Outbound Call Regulations in the United States

Telephone Consumer Protection Act (TCPA, 1991)

Restricts telemarketing calls and use of autodialers or prerecorded messages. Telemarketing calls to residences are only allowed between 8 a.m. and 9 p.m. (recipient's local time). Telemarketers must maintain internal do-not-call (DNC) lists and honor opt-out requests. Since 2012, prior express written consent is required before making telemarketing robocalls to consumers. An established business relationship no longer exempts a caller from obtaining consent for such calls. Each automated telemarketing call must include an automated opt-out mechanism so recipients can immediately revoke consent. The TCPA also requires telemarketers to transmit accurate caller ID information (name and number).

Penalties: The TCPA provides a private right of action with statutory damages of $500 per violation or up to $1,500 per willful violation. The FCC and state attorneys general can also bring enforcement actions (fines can reach $10,000 per call for certain willful robocall violations under the TRACED Act).

Telemarketing Sales Rule (TSR, FTC)

Covers telemarketing practices, including the National DNC Registry. Telemarketers may not call any number on the national DNC list (with limited exceptions for charities, political calls, surveys, etc.). The TSR also requires prompt disclosures of the caller's identity, the purpose of the call, and any material terms at the start of a sales call. Robocalls selling goods or services are illegal without the consumer's prior written consent. The TSR mandates an immediate opt-out mechanism in any prerecorded call. It also prohibits caller ID spoofing with intent to defraud.

Penalties: Violations of the TSR can incur civil penalties up to $53,088 per call. The FTC adjusts this amount for inflation; it was $50,120 in 2022. Enforcement: The FTC can seek these penalties and injunctions, and state AGs can also enforce the TSR in federal court. Each illegal call is a separate violation.

CAN-SPAM Act (for Text Messages)

The CAN-SPAM Act (2003) applies to commercial emails and texts sent to wireless devices. It prohibits sending unwanted commercial messages to cell phones – termed "mobile service commercial messages" – without the consumer's prior affirmative consent. The FCC's CAN-SPAM rules require such texts to include clear identification of the sender and an opt-out method. Telemarketing texts may also be covered under TCPA (which requires prior express consent for texts). Violations can lead to FTC enforcement and fines (CAN-SPAM sets fines up to $50,120 per violation, similar to TSR).

Robocalls and Call Authentication (STIR/SHAKEN)

FCC rules under the TRACED Act mandate caller ID authentication to combat illegal spoofing. All major voice service providers had to implement the STIR/SHAKEN framework by June 30, 2021 (with extensions for certain small/rural carriers). STIR/SHAKEN digitally verifies that a call actually originates from the number displayed, which helps block spam/spoofed calls. The FCC now requires even intermediate and gateway providers to authenticate calls or implement robocall mitigation programs.

Caller ID Spoofing: Under the Truth in Caller ID Act, it is illegal to transmit misleading caller ID information "with intent to defraud or cause harm." FCC penalties for illegal spoofing can reach $10,000 per call. For example, the FCC has issued record fines (over $299 million) against scammers for massive spoofed robocall campaigns. Telemarketers must ensure they transmit a valid caller ID number that a consumer can call back (even if they're a legitimate business).

Do-Not-Call Lists and Opt-Outs

The national DNC registry is jointly implemented by the FTC and FCC. Telemarketers must scrub their call lists against the National DNC Registry at least every 31 days. Calling a number on the registry (absent an exemption or prior consent) is illegal. Consumers who ask a company to stop calling must be placed on the company's internal DNC list; further calls to that consumer are prohibited. Even if a number isn't on the national list, if the consumer says "Do Not Call," the telemarketer must honor the request immediately. Violations can lead to the FTC fines noted above.

The FCC and FTC coordinate DNC enforcement: the FCC's rules cover both interstate and intrastate telemarketing calls, closing loopholes. Certain categories of calls are exempt from DNC rules (e.g. purely informational calls, political or charitable outreach, debt collection), but sales calls require compliance. The FCC also bans prerecorded telemarketing calls to residences without consent (regardless of DNC status).

Call Recording (Consent Requirements)

There is no single federal law on call recording in telemarketing, but FCC privacy rules and state laws apply. The FCC requires that artificial/prerecorded telemarketing messages disclose the calling party and include an automated opt-out. For live calls, recording the call implicates state wiretap laws (see state-specific section on one-party vs. two-party consent). The key point is that telemarketers must not record calls with consumers in violation of those consent laws. The FCC's rules do require telemarketers to identify themselves and the business at the start of a call, especially if the call is being recorded or monitored for quality assurance.

Enforcement Bodies

The FCC oversees TCPA and caller ID rules – it can issue fines and injunctions, and it manages telecom carriers' compliance (e.g. STIR/SHAKEN). The FTC oversees the TSR and DNC list – it can seek civil penalties and has sued hundreds of companies for telemarketing violations. State attorneys general also enforce these laws (state AGs can sue for TCPA/TSR violations on behalf of residents). Consumers themselves can sue for TCPA violations (private lawsuits, including class actions, are common, given $500-$1,500 statutory damages per call).

California

California's laws supplement federal rules and require telemarketers to register with the state. Under the California Telephonic Sellers Act, any business making solicitation calls to California residents or from within California must register with the Attorney General's office at least 10 days before calling. Registration requires detailed disclosures and a $50 filing fee, and telemarketers must renew annually and file quarterly updates. They also must post a $100,000 surety bond (to cover consumer losses) before calling California consumers. It is illegal for a telemarketing firm or salesperson to call Californians if not registered – California requires a "license" to call into the state.

California enforces the National DNC Registry for sales calls (the state does not maintain a separate list), and California law piggybacks on federal DNC rules. Telemarketing calls are generally limited to 9:00 a.m. – 9:00 p.m. in California (slightly stricter morning hours than the federal 8 a.m.). State law also prohibits certain deceptive practices and requires specific disclosures during calls (e.g. the caller must identify it's a sales call and give the company's name and address on request).

California is a two-party consent state for call recordings – all parties on a call must consent to being recorded (California Penal Code §632). Telemarketers calling from or into CA should announce if a call is recorded to obtain consent. Violating California's telemarketing laws (e.g. failing to register or honor DNC requests) can trigger civil penalties under California's Unfair Competition Law and the Telephonic Sellers Act. Consumers can sue to stop calls and, under state law, may recover up to $1,000 for willful violations of "do not call" requests (in addition to any federal TCPA remedies).

Texas

Texas has its own "Texas No-Call List" maintained by the Public Utility Commission (PUC). Residents can register their number on the Texas no-call list (which is separate from the national DNC) to block telemarketing calls to residential or wireless numbers. Telemarketers calling Texas consumers must purchase the Texas no-call list and scrub against it, in addition to the national list. The list is updated quarterly, and telemarketers are required by state law to have the latest version. Calling a number on the Texas list (absent an exemption) can result in state penalties up to $1,000 per violation. Texas law exempts calls that mirror the federal exemptions (political, charity, existing business relationship, etc.), and also requires telemarketers to register with the Texas Secretary of State if they engage in telephone solicitation to Texas residents.

Texas adheres to the standard calling hours of 8 a.m. to 9 p.m. (central time for the called party) by reference to federal TCPA rules. Notably, Texas recently strengthened its telemarketing law. As of 2022, telemarketers cannot spoof caller ID to display a Texas area code if the call is not actually from that area (to combat "neighbor spoofing"). Texas law (Business & Commerce Code § 305.001) already allowed a private right of action for residents on the no-call list who receive unlawful telemarketing calls, meaning Texans can sue violators for damages. Texas is a one-party consent state for call recording, but telemarketers are advised to follow the stricter rule if a call may reach a consumer in a two-party consent state.

(Note: Texas was considering further updates, such as adding a private right of action for all telemarketing violations and requiring prior express written consent for certain calls, in line with other states' "mini-TCPA" laws. Always check the latest Texas statutes for updates.)

Florida

Florida's Telemarketing Act is one of the more stringent state regimes. Telemarketers must be licensed by the Florida Department of Agriculture and Consumer Services (FDACS) before calling any Florida consumer. This involves obtaining a Commercial Telephone Seller business license (annual fee $1,500) and a license for each salesperson ($50/year). Florida also requires posting a $50,000 security bond (or letter of credit) as a condition of licensing. Even out-of-state companies must obtain this license if calling Florida residents. Failure to do so can result in fines and misdemeanor charges. Licensees are given a Florida telemarketing license number, which must be displayed or provided to called persons upon request.

Florida maintains a state Do Not Call list (separate from the national list). Consumers can opt into Florida's list through FDACS, and the list is distributed quarterly to telemarketers. Telemarketers are obligated to scrub against both the national DNC and Florida's list. Florida's calling time restrictions are 8 a.m. to 8 p.m. (stricter evening cutoff than the federal 9 p.m.). Moreover, in 2021 Florida enacted the Florida Telephone Solicitation Act (FTSA, SB 1120) which requires prior express written consent to call or text consumers using an autodialer or prerecorded message. This effectively mirrors the TCPA's consent standard but under state law – violations of the FTSA give consumers a right to sue for $500 per call/text, and a four-year statute of limitations (this led to numerous lawsuits, especially regarding text messages). The FTSA also limits the volume of attempts: telemarketers may not call a consumer more than 3 times in 24 hours regarding the same subject matter (to curb repeated dialing).

Florida prohibits caller ID spoofing and recently enabled a private cause of action for violations of its state DNC and calling rules. The Florida Attorney General can enforce telemarketing laws with civil penalties up to $10,000 per violation for willful violations. Florida is a two-party consent state for call recording (Fla. Stat. §934.03), so telemarketers must have the called party's consent before recording any call with a Florida resident.

New York

New York has beefed up its telemarketing regulations in recent years. New York's General Business Law §399-z requires that telemarketers immediately disclose at the beginning of a call: (1) the caller's name and the name of the entity on whose behalf the call is made, (2) the purpose of the call (that it's a sales call), and (3) that the consumer can request to be added to the caller's do-not-call list. In fact, since December 2022, NY law mandates offering the company's internal DNC opt-out at the outset of certain telemarketing calls. New York enforces calling hours of 8 a.m. to 9 p.m. (same as federal).

New York uses the National DNC Registry (there is a state law, but no separate state-run list; NY forwards complaints to the FTC). The NY Department of State, Division of Consumer Protection oversees telemarketing compliance. In 2023, New York doubled its DNC violation fines – the maximum fine for calling a number on the DNC registry increased from $11,000 to $20,000 per violation. This hefty penalty is enforced against businesses that call New Yorkers on the national DNC list without permission. Telemarketers also cannot block or fake caller ID under NY law; doing so (with intent to defraud) could violate both federal law and New York's statutes against fraudulent business practices.

New York is a one-party consent state for call recordings (only one party – e.g. the caller – needs to consent). However, if a call center records calls, best practice is to announce the recording due to the possibility of other state laws. New York's Attorney General can also pursue telemarketing fraud under general antifraud statutes (GBL §399-p and executive law), which carry additional fines or injunctive relief. Recent legislation in NY (as of 2023) also requires live telemarketers to provide a callback number upon request and refrain from pre-recorded voicemails without consent.

Illinois

Illinois primarily relies on federal law (TCPA/TSR) for telemarketing, but it has some state-specific rules. Illinois has a law called the Telephone Solicitations Act (815 ILCS 413) which, among other things, prohibits a telemarketer from continuing to pitch if the called party indicates disinterest or hangs up. Illinois does not maintain its own DNC list; it uses the National Do Not Call Registry, enforced by the Illinois Attorney General's office. The Illinois Consumer Fraud and Deceptive Business Practices Act also makes it unlawful to call those on the DNC registry, and the AG can seek penalties for each violation. Illinois law requires callers to identify themselves and their business at the call's outset, and it bans autodialed calls to cell phones without prior consent (consistent with TCPA).

Notably, Illinois has very strict call recording laws. Illinois is a two-party (all-party) consent state for recording calls. Under the Illinois Eavesdropping Act, it is generally illegal to record a phone call without the consent of everyone involved, unless no party has a "reasonable expectation of privacy." Since most consumer phone calls are considered private, telemarketers should obtain consent before recording Illinois calls. Violations can be a felony under state law.

Illinois has pursued telemarketers for spoofing and robocall scams using its fraud statutes. While Illinois doesn't require telemarketer registration, a bill (the "Illinois Trusted Caller Act") has been proposed to strengthen call authentication and fight spoofed calls. Currently, enforcement is largely through the state AG working with the FTC/FCC (e.g., Illinois joined the nationwide Anti-Robocall litigation task forces). Businesses calling into Illinois should simply comply with federal TCPA/DNC rules and ensure call recordings (if any) comply with all-party consent.

Pennsylvania

Pennsylvania's Telemarketer Registration Act (TRA) requires that any business engaging in telemarketing to Pennsylvania residents register annually with the PA Attorney General's Office. Telemarketers must provide the AG with identification and pay a registration fee to be licensed to call in Pennsylvania. The state maintains its own Pennsylvania Do-Not-Call List, which includes both residential and business telephone subscribers (Pennsylvania extended DNC protections to businesses in 2019). Consumers can register permanently (Pennsylvania removed the old 5-year re-registration requirement). The Pennsylvania list is updated quarterly, and telemarketers must scrub against it, in addition to the national list. It is unlawful in PA to call any number on the PA DNC list or to use the list for any purpose other than compliance.

Calling time restrictions: Pennsylvania bans telemarketing calls on legal holidays statewide. This is in addition to time-of-day limits (which follow the 8 a.m. to 9 p.m. rule). Recently, Pennsylvania also prohibited unsolicited telemarketing calls made by autodialer or prerecorded message to any PA number without prior consent, tightening robocall rules. Telemarketers must provide an opt-out mechanism for robocalls and immediately honor opt-outs (the 2019 amendments require that robocalls allow the person to opt out and automatically be added to the do-not-call list).

Enforcement: Violators of the PA Telemarketer Registration Act can face civil penalties up to $1,000 per violation (or $3,000 if the victim is 60+ years old) under state law, in addition to federal penalties. The PA Attorney General actively enforces holiday and DNC violations. Pennsylvania is also a two-party consent state for recordings (all parties must consent to record a call), similar to Florida and California. Therefore, telemarketers should not record calls with Pennsylvanians unless they obtain consent at the start.

(Other states have notable laws too: e.g. Indiana has a very strict DNC law with no exemptions and $10,000 fines; Oklahoma and Oregon in 2022-2023 passed "mini-TCPA" laws requiring prior consent for autodialed calls and allowing lawsuits; New Jersey requires telemarketers to disclose certain info within the first 30 seconds, etc. It's important to check each state where you call, as many have telemarketing statutes that add additional restrictions beyond federal law.)

State-Federal Interplay

Generally, when state laws are more restrictive, telemarketers must follow those stricter requirements in that state (e.g. Florida's 8 p.m. cutoff, Pennsylvania's holiday ban). The federal TCPA/TSR do not preempt state laws that afford greater consumer protection. Instead, they operate concurrently. A telemarketer calling nationwide must comply with federal rules and each target state's laws. State attorneys general often enforce both state and federal law together (they can sue under the TCPA in federal court, and also under their own state laws).

CCPA/CPRA (California)

If a company doing outbound calls handles personal information of California residents – for example, phone numbers and call details – it must comply with CCPA requirements. This means informing Californians about data collection practices (privacy notice), honoring any request to delete personal information a consumer may submit, and not selling personal data without offering an opt-out. If telemarketing call lists are purchased or shared, those transfers might be considered a "sale" of personal data under CCPA, requiring an opt-out mechanism ("Do Not Sell My Info"). Also, if a California consumer asks, the business must disclose what personal data they have on file (which could include phone call records). These privacy rights indirectly affect telemarketers by imposing data handling standards and giving consumers more control over how their phone number and call history are used.

Other states (like Virginia, Colorado, Connecticut, Utah in 2023) have similar privacy laws requiring consent for certain uses of personal data and opt-out of targeted marketing. While these laws don't specifically ban outbound calls, they regulate lead generation and data sharing. For example, if a telemarketer obtained a lead via a website form, privacy laws require proper disclosure at the point of data collection and honoring any email/phone opt-outs.

Consent for Calls and Texts

Obtaining valid consent is critical. Under TCPA, prior express written consent (PEWC) is required for autodialed or prerecorded telemarketing calls to wireless numbers and for all prerecorded telemarketing messages to landlines. "Written" consent can be electronic (web forms, texts, etc.), but it must be clear, conspicuous, and uncoerced (the consumer cannot be forced to agree as a condition of purchase). Many states mirror this; e.g., Florida's FTSA also mandates written consent for certain calls.

The consent must specifically authorize that the consumer agrees to receive calls/texts from that seller (or in some cases, from affiliated marketers – though the FCC attempted to limit the ability to lump many parties into one consent, a recent court decision overturned that new "one-to-one" consent rule, keeping the prior standard that one consent can cover a seller and its partners).

Opt-Out Requirements

Both federal and state rules give consumers the right to withdraw consent or opt out. The TSR requires that any robocall include an automated opt-out (e.g., "Press 2 to be added to our do-not-call list"). The TCPA and FCC rules say that consent can be revoked by any reasonable method, at any time, and telemarketers must honor it. Recent FCC rulings (effective 2023) clarified that consumers can revoke consent in any reasonable way, whether by telling the caller on a live call, using a keypad opt-out, replying "STOP" to a text, etc. Once consent is revoked, the caller must stop. Additionally, CCPA-style laws give consumers the right to opt out of sales of their data, which could include stopping the sharing of their phone number with third-party call centers.

Data Security

Telemarketers often maintain large databases of customer contact info. Data privacy laws require safeguarding that data. For instance, if you record calls (which contain personal info) or log call outcomes, that data must be protected from breaches. If a telemarketing firm experiences a data breach involving consumers' personal information (names, phone numbers, call recordings, etc.), they may have to notify affected individuals under state breach notification laws.

Foreign Companies Contacting U.S. Residents

If a company outside the U.S. calls U.S. consumers, U.S. laws still apply. The TCPA covers any call made "to any person within the United States" via the public telephone network. The FTC and state regulators have pursued foreign call centers and scammers – often collaborating with international authorities – for violations. For example, the FTC has worked with Canadian and Indian authorities to shut down telemarketing scams targeting Americans.

Foreign companies should designate a U.S. agent for service of process because they can be sued in U.S. courts for calls into the U.S. Also, under the TRACED Act, the FCC now requires gateway providers (the U.S.-based telecom carriers that handle incoming international calls) to help block and traceback illegal foreign robocalls. So foreign call operations must not assume immunity; their calls will be screened for authentication and legality. In summary, any call terminating in the U.S. must follow the same consent, calling hour, and DNC rules – there is no safe harbor for being offshore.

Finally, California's privacy law (CPRA) also has a provision extending privacy obligations to companies outside California if they do business with Californians above certain thresholds. So a foreign telemarketer calling Californians may also have to comply with CCPA/CPRA (if, for example, they make a significant number of calls or derive revenue from selling personal data of Californians).

This means when you make an outbound call, your carrier attaches a certificate attesting to your number (e.g., full attestation if you are using your own number). The terminating carrier can verify this signature. If a call fails authentication (e.g., the number is spoofed or originates on a non-compliant network), it may be flagged or blocked as "Spam Likely." Telemarketers are encouraged to use carriers and equipment that support STIR/SHAKEN, so that their calls are labeled as verified. Some voice providers now display "Caller Verified" checkmarks for calls that pass authentication, improving answer rates.

Carrier Call Blocking

The FCC has empowered phone companies to block calls that are highly likely to be illegal, especially if they fail STIR/SHAKEN verification or appear to spoof numbers not in use. As of 2021, carriers must block traffic from any provider that is not in the FCC's Robocall Mitigation Database (meaning the originator hasn't certified their STIR/SHAKEN compliance). In 2023, the FCC extended call blocking rules to require intermediate providers to block suspicious traffic and use caller ID analytics. Telemarketers should therefore ensure their calls aren't mistaken for spam: use a consistent caller ID, avoid short bursts of high-volume calling that trigger analytics, and promptly respond to any traceback inquiries (the Industry Traceback Group will investigate illegal call campaigns – legitimate marketers should cooperate to distinguish themselves from bad actors).

Do Not Originate (DNO) Lists

A DNO list is a set of phone numbers that should never originate calls. For example, numbers that are only used inbound (like IRS taxpayer assistance lines, or a bank's fraud hotline) are prime targets for spoofing by scammers. To combat this, the FCC allows and now requires carriers to block calls purporting to be from numbers on DNO lists. Initially, gateway providers were required to use DNO blocking for obvious imposters (like if someone spoofs the IRS's number, it gets blocked). In February 2025, the FCC expanded this to all voice service providers in the call path – every carrier must block calls from numbers on any "reasonable" DNO list. This means if a telemarketer somehow were to spoof a number that's been flagged (say a government or hospital number, or a number that the actual subscriber has requested to be in DNO because it never makes outbound calls), that call will be stopped.

Caller ID Rules for Telemarketers

By FCC rule, a telemarketer must transmit a valid caller ID number (one that can be called back, not a dummy or blank number) and, if possible, the name of the business. They also must display a number that is answered during business hours for opt-out requests. It is illegal to block your caller ID information on telemarketing calls – unlike a consumer, a telemarketer cannot deliberately show "Unknown" or *67 their calls. If a company has multiple outgoing numbers, they often use a local presence strategy (displaying local area codes). This is legal if the number is actually assigned to the caller and can be called back. It is not legal to randomly spoof purely to look local. The FCC's Truth in Caller ID Act rules (and many state laws) forbid fraudulent spoofing.

Enforcement: The FCC and DOJ have brought enforcement against companies for illegal spoofing – e.g., one notable case was a $120 million FCC fine against a Florida telemarketer who spoofed ~96 million numbers in a three-month "neighbor spoofing" campaign. So compliance with caller ID laws is critical.

Carrier Call Labeling

In addition to blocking, U.S. carriers use analytics to label calls. If your number gets flagged as spam (perhaps due to high call volumes or consumer complaints), calls might display as "Spam Risk" or be silently blocked by apps. Telemarketers should monitor call completion rates and use call labeling mitigation services if needed (some analytics companies allow legitimate callers to register and provide their business information to reduce mistaken blocking). Also, recycling calling numbers (rotating through many caller IDs) can backfire, as it resembles scam tactics and can lead to number blocking. The safest route is to properly register your outbound numbers (through frameworks like SHAKEN attestation and carrier traceback cooperation) and maintain good practices (honor DNC requests, avoid short calls that result in dead air, etc., which carriers use as spam signals).

Do Not Originate Best Practices

Telemarketers typically wouldn't use DNO (since DNO is for numbers that shouldn't call out). But they should be aware that if they are assigned a number that should never originate calls (unlikely, unless a number was mistakenly assigned), that number may be on a DNO list and therefore calls won't complete. Generally, stick to numbers obtained from your carrier that are meant for outgoing calls. Large enterprises can coordinate with carriers to put their inbound-only numbers on DNO lists to prevent spoofing by scammers – a measure outside companies can consider for brand protection, though not directly a compliance issue for telemarketing firms.

The first five area codes are free, but beyond that, the FTC charges a fee (FY2025: $80 per area code, with a cap of $22,038 for all U.S. area codes). After registering for access, telemarketers can download the list of DNC numbers for those area codes. They must scrub their calling lists against the DNC registry at least once every 31 days and avoid calling any number on it (unless they have prior consent or an exemption applies). The registry can be accessed at DoNotCall.gov, where businesses create an account, provide identification, and obtain their subscription. Misusing the DNC data (e.g., to call those consumers or to sell the list) is illegal. The FTC's DNC portal provides an API for automated scrubbing. Penalties: as noted, up to $50,120 per illegal call, so compliance is vital.

State Do Not Call Lists and Registration

Many states require additional registration or list subscription:

California

Requires the Telephonic Seller Registration with the AG (as discussed). California uses the national DNC list, so no separate purchase is needed, but the state registration is mandatory to lawfully call. (Link: the California DOJ's online portal for telephonic seller registration).

Texas

Texas's No-Call List is administered by a contractor for the PUC. Telemarketers must purchase the Texas list (which is updated quarterly). The Texas no-call website (TexasNoCall.com) provides registration for businesses to obtain the list (there is a fee based on number of area codes or full state). Not buying the list is not an excuse; Texas law expects all telemarketers to either obtain it or ensure they do not call Texas at all. Texas also requires telemarketing companies to file a registration (name, address, agent for service, etc.) with the Secretary of State and pay a fee, under its Business & Commerce Code. Additionally, the Texas Attorney General can pursue companies that call Texans without being properly registered or who ignore the state DNC.

Florida

Telemarketing businesses (and their salespersons) must apply for a license from FDACS as noted. The application is available on the FDACS site (freshfromflorida.com). Along with fees and bond, the applicant must pass a background check. Upon approval, they are issued a license number. Florida also maintains a state Do Not Call list – telemarketers can download it from FDACS (free of charge for licensees). Florida's list is now perpetual (numbers stay on indefinitely). Telemarketers must update their call lists quarterly from this database. Violations of the Florida DNC (Fla. Stat. 501.059) also carry a private right of action ($500 per call). FDACS provides an online system to "scrub" numbers by checking against the Florida list.

New York

New York does not have a separate list to purchase; it enforces the national DNC. However, New York telemarketers should register with the Department of State's Consumer Protection division if required by any local rule. (New York previously required telemarketers to post a bond in some home solicitation contexts, but for pure phone sales, the main requirement is to follow the NY General Business Law rules). There's no additional fee for a list – just use the national one. After the 2023 law change, expect stricter enforcement by New York authorities, so companies calling NY should keep proof of their DNC scrubs.

Pennsylvania

Telemarketers must register with the PA Attorney General's Office (usually through a form and fee). Pennsylvania's "Do Not Call" list is free for telemarketers to access once registered; it is managed by a third-party (previously, the list was managed by the state's contract with a list administrator). Telemarketers get a registration number from the PA AG and can then download the PA DNC list. The list is updated quarterly and includes numbers that have signed up via the PA AG's website. Pennsylvania also requires, by law, that telemarketers use the list only for compliance – they cannot call those numbers or share the list data except to purge those numbers from call lists.

Illinois

No separate list (uses national DNC). However, Illinois encourages businesses to notify the Illinois Attorney General if they are conducting telemarketing. The AG's "Do Not Call Registry" information page just directs to the national registry for signup. So while there's no extra registration to call Illinois, be aware the Illinois AG actively enforces violations, and consumers can file complaints with that office.

Other States

Many states (e.g., Indiana, Oklahoma, Colorado, Tennessee) require telemarketers to register and/or obtain a certificate. Indiana's law, for example, requires annual registration with the Indiana Consumer Division and purchase of the Indiana DNC list (which is notable for having no exemptions – Indiana even prohibits political/charity calls if the number is on its list). Pennsylvania, Texas, Florida, and Indiana are among states where separate state DNC scrubbing is essential. New Jersey and Massachusetts use the national DNC but require telemarketer business registration with the state Division of Consumer Affairs. Always check state consumer protection websites for "telemarketing registration" requirements before calling residents of that state.

Links to Official Portals

• National DNC Registry (FTC): donotcall.gov – Telemarketer section for downloading list. Also see FTC guidance "Complying with the TSR" for steps to access the registry.
• California Telephonic Seller Registration: Via CA Dept. of Justice – oag.ca.gov/consumers/general/telreg (includes forms and online system).
• Florida Telemarketing License: Via FDACS – forms and online portal at www.fdacs.gov (search "Telemarketing") – includes the "Add Your Number to Florida DNC" and telemarketer login.
• Texas No-Call List: Registration at www.texasnocall.com – telemarketers can purchase lists there. (Customer service: 1-888-309-0600 as per PUC materials).
• Pennsylvania Do Not Call Program: Info at PA AG's site – attorneygeneral.gov (search "Do Not Call" for enrollment and telemarketer registration).
• New York Consumer Protection Telemarketing: See NY Department of State, Consumer Protection Division site for telemarketing rules (no separate list to download, but useful FAQs).
• Illinois Do Not Call: Illinois AG site has a Do Not Call Registry fact sheet (again, points to national list).

Scrubbing Frequency

The standard is every 31 days (federal), but some states effectively require more frequent updates (Florida and Pennsylvania, with quarterly updates, effectively at most 90 days). Best practice is to scrub call lists at least once a month against all applicable DNC lists (national and relevant states). Also, maintain an internal suppression list of anyone who ever opted out or asked not to be called – this internal list should be honored indefinitely (the TSR requires honoring an internal DNC request forever, or for at least 5 years if one wanted to be technical, but most companies treat it as permanent).

Penalties for Not Registering or Scrubbing

Calling without subscribing to the DNC can lead to hefty fines. For instance, the FTC has penalized companies that failed to scrub – each call to a DNC number can be a violation at ~$50k each. States like Florida can fine or even revoke a telemarketing license for failing to comply. In Pennsylvania, unregistered telemarketing is unlawful – the state can issue fines and bar the company from calling. Always ensure all paperwork, licenses, and subscriptions are in place before dialing.

There is no loophole that exempts foreign telemarketers – regulators have repeatedly stated that the TCPA's reach is to protect U.S. residents from unwanted calls regardless of origin. The FTC and FCC work with international partners to pursue violators abroad. For example, the FCC can issue fines and work with the Department of Justice to enforce them, even seizing U.S.-based assets of foreign companies if necessary. Moreover, gateway carriers in the U.S. are now required to block certain illegal traffic from abroad, as noted under STIR/SHAKEN. The TRACED Act (2019) specifically directed the FCC to crack down on foreign robocalls; now gateway providers must apply STIR/SHAKEN and robocall mitigation to foreign-originated calls and respond to traceback requests.

State Jurisdiction

States like California and Florida explicitly assert jurisdiction over telemarketing directed at their residents. California's law says if you "do business" in CA by calling consumers there, you fall under the Telephonic Sellers Act. Florida's law similarly doesn't care where you are located – if you call Floridians, get licensed. States can file lawsuits against out-of-state entities in their state courts or in federal court. Often, if a foreign company has U.S. affiliates or uses U.S. telecom resources, jurisdiction can be established. Also, many foreign telemarketers use U.S.-based VoIP numbers or cloud dialers to place calls – these typically have U.S. points of presence, giving U.S. authorities leverage.

Cross-State Calling

If your call center is in State A but you call consumers in State B, you must follow State B's telemarketing law. This is common – e.g., a New York call center calling Texas must honor Texas's no-call list and calling hour rules. There is no "home state" exception. You might have to register in multiple states. Many large telemarketing firms maintain a compliance matrix and secure licenses in all states that require it, even if they are not physically present there. It's important to consult each state's requirements. For instance, a Nevada-based company calling consumers in Pennsylvania must still register with PA's AG. Not doing so could lead PA to ban them or fine them if complaints arise.

Enforcement and Risk for Foreign Entities

While it can be harder to enforce laws on a company with no U.S. presence, the risk is significant. The FCC has authority to issue fines and willful violators can even face criminal referrals. The FTC can coordinate with foreign consumer protection agencies. Also, private plaintiffs can sue any company (foreign or domestic) in U.S. courts for TCPA violations – if the company fails to appear, a default judgment could be entered, potentially enforceable wherever the company does have assets. In recent years, enforcement authorities have shown creativity: working with voice providers to cut off service to scammers, for example. So a foreign call operation might suddenly find its U.S. phone numbers disconnected if it's caught flouting the rules (through FCC cease-and-desist orders to carriers).

Special Considerations for Canada/Mexico

Neighboring countries' call centers often target the U.S. They too must comply. Notably, Canada has its own DNCL and telemarketing rules, but calling into the U.S., Canadian callers must switch hats and follow U.S. law (and vice versa for U.S. companies calling Canada's residents – they must follow the Canadian Radio-television and Telecommunications Commission rules). If you're outside the U.S., it's wise to partner with a U.S.-based legal consultant or utilize compliance services to ensure you're scrubbing against U.S. DNC lists and obtaining proper consent.

Foreign Data Privacy Laws

If you're a foreign company calling U.S. consumers, U.S. data privacy laws might not directly apply except CCPA (if you meet thresholds for CA). However, be mindful if you call European or other international numbers from the U.S., you may trigger laws like GDPR. (Out of scope for U.S.-focused question, but worth noting if operations expand).

In summary, "location of the called party determines the law." It's safest to assume every call to a U.S. number will subject you to U.S. jurisdiction. Ensure compliance infrastructure (scrubbing, consent tracking, etc.) is in place irrespective of where your call center sits.

This greatly aids in traceback, the process of identifying the source of illegal calls. The Industry Traceback Group (led by USTelecom) works with carriers and the FCC to trace robocalls back through the IP networks to the call originator. Telemarketers should be responsive to traceback requests – if an upstream carrier inquires about traffic, provide the info promptly. The FCC has proposed rules to require even faster traceback cooperation and to potentially bar non-cooperative providers from the network.

Robocall Mitigation Database

By FCC mandate, all voice service providers had to file a certification of their STIR/SHAKEN implementation or robocall mitigation steps in the FCC's Robocall Mitigation Database by 2021. As of September 2021, carriers are forbidden from carrying traffic from providers not in that database. So, if a telemarketer uses a small VoIP provider that didn't comply, their calls might be dropped. The latest (Jan 2025) FCC Order imposes additional requirements and fees for entities in this database, ensuring they keep their info updated. Telemarketers should verify that their telecom providers are listed and compliant – or risk call delivery issues.

New FCC Rules (2023-2024)

The FCC has been actively updating TCPA rules. In July 2023, the FCC issued an order requiring prior consent for marketing calls to residential lines even using an artificial/prerecorded voice if the call was previously "exempt" (closing some loopholes for things like political or non-profit robocalls – they now need to allow opt-outs and have certain consent if over a certain frequency). Also in 2023, the FCC attempted to implement a "single seller" consent rule (often called the "one-to-one" rule) which would stop lead generators from getting one consent to cover many related companies. However, as of early 2025, that FCC rule was struck down by the 11th Circuit Court of Appeals. The result is that the prior regime continues: a consumer's consent can still legally authorize multiple affiliated parties if properly disclosed. Companies should watch this space – the FCC may appeal or try another approach to curb abusive consent-sharing in lead generation.

Industry Enforcement and Analytics

Carriers and analytic companies now play a big role in enforcement. There are reputation registries for phone numbers; legitimate call originators can register their numbers with services like Nomorobo, Hiya, TNS, etc., to help ensure their calls aren't mislabeled. The FCC encourages development of call-blocking apps and has affirmed that carriers can offer network-wide spam blocking by default (as long as customers can opt-out). Telemarketers might see increased call blocking if they don't manage dialing practices carefully. This is essentially a tech enforcement of "best behavior" – if consumers frequently hang up or complain about a number, it gains a bad reputation and gets blocked by algorithms.

Pending Legislation

Several bills in Congress propose updating telemarketing laws. For instance, there have been discussions on raising the TCPA's statutory damages or explicitly covering automated texts under TCPA (though courts largely do). Also, some lawmakers have pushed for shorter statute of limitations for TCPA (currently 4 years) or conversely, for more funding to FCC/FTC for enforcement. At the state level, more "Mini-TCPA" laws are appearing: e.g., Oklahoma's Telephone Solicitation Act (2022) and possible new laws in states like Washington or Georgia introducing private rights of action for unlawful robocalls. Florida amended its FTSA in 2023 to clarify definitions (to reduce frivolous suits), but also kept strong consumer rights. Companies engaging in outbound calling should stay updated via legal counsel or compliance bulletins – the landscape can shift with new court decisions (for example, the definition of an "autodialer" under TCPA has been narrowed by the Supreme Court in Facebook v. Duguid (2021), but new dialing technologies or FCC interpretations could broaden it again).

Call Recording and AI

Another emerging issue – if using AI in call centers, note that the FCC has declared AI-generated voice calls are considered "artificial/prerecorded" and fall under robocall rules. So a call with a synthetic voice requires the same consent as a robo-call. Also, some states (like California) are considering laws requiring disclosure if a call is made by an automated system or bot. Using AI for voice or texting thus triggers compliance considerations. Call recording technology is ubiquitous, but as mentioned, you must navigate all-party vs one-party consent laws. It's wise to program an automated disclosure at the start of calls saying, "This call may be recorded for quality assurance," which generally satisfies consent in one-party states and serves as notice in two-party states (where the consumer's decision to continue could be deemed consent, though this can be legally complex – explicit consent is safest in two-party states).

Spam Mitigation Tools for Consumers

The FCC and FTC direct consumers to tools like call-blocking apps and carrier services. Telemarketers should be aware that many consumers won't even hear their calls if labeled spam. Engaging in best practices can help: e.g., rotate call times, don't let phone ring too briefly (which can look like a "ping" scam), ensure agents don't have too much silence before speaking (FCC has "abandoned call" rules requiring the call to connect to a rep or play a message within 2 seconds of answer to avoid dead air). Also, keep answer rates and call durations at reasonable levels – some carrier analytics treat extremely short calls or extremely low connect rates as signs of a war-dialing robocaller and may preemptively block.

Outbound calling in the U.S. is highly regulated. Federal laws set the baseline: obtain prior consent, honor DNC, call at permitted times, no spoofing, provide opt-outs. State laws add another layer: requiring your organization to register, pay fees, and follow stricter curfews or consent rules in some cases. Data privacy laws overlay how you handle consumer information behind the scenes. And evolving technology like STIR/SHAKEN means your calls must be properly identified or they might not go through at all.

Non-compliance can result in massive fines – both government penalties (e.g. $50,000 per call) and private lawsuits (which can seek hundreds or thousands of dollars per call). By staying informed of the latest rules from the FCC and FTC, as well as each state you dial into, and by leveraging compliance solutions (DNC scrubbing, caller ID management, legal counsel review of scripts and practices), you can conduct outbound calling campaigns that reach consumers effectively without running afoul of the law.

Always err on the side of consumer privacy and choice – provide transparency, honor opt-outs quickly, and you can avoid the common pitfalls of telemarketing regulations. The telemarketing regulatory landscape continues to evolve, so maintaining a proactive compliance program is essential for any organization conducting outbound calling campaigns in the United States.