Compliance

TCPA (Telephone Consumer Protection Act)

The Telephone Consumer Protection Act (TCPA) is a US federal law that restricts how businesses can call, text, or auto-dial consumers — requiring prior express consent for most outbound contact.

What Is TCPA?

The Telephone Consumer Protection Act (TCPA) is a US federal law passed in 1991 that regulates telemarketing calls, autodialed calls, prerecorded messages, and unsolicited text messages to consumers. It is enforced by the Federal Communications Commission (FCC) and gives consumers a private right of action — meaning they can sue businesses directly for violations.

For contact centers and BPOs serving US customers, TCPA is the single most expensive compliance regime to violate. Statutory damages range from $500 per violation to $1,500 per willful violation, and class-action lawsuits regularly result in settlements in the tens or hundreds of millions of dollars.

Core TCPA Rules

The TCPA imposes strict requirements on outbound communications:

  1. Prior Express Written Consent for calls to mobile phones using an autodialer or prerecorded voice
  2. Do Not Call (DNC) Registry compliance — cannot call numbers on the National DNC list without prior consent or established business relationship
  3. Call time restrictions — no calls before 8 AM or after 9 PM in the recipient's local time zone
  4. Identification requirement — caller must clearly identify themselves and the business
  5. Opt-out mechanism — consumers must be able to opt out via the same channel they were contacted on
  6. Internal DNC list maintenance — businesses must maintain their own DNC list and honor opt-outs for 5 years

Common TCPA Violations in Contact Centers

The most common ways contact centers run afoul of TCPA:

  • Calling cell phones with an autodialer without prior express written consent
  • Continuing to call after a consumer has opted out (verbal "stop calling me" counts)
  • Calling outside permitted hours based on the caller's local time zone
  • Failing to scrub against the National DNC Registry before campaigns
  • Using prerecorded messages without proper consent
  • Improper consent recording — consent that doesn't meet "prior express written" standard

Each of these is a violation per call, per consumer. A single non-compliant campaign that contacts 10,000 numbers can generate $5M-$15M in statutory exposure.

TCPA Penalties

| Violation Type | Penalty per call | |---|---| | Negligent violation | $500 | | Willful or knowing violation | Up to $1,500 | | FCC enforcement action | Up to $50,752 per violation (as of 2024) | | Class-action settlements | Often $5M-$100M+ |

Notable settlements: Capital One paid $75.5M in 2014, Bank of America paid $32M in 2013, Caribbean Cruise Line paid $76M in 2020.

How AI QA Catches TCPA Violations

Manual QA samples 2-5% of calls — meaning 95% of TCPA violations go undetected until a consumer complains or sues. AI-powered QA scores 100% of calls automatically and can flag every TCPA risk in real time:

  • Consent verification: Did the agent confirm prior express written consent before continuing?
  • DNC violations: Was the call placed despite a previous opt-out?
  • Time-zone violations: Did the call go out before 8 AM or after 9 PM in the consumer's location?
  • Caller identification: Did the agent identify themselves and the business name?
  • Opt-out handling: Did the agent honor a stop request immediately, or continue the script?

Gistly automatically flags every call where a TCPA-relevant pattern occurs, with timestamped audio segments for compliance review. BPOs that move from sampling to 100% AI auditing typically reduce TCPA exposure by 90%+ within 60 days.

TCPA vs DPDP vs GDPR

| Dimension | TCPA (US) | DPDP (India) | GDPR (EU) | |---|---|---|---| | Year enacted | 1991 | 2023 | 2018 | | Scope | Calls, texts, autodialers | All personal data | All personal data | | Consent requirement | Prior express written | Free, specific, informed | Freely given, specific | | Penalty per violation | $500 - $1,500 | Up to ₹250 crore | Up to 4% of global revenue | | Private right of action | Yes | Yes | Yes |

A US contact center serving Indian customers is subject to both TCPA and DPDP simultaneously. Multinational BPOs often build their compliance program around the strictest regime they touch.

Frequently Asked Questions

Does TCPA apply to manually dialed calls?

Manually dialed calls without prerecorded messages have less restrictive rules — but they still must comply with DNC registry, calling hours, identification, and opt-out requirements. The autodialer + prerecorded message restrictions are the most stringent.

What counts as "prior express written consent"?

A consumer's signature (electronic or physical) on a written agreement that clearly authorizes the caller to deliver advertisements or telemarketing using an autodialer or prerecorded voice to the specific phone number provided. Unclear or pre-checked consent boxes do NOT meet the standard.

Can a customer revoke TCPA consent verbally?

Yes. Courts have ruled that consumers can revoke consent through any reasonable means, including verbally during a call. Contact centers must capture and honor these revocations immediately.

Does TCPA apply to B2B calls?

TCPA's autodialer + prerecorded message rules apply to all calls to mobile phones, including business numbers if the business is a person (e.g., a sole proprietor's cell phone). Pure office landlines have weaker restrictions but still must comply with DNC for telemarketing.

Last updated: May 2026

Browse the full glossary

Every term we use across QA, compliance, and contact center operations — defined in one place.

View all glossary terms →
Gistly — AI-powered conversation intelligence platform
Gistly
Subscribe to newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Pages
HomeAboutBlogGlossary
Use cases
SalesSupportCollections
Features
Conversation IntelligenceKnowledge BasesAI agents