Looking to become TCPA compliant with your text messaging and calling?
This guide covers everything you need to know about TCPA regulations for businesses.
After we explain what TCPA compliance is and how violations could impact your business, we provide a ten-step TCPA compliance checklist that you can jump to here.
If you need a way to manage TCPA guidelines at scale, we also introduce a modern business communication platform that can help with compliance as you grow.
What is TCPA compliance?
TCPA compliance refers to following the Telephone Consumer Protection Act. The Federal Communications Commission passed this law to protect Americans from predatory telemarketing calls.
Originally designed to stop unsolicited calls from reaching consumers, the TCPA now applies to almost all forms of business communication, including:
- Faxes
- Voicemails
- Autodialed calls
- SMS marketing campaigns
- Prerecorded voice messages or robocalls
TCPA guidelines are more than just suggestions; they’re necessities for any business working in or calling to the US. If you fail to follow the TCPA’s guidelines, you may face class action lawsuits and thousands of dollars in fines.
In short: TCPA compliance is a necessity, not a luxury. And if you want to avoid expensive TCPA violations, you need to follow the TCPA guidelines listed below.
TCPA compliance checklist: Rules and best practices to follow
The TCPA requires your business to follow specific guidelines to contact customers in the US. These include:
- Getting prior express written consent from recipients
- Designing compliant opt-in forms
- Knowing when implied consent applies
- Communicating the terms and conditions of your calls and texts
- Calling and texting recipients during business hours only
- Writing your business name in the first text message
- Allowing people to opt out of messages and respecting their wishes
- Respecting the National Do Not Call List/National DNC Registry
- Training team members in proper TCPA compliance guidelines
- Monitoring marketing agencies and vendors
Let’s take a look at these requirements in greater detail.
1. Obtain express written consent and keep records
Before your business calls or texts customers, you need a record of their ‘prior express written consent.’ This means you need a record of spoken or written proof that customers willingly provided their contact information and requested communication from your business.
You can keep records of prior written consent in two ways: physical or digital. Digital records are much easier to store and retrieve, although you can always store physical documents as an extra layer of defense. We recommend keeping records for at least five years in case a dispute arises.
How can you obtain express written consent for texting and calling? You need a few things:
- List consent disclaimers underneath marketing messages, lead magnets, and other interactive forms. Just keep in mind that you can’t require customers to opt in to marketing to be able to purchase goods or services. You can only include the disclaimer and ask if customers would like to receive notifications. You should also get written consent for any sort of marketing communication.
- Your consent form needs to explain the kind of message(s) your customers can expect. For example, do you intend to send messages for commercial or informational purposes? How often do you plan to send texts or make calls? You should also list your privacy policy and terms and conditions so customers can read the fine print.
You can use these guides to get started: Consent to receive text messages template and SMS privacy policy template.
If you plan to send promotional messages to customers, you may want to implement a double opt-in strategy. Although the TCPA doesn’t require this, the Cellular Telecommunications Industry Association does. If you violate CTIA guidelines, you may get reported to carriers and lose access to customers on major networks like Verizon, T-Mobile, and AT&T.
You need to follow each of these rules before contacting customers by phone or text. However, if you already have an existing relationship with a customer, you may be able to send conversational text messages just with implied consent.
2. Know what your opt-in form must include
Here’s what proper opt-in language for SMS compliance looks like in practice:
By selecting this box, you agree to receive promotional text messages from [business name] at this phone number. Consent is optional and not required to make a purchase. Text frequency may vary. Standard message and data rates may apply. Text STOP to unsubscribe. See our [terms] and [privacy policy].
This example covers all the necessary components:
- Clarifies that consent isn’t required to complete a purchase
- Specifies what kind of messages subscribers will get
- Provides links to your terms of service and privacy policy
- Discloses how often texts will be sent
- Notes that ‘standard message and data rates may apply’
- Names your business
- Shows how recipients can opt out
Make sure the checkbox is unchecked by default — subscribers need to actively opt in.
3. Understand the type of message you’re sending
The level of consent you need depends on what type of message you’re sending. Here’s how it breaks down:
Conversational messages: Implied consent
Not every customer is a brand-new contact for your business. Some may want to call or text you first while looking for more information. This is what the TCPA refers to as ‘implied consent’: customers who message or call you first.
Implied consent also applies to customers who have a preexisting relationship with your business and haven’t opted out of calls or texts.
Keep in mind there are some exceptions even to implied consent for conversational messaging. You may not have to get consent at all for certain types of messages. For example:
- Healthcare organizations can send lab results or post-op care guides
- Financial businesses can send security or account updates
- Utilities can send outage information or maintenance details
- Tax-exempt nonprofits are excluded from TCPA guidelines but still have to respect the National Do Not Call Registry
To summarize: You can generally make phone calls and texts for emergency purposes outside the TCPA’s usual guidelines for consent.
Transactional: Express consent
Transactional messages contain information your customers need to use your product or service. These messages don’t include any kind of promotion. Some examples are:
- Order confirmations with tracking numbers
- Appointment confirmations
- Shipping updates
- Reservation confirmations
For transactional messages, you need express consent from customers before sending. This means recipients have opted in to receive these kinds of texts verbally, on a website form, or with a paper document.
Promotional: Express written consent
Promotional marketing texts help sell or promote your products and services. These are also called SMS marketing messages and have stricter regulations around them. Examples include:
- Sales, discount codes, and promotional offers
- Giveaways and competitions
- Product launch notifications
Express written consent is required for promotional messages, which means subscribers need to opt-in on a paper or digital form — not verbally. The CTIA also recommends getting double-opt in for marketing messages. As always, don’t forget to neglect basic business phone etiquette.
4. Communicate terms and conditions clearly
Customers need to know what they can expect before they opt in to calls or texts. This means you need to provide as many details as possible so they can make an informed decision before handing over their info.
To stay TCPA compliant, you must:
- Disclose your privacy policy and terms and conditions in places customers can access them
- Mention your business at the first point of contact — this applies to both calls and texts
- Explain how often you intend to call or text, as well as how many messages you plan to send per month
Some businesses also disclose data rates inside a link in their text messages so customers can get more help and information.
5. Always provide a way to opt-out of SMS
Your contacts always need a way to opt out of calls and texts — even if they just opted in yesterday. The TCPA says customers can give and take away consent at any time, and not providing a way to do so could put you into a tricky legal situation.
Both the TCPA and CTIA have guidelines for opt-out messages. For texting, these include:
- Sending instructions for how to opt -out at least once per month
- Having a HELP shortcode or something similar so customers can request more information for your business
For calling, you need to:
- Honor any verbal requests to be removed from your list
- Check the DNC registry
As of April 11, 2025, the FCC requires businesses to honor opt-outs within 10 business days. Quo, formerly OpenPhone, automatically sends an opt out confirmation if someone opts out to make things easier.
For more information, feel free to explore our comprehensive guide to TCPA opt-in / opt-out requirements.
6. Communicate during business hours only
You don’t want to get a business call in the middle of the night, do you? Neither do your customers. That’s why the TCPA requires businesses to send messages during ‘business hours’ only — which means 8 a.m. to 9 p.m. in your customer’s local time.
With Quo, you can send scheduled SMS messages based on any time zone from your phone, laptop, or tablet. All you have to do is type your message, hit the clock icon, then queue up your text.
Struggling to figure out the best time to call your customers? You can also use scheduled messages to compare your time zone to your customers’ time zone. This means you can rest easy knowing you’re TCPA compliant without having to worry about pulling up other tools.
7. Include your business name in the first text message
Whether you’re on the phone or simply texting with customers, you need to disclose your business name the first time you contact them. Not only does this reduce any confusion for customers, but it clearly states your intentions and helps recipients understand who you are.
You can try saying something along these lines:
- Hey [name], this is [your name] from [business]. I received your appointment request this morning and wanted to confirm the time still works for you.
- [Name], thank you for your interest in [business] messages. By opting in, you’re consenting to four text messages per month. Reply IN to opt in. Reply HELP for more information.
- Thanks for [calling/texting] [business name]! I’d love to help you [action]. Can you give me a few more details so we can get started?
Keep in mind you may not need to provide your name or business name in follow-up messages through text. However, if it’s been weeks since your last conversation with a customer, you may want to reintroduce yourself, just in case.
You should always open with your name and business name while on the phone with customers.
If you want some additional templates for inspiration, we’ve compiled a list of business text message examples you can start using today.
8. Respect the National Do Not Call Registry and avoid cold- calling lists
Nobody likes unwanted calls and texts, although Americans receive millions of them per year. That’s one of the reasons why the US government founded the National Do Not Call Registry in 2003 — to stop marketers and predatory call centers from spammingbothering people’s landline or cell phone numbers.
If a contact has their number listed on the DNC, you cannot contact them at all. The best way to check this is to create an account to access the DNC registry and scrub any numbers matching the ones on your list. You can also check up to three numbers on a tool offered by the Federal Trade Commission or FTC; keep in mind it’s intended for consumer use rather than business purposes.
You can rely on an automatic telephone dialing system or ATDS to avoid calling customers on the DNC list. However, be prepared for potentially heavy fines. The FCC has several restrictions on automatic dialers, and if you use one to manage cold calling, it could lead to legal action.
Even beyond the legal ramifications, you should know cold calling or texting isn’t the most efficient way to drum up business. It also isn’t supported by providers like Quo.
Cold communication can reflect badly on your reputation. It can also lead to carriers labeling your phone number as spam to their customers. In the worst-case scenario, your phone provider may ban you from their network, losing you thousands of contacts.
Building up your inbound marketing process is a far more effective way to build better relationships with your customers. Here’s what we did at Quo to grow online search traffic from 500 to 30,000 monthly visits:
- Create blog content people are actually searching for online
- Perform basic keyword research to create a content strategy
- Optimize existing content to freshen up posts with additional value
Want to learn more about how you can use Quo to cultivate stronger customer relationships? You’re welcome to take our platform on a test drive with our seven-day free trial.
9. Train teammates on TCPA compliance
The TCPA may not change every few years, but the people who staff your business do. They probably aren’t as familiar with TCPA guidelines as you are.
That’s why the TCPA requires businesses to have detailed descriptions of call procedures so violations don’t happen by accident.
It’s also a good idea to provide yearly training to keep team members up to speed. You should also give new trainees onboarding documents on compliance so nobody gets left out of the loop.
10. Monitor marketing agencies and vendors
Your business is responsible for all messages sent on your behalf — even if a third party sends them. For example, if someone fills out a lead form on your website and your automated drip campaign texts them through HubSpot, you still need proper consent for that text to be TCPA compliant.
To protect yourself:
- Maintain your own records of customer consent
- Verify your vendors’ compliance practices before partnering with them
- Audit your automated campaigns regularly
Legal consequences for TCPA violations
Not following TCPA violations could rack up huge fines and tarnish the reputation of your brand. The TCPA allows for statutory damages of up to $500-$1,500 per violation — for each unsolicited call or text message.
These fines can add up quickly. In 2013, Papa Johns settled a $16.5 million class action lawsuit after sending more than 500,000 promotional texts without consent.
Here’s a closer look at the fines and legal repercussions businesses can face for TCPA violations:
| TCPA violation | Consequence |
|---|---|
| Calling or texting without proper consent | $500 per violation, or up to $1,500 per violation if willful or knowing |
| Using an autodialer/ATDS to call cell phones without consent | Up to $500 per violations, with potential for $1,500 for willful violations |
| Calling or texting outside permitted hours: before 8 a.m. or after 9 p.m. in recipient's time zone | Fines and potential lawsuits |
| Not honoring opt-out requests | Fines and potential lawsuits |
| Not providing caller ID or using deceptive caller ID | Fines and potential lawsuits |
| Not honoring DNC lists | Fines and potential lawsuits |
How to ensure TCPA compliance with your business
Following the checklist above is a great start. But to maintain compliance, you need to build it into your operations. Here’s how:
- Document your compliance procedures. Create a formal policy and assign someone to own compliance across your organization.
- Train your team regularly. Provide new hires with onboarding materials on compliance, and existing staff with annual refreshers on the rules.
- Run periodic audits. Review your consent records and communication logs to catch issues before they become violations. Don’t forget to audit vendors and third-party tools as well.
- Use compliance-focused technology. The right platform can automatically track consent, honor opt-outs, and schedule messages within permitted hours — like Quo does.
- Consult legal counsel. TCPA regulations evolve, and state-specific laws may apply to your business. Contacting a lawyer is your safest bet to adapt to changes.
In short: TCPA compliance isn’t a one-time checklist — it’s an ongoing commitment to protecting your customers and your business.
Manage TCPA compliance at scale with Quo
TCPA compliance can get more and more complicated as your business scales. Keeping an eye on guidelines can be tedious and prone to errors — which is where Quo comes into play.
Quo is a business phone solution designed to help you manage TCPA compliance across multiple communication channels. We make it easy to send TCPA compliant texts and calls while automating repetitive tasks so you can grow your business without violating legal requirements.
With Quo, you can:
- Register your telephone number for A2P 10DLC and STIR/SHAKEN
- Queue up scheduled messages so you always text customers during business hours
- Send automatic opt-out texts to let customers know they’ve successfully unsubscribed
- Use your business name for your caller ID once you complete A2P 10DLC registration
When you’re ready to get started with TCPA-compliant calling and texting, you can sign up with Quo to test our platform with your team. Then, when you’re ready, you can port over your existing number(s) to make TCPA-compliant phone calls and text messages at scale.
FAQs
The TCPA requires businesses to:
– Obtain prior express written consent before sending marketing calls or texts using automated systems
– Honor the National Do Not Call Registry and opt-outs
– Provide a clear way to opt-out of calls and texts
– Only contact consumers during 8 a.m. to 9 p.m. in the recipient’s time zone
A TCPA express written consent example could be:
By checking the box, you agree that [business name] may call or text you for marketing purposes. Message and data rates may apply. Message frequency varies. You may revoke consent at any time by replying STOP. Consent is not a condition of purchase.
Your business can face serious fines for not staying compliant. TCPA violations can result in penalties of $500 to $1,500 per violation with no limit on total damages. Sending texts or making calls without consent can also hurt your business reputation.
