How 2025 Redefined Telemarketing Compliance

If your company uses phone calls or text messages to reach customers, 2025 has been a watershed year. Lawsuits under the Telephone Consumer Protection Act (TCPA) have surged — up nearly 95% compared to last year, with class actions spiking 285% in September alone, according to some estimates. Regulatory ambiguity and an influx of aggressive litigation are driving this trend, while states are rewriting or strengthening their own “mini-TCPA” laws, often imposing stricter requirements and heavier penalties than federal law.

Compounding this shift is a Supreme Court ruling that erodes decades of reliance on Federal Communications Commission (FCC) interpretations, leaving behind a patchwork of fragmented, fast-evolving and high-risk compliance obligations. 

In this new environment, well-designed compliance playbooks have moved from the realm of optional to essential.

Federal compliance loses its grip

For years, businesses relied on FCC interpretations of the TCPA as reliable guidance. That changed in June when the Supreme Court’s decision in McLaughlin v. McKesson held that district courts are not bound by FCC interpretations in civil TCPA cases. Judges must now interpret the statute independently, granting the FCC only “appropriate respect.” The ruling has introduced wide variability among jurisdictions and intensified disputes over key compliance issues. 

In its McLaughlin v. McKesson ruling, the Supreme Court referenced its 2024 decision in Loper Bright, which undid decades of deference to agency interpretation. This loss of binding deference means agency interpretations long viewed as settled are now subject to challenge in district courts. Counsel should anticipate more motion practice over whether FCC rulings or declaratory orders still carry weight and expect differing outcomes across jurisdictions on questions like quiet-hour rules for text messaging and what constitutes valid consent in lead-generation campaigns.

Conflicting rulings are already emerging. For example, in Jones v. Blackstone, a federal court earlier this year in Illinois concluded that text messages are not “telephone calls” under the TCPA’s do-not-call rules. On the same day, a federal court in Oregon reached the opposite result in Wilson v. Skopos, relying on consumer privacy principles and earlier FCC orders. The loss of uniform FCC deference has reshaped the litigation landscape, making proactive compliance planning and jurisdictional strategy more critical than ever.

Meanwhile, the FCC continues pursuing enforcement and rulemaking on parallel tracks:

• Robocall mitigation database (RMD) enforcement: In August 2025, the FCC ordered more than 1,200 voice service providers removed from the RMD for deficient filings, effectively disconnecting them from US networks and compelling downstream carriers to block their traffic.
• AI-generated robocalls: In February 2024, the FCC clarified that AI-generated voices qualify as “artificial or prerecorded” under the TCPA, requiring prior express written consent absent limited exceptions. The agency also opened a rulemaking on consent and disclosure standards for AI-assisted calls.
• Consent revocation: The FCC’s April 2025 rules formally allow consumers to revoke consent by any reasonable method (including STOP or UNSUBSCRIBE commands). Implementation of the “revoke all” rule, which would require treating an opt-out for one type of message as an opt-out for all future robocalls and robotexts from that caller, is delayed until April 2026 and under active FCC review. The agency is considering whether to allow consumers more granular control over which types of calls or texts they wish to stop and may further modify the rule to balance consumer choice with operational burdens on businesses.

In late 2023, the FCC attempted to close the so-called “lead-generator loophole” by requiring seller-specific (“one-to-one”) prior express written consent and limiting consent to communications logically tied to the original interaction. In January 2025, the 11th Circuit vacated that rule, finding the FCC had exceeded its statutory authority by redefining “prior express consent.”

Plaintiffs continue probing the validity of consent, particularly for purchased or shared leads. Compliance teams should still ensure that disclosures are clear and channel-specific, maintain detailed consent records (including screenshots, timestamps and device data) and align the scope of consent with the messaging used to withstand scrutiny nationwide.

State law momentum

Federal uncertainty tells only part of the story. States are rapidly adopting tougher telemarketing rules, with at least 15 jurisdictions now enforcing mini-TCPA statutes as of this fall. Notable developments include:

• Texas SB 140 (effective Sept. 1, 2025): Expands “telephone solicitation” to include text and image messages; ties violations to the Texas Deceptive Trade Practices Act (treble damages and attorney’s fees); and mandates registration for in-state and out-of-state sellers, including a $200 filing fee and $10,000 security.
• Virginia SB 1339 (effective Jan. 1, 2026): Requires honoring text opt-out commands (STOP/UNSUBSCRIBE) for 10 years and extends the Virginia Telephone Privacy Protection Act to texting.
• Connecticut SB 1058 (in effect since 2023): Requires prior express written consent for all “telephonic sales calls” and limits calling hours to 9 a.m. to 8 p.m. local time, tighter than federal rules.
• Georgia SB 73 (in effect since 2024): Eliminates damage caps and the “knowing” requirement, while adding vicarious liability, significantly increasing exposure for brands using third-party marketers.
• Maine LD 2234 (in effect since 2024): Requires telemarketers to check the FCC’s reassigned numbers database (RND) before calling, with safe harbor for documented RND checks.

The message for businesses is clear: federal compliance is no longer sufficient. Companies must develop jurisdiction-specific frameworks reflecting local time limits, consent standards and enforcement risks.

Compliance

Telemarketing Rule Update Demands Faster Action on Consumer Opt-Outs

by Paul St. Clair

May 16, 2025

New requirements reduce opt-out processing time from 30 to 10 days and expand what qualifies as a "reasonable" consumer revocation request

Read moreDetails

UDAP laws: The next compliance frontier

Even in states without standalone mini-TCPA statutes, regulators are turning to Unfair or Deceptive Acts or Practices (UDAP) laws to enforce telemarketing violations. This strategy substantially raises exposure, since UDAP statutes often authorize treble or punitive damages, attorney’s fees, injunctive relief and class actions.

Texas SB 140 exemplifies this approach by directly linking telemarketing violations to the state’s Deceptive Trade Practices Act (DTPA), creating “triple-stacked” liability under the TCPA, mini-TCPA and DTPA. Plaintiffs can now pursue mental anguish damages and treble economic losses for conduct that previously carried only statutory penalties.

Other states are following suit: Maryland now classifies certain telemarketing violations as deceptive acts under its consumer protection law, while Oregon and Washington amended their statutes to explicitly define telemarketing violations as deceptive practices, encouraging liberal interpretation in favor of consumers.

Even a minor compliance lapse — such as calling outside permitted hours or failing to process an opt-out — can now trigger compounded claims and heightened reputational risk.

Quiet hours: The emerging litigation battleground

Litigation is also accelerating in nuanced TCPA areas, particularly around “quiet-hour” restrictions. The TCPA prohibits calls before 8 a.m. or after 9 p.m. local time, and several states impose tighter limits; for example, Texas restricts communications before 9 a.m. or after 9 p.m., while Connecticut caps telemarketing between 9 a.m. to 8 p.m.

Uncertainty remains over whether prior express consent overrides quiet-hour restrictions. In March 2025, the FCC sought comment on whether consent can supersede time restrictions and whether area codes can reliably determine a recipient’s local time. No definitive guidance has followed, leaving businesses to navigate ambiguity amid increasing lawsuits targeting texts sent just minutes outside the allowable window.

Quiet-hour compliance depends on the recipient’s location, not the sender’s, relying on area codes can be risky. A text sent at 8:05 a.m. Eastern might arrive at 5:05 a.m. Pacific, creating liability despite good-faith scheduling.

Vendor oversight: The overlooked risk factor

Compliance responsibilities extend beyond in-house systems. Most organizations depend on carriers, platforms and marketing vendors to run outreach campaigns. Under both federal and state laws, liability can reach any entity that benefits from or directs a communication.

Key risks include:

• RMD enforcement disruptions: The FCC’s recent delisting of 1,200 providers cut off their traffic overnight, halting campaigns for dependent clients.
• Expanding vicarious liability: State laws in Georgia and Texas now increase the risk that brands will be held liable for vendor missteps.
• Lead provenance scrutiny: Even though the 11th Circuit vacated the one-to-one consent rule, regulators continue examining how consent was obtained and whether opt-outs are honored across vendors.

Additionally, the FCC’s STIR/SHAKEN framework — designed to authenticate caller identity and block spoofed calls — remains a compliance cornerstone. Vendors that fail to maintain STIR/SHAKEN certification risk having calls blocked or marked as spam, posing operational and reputational harm.

What businesses should do now

In this shifting environment, companies must reexamine and modernize their compliance programs. Key steps include:

• Map your risk: Catalog all outbound channels (voice, SMS, ringless voicemail, OTT apps) and the jurisdictions involved.
• Rebuild consent architecture: Capture detailed, channel-specific consent and disclose any AI involvement.
• Treat texts like calls: Apply do-not-call, opt-out and quiet-hour rules uniformly.
• Honor opt-outs long-term: Build systems to retain and respect opt-outs for at least 10 years, following Virginia’s new rule.
• Integrate time-zone logic: Default to the strictest time window when location is uncertain.
• Audit vendors: Confirm RMD status, registration compliance and STOP command handling.
• Prepare for litigation: Preserve consent records, time-zone logic, opt-out logs and vendor contracts in anticipation of judicial scrutiny.

Bottom line

This year represents a pivotal moment for telemarketing regulation. The TCPA framework has evolved into a multi-layered patchwork of federal uncertainty, state enforcement and accelerating litigation. Businesses that treat compliance as static will face growing exposure. Those that invest in adaptable, jurisdiction-aware frameworks with robust consent architecture, vendor management and time-zone precision will be positioned to stay compliant — and competitive — in the new regulatory era.