Summary:
The TCPA remains a critical concern for businesses of all sizes. With compliance becoming increasingly complex, vigilance, preparation and adaptability are essential. Businesses that proactively invest in legal expertise, multi-layered strategies and regulatory engagement will be better positioned to navigate the challenges ahead.
The Telephone Consumer Protection Act (TCPA), passed by Congress in 1991, is a complex legislation that reshaped how businesses approach customer outreach. Since its inception, compliance with the TCPA continues to evolve for outbound communications operations, including AI-driven customer engagement.
Our recent webinar — The New Era of TCPA — featured a panel of industry experts, TransUnion Vice President Tom Nowaczyk; Eric Troutman, Founder, Troutman Amin LLP; member of the Clark Hill law firm, Joanne Needleman; and WebRecon LLC CEO Jack Gordon, who together explored trends, emerging risks and what lies ahead for 2025.
Watch the webinar now and read on for a recap.
Note: The FCC’s One-to-One Express Consent Rule Under the TCPA Act discussed in this pre-recorded webinar has been recently vacated by the Eleventh Circuit on January 24, 2025.
Where we are and how we got here
According to Gordon—who specializes in tracking trends of major consumer statutes, including consumer litigation data around TCPA — there was a significant jump in TCPA lawsuits from 2011–2016, with over 4,700 suits filed. He believes the lucrative nature of class actions brought about this spike. The WebRecon chart below shows a decline in lawsuits since 2016, which he believes is a result of landmark cases, such as the 2015 case of ACA International v. FCC, and 2021 Facebook, Inc. v. Duguid, in which the definition of auto dialers was altered, thereby narrowing the scope of the TCPA.
(Source: TCPA Litigation 2011-2024, WebRecon LLC)
Eric Troutman described the TCPA as the biggest "cash cow" in the history of litigation as settlements often reach eight figures. However, while the total number of lawsuits has dipped along with individual cases, more complex and aggressive class actions are actually on the rise. According to Troutman, we’re at the peak of the TCPA class action era — with nearly 70% of TCPA cases filed as class action lawsuits.
These lawsuits are often valued in the hundreds of millions or even billions of dollars. Troutman predicted, “2024 will have the highest number of TCPA class actions ever filed.” Needleman agreed the TCPA statute has a lot of nuances that allow opportunity and financial incentive for class actions, meaning the liability and financial stakes for businesses (both large and small) are higher than ever.
Emerging challenges for businesses
The panel of experts dove into how the evolving regulatory landscape and technological advancements introduced new compliance hurdles. Top concerns business face include:
1. New rules for consent and revocation.
Two significant changes are set to reshape TCPA compliance in 2025:
- One-to-One Consent Rule (Vacated January 24, 2025): Businesses must secure explicit, individual consent from consumers for each specific company engaging in outreach, eliminating blanket consents. This means a single consent can no longer apply to multiple businesses.
- Expanded Revocation Rule (Effective April 11, 2025): Any revocation from the consumer will require businesses to cease all communications — telemarketing, informational and exempt messages — across all channels. This includes messages that didn’t previously require consent, such as a multi-factor authentication (MFA) request or a fraud alert.
While these changes are meant to protect consumers, companies will need to adapt their consent processes and overhaul their overall outreach strategies. This will significantly increase compliance costs and operational complexity, particularly for large enterprises with multiple lines of business or small companies with limited resources.
2. Artificial intelligence (AI) and auto dialers (ATDS)
The TCPA takes a hard line on certain technologies, so businesses need to be careful if they’re using AI or auto dialers.
- AI-driven messaging: Tools like ringless voicemail, IVR systems and AI-generated voices are all considered "regulated technologies" under the TCPA. Even something as simple as a pre-recorded greeting (like "Please hold" or "This call may be recorded") can trigger compliance rules. What’s required? Companies need written consent for marketing messages and explicit consent for informational ones if they use these tools.
- Auto dialers: After a key Supreme Court decision in 2021, auto dialers were defined as systems that use a random or sequential number generator to store or produce numbers. However, the law also looks at what the system is capable of doing, not just how you use it. Red flags to consider include features like number shuffling or call prioritization — which could mean the system qualifies as an auto dialer, even if you’re dialing manually.
If your or your vendor’s system falls under either of these categories, your company is fully responsible for compliance. Vendors may claim their technologies aren’t regulated, but that’s no guarantee. It’s your brand that will face lawsuits or fines, not them.
Pro Tip:
Have a legal expert review your technology and agreements with vendors to ensure everything meets TCPA standards. AI and auto dialers can be powerful tools, but without the proper safeguards, they can lead to serious risks.
3. Vendor management and liability
Managing your vendors is a critical aspect of TCPA compliance, especially for companies relying on third-party marketing, lead gen and outreach services. These vendors often handle essential tasks like sending texts or making phone calls on behalf of the company. It’s essential companies understand the ultimate responsibility for compliance still lies with the company itself, not the vendor.
Key considerations for managing vendors effectively include:
- Vendor claims: Don’t simply rely on vendors claiming to be "TCPA compliant." Companies must verify how their vendors operate and ensure they meet compliance standards.
- Data access and litigation risks: In TCPA lawsuits, companies are held accountable and must provide detailed information, such as how many people who opted out received texts. Vendors may resist sharing that data, complicating litigation and exposing weak spots in agreements.
- Clear agreements: Carefully review vendor agreements, focusing on indemnification clauses, responsibilities and liabilities. Poorly defined terms can shift the financial and legal burden back to the company.
- Opt-out processes: Ensure you have a robust system in place for handling opt-outs accurately, especially when vendors are the ones interacting directly with your customers.
At the end of the day, your brand is on the hook for any compliance failures — no matter what your vendors do. It’s essential you stay on top of things with regular audits, strong contracts and a hands-on approach to mitigate risks and avoid costly legal headaches.
Key predictions for 2025: What lies ahead
Our panelists agreed TCPA compliance will only grow more challenging in the coming years. Key predictions across the group include:
- Continued rise in class actions: Based on current trends, Gordon anticipated a significant increase in TCPA class actions. Troutman said we should expect a 50% increase in lawsuits in 2025 and another 50% in 2026 as businesses struggle to adapt to new rules and plaintiffs' attorneys capitalize on violations.
- Heightened AI scrutiny: Needleman sees AI becoming a central issue in TCPA enforcement. The FCC’s scrutiny of AI-driven marketing tools and communications, and a lack of understanding among policymakers, may lead to new, potentially vague regulations.
- Layered compliance strategies: Nowaczyk emphasized compliance is becoming more sophisticated, but there’s no single solution. Businesses will adopt layered solutions —integrating multiple tools and approaches to minimize risk.
Better understand and mitigate risk
The TCPA remains a critical concern for businesses of all sizes. With compliance becoming increasingly complex, vigilance, preparation and adaptability are essential. Businesses that proactively invest in legal expertise, multi-layered strategies and regulatory engagement will be better positioned to navigate the challenges ahead.
Whether you’re a small business or a global enterprise, staying informed and prepared is key to mitigating TCPA risk. TransUnion Compliance Risk can help you reduce compliance risk, leading to improved efficacy of your outreach programs.
Check out the on-demand webinar for more details on adapting your practices to align with the new rules and safeguarding your business against TCPA-related risks.
