What Is the TCPA? Definition, Damages & 2026 Compliance Rules

TCPA Definition

The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, is a federal statute originally passed in 1991 to curb unsolicited telemarketing calls and faxes. The FCC has since extended it to cover SMS, MMS, and ringless voicemail to mobile numbers.

The statute restricts how businesses may contact US consumers on a cell phone using an "automatic telephone dialing system" (ATDS) or any artificial / prerecorded voice — and, critically for SMS, requires prior express written consent for any marketing message.

TCPA Penalties: $500–$1,500 Per Message

The TCPA's bite is its private right of action. Each non-consented marketing text is its own violation:

• $500 per violation (negligent).
• $1,500 per violation if "willful or knowing" — judges typically treat sophisticated marketers as willful.
• Class actions: A 100,000-message campaign with no consent record is theoretically $50M–$150M in exposure.
• No cap: damages aren't capped per defendant or per plaintiff class.

Most cases settle in the $50K–$5M range, but the leverage on plaintiffs is enormous because there's no good-faith defense — only a documentary one (consent proof).

Prior Express Written Consent (The Standard for Marketing SMS)

For any marketing message to a cell phone, the FCC requires prior express written consent. The opt-in must include:

• A clear, conspicuous disclosure naming the specific business and the type of messages ("marketing", "promotional", "appointment reminders").
• An affirmative, unambiguous action — typically typing a phone number AND ticking an unchecked checkbox.
• A statement that consent is not a condition of any purchase.
• The standard "Msg & data rates may apply" disclosure.
• A statement of approximate message frequency.
• Instructions to STOP (opt out) and HELP (support).
• A retained, tamper-evident record of the opt-in showing exactly what the user saw.

Pre-checked boxes, bundled email + SMS consent, and "by submitting this form you agree…" patterns generally do not satisfy this standard.

The 2024 FCC Revocation Rule (Effective 2025)

In April 2024, the FCC finalized rules clarifying that consumers may revoke consent by any reasonable means: replying STOP or any common variant (END, CANCEL, UNSUBSCRIBE, QUIT), email, phone call, web form, or even social media DM.

Once revoked, senders must:

• Stop sending within 10 business days (industry expectation: immediate).
• Honor the revocation across all channels covered by that consent.
• Not require any specific revocation method or send "are you sure?" friction messages.

Failure to honor revocation is now the second-largest source of TCPA judgments after missing initial consent.

Common TCPA Violations That Trigger Lawsuits

• No prior express written consent record (the #1 cause of demand letters).
• Pre-checked or bundled SMS consent boxes.
• Continuing to message after STOP — even one message after opt-out is per-violation.
• Texting numbers on the National Do Not Call Registry without consent.
• Sending before 8 a.m. or after 9 p.m. in the recipient's local time zone.
• Failing to identify the sender in the first message.
• Wrong-number violations when consent record doesn't match the actual recipient.

How to Stay TCPA-Compliant in 2026

• Use a standalone, unchecked SMS consent checkbox — never bundled with email or terms acceptance.
• Capture court-grade consent proof for every opt-in: timestamp, IP, user agent, exact disclosure shown, geolocation, and ideally a session replay.
• Hash and lock each consent record (SHA-256) so tampering is detectable.
• Honor STOP and revocation across all reasonable channels within 10 business days — immediately is best.
• Maintain a per-brand suppression list checked before every send.
• Restrict sends to 8 a.m.–9 p.m. local time.
• Re-confirm consent for any list older than 18 months with no engagement.