Who enforces the TCPA? A beginner’s guide for businesses
If your business is starting to think seriously about TCPA compliance, you’re already ahead of the curve.
The Telephone Consumer Protection Act (TCPA) is one of the most important consumer protection laws in the United States, governing how businesses communicate with consumers through phone calls, text messages, and fax transmissions. Understanding who enforces TCPA rules and how to avoid violations is essential to safeguarding your business from costly fines, reputational damage, and potential lawsuits.
In this post, we’ll explore what the TCPA is, who enforces it, and how tools like TrustedForm can help you stay compliant.
What is the TCPA?
The Telephone Consumer Protection Act (TCPA) was enacted by the U.S. Congress in 1991 to protect consumers from unwanted marketing communications. The law places restrictions on unsolicited telemarketing calls using automatic telephone dialing systems (ATDS), prerecorded voice messages, SMS text messages, and unsolicited faxes.
Key requirements under the TCPA include:
- Obtaining prior express written consent before sending marketing messages using an ATDS for phone calls or SMS messages.
- Allowing recipients an easy opt-out mechanism from calls, faxes, and text messages.
- Honoring Do Not Call (DNC) and Do Not Contact requests.
- Avoiding calls or texts to reassigned or invalid phone numbers.
- Complying with federal and state calling hours and recordkeeping mandates.
Violations of the TCPA can result in fines ranging from $500 to $1,500 per call or message, which can quickly add up, especially in class-action lawsuits.
Who enforces TCPA rules?
FCC TCPA enforcement
When asking “Who enforces TCPA?” or “What US agency enforces TCPA?”, the answer is primarily the Federal Communications Commission (FCC). The FCC is the main federal agency responsible for interpreting and enforcing the TCPA.
FCC TCPA enforcement includes:
- Issuing declaratory rulings to clarify aspects of the law.
- Investigating complaints from consumers.
- Releasing guidance on compliance requirements.
- Issuing fines or settlements for violations.
However, it’s important to understand that the FCC has a relatively small enforcement budget and limited resources to cover the entire country. To bolster enforcement, the law includes a unique mechanism known as the “private right of action.”
This means that individuals can sue businesses directly for potential TCPA violations. This has contributed to a surge in lawsuits, settlement demands, and class-action lawsuits, particularly targeting product or service companies that regularly make phone calls or send text messages using ATDS technology in the normal course of business.
In effect, private citizens and attorneys help act as additional enforcers of the TCPA requirements, creating a larger observer population that can take legal actions with lawsuits for potential non-compliance.
FTC TCPA enforcement
The Federal Trade Commission (FTC) does not directly enforce the TCPA itself. However, it can become involved when a company’s actions fall under the category of Unfair or Deceptive Trade Practices (UDTP), which are prohibited by the FTC Act.
For example, if a business misleads consumers into providing consent for marketing communications or obscures its identity, the FTC can step in under its broader consumer protection mandate. While the FTC is not the TCPA enforcer per se, its involvement can overlap when a business’s conduct is particularly egregious or deceptive.
FCC vs FTC TCPA enforcement
| Category | FCC | FTC |
| Primary role | TCPA rulemaking, telecom-focused oversight, robocall policy and enforcement | Consumer protection enforcement, telemarketing oversight (often via TSR and UDAP authority) |
| What they typically target | Autodialed/prerecorded calls, texts, consent standards, opt-out mechanisms, spoofing/robocall infrastructure, carrier and provider compliance | Deceptive or abusive telemarketing practices, Do Not Call violations, misleading marketing claims, unfair practices tied to outreach |
| Enforcement tools | Forfeiture penalties, citations, orders, settlements/consent decrees, coordination with carriers and industry traceback | Civil enforcement actions, injunctions, restitution/disgorgement (where applicable), settlements/consent orders |
| Operational areas you feel first | Consent capture/records, opt-out handling, calling/texting processes, vendor routing, carrier-level blocking risk | Marketing claims and scripts, DNC compliance, lead sourcing practices, consumer deception/unfairness exposure |
| Where the risk shows up | Carrier blocks, campaign disruption, fines, “rules of the road” shifting via orders/rulemakings | Lawsuits and investigations focused on deceptive practices and telemarketing conduct |
| How it affects compliance strategy | Build defensible consent + revocation workflows; monitor FCC rules and provider requirements | Ensure marketing claims are accurate; tighten DNC and telemarketing practices; reduce “unfair/deceptive” risk in outreach |
In summary:
- FCC TCPA enforcement: Direct oversight and regulatory authority.
- FTC TCPA enforcement: Indirect involvement when violations intersect with deceptive trade practices.
Explore this guide for an in-depth comparison between FTC and FCC.
What makes TCPA enforcement unique?
What sets the TCPA apart from many other federal regulations is its hybrid enforcement model:
- Government enforcement by the FCC.
- Civil enforcement by private individuals.
This model is particularly cost-effective for the government, as it allows individuals to take legal action, reducing the need for widespread FCC intervention. However, it also means businesses must be extra vigilant. One misstep can lead to dozens, hundreds, or even thousands of lawsuits.
Another consideration is stackable damages. In some cases, TCPA fines can be combined with state-specific telemarketing and privacy laws, increasing the financial risk for non-compliant businesses.
TCPA enforcement news
2025 was another accelerated year for TCPA risk, and not because of one single rule change. The big story was a mix of (1) a litigation spike driven by uncertainty, (2) courts getting more freedom to disagree on what the TCPA means, (3) the FCC pressing harder on robocall infrastructure enforcement, and (4) states ramping up “mini-TCPA” laws that can be stricter than the federal baseline.
Two developments shaped most of the headlines: the Supreme Court’s McLaughlin v. McKesson decision (June 2025), which weakened reliance on FCC interpretations in civil TCPA cases, and the FCC’s April 11, 2025, consent revocation rules that formalized “any reasonable method” (including common opt-out keywords like STOP).
Add in continued scrutiny of AI-generated voices (treated as “artificial/prerecorded”) and aggressive state-level expansions, and 2025 became the year businesses stopped treating TCPA compliance as “set it and forget it” and started treating it like an evolving program that needs evidence, governance, and vendor control.
How TrustedForm helps you avoid TCPA violations
Given the complexity of TCPA enforcement, many businesses are turning to compliance technology to reduce their risk. One of the most effective tools available is TrustedForm by ActiveProspect.
Here’s how TrustedForm helps:
Independent proof of consent
TrustedForm provides a time-stamped, session-replay certificate that documents exactly when the lead transaction consent to contact occurs. This includes:
- The language they saw.
- The form they filled out.
- Their IP address and session replay.
This level of documentation is critical when defending against TCPA lawsuits. If someone claims they didn’t consent to be contacted, you have a more detailed record of the consent transaction to help in your TCPA claims defence.
Real-time lead filtering
TrustedForm works with lead routing systems like LeadConduit to filter out leads in real time that may not meet your TCPA consent to contact requirements. This ensures that your CRM and marketing platforms only receive compliant, high-quality leads.
Vendor accountability
If you buy leads from third parties, TrustedForm can help provide more transparency, visibility, and accountability in the supply chain when requiring vendors to run TrustedForm on their lead generation webforms or social media lead ads. This closes a major compliance visibility gap and helps you build a more transparent and defensible lead acquisition program.
Peace of mind
Even the best-intentioned businesses make mistakes. TrustedForm reduces the likelihood of a violation and provides the kind of documentation that courts and regulators respect.
Final thoughts
TCPA compliance isn’t just about avoiding fines; it’s about protecting your brand and your bottom line. While the FCC is the primary TCPA enforcer, the FTC can get involved when deceptive practices are at play. Add to that the private right of action, and it’s clear that businesses must take TCPA seriously.
Whether you’re generating your own leads or buying them, using tools like TrustedForm can provide the verification and documentation you need to stay on the right side of the law.
In a landscape where regulatory oversight is tight, but enforcement mechanisms are diverse, being proactive is your best defence. Don’t wait for a complaint to find out if you’re compliant. Protect your business, build trust with your audience, and turn compliance into a competitive advantage.
