TCPA Robocalls and Robotexts: Consent, Damages, and How to Stay Compliant

What the TCPA covers: robocalls, robotexts, and automated outreach

The U.S. Telephone Consumer Protection Act (TCPA) and the FCC’s implementing rules govern automated calling and texting to consumer phones. It restricts the use of autodialers (ATDS), artificial/prerecorded voice messages, and SMS/MMS texts, and it layers consent standards depending on the content (telemarketing vs. informational), the device (wireline vs. wireless), and the technology (autodialer, prerecorded voice, text). The TCPA allows private lawsuits with statutory damages that compound quickly, making it a high-risk statute for growth teams, call centers, and lead buyers.

Key building blocks

• Call vs. text: An SMS/MMS is a “call” under the TCPA; the same consent tiers apply.
• Autodialer (ATDS): Post-Supreme Court precedent has narrowed the definition to equipment that uses a random or sequential number generator to store or produce numbers and dial them. But, separate prohibitions for artificial/prerecorded voice still apply even if no ATDS is used.
• Telemarketing vs. informational: Messages with a commercial solicitation, upsell, or that encourage the purchase of goods/services are telemarketing; pure non-marketing messages (fraud alerts, appointment reminders) are informational.
• DNC overlay: The National and internal Do Not Call rules restrict live solicitation calls as well; these run alongside TCPA technology rules.

Consent standards you must meet before contacting consumers

Prior express written consent (PEWC)

Required for telemarketing robocalls/robotexts to cell phones and for telemarketing artificial/prerecorded voice to any number. PEWC must:

• Be a signed agreement (e-signature acceptable) that clearly authorizes your brand (and any specifically named sellers) to contact the consumer at a particular number using autodialed or prerecorded calls/texts;
• Disclose that consent is not a condition of purchase;
• Be unambiguous, maintained with timestamp, IP/UA, page capture, and language presented.

Prior express consent (PEC)

For informational automated calls/texts (e.g., shipping alerts) to cell phones, providing the number to the caller for that context typically suffices. Keep proof of capture and limit content to the transactional purpose the consumer expects.

Revocation and scope

• Consumers may revoke consent using any reasonable method (reply “STOP,” say “don’t call,” email support). You must honor immediately.
• Consent is message-specific: PEWC obtained for Brand A doesn’t automatically cover Brand B. Narrow “marketing partners” lists are disfavored; regulators expect seller-specific consent in lead generation.
• Numbers reassigned to new users pose risk. Use reassigned-number lookups and suppressors to reduce wrong-party exposure.

Damages math: why one bad list can become a class action

Statutory damages

• $500 per violating call/text (statutory), regardless of actual harm.
• Up to $1,500 per call/text for willful or knowing violations (treble damages).
• Exposure scales with campaign size and frequency; class actions often allege thousands or millions of contacts.

Vicarious and joint liability

Sellers can be liable for the acts of third-party marketers under agency principles when they authorize or benefit from the campaign. Contracts must require TCPA compliance, audit rights, data provenance, consent artifacts, and suppression syncing.

Common aggravators

• Using prechecked boxes or ambiguous “consent.”
• Blurry or hidden disclosures, or consent not visible on mobile.
• Failure to honor STOP or verbal opt-outs immediately.
• Relying on generic lead lists where the consumer never saw your brand.

Designing compliant texting and calling programs

Consent capture & storage

• Use brand-specific PEWC language near the CTA: “By clicking ‘Submit’, I agree to receive autodialed/prerecorded marketing calls and texts from [Brand] at the number provided… not a condition of purchase.”
• Store a consent packet: HTML of page, disclosure snippet, language/locale, timestamp, IP/UA, form-field hash, and a durable copy of the consent text.
• For lead generation, require publisher IDs, page screenshots, and prohibit generic “marketing partners” lists; allow only named sellers.

Opt-out and revocation handling

• Support STOP, STOPALL, END, CANCEL, UNSUBSCRIBE, QUIT keywords and natural-language replies; confirm the opt-out and suppress immediately.
• Propagate opt-outs to all vendors in near real time (webhooks, S3 feed, API) and dedupe across brands under common control.
• Maintain an internal DNC that suppresses future marketing outreach across channels.

Frequency, content, and quiet hours

• Respect quiet hours consistent with TSR/DNC expectations (e.g., 8 a.m.–9 p.m. local) for marketing texts/calls.
• Set frequency caps and include program name + HELP/STOP in recurring programs.
• Keep informational content free of upsells to avoid drifting into telemarketing without PEWC.

Technology & data hygiene

• Tag all contact attempts with the consent ID used; reject sends without a valid consent pointer.
• Use carrier vetting for A2P 10DLC texting (brand/campaign registration) and align templates with disclosed purposes.
• Run reassigned number checks and port-to-wireline logic to reduce wrong-party calls.

Litigation defenses and program hardening

Good-faith and reasonableness

• Show robust consent artifacts, reassigned-number checks, and a working opt-out pipeline.
• Demonstrate audits, publisher monitoring, and prompt remediation when problems surface.
• Use arbitration/class-action waiver where enforceable and appropriate; ensure presentation is clear and mutual.

Vendor & affiliate controls

• Contractually require seller-specific consent, prohibit sub-affiliates without approval, and mandate daily suppression sync.
• Terminate and claw back payments for non-compliant traffic; retain the right to audit consent logs and landing pages.

State “mini-TCPA” overlays

Several states add stricter rules (e.g., calling windows, “autodialer” definitions, private rights of action). If you contact residents in those states, build state profiles that tighten your national baseline.

Compliance blueprint you can ship this month

1. Publish a Consent Policy with PEWC/PEC templates; require brand-specific consent.
2. Implement a consent ledger (immutable store) keyed by phone number and brand; attach ledger IDs to every send.
3. Register A2P 10DLC brand/campaigns; align templates and quiet hours with your policy.
4. Build STOP everywhere with instant suppression; send confirmation + HELP instructions.
5. Adopt reassigned-number API checks and monthly list revalidation.
6. Audit lead vendors; require page screenshots, publisher IDs, and consent text hashes for each lead.
7. Stand up metrics: opt-out rate, wrong-party rate, complaint/100k, and % sends with valid consent ID.

Conclusion

The TCPA rewards programs that put consumer control first: obtain the right consent for the right message, store proof, honor STOP instantly, and keep your technology aligned with those promises. Because statutory damages stack per contact, prevention is your best defense. Treat consent as a data asset, not a checkbox; make revocation easy; and continuously audit vendors, templates, and lists. Do that, and automated outreach becomes both effective and defensible.

Quick Guide — TCPA Robocalls & Robotexts: Consent and Damages

• Classify message: telemarketing vs. informational; voice vs. text; wireless vs. wireline.
• Consent tier: telemarketing to mobile or prerecorded voice marketing → prior express written consent (PEWC); informational automation → prior express consent (PEC).
• Capture proof: store page screenshot, consent text, timestamp, IP/UA, number provided, and e-signature trace.
• Respect revocation: honor STOP/opt-out through any reasonable method immediately; sync to all vendors.
• Wrong-party risk: use reassigned-number lookups; validate lists regularly.
• Quiet hours & frequency: align with 8 a.m.–9 p.m. local expectations; cap messages; include HELP/STOP in recurring programs.
• DNC overlay: live solicitation calls must follow National/Internal Do Not Call rules alongside TCPA.
• Vendor controls: require seller-specific consent, provenance packets, and daily suppression feeds.
• Damages: $500 per call/text; up to $1,500 if willful/knowing; class actions scale quickly.
• Recordkeeping: consent ledger IDs attached to every send; logs of opt-outs, reminders, and reassigned checks.

FAQ

What is considered a “call” under the TCPA?

SMS/MMS texts and voice calls are both “calls.” Automated texts therefore require the same consent tier as automated calls.

When do I need prior express written consent?

For telemarketing robocalls/robotexts to cell phones and any telemarketing using an artificial or prerecorded voice (wireless or wireline).

What qualifies as written consent?

A signed agreement (e-signature allowed) that clearly authorizes your brand to use autodialed/prerecorded calls/texts to a specific number and states that consent is not a condition of purchase.

What about informational alerts like fraud or delivery notices?

They generally need prior express consent (PEC). Keep content strictly transactional and tied to the purpose the consumer expects.

How can consumers revoke consent?

By any reasonable means—replying STOP, telling an agent, emailing support. You must honor revocation immediately and suppress future outreach.

Does consent transfer between brands or affiliates?

No. Consent is seller-specific unless the consumer expressly names additional sellers. Generic “marketing partners” lists are risky.

How big is the damages exposure?

$500 per violating call/text; up to $1,500 if willful/knowing. Large campaigns can create eight- or nine-figure exposure in class actions.

Are peer-to-peer or manually dialed texts exempt?

Manual systems may avoid the autodialer definition, but prerecorded voice rules still apply, and some state “mini-TCPA” laws are broader.

How do reassigned numbers affect liability?

Consent belongs to the current subscriber/user of the number. Use reassigned-number databases and stop on first wrong-party signal.

Do I need to register for A2P 10DLC?

For most U.S. application-to-person texting, yes—register brand and campaigns, align templates with your disclosed purposes, and support HELP/STOP.

How do DNC rules interact with the TCPA?

The DNC limits live solicitation calls; TCPA governs automation and prerecorded voice. Many programs must comply with both simultaneously.

Legal Groundwork & Key Sources

• Telephone Consumer Protection Act (TCPA): federal statute regulating autodialed/prerecorded calls and texts; private right of action with statutory damages.
• FCC implementing rules & orders: define consent tiers, revocation, reassigned-number issues, and A2P texting expectations.
• Autodialer (ATDS) case law: Supreme Court precedent narrowed ATDS to systems using a random or sequential number generator; prerecorded-voice prohibitions remain independent.
• Do Not Call regime: National and internal lists for live sales calls operate alongside TCPA technology rules.
• State “mini-TCPA” laws: states may impose stricter definitions, windows, or remedies; build state profiles for targeting and suppression.
• Card/network & carrier policies: A2P 10DLC registration, template vetting, and required HELP/STOP and consent language for throughput and trust.

Final Considerations

Build texting and calling around clear consent, easy revocation, and verifiable records. Keep marketing and informational programs separate, tag every outbound event to a valid consent ID, and audit vendors for provenance and suppression syncing. Because damages stack per contact, prevention and documentation are your best defense.

Important Notice

This material is for general information and does not replace professional legal advice. TCPA/FCC and state rules evolve and vary by jurisdiction. Have qualified counsel review your consent text, vendor contracts, templates, and opt-out mechanisms before launch and during periodic audits.