If your business relies on calls or texts to reach customers, 2025 is the year everything changed. Litigation involving the Telephone Consumer Protection Act (TCPA) has surged nearly 95% compared to last year, fueled by regulatory uncertainty and a wave of aggressive class actions. At the same time, states are rewriting their own "mini-TCPA" laws — often imposing stricter rules and bigger penalties than the federal statute.

Add to that a Supreme Court decision that undercuts decades of reliance on Federal Communications Commission (FCC) guidance, and you have a compliance landscape that is fragmented, fast-changing, and fraught with risk. That’s why compliance playbooks become all the more important.

Why Federal TCPA Compliance Is No Longer Enough

For years, businesses relied on FCC interpretations of the TCPA as a roadmap. That changed in June 2025, with the Supreme Court’s ruling in McLaughlin v. McKesson. The court held that district courts are not bound by FCC interpretations in civil TCPA cases. Instead, judges must interpret the statute independently, giving the FCC only "appropriate respect." The result is greater variability across jurisdictions and more litigation over threshold issues.

This loss of binding deference means longstanding agency interpretations are now open to challenge in the trial courts. In practice, counsel should expect increased motion practice over whether particular FCC rulings (or declaratory orders) should be followed, as well as divergent approaches on questions such as how quiet‑hour rules apply to text messages sent with consent, and what constitutes sufficient consent in lead‑generation flows.

In practice, courts are now free to diverge from agency interpretations, and that divergence is already visible. For example, in Jones v. Blackstone, a federal court concluded that text messages do not qualify as "telephone calls" under the TCPA’s do-not-call provisions, while on the same day, Wilson v. Skopos reached the opposite conclusion, relying on consumer privacy principles and prior FCC orders. These conflicting outcomes illustrate how the loss of binding deference has transformed the litigation landscape, making jurisdictional strategy and proactive compliance adjustments more critical than ever.

Meanwhile, the FCC has pursued parallel enforcement and rulemaking tracks:

• Robocall Mitigation Database (RMD) enforcement: In August 2025, the FCC ordered more than 1,200 voice service providers removed from the RMD for deficient filings, effectively disconnecting them from U.S. networks and compelling downstream carriers to block their traffic.
   
• AI‑generated robocalls: In February 2024, the FCC clarified that artificial intelligence (AI)‑generated voices are "artificial or prerecorded" voices under the TCPA; prior express written consent is therefore required for such calls absent a narrow exception. The commission also opened a rulemaking to consider specific consent and in‑call disclosure for AI‑assisted communications.
   
• Consent revocation: The FCC’s new rules effective April 11, 2025, codify that consumers may revoke consent by any reasonable method (including STOP/UNSUBSCRIBE keywords); certain cross‑channel effects were partially delayed to April 11, 2026, to allow systems changes.

Consent Standards in Flux: The Eleventh Circuit’s One-to-One Ruling

In late 2023, the FCC adopted a rule to close the so‑called lead‑generator loophole by requiring seller‑specific ("one‑to‑one") prior express written consent and limiting consent to communications "logically and topically related" to the interaction that prompted it. On January 24, 2025, the Eleventh Circuit vacated that rule on the eve of its effective date, holding that the FCC impermissibly redefined "prior express consent" by adding requirements not found in the statute.

Bundled consent remains permissible at the federal level, but state laws may be stricter, and businesses are warned to avoid complacency. Plaintiffs will continue to test the adequacy and provenance of consent, especially for data purchased from lead sources. Compliance programs should still capture clear, channel-specific disclosures, preserve evidence of consent provenance (screens, timestamps, IP/device data), and map consent scope to campaign content, to withstand scrutiny across jurisdictions.

States Are Raising the Stakes

Federal uncertainty is only part of the story. States are racing ahead with tougher laws, and the list of jurisdictions with mini-TCPA statutes continues to grow. As of October 2025, at least 15 states have enacted their own telemarketing laws that mirror or exceed the federal TCPA. Highlights include:

• Texas Senate Bill 140 (effective September 1, 2025) expands "telephone solicitation" to include texts image/graphic messages, and other transmissions, tied violations to the Deceptive Trade Practices Act (treble damages, mental anguish, attorneys' fees), and clarified the possibility of serial recoveries. Texas also requires registration for sellers making solicitations from or into Texas, including a $200 filing fee and a $10,000 security (bond/letter of credit), with a per‑location certificate requirement.
   
• Virginia SB 1339 (effective January 1, 2026) requires honoring text opt-out commands (STOP/UNSUBSCRIBE) for 10 years, extends the Virginia Telephone Privacy Protection Act’s framework to testing, and maintains standard calling-time limits (8 a.m. to 9 p.m., local).
   
• Connecticut SB 1058 (effective since 2023) requires prior express written consent for any "telephonic sales call" and restricts calling to 9 a.m. to 8 p.m. local time — stricter than federal hours; penalties can reach up to $20,000 per violation.
   
• Georgia SB 73 (effective since 2024) removes statutory damage caps, eliminates the "knowing" requirement, and adds vicarious liability provisions, materially increasing exposure for brands that benefit from third-party calling.
   
• Maine LD 2234 (effective since 2024) became the first state to require telemarketers to use the FCC Reassigned Numbers Database (RND) before initiating a sales call, with safe harbor tied to demonstrable RND checks.

The takeaway for businesses is federal compliance does not equal state compliance. Programs must be jurisdiction‑aware, with state‑specific time windows, consent standards, and operational controls.

Beyond Mini-TCPAs — States are Leveraging UDAP Statutes

Even where states are not enacting new mini-TCPA laws, they are increasingly folding telemarketing violations into their Unfair or Deceptive Acts or Practices (UDAP) statutes or similar consumer protection frameworks. This trend significantly raises the stakes because UDAP statutes often allow:

• Treble damages or punitive damages for willful violations.
   
• Attorneys' fees and injunctive relief, making litigation more attractive to plaintiffs.
   
• Class actions, even where mini-TCPA statutes themselves might not authorize them.

Texas SB 140 is the most visible example. It explicitly ties violations of its telemarketing provisions to the Texas Deceptive Trade Practices Act (DTPA), creating "triple-stacked" liability (TCPA plus mini-TCPA plus DTPA) and enabling serial claims without limitation. Plaintiffs can now seek mental anguish damages and treble economic damages under the DTPA for conduct that previously carried only statutory penalties.

Other states are following similar patterns. For example:

• Maryland amended its consumer protection law to classify certain telemarketing violations as deceptive acts, granting both public and private remedies.
   
• Oregon and Washington have updated telemarketing statutes to state that violations constitute deceptive practices under their UDAP laws, ensuring liberal interpretation in favor of consumers.

Even if your compliance program meets TCPA and mini-TCPA requirements, a single misstep — such as failing to honor an opt-out or calling outside permitted hours — can now trigger broader consumer protection claims with higher damage multipliers and reputational risk.

Quiet Hours: A Nuanced Rule Driving Litigation

Even in more nuanced areas of the TCPA, litigation is active. The TCPA prohibits telemarketing calls outside 8 a.m. to 9 p.m. local time at the recipient’s location, and several states impose stricter limits. Texas prohibits calls and texts before 9 a.m. and after 9 p.m., while Connecticut restricts telemarketing to between 9 a.m. and 8 p.m. These variations create complexity for nationwide campaigns.

The interpretation of these rules for text messages, particularly when prior consent exists, remains unsettled. In March 2025, the FCC issued a public notice seeking comment on two key questions:

• Does prior express consent override quiet-hour restrictions?
   
• Can businesses rely on area codes as a proxy for determining recipient location for mobile numbers?

As of today, no definitive guidance has been issued, leaving businesses to navigate uncertainty while litigation accelerates.

Plaintiffs are increasingly targeting violations of these "quiet time" rules, often in cases involving text messages sent minutes outside the permitted window. This trend has led businesses to question whether previously obtained consent is sufficient to override quiet-hour restrictions. Until regulators clarify, conservative compliance strategies are essential.

The challenge is compounded by the requirement to honor recipient local time, not sender time. Many businesses rely on area codes as a proxy for location, but this is unreliable for ported numbers or customers who travel. A text scheduled for 8:05 a.m. Eastern time may arrive at 5:05 a.m. Pacific — creating exposure despite good-faith scheduling.

Vendor Risk: The Hidden Exposure Point

Compliance does not stop at your own systems. Most businesses rely on carriers, CPaaS platforms, lead generators, and marketing vendors to execute campaigns. Under the TCPA and many state mini-TCPA laws, liability is not limited to the party that physically places the call or text — it can extend to any entity that benefits from or directs the communication.

Why this matters now:

• RMD enforcement can cut off traffic overnight: In August 2025, the FCC removed over 1,200 providers from the Robocall Mitigation Database for deficient certifications, and directed downstream carriers to block their traffic. If your carrier is delisted, your campaigns may halt without notice.
   
• State vicarious liability expands exposure: Georgia Senate Bill 73 and Texas Senate Bill 140 increase the likelihood that brands will be sued for vendor missteps.
   
• Lead provenance remains critical post‑Eleventh Circuit: Although the federal one‑to‑one consent rule was vacated, courts and regulators continue to scrutinize how consent was captured, whether disclosures matched the channel and content, and whether STOP/UNSUBSCRIBE commands are honored across vendors.

What about STIR/SHAKEN?

STIR/SHAKEN is the FCC‑mandated caller identification authentication framework designed to combat illegal robocalls and spoofing. Carriers must implement it to verify call origination and prevent fraudulent traffic. If your vendor lacks STIR/SHAKEN compliance, calls may be blocked or flagged as spam, increasing both operational and reputational risk.

What This Means for Businesses Nationwide

All this uncertainty means one thing: A company’s compliance playbook will need a rewrite. Here is how to stay ahead:

• Map Your Risk: Inventory every outbound channel — voice, SMS, ringless voicemail, OTT apps — and the jurisdictions you touch. Tag campaigns by legal regime: federal TCPA, state mini-TCPA, and sector-specific carve-outs.
   
• Rebuild Consent Architecture: Although the Eleventh Circuit vacated the FCC’s "one-to-one" consent rule, specificity still matters. Capture clear, channel-specific consent and disclose if AI-generated content is used. Consider authentication measures that bolster consumer consent, including the use of one-time codes through SMS text messaging.
   
• Treat Texts Like Calls: Federal courts may disagree, but states do not. Apply do-not-call, quiet hours, and opt-out rules to texts as if they were calls.
   
• Honor Opt-Outs — Forever (Almost): Virginia’s 10-year retention rule sets a new bar. Build suppression logic and retention policies now. Implement opt-out procedures and honor opt-out requests.
   
• Implement Time-Zone Logic: Default to the strictest applicable window for multi-state programs. Consider requiring location confirmation during consent capture and using real-time suppression tools to prevent violations.
   
• Audit Vendors: Verify carrier/platform RMD status, STIR/SHAKEN posture, and STOP processing; require registration compliance in Texas (including the $200 filing and $10,000 security) where applicable; ensure suppression synchronization across vendors.
   
• Prepare for Litigation: Preserve consent records, SOPs for time-zone logic, opt-out logs, and vendor contracts. Post-McLaughlin, expect heightened challenges to FCC interpretations and more threshold litigation over regulatory deference.

Quick Compliance Checklist

• Daily National/State DNC scrubs and STOP handling aligned with FCC revocation rules.
   
• Ten-year opt-out retention for Virginia numbers.
   
• Texas registration completed (Form/fee) and $10,000 security posted; DTPA exposure modeling in place.
   
• AI disclosure and consent language added where voice cloning or AI is used.
   
• Vendor RMD status verified; STIR/SHAKEN, and traceback cooperation baked into vendor agreements.
   
• Quiet‑hour suppression with time‑zone logic, defaulting to stricter state windows when location is uncertain.

Bottom Line

2025 marks a turning point. The TCPA is no longer a single set of rules — it is a patchwork of federal uncertainty and state‑level escalation, overlaid with aggressive FCC enforcement and evolving AI usage. Businesses that treat compliance as static will be the ones writing settlement checks. Those that build flexible, jurisdiction‑aware programs with robust consent architecture, vendor governance, time‑zone logic, and long‑view suppression will stay ahead of the curve.

For more information, please contact us or your regular Parker Poe contact. Click here to subscribe to our latest alerts and insights.