What TCPA Actually Covers

The TCPA, enacted in 1991 and substantially amended since, prohibits making calls or sending text messages using an automatic telephone dialing system (ATDS) or a prerecorded voice to a number without prior express consent, subject to several exceptions. It also requires callers to maintain internal do-not-call lists, honor the national DNC registry for residential numbers, and identify themselves at the start of every call.

The key concepts that matter for B2B outbound are: what counts as an ATDS, what counts as a text message under the statute, what consent looks like when it exists, and when business-to-business calling gets a different treatment than consumer calling. All four have been the subject of significant litigation and FCC rulemaking since 2021, and the rules continue to evolve.

For practical purposes, if your outbound program uses any dialing technology that stores or produces telephone numbers to be called (even predictive dialers, power dialers, or click-to-call tools that automate parts of the process), you should assume TCPA scrutiny applies until your legal counsel tells you otherwise. The definition of ATDS has contracted somewhat after the Supreme Court's 2021 ruling in Facebook v. Duguid, but the boundaries remain contested in the lower courts.

How TCPA Applies to B2B Outbound

The TCPA does not have a blanket B2B exemption. The statute refers to "called party" and "residential telephone subscriber," which gives some protection when you are calling a direct-dial business line at a company's office. However, three factors have dramatically complicated the B2B picture.

First, mobile numbers. Most business professionals now use their personal mobile as their primary reachable number, and many list it on LinkedIn profiles, business cards, and in company directories. A mobile number is not a "residential line" in the traditional sense, but it is not a business landline either. Courts have consistently applied TCPA protections to calls and texts sent to mobile numbers regardless of whether the recipient uses the number for business purposes.

Second, text messaging. SMS outreach has become a standard part of B2B outbound sequences. Texts sent to mobile numbers using any automated sending tool fall squarely within TCPA coverage. The fact that the message is about a software product or a data service rather than a consumer offer does not change the analysis. If you are sending automated or semi-automated texts to a list of business contacts on mobile numbers, you need express written consent or an applicable exemption.

Third, number reassignment. A number that belonged to a business contact six months ago may now belong to a different person entirely. If that new person receives your outbound call or text and objects, you have a TCPA exposure even if you did everything right when you originally collected the contact. This is the reassignment problem, and it is one of the most underappreciated compliance risks in B2B outbound.

The Established Business Relationship Nuance

B2B sales teams often invoke the "established business relationship" (EBR) concept as a reason they do not need to worry about TCPA. The EBR exemption exists, but it is narrower than most teams assume.

Under the national DNC rules, an established business relationship allows you to call a number on the national registry if the person has made a purchase, rental, or transaction with your organization within the past 18 months, or has made an inquiry or application with your organization within the past three months. That is a specific, time-bounded definition. It does not mean "we once sent them a marketing email" or "they attended our webinar." It requires a genuine commercial transaction or a direct inquiry to your organization.

Common mistake: Assuming that any business contact you have interacted with has an "established business relationship" with you. Unless there has been a transaction or a direct inquiry to your company within the statutory time windows, the EBR exemption does not apply, and a number on the national DNC registry remains protected.

For B2B outbound targeting net-new prospects with no prior relationship, the EBR exemption provides essentially no cover. Your program needs to be built around consent or around calling numbers that are demonstrably business lines rather than personal mobile numbers, paired with rigorous DNC scrubbing.

Scrubbing Against DNC Lists

TCPA compliance requires scrubbing your contact lists against the national Do Not Call registry before initiating outbound phone or text campaigns. The FTC updates the national registry and requires telemarketers to access it at least every 31 days. Beyond the national registry, several states maintain their own DNC lists with independent requirements: California, Indiana, Louisiana, Massachusetts, Mississippi, Missouri, Oklahoma, Texas, and Wyoming all have state-level registries that may impose additional obligations.

Scrubbing should happen at two points: before a list is imported into your CRM or dialer, and again before each campaign run to catch numbers that have been added to DNC registries since the last scrub. Monthly scrubbing is the minimum; weekly is better for programs running high-volume outbound.

Your internal suppression list is equally important. Every contact who has asked not to be called, either to your company specifically or in response to a campaign, must be added to your internal DNC list immediately and suppressed from all future outreach. The TCPA requires honoring internal DNC requests within a reasonable time, and the FCC has interpreted that as no more than 30 days. Best practice is immediate suppression.

Keep records of every scrub: when it was run, against which lists, on what dataset, and what the results were. If you ever face a TCPA complaint or investigation, documented scrubbing records are your primary evidence of good-faith compliance.

Carrier-Level Phone Verification as a Compliance Tool

Carrier-level phone verification is one of the most effective technical controls available for TCPA compliance in B2B outbound. It addresses two of the highest-risk scenarios: calling mobile numbers that have been reassigned to a new user, and calling numbers associated with known TCPA litigators.

A carrier lookup queries the underlying mobile network data to confirm whether a number is currently active, what line type it is (mobile, landline, VOIP), and whether it has been ported recently. A recent port is a strong indicator that the number has changed hands, which means the consent or relationship you had with the previous owner no longer applies. Suppressing recently ported numbers before outreach is a direct risk reduction measure.

Litigator scrubbing is a separate but related capability. A set of data providers maintain lists of phone numbers associated with individuals or entities with a documented history of filing TCPA complaints or participating in class actions. Calling these numbers, even if they are technically reachable and not on the national DNC list, carries disproportionate litigation risk. Scrubbing against a litigator database before outreach is a standard practice for any high-volume B2B phone program.

At TechySales: Every contact in our outbound pipeline goes through carrier-level phone verification and litigator scrubbing before entering a calling or texting sequence. Phone validity is one of the five dimensions in our lead scoring model. A number that fails verification is excluded regardless of how well the contact scores on other dimensions.

Penalties and What They Look Like in Practice

The statutory damages structure under TCPA is straightforward: $500 per violation for negligent violations, up to $1,500 per violation for knowing or willful violations. Each call or text is a separate violation. A campaign that sends 10,000 texts to numbers without proper consent is not a $1,500 problem. It is a $5 million to $15 million problem before the plaintiff's attorneys negotiate a class.

TCPA class actions are a well-established plaintiff's bar practice. The class certification requirements are relatively manageable when the defendant's conduct was systematic (mass texting, automated dialing campaigns), and the per-violation damages make the math attractive for plaintiff counsel even on modest response rates. Settlements for large-scale TCPA violations regularly reach eight figures.

Individuals can also file suit in small claims court for individual violations, making TCPA one of the few federal statutes where individual litigation is economically viable for plaintiffs. This means even a single violated contact who is willing to pursue it can create a legal obligation to defend.

Practical Compliance Checklist

Here is a working checklist for B2B sales teams running outbound phone and text programs.

  • 1
    Classify every number before outreach Run carrier lookups on all phone numbers before they enter any dialing or texting workflow. Separate mobile numbers from business landlines. Apply stricter consent requirements to mobile numbers. Flag recently ported numbers for manual review or suppression.
  • 2
    Scrub against national and state DNC lists at least monthly Maintain documented scrub logs with dates, list versions, and results. Do not wait for a complaint to discover that a number has been on the DNC registry for six months.
  • 3
    Maintain and honor your internal suppression list Any contact who requests removal from your calling or texting list must be added to your internal DNC list immediately. Automate this where possible so there is no window between the request and the suppression taking effect.
  • 4
    Scrub against a litigator database Run all lists against a known litigator database before each campaign. Update the database at least quarterly. The cost of litigator scrubbing is a fraction of the cost of a single TCPA filing.
  • 5
    Review your dialing technology against current ATDS definitions Have legal counsel review the calling and texting tools you use and confirm whether they meet the current ATDS definition in your jurisdiction. The 2021 Facebook v. Duguid ruling narrowed the federal definition, but some states (including California) apply a broader standard.
  • 6
    Document consent wherever it exists If you have consent (a form submission, a demo request, an event registration), retain the record of it. Consent that you cannot document is no defense. Timestamps, source URLs, and the specific consent language presented at collection are all relevant.
  • 7
    Train your SDRs on the basics Every person making outbound calls or sending texts should understand the internal DNC process, how to handle a removal request in real time, and what to do if someone indicates they are recording the call for legal purposes. This does not require legal expertise, just a clear protocol.

This article is informational and does not constitute legal advice. TCPA rules have evolved significantly through FCC rulemaking and court decisions, and the correct compliance approach for your specific program depends on your technology stack, target audience, and geographic footprint. Engage qualified legal counsel for a program-specific review.

If you want to understand how TechySales handles TCPA compliance within our outbound programs for data and analytics clients, including our phone verification and litigator scrubbing workflows, reach out to the team. Compliance is built into our pipeline process from the first contact record, not added as a filter at the end.

Related reading

CCPA Compliance for Data Brokers →
Opt-out obligations, CAN-SPAM, TCPA, and privacy-by-design in B2B outreach
How B2B Lead Scoring Works →
Phone validity and litigator scrubbing as part of a five-dimension scoring model