TCPA class actions jumped 112% in Q1 2025. The FTC raised per-violation fines to $53,088. An auto warranty robocall scheme drew a $300 million proposed penalty. And outbound call centers are the primary target.
The regulatory landscape shifted more between 2024 and 2026 than it did in the previous decade. New consent revocation rules went live April 2025. The FTC expanded the Telemarketing Sales Rule to cover B2B calls. AI-generated voices got classified as robocalls. Several states enacted mini-TCPA laws with penalties steeper than the federal rules.
If you're running a predictive dialer in 2026, here are the specific misconfigurations that produce lawsuits -- and the fixes for each one.
What Changed (2025-2026)
Consent revocation rules went live April 11, 2025. Under 47 C.F.R. § 64.1200(a)(9)-(11) and (d)(3), consumers can now revoke consent through any reasonable method -- text, email, voicemail, verbal request, anything. You must honor it within 10 business days. The FCC designated seven mandatory opt-out keywords: stop, quit, revoke, opt out, cancel, unsubscribe, and end.
The one-to-one consent rule is dead. The Eleventh Circuit vacated it in Insurance Marketing Coalition Ltd. v. FCC (No. 24-10277, Jan 24, 2025). Lead generators can still collect consent for multiple sellers in a single interaction, provided they meet the standard written consent requirements.
AI voices are robocalls. The FCC's February 2024 declaratory ruling (FCC 24-17) classified AI-generated voices as "artificial or prerecorded voice" under TCPA § 227(b)(1). No exemptions, applies retroactively.
TSR now covers B2B. Effective January 9, 2025 (89 FR 98,220), the prohibitions against misrepresentations apply to business-to-business calls. Recordkeeping extended to 5 years.
The 10 Misconfigurations
1. Drop Rate Limit Set Too High
The FTC Telemarketing Sales Rule (16 CFR § 310.4(b)(4)(i)) caps abandoned calls at 3% of answered calls per campaign per 30-day period. Leaving your dialer's drop percentage at default or above 3% means every excess abandoned call is a potential $53,088 fine.
The fix: Set your drop percentage limit to 2% or lower -- the legal max is 3%, but 2% gives you a buffer for traffic spikes. Use adaptive dial methods (ADAPT_HARD_LIMIT or ADAPT_TAPERED), not ratio-based dialing, for compliance-sensitive campaigns. Keep adaptive intensity between 0.2 and 0.5.
2. DNC Statuses in the Dial Queue
When someone marks a lead as Do Not Call, that status should block all future dial attempts. If your campaign's dial status list includes DNC dispositions, the dialer will call those numbers again. This is a TCPA violation at $500-$1,500 per call with class action exposure.
The fix: Audit every campaign's dial status list. Remove DNC and DNCL. No exceptions. Most dialers flag this as a configuration error for a reason.
3. No Safe Harbor Message on Dropped Calls
When a call is answered and no agent is available, the TSR requires a prerecorded message within 2 seconds identifying your company and providing a callback number. If your drop action is set to hang up, every dropped call is a violation.
The fix: Configure your drop action to play a call menu (not hang up). Build a safe harbor message that identifies your company, provides a callback number, and offers a press-1 DNC opt-out. Test it quarterly.
4. Wrong Timezone on Leads
Federal law restricts outbound calls to 8 AM - 9 PM in the called party's local time zone (TSR 16 CFR § 310.4(c)). If your lead timezone data is wrong -- typically from relying on area code lookup instead of postal code lookup -- you'll call people at 7 AM or 10 PM their time.
Number portability makes area codes unreliable. A 312 (Chicago) area code could belong to someone in Denver. Use ZIP code-based timezone lookup when loading leads. Verify a sample after loading.
5. No State-Specific Calling Hours
Federal rules allow calling until 9 PM. Florida and Oklahoma stop at 8 PM. Indiana starts at 9 AM. If you're using a single nationwide calling window, you're violating state laws every evening.
500 calls at 8:15 PM to Oklahoma = 500 violations at $500 each = $250,000 minimum exposure. One evening.
The fix: Create state-specific time restrictions for every state with non-standard hours: FL (8am-8pm), OK (8am-8pm), IN (9am-8pm). Build in a 15-minute buffer to account for clock drift.
6. Spoofed or Placeholder Caller IDs
Using 0000000000, a number you don't own, or "snowshoeing" across hundreds of numbers to avoid spam flags violates the Truth in Caller ID Act (47 U.S.C. § 227(e)). Penalties: up to $10,000 per call. Plus, STIR/SHAKEN authentication means improperly registered numbers get C-level attestation -- your calls get blocked or tagged as "Spam Likely" regardless.
The fix: Only use valid, registered numbers authorized by your carrier. Monitor number reputation and pull flagged numbers from rotation immediately. Get STIR/SHAKEN Level A attestation through your carrier or a signing service.
7. Recording Set to Agent-Controlled or Disabled
If agents can choose when recording starts and stops, you have no evidence to defend against complaints, lawsuits, or regulatory inquiries. In two-party consent states (California, Florida, Illinois, Maryland, Massachusetts, Pennsylvania, Washington, and five others), you can't prove you disclosed recording.
The fix: Set campaign recording to record every call with no agent override. Play a "this call may be recorded" announcement at the start of every call regardless of destination state. For Massachusetts calls, train agents to get verbal confirmation -- implied consent may not be sufficient under Mass. Gen. Laws ch. 272, § 99.
8. Not Scrubbing Against DNC Lists
The 31-day federal DNC scrub requirement (TCPA § 227 + TSR 16 CFR § 310.4(b)(1)(iii)) is strictly enforced. Numbers are added to the registry daily. The 11 state DNC lists (CO, FL, IN, LA, MA, MO, OK, PA, TN, TX, WY) carry independent penalties.
The fix: Pre-scrub every lead list through a DNC scrubbing service before importing into your dialer. Re-scrub every 31 days. Do NOT try to import the entire 240+ million number federal registry into your dialer's internal DNC table -- it will crush database performance.
9. Slow or Missing Opt-Out Processing
Since April 2025, consent revocation through any reasonable method must be honored within 10 business days. The FCC lists seven mandatory keywords. Plaintiff attorneys argue "reasonable" means 24-48 hours.
Only honoring "STOP" texts while ignoring verbal requests, emails, or voicemails is not compliant.
The fix: Build automated keyword detection for all seven FCC keywords. Create a multi-channel opt-out intake process. Disposition as DNC the moment a customer requests it. Enable your internal DNC list so the disposition actually blocks future calls.
10. Callbacks Scheduled in Wrong Timezone
When an agent schedules a callback using the server's timezone instead of the customer's timezone, you can end up calling at 11 PM the customer's time. This is a calling hours violation.
The fix: Configure callbacks to use the lead's timezone. Train agents to confirm the customer's timezone during the call.
What Real Violations Cost
| Company | Penalty | What They Did |
|---|---|---|
| Roy Cox Jr. / Sumco Panama | $299.997M | 5 billion illegal robocalls in 3 months |
| Dish Network | $210M | 66M+ telemarketing violations through dealers |
| Caribbean Cruise Line | $76M | Millions of robocalls via fake political surveys |
| Capital One | $75.5M | Autodialers and prerecorded calls without consent |
| Keller Williams Realty | $40M | Prerecorded calls to DNC numbers |
$500 per non-willful violation, $1,500 for willful, no cap on aggregate damages in private lawsuits. TCPA litigation hit 2,788 cases in 2024 (67% increase). Q1 2025 saw 507 class actions (112% increase). Average settlement: $6.6 million.
State Laws That Catch People Off Guard
Florida (Fla. Stat. § 501.059): 8 PM calling cutoff (not 9 PM). Max 3 call attempts per person per 24 hours on the same subject. Written consent required for autodialed cell phone calls. $500-$1,500/violation.
Oklahoma (15 O.S. § 775C): 8 PM cutoff. 3-call-per-24-hour limit. Broader autodialer definition than federal -- covers "selection OR dialing." $500-$1,500/violation, uncapped.
Texas SB 140 (Tex. Bus. & Com. Code Ch. 302): Effective September 2025. Registration with Secretary of State required ($200/year + $10,000 bond). Quarterly reporting. Any violation is an unfair and deceptive practice under Texas law. Private right of action. AG can seek $5,000/violation.
Washington (RCW 80.36 / 19.158): Private right of action for caller ID spoofing -- which federal TCPA does not provide. Up to $1,000/violation with increased awards for repeat offenses.
Two-party recording consent states (12 total): California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Oregon, Pennsylvania, Washington. When a call crosses state lines, the stricter state's law applies.
Quick Compliance Checklist
- Scrub all lists against federal DNC registry every 31 days
- Scrub against all relevant state DNC registries (11 states)
- Internal DNC list active and processing opt-outs within 10 business days
- Drop percentage limit at 2% or lower
- Safe harbor call menu configured on dropped calls
- State-specific calling hours set (FL/OK: 8pm, IN: 9am start)
- DNC statuses removed from all campaign dial status lists
- Campaign recording on every call, no agent override
- Valid registered caller ID on every campaign
- Carrier provides STIR/SHAKEN Level A attestation
- "This call may be recorded" disclosure on every call
- Agents identify themselves, company, and purpose within first seconds
- Written consent documentation stored for 5+ years
- AI voices not used without prior express consent
- Texas registration filed if calling TX without prior consent
- EBR time limits tracked (18 months transaction / 3 months inquiry)
- Quarterly compliance audit scheduled and documented
Need help auditing your dialer compliance settings? We configure and audit compliance for VICIdial-based operations as part of our deployment work. One misconfigured campaign can cost more than a decade of consulting fees.
Top comments (0)