consent, and this rule became effective July 20, 2023.

Under this new TCPA rule, in order to be exempt from the TCPA’s consent requirements, callers would be limited to three prerecorded non-commercial, non-telemarketing, or non-profit calls per 30 days, or three calls per week (one per day) for healthcare-related calls, and would need to include an opportunity to opt out of prerecorded calls as part of the message.

The definition of ATDS is narrowing down

Following the 2021 Facebook v. Duguid ruling, the FCC is ruling that avatar technology constitutes a pre-recorded call, thus narrowing down the definition of Automatic Telephone Dialing System (ATDS).

As reported by Eric J. Troutman, the TCPA defines an ATDS as a system that uses a random or sequential number generator to either store or produce telephone numbers to dial. This includes randomly dialing, dialing from a list of numbers that are being selected using a randomizer, and dialing from a list of numbers where the sequence is being determined by a randomizer.

However, despite this new paradigm, courts continue to struggle with the definition of ATDS. Currently, there is a split of authority between:

  • The prevailing majority view, according to which you have to be randomly creating phone numbers to consider your system an ATDS;
  • And the minority view, where even systems that have the capacity to dial automatically from a list using a randomizer can still be considered an ATDS.

TCPA state rules are proliferating

Every state in the US already has some form of anti-telemarketing rules in place. However, most were watered down and ignored.

Following the Facebook ruling, things started to change. Florida was the first state to amend its current telemarketing statute, making it a very powerful one (referred to as the “Mini-TCPA”), which prevents calls using an autodialer, to both cellphones and landlines. The definition of “autodialer” in Florida, however, is extremely broad, covering any system that either randomly dials or selects a number to be dialed, which basically could include any workflow tool, making Florida a very tricky state to make telemarketing calls in.

Here are a few examples to show how some states are individually approaching TCPA rules and regulations:

  • Oklahoma adopted the Florida Telephone Solicitation Act (FTSA) and made its own Telephone Solicitation Act (OTSA).
  • The state of New York adopted a different set of statutes that look at the content of a call and require marketers to provide consumers an opt-out opportunity within three seconds from the beginning of the call, regardless of whether or not they have consent.
  • Michigan has a bill that’s being considered (but hasn’t passed yet) that is a completely different paradigm of protection. The proposed bill – in addition to similar limitations on outbound calls and the creation of its own DNC list – provides limitations to calls made to the elderly and vulnerable communities.
  • In Washington and California states, additional restrictions prevent marketers from sending unsolicited text messages, regardless of the technology used to send the messages.
  • Maryland just proposed a new bill that would adopt a Florida-style prohibition on autodialer usage.
  • Virginia has an enhanced DNC provision.

The above shows you a glimpse of how much is going on at the state level, where every state has its own set of “TCPA” rules that are becoming more and more restrictive and likely to be enforced in lawsuits.

Now, let’s deep dive into the TCPA rules that are in place for each marketing medium.

TCPA rules for pre-recorded calls

Pre-recorded calls or artificial voice calls or robocalls are the most highly regulated by the TCPA. At the federal level, marketers cannot make a pre-recorded call or send an artificial voice message to any call phone without express written consent for marketing purposes, and regular express consent for informational purposes.

Moreover, they cannot make pre-recorded calls or send artificial voice messages to landlines for marketing purposes without express written consent, but they can make unlimited pre-recorded calls for informational purposes with regular express consent. Or, as we’ve explained before, they can make up to three non-telemarketing calls via pre-recorded voice calls to a landline per month. After that, they need to have express written consent.

But what is the difference between express written consent and regular express consent? Also, what is the difference between a telemarketing and an informational call? Let’s deep dive into that.

Express written consent vs. regular express consent

As explained by Eric J. Troutman, express written consent is defined by the FCC and needs to comply with nine requirements in the disclosure. It’s a written agreement between the caller and the receiver of the call that clearly authorizes the caller to deliver “advertisements or telemarketing messages using an automatic telephone dialing system (ATDS) or an artificial pre-recorded voice.”

This type of consent must be conspicuously disclosed and separately signed. Here is an example of how express written consent should look.

Source: TCPAWorld.com

On the other hand, regular express consent is not as specifically regulated or defined, and it usually consists of a fine print inside the terms of conditions. Regular express consent can also be presumed.

For example, if you give your phone number to your bank, your bank has presumed express consent that it can contact you for informational purposes consistent with the reason you provided the number. For instance, they’re allowed to send you automated text messages about your bank account if you provide your phone number.

Telemarketing vs informational calls

The definition of telemarketing or telephone solicitation is “introducing a good or a service to the consumer for sale or for rent.” So, technically, everything else may be considered an informational call.

However, there are many instances where the dividing line between the two is not so clear. The classic example of a the mortgage company calling to communicate that rates have dropped. On a surface level, it sounds informational, but the core purpose of the call is to get the consumer to call back to schedule a refinancing. So, is it really informational?

What appears to be informational calls can be considered telemarketing calls, depending on the intent with which they are made.

TCPA autodialer and manual calls rules

If you are dialing using an ATDS, then you have to have express written consent for telemarketing calls, and regular express consent for informational calls.

If you are calling without an ATDS, at the federal level, you do not need any type of consent for informational calls that are made manually, but you still need to have express written consent for a manual marketing call to a number on the national DNC list.

If the phone number is not on the national DNC list, then you are free to call that number – as long as you’re not using an ATDS – even for marketing purposes.

TCPA text message rules

TCPA texting rules are generally the same as those that apply to calls and voice channels. At a federal level, text messages are treated as calls for regulated technology purposes so, if you are using an ATDS, then you have to have express written consent to send marketing texts, and regular express consent to send informational texts.

If you are not using an ATDS and are sending a text manually, you do not need prior express written consent but you must ensure the number is not on the national DNC list. If the number is on the national DNC list and you’re sending a text for marketing purposes, then you probably need to have prior express written consent. 

And we say “probably” because, as Eric J. Troutman explains, the FCC just issued a new NPRM that suggests that text messages shouldn’t be subject to DNC protection. However, this is still an open issue.

TCPA email rules

Email marketing is still pretty wide open. The CAN-SPAM Act, a law that sets the rules for commercial email, is not very well enforced. However, the most important thing when it comes to TCPA email rules is to be honest.

For instance, you can’t say the email is coming from ActiveProspect if it’s in fact coming from The Troutman Amin Firm. So, as long as you’re honest in your email campaign, and you’re not hiding who it’s really coming from, the only thing you’re required to have is an “unsubscribe” button at the bottom of your emails.

Essentially, at a federal level, you are always free to send emails, even without consent, as long as you enable an opt-out, making emails the safest way to run marketing campaigns.

At a state level, however, there are laws that apply to emails that are more robust. California, for instance, has its own law that aggressively punishes lying and cheating in the content of an email.

Implement a solution that allows you to comply with the TCPA rules

Proving consent to contact was obtained can be a tricky matter, without the right solution in place. Whether you’re generating leads (for your own use or to sell) or purchasing them from third parties, TrustedForm offers a safe way to provide unbiased documentation of consent, allowing you to mitigate the risk of incurring TCPA litigation.

Issue TrustedForm certificates for every lead you generate

If you’re selling leads, TrustedForm Certify allows you to document exactly when and where consent was obtained, providing evidence for each lead you generate quickly and reliably.

You can capture every lead event by simply adding a javascript snippet to your web forms. These lead events, such as mouse movements, clicks, and key presses, are captured and stored.

Watch this short video to see how easy it is to implement TrustedForm Certify. The Web SDK is available to everyone for free by simply signing up for an ActiveProspect account.

Retain the certificates so you can access them when you need it

If you generate leads for your own use, TrustedForm Retain helps you comply with TCPA rules by retaining proof of consent for every domain you verify with ActiveProspect.

Implementing Retain is extremely easy. All you have to do is:

Verify that you have 1:1 consent

With the January 27 deadline right around the corner, verifying that each lead has given explicit, one-to-one consent to be contacted is essential for compliance with TCPA standards, especially in a landscape where privacy regulations are increasingly enforced. TrustedForm Verify’s 1:1 Consent Check feature is designed to streamline this process, providing an effective solution for both lead buyers and sellers.

With the 1:1 Consent Check, lead buyers can confidently purchase leads, knowing they have documented proof that each lead provided individual consent. This feature is invaluable for minimizing the risk of compliance issues and safeguarding against costly disputes. For lead sellers, the 1:1 Consent Check enhances the value of leads by certifying that each has met strict consent requirements, which can increase demand and allow for premium pricing.

Using the TrustedForm Verify 1:1 Consent Check can significantly reduce compliance risks, providing peace of mind and compliance assurance in the new era of lead generation.

Final thoughts

The TCPA rules are constantly evolving, forcing marketers to find new ways to keep their businesses going, while maintaining TCPA compliance. Thanks to Eric J. Troutman of the Troutman Amin Firm and TCPAWorld.com – who is always ready to share his knowledge and the latest TCPA news – and ActiveProspect – which provides the best solution for consent-based marketingadapting to the new TCPA rules and regulations becomes a little easier.

Gain protection to mitigate the risk of TCPA litigation. Get started with TrustedForm for free now!

Tagged:

,

Written by Marialuisa Aldeghi

Marialuisa brings a wealth of expertise to the table as an accomplished content writer and strategist with years of experience in the B2B digital marketing landscape.

Stay in the loop! Subscribe to the recAP email list to get our latest updates and insights.

* By providing your information you agree to receive marketing communications and content from ActiveProspect. To unsubscribe click the link in email messages. Privacy Policy

You're All Set!