TCPA Compliance Checklist for Call Centers in 2025: What Changed and What Still Gets You Fined

Most call center managers know the basics of TCPA. What catches teams is the steady buildup of court rulings, FCC guidance, and state laws that layer on top of the original 1991 framework. Three things changed in 2025 that your operation needs to account for. This is a practical compliance checklist, not a legal opinion: what the law covers, what changed, and what your software should be handling automatically.

What TCPA covers

The Telephone Consumer Protection Act governs four types of outreach:

• Autodialed calls to cell phones
• Prerecorded voice messages
• Unsolicited text messages
• Unsolicited faxes

Penalties start at $500 per violation for unintentional infractions and go to $1,500 per willful violation. Because any consumer can file a TCPA lawsuit directly, a single misconfigured campaign calling thousands of numbers can generate millions in class action exposure.

What changed in 2025

The McLaughlin ruling

A 2025 federal court decision held that FCC interpretations of the TCPA are no longer automatically binding on federal courts. The legal landscape is now more fragmented: the same practice may be interpreted differently depending on which circuit hears the case. The practical response is to operate more conservatively than FCC minimums require, not less.

State mini-TCPAs getting stricter

Texas, Oregon, and New York all updated their telemarketing laws in 2025-2026. State laws frequently impose narrower calling windows, shorter DNC honoring periods, and stricter consent documentation. When calling nationwide, you are subject to the most restrictive state law that applies to each recipient, not just federal requirements.

AI voice agents under scrutiny

The FCC has clarified that AI-generated voices in outbound calls are treated as "artificial voices" under the TCPA. That means the same written prior express consent required for prerecorded messages applies to AI voice agent campaigns.

The 2025 TCPA Compliance Checklist

Consent

• All contacts have documented written prior express consent for autodialed or prerecorded calls to cell phones
• Consent language clearly identifies your company, the communication types, and the purpose. No bundled or buried consent.
• Consent records capture the date, method, source, and proof (TrustedForm certificates or equivalent)
• Records retained for a minimum of 6 years (TCPA statute of limitations)
• AI voice agent campaigns have separate, explicit written consent. Implied consent is not sufficient.

DNC management

• All lists scrubbed against the National Do Not Call Registry before every campaign
• All lists scrubbed against the Reassigned Numbers Database (RND). Calling a reassigned number is a violation even when the original consent was valid.
• Internal DNC list maintained and honored within one business day of any opt-out
• Known litigator numbers removed using specialized screening tools
• Cell and landline contacts separated. Different consent requirements apply to each.

Call timing and frequency

• Calls placed only between 8:00 a.m. and 9:00 p.m. local time. Check state laws — many are stricter.
• Redial limits defined per campaign and enforced by the system, not tracked manually
• Predictive dialer abandonment rate maintained below 3% (FTC requirement)
• Time-zone automation enabled. The system must use the recipient's local time, not the call center's.

Prerecorded and AI voice messages

• Message identifies your company name and callback number
• Message includes a working interactive opt-out mechanism. "Press 9 to be removed" must actually function.
• Script reviewed for compliance before campaign launch
• Separate consent records maintained for prerecorded message campaigns

STIR/SHAKEN and caller ID

• Carrier-authenticated STIR/SHAKEN Level A attestation in place
• CNAM registered and displaying your business name where supported
• Toll-free numbers registered with toll-free verification services
• 10DLC registration complete for all business SMS campaigns. Non-registered traffic is increasingly blocked.

State-specific

• State laws reviewed for every state in your calling geography, not just federal requirements
• Texas, Oregon, New York, Florida, Connecticut, and Washington updated restrictions applied
• Call-time restrictions and consent requirements matched to each recipient's state

Documentation and audit

• TCPA compliance policy documented in writing and reviewed annually
• Agents trained on compliance requirements before each campaign launches
• Quarterly internal compliance audits completed
• TCPA-specialized legal counsel consulted annually or after any significant regulatory update

What your dialer should handle automatically

Running this checklist manually is how violations happen. Not because teams are careless, but because compliance that lives in spreadsheets and SOPs gets missed during high-volume campaigns.

Your dialer should handle the mechanical parts automatically: time-zone enforcement, DNC scrubbing before every dial, abandonment rate monitoring, STIR/SHAKEN authentication. PinnacleVoice builds all of this into the core platform on every plan — not as optional compliance add-ons. It is baseline behavior on every campaign.

If your current platform requires your team to manually schedule DNC scrubs or track time-zone compliance in a spreadsheet, that is a platform problem. It should not require a process solution.