The regulatory environment for outbound calling has never been more complex or more consequential. TCPA violations that once resulted in manageable settlements now regularly produce eight-figure judgments. Several states have passed their own calling restrictions that go beyond federal requirements. And enforcement has accelerated.

This is not a legal guide — consult your compliance counsel for specific advice. But it is a practical overview of the technical and operational controls that defensible outbound calling operations have in place.

What the TCPA Actually Requires

The Telephone Consumer Protection Act, passed in 1991 and significantly amended since, governs when and how you can contact consumers by phone. The core requirements that matter for outbound contact centers:

Prior express written consent is required before using an autodialer or prerecorded voice to contact a mobile number for marketing purposes. "Prior" means before the call, not ratified afterward. "Express" means affirmative, not assumed. "Written" includes electronic records but requires specific language disclosures.

The National Do Not Call Registry must be honored. Registered numbers cannot be called for telemarketing purposes. Scrubbing against the registry is a legal requirement, not a best practice.

Time-of-day restrictions limit calls to 8am–9pm in the called party's local time zone, not your call center's time zone. This is a common and expensive mistake.

Abandoned call limits restrict the percentage of calls that can be "abandoned" — connected to a consumer but not transferred to an agent — to 3% over a 30-day campaign period.

The Autodialer Question

Much of TCPA enforcement has centered on what constitutes an "automatic telephone dialing system" (ATDS). The Supreme Court's 2021 Facebook v. Duguid decision narrowed the definition: a dialer must use a random or sequential number generator to store or produce numbers to qualify as an ATDS.

However, the practical impact of this ruling is limited. Many state laws use broader definitions. And consent requirements for prerecorded messages are not tied to the ATDS definition at all — they apply regardless of what technology you use.

The safe operating assumption: treat all outbound calling to consumer numbers as subject to consent requirements.

State Law Complexity

Federal TCPA creates a floor, not a ceiling. State laws frequently go further:

Florida passed the Florida Telephone Solicitation Act with per-call penalties and requirements that exceed federal rules, including specific consent language requirements.

California combines TCPA with the California Consumer Privacy Act in ways that create additional documentation requirements around consent records.

Washington, Virginia, and Texas have passed consumer privacy laws with implications for calling records and consent documentation.

The practical result: your compliance program must track state-by-state requirements for the states where you are calling, not just federal requirements.

Technical Controls That Matter

DNC Scrubbing

National DNC scrubbing must happen before every campaign. Federal regulations require scrubbing against a list no older than 31 days. Most defensible operations scrub within 24 hours of campaign launch and maintain company-specific DNC lists that are updated in real time when consumers request opt-out.

Real-time opt-out processing is essential. A consumer who requests removal during a call must be added to your company DNC list immediately — not in the next batch update.

Consent Documentation

For campaigns requiring prior express written consent, your records must be able to demonstrate: when consent was obtained, what disclosure language was shown, what the consumer agreed to, and the IP address and timestamp of the consent action.

Consent records should be stored for at least four years given the TCPA statute of limitations. They must be producible on demand in litigation.

Time Zone Management

Your dialer must enforce calling window restrictions based on the called number's area code and, where determinable, the actual location of the consumer. Area code alone is insufficient — numbers are highly portable. Using a lookup service that maps numbers to current geographic locations is the defensible approach.

Call Recording and AMD Accuracy

Every regulated call should be recorded. Call recordings are your primary defense in TCPA litigation — they document what was actually said, including consent reaffirmations, opt-out requests, and call disposition.

This is where AMD accuracy connects directly to compliance: calls that are misclassified as voicemail when a live person answered create a record gap. The call happened; the consumer was connected; but there is no recording of what they heard because the system thought it was leaving a voicemail.

What a Defensible Operation Looks Like

Contact centers that successfully defend TCPA claims typically have:

  • Written consent records with timestamps and IP addresses for every consumer contacted
  • DNC scrubbing logs showing when each number was checked and what result was returned
  • Time-zone enforcement logs showing that calling window restrictions were applied
  • Call recordings for all consumer-facing calls
  • An opt-out processing system with timestamps showing when requests were received and when numbers were added to the company DNC list
  • A written compliance policy that has been reviewed by legal counsel
  • Training records showing that agents and supervisors have been trained on the policy

The Cost of Getting It Wrong

TCPA class actions can aggregate thousands of calls into a single lawsuit. At $500–$1,500 per call for willful violations, a campaign with 10,000 non-compliant calls creates potential exposure of $5M–$15M. Several class actions in the past five years have resulted in settlements above $75M.

Compliance is not a cost center — it is existential risk management for outbound operations.

Final Thoughts

The technical controls for TCPA compliance are not complicated. DNC scrubbing, consent documentation, time-zone enforcement, and call recording are solved problems with available tooling. The failure modes are almost always operational: scrubbing that does not happen consistently, consent records that are not retained, opt-out requests that are not processed promptly.

Build the controls into your dialer configuration and workflow so they cannot be bypassed. Audit them quarterly. Document the audits. That is 80% of a defensible compliance program.