TCPA Compliance Guide for 2026: What Call Marketers Need to Know

The Telephone Consumer Protection Act (TCPA) is the single most important regulation governing phone-based marketing in the United States. Originally enacted in 1991, the TCPA has evolved significantly through FCC rulings, court decisions, and enforcement actions. For performance marketers, call centers, and businesses that rely on phone calls for customer acquisition, understanding and complying with the TCPA is not optional. It is a legal requirement with serious financial consequences for violations.

This guide covers the current state of TCPA compliance as of 2026, including recent regulatory changes, practical compliance strategies, and how technology can help you stay on the right side of the law.

What Is the TCPA?

The Telephone Consumer Protection Act restricts telemarketing calls, autodialed calls, prerecorded messages, text messages, and unsolicited faxes. It was designed to protect consumers from unwanted commercial communications. The Federal Communications Commission (FCC) is responsible for implementing and enforcing TCPA rules, while private citizens can file lawsuits for violations.

Why TCPA Matters for Call Marketers

TCPA violations carry statutory damages of $500 per violation, which increases to $1,500 per violation for willful violations. In class action lawsuits, these amounts multiply quickly. Major TCPA settlements have reached tens of millions of dollars. Beyond financial penalties, TCPA violations can result in reputational damage, loss of carrier relationships, and regulatory scrutiny that disrupts business operations.

For pay-per-call networks, performance marketers, and businesses that generate or purchase inbound phone calls, TCPA compliance is a foundational business requirement.

Key TCPA Rules for 2026

One-to-One Consent Requirement

One of the most significant recent changes to TCPA regulation is the FCC's one-to-one consent rule, which took effect in January 2025. This rule requires that consumers provide explicit prior express written consent to receive calls or texts from a specific identified seller. Consent obtained through lead generation forms can no longer be shared or sold to multiple callers based on a single consent.

What this means in practice:

• A consumer who fills out a form on a lead generation website must specifically consent to be contacted by each individual business that will call them
• Blanket consent forms listing dozens of companies in fine print are no longer compliant
• Lead generators must obtain topically relevant consent, meaning the consent must relate to the product or service the consumer inquired about
• Consent must clearly identify the specific entity that will be making the call

Prior Express Written Consent

For telemarketing calls using an automatic telephone dialing system (ATDS) or prerecorded voice, prior express written consent is required. This consent must include:

• A clear and conspicuous disclosure that the consumer will receive marketing calls or texts
• The specific telephone number to which calls will be made
• The identity of the caller or entity on whose behalf the call will be made
• An agreement that the calls may be made using an ATDS or prerecorded voice
• A statement that consent is not required as a condition of purchase

Do-Not-Call (DNC) Compliance

The TCPA requires compliance with both the National Do Not Call Registry and company-specific do-not-call lists. Businesses must scrub calling lists against the National DNC Registry at least every 31 days. When a consumer requests to be placed on a company's internal DNC list, that request must be honored within a reasonable time, typically within 30 days.

Call Time Restrictions

The TCPA restricts telemarketing calls to the hours of 8:00 AM to 9:00 PM in the called party's local time zone. This applies to the consumer's location, not the caller's location. Call routing systems must account for time zone differences and caller geography to ensure compliance.

Caller ID Requirements

Telemarketers must transmit caller ID information including the caller's name and telephone number. The number displayed must be one at which the caller can be reached. Spoofed or misleading caller ID information violates both TCPA and the Truth in Caller ID Act.

FCC Enforcement Trends in 2026

The FCC has significantly increased TCPA enforcement in recent years. Key trends include:

Increased Scrutiny of Lead Generators

The FCC has made clear that lead generators bear responsibility for the consent they collect. Generators that facilitate non-compliant calling by selling improperly obtained consent face direct enforcement action, not just the callers who use that consent.

Robocall Mitigation

The FCC's STIR/SHAKEN framework, which authenticates caller ID information to combat spoofing, continues to expand. Carriers that do not implement STIR/SHAKEN face potential blocking of their traffic. Businesses should ensure their call tracking and routing providers support STIR/SHAKEN authentication.

State Attorney General Enforcement

State attorneys general have become increasingly active in TCPA enforcement, bringing actions that supplement FCC efforts. States like Florida, Texas, California, and New York have their own calling regulations that in some cases are more restrictive than federal TCPA rules.

How TCPA Applies to Pay-Per-Call

Pay-per-call marketing primarily involves inbound calls, which are generally treated differently from outbound telemarketing under the TCPA. However, several TCPA requirements still apply.

Inbound Call Recording Consent

When a consumer calls a business and the call is recorded, consent requirements depend on state law. In one-party consent states, only one party (typically the business) needs to know the call is being recorded. In two-party (or all-party) consent states, all parties must be informed and agree to the recording.

Two-party consent states include California, Connecticut, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Pennsylvania, and Washington, among others. The safest practice is to play a recording disclosure at the beginning of every call, regardless of the caller's state.

Publisher Advertising Compliance

While the calls themselves may be inbound, the advertising that drives those calls must comply with TCPA and FTC regulations. Publishers running ads that encourage consumers to call must not use deceptive practices, and any automated dialing or pre-recorded messages used in the advertising chain must have proper consent.

Transfer and Warm Transfer Compliance

When calls are transferred from an IVR or initial qualification step to a buyer, compliance obligations transfer as well. The receiving party must maintain the same recording disclosures and consent standards. Warm transfers where the initial handler introduces the caller to the next agent generally provide better compliance documentation than blind transfers.

State-Level Regulations Beyond TCPA

Federal TCPA rules set the floor, but many states have enacted additional protections that businesses must follow.

Florida

Florida's Telephone Solicitation Act imposes additional restrictions including a private right of action for violations, limitations on texting, and specific disclosure requirements. Florida has been one of the most active states for TCPA-related litigation.

California

California's two-party consent law for call recording is one of the strictest in the nation. The California Consumer Privacy Act (CCPA) and its successor, the CPRA, also impose data handling requirements on call recordings and transcriptions that contain personal information.

Illinois

The Illinois Biometric Information Privacy Act (BIPA) can apply to voice recordings and voiceprints used for identification purposes. Companies using voice biometrics in IVR systems must comply with BIPA's consent and data handling requirements.

Other Notable States

Texas, New York, Washington, and Pennsylvania each have state-specific calling regulations that may affect your operations. Businesses operating nationally should maintain a state-by-state compliance matrix and configure their call tracking systems to apply the appropriate rules based on caller location.

How Call Tracking Platforms Help Maintain Compliance

Modern call tracking platforms provide built-in tools that make TCPA compliance more manageable at scale.

Automated Recording Disclosures

Platforms like VeloCalls can automatically play a recording disclosure at the beginning of each call, configured by state. Callers from two-party consent states hear the disclosure, ensuring compliance regardless of where the call originates. This automation eliminates the risk of human error in manual disclosure processes.

Real-Time DNC Scrubbing

Before routing inbound calls or enabling outbound contact, the platform checks the caller's number against the National DNC Registry and the company's internal DNC list. Numbers on either list can be flagged, blocked, or routed to a specialized handling queue.

Consent Tracking and Audit Trails

Every call, consent record, and routing decision is logged with timestamps, creating a comprehensive audit trail. If a compliance inquiry or lawsuit arises, the business can produce detailed documentation of its compliance practices for any specific call.

AI-Powered Compliance Monitoring

VeloCalls' AI transcription engine can monitor calls in real time for compliance risks. If an agent makes a prohibited statement, fails to provide required disclosures, or if the conversation suggests a potential TCPA issue, the system flags the call for review. This proactive monitoring catches potential violations before they become patterns. For more on how AI transcription works, read our AI call transcription guide.

State-Level Rule Enforcement

Configure your call routing to enforce state-specific rules automatically. Calls from states with specific time restrictions, consent requirements, or advertising rules are handled according to those rules without requiring manual intervention.

TCPA Compliance Checklist for Performance Marketers

Use this checklist to audit your current compliance posture.

Consent Management

• All lead forms collect one-to-one consent identifying your specific business
• Consent language is clear, conspicuous, and not buried in terms of service
• Consent records include timestamp, consumer phone number, and specific language agreed to
• Consent is stored securely and retrievable for individual phone numbers
• Third-party consent sources are audited for compliance with one-to-one consent rules

Call Recording

• Recording disclosure plays at the start of every recorded call
• Disclosure language is appropriate for two-party consent states
• Call recordings are stored securely with appropriate access controls
• Recording retention policies comply with applicable state requirements

DNC Compliance

• Calling lists are scrubbed against the National DNC Registry every 31 days or less
• Company-specific DNC requests are honored within 30 days
• A process exists for consumers to request DNC placement during calls
• DNC list maintenance is documented with timestamps

Time and Caller ID

• Outbound calls are placed only between 8:00 AM and 9:00 PM in the consumer's time zone
• Caller ID displays accurate business name and a reachable callback number
• Call routing systems account for time zone differences automatically

Publisher and Partner Compliance

• Publisher advertising materials are reviewed for TCPA compliance
• Publisher agreements include TCPA compliance obligations
• Publisher traffic sources are monitored for compliance
• A process exists to pause non-compliant publishers quickly

Common TCPA Violations and How to Avoid Them

Using Old Consent

Consent does not last forever. If a consumer provided consent two years ago, using that consent for new campaigns may be non-compliant, especially under the one-to-one consent rules. Regularly refresh consent and remove stale records.

Ignoring State Laws

Complying with federal TCPA rules is necessary but not sufficient. State-level regulations can be more restrictive, and ignoring them exposes your business to state attorney general enforcement and private lawsuits.

Inadequate Record Keeping

When a TCPA lawsuit arrives, the first thing your legal team will need is documentation. Consent records, DNC list maintenance logs, recording disclosures, and call routing records must be readily available. If you cannot prove compliance, a court may assume non-compliance.

Not Training Your Team

TCPA compliance is not just a technology problem. Every person who speaks with consumers must understand the basics: recording disclosure requirements, DNC request handling, and prohibited practices. Regular training and call quality audits are essential.

For more on how pay-per-call marketing works within this regulatory framework, see our comprehensive guide on what is pay-per-call. If you operate in the legal vertical, our guide on call tracking for law firms covers profession-specific compliance considerations.

Conclusion

TCPA compliance in 2026 requires a combination of proper consent management, technological safeguards, ongoing monitoring, and team training. The regulatory landscape continues to evolve, with the FCC's one-to-one consent rule representing the most significant recent change.

Call tracking platforms with built-in compliance tools dramatically reduce the burden of maintaining TCPA compliance at scale. Automated recording disclosures, real-time DNC scrubbing, consent tracking, and AI-powered monitoring catch issues that manual processes inevitably miss.

VeloCalls includes comprehensive compliance features designed for performance marketers operating in regulated environments. Start a 14-day free trial to see how automated compliance tooling can protect your business while you focus on growth.