The Telephone Consumer Protection Act (TCPA) is the federal law, passed in 1991 and enforced primarily by the FCC, that restricts how businesses can call and text consumers using automated technology: autodialers, prerecorded messages, and artificial or AI voices. If your business places calls or sends texts with anything more automated than a human dialing a keypad, the TCPA decides what consent you need first, and it gives consumers the right to sue for $500 to $1,500 per violating call or text.
That per-call number is why the TCPA matters to a five-person roofing company just as much as to a national call center. One bad calling campaign to a few hundred numbers is not a slap on the wrist; it is potential six-figure exposure. The good news is that the rules are learnable, and most of the calls a home-services business actually needs to make are on the easier side of them.
Quick note before we go further: this article is general information, not legal advice. If you are planning a large calling or texting program, or you have received a demand letter, talk to an attorney who handles TCPA work.
What the TCPA actually regulates
The TCPA does not ban business calls. A human at your office picking up the phone and dialing a customer is almost entirely outside its scope. The law kicks in when technology does the work:
- Autodialed calls and texts. Calls or texts placed by an automatic telephone dialing system. Courts have narrowed what counts as an autodialer in recent years, but texting platforms and dialing software often still land inside state-law versions of the rule, so treating automated texts as covered is the safe posture.
- Prerecorded and artificial-voice calls. Any call that delivers a recorded message, or a voice generated by a machine. In 2024 the FCC confirmed that AI-generated voices count as artificial voices under the TCPA, so a call placed by an AI voice agent is squarely covered.
- Calls to cell phones vs. landlines. The strictest rules apply to cell phones. Since most of your customers answer on a cell, assume the strict rules apply to everyone.
- Do Not Call rules. Telemarketing calls to numbers on the National Do Not Call Registry are restricted, and businesses making sales calls must maintain their own internal do-not-call list and honor opt-outs.
- Time-of-day limits. Telemarketing calls are limited to 8 a.m. to 9 p.m. in the recipient's local time.
Text messages are treated as calls under the TCPA. If a rule applies to an automated call, assume it applies to an automated text.
The consent tiers, in plain English
Consent is the center of TCPA compliance, and the level you need depends on what kind of call you are making.
Prior express consent is the lower tier. When a customer gives you their phone number in the course of doing business with you (on an estimate request, a work order, an intake form), they have generally consented to receive informational, non-marketing calls and texts related to that business at that number. Appointment reminders, scheduling calls, job-status updates, and payment reminders on an existing account typically ride on this tier.
Prior express written consent is the higher tier, and it is required for telemarketing or advertising calls made with an autodialer, a prerecorded message, or an artificial voice. Written consent means a signed agreement (electronic signatures and checkboxes count) that clearly discloses the consumer will receive marketing calls or texts, identifies your business specifically, and states that consent is not a condition of purchase. A phone number scraped from a lead list or bought from a data broker does not come with this consent, no matter what the seller claims. The FCC's one-to-one consent rules tightened this further: consent must name your business, not a vague "and our marketing partners."
The line between the two tiers is the line between a servicing call and a marketing call, and it is worth understanding cold. Calling to confirm tomorrow's roof inspection is servicing. Calling to pitch a gutter-guard upgrade is marketing, even to an existing customer. We break down that distinction, with examples from real contractor scenarios, in what is the difference between a marketing call and a servicing call, legally?, and the broader question of when you need permission at all in do you need customer consent to call or text your customers?.
What violations cost
The TCPA has a private right of action, which means consumers can sue you directly, and they do; TCPA class actions are a cottage industry. Statutory damages are $500 per violating call or text, and up to $1,500 per call if the violation was willful or knowing. There is no cap. A texting blast to 2,000 numbers without proper consent is, on paper, a $1 million to $3 million problem. State attorneys general and the FCC can also bring enforcement actions, and many states layer their own mini-TCPA statutes on top with separate penalties.
Revoked consent matters just as much as initial consent. Under FCC rules effective in 2025, consumers can revoke consent by any reasonable method (saying "stop calling," replying STOP, telling your office manager), and you must honor the revocation within ten business days. An opt-out that gets written on a sticky note and lost is a violation waiting to happen; opt-outs need to live in your system of record and be checked before every automated call.
Practical compliance steps for a small business
You do not need a compliance department. You need a handful of habits:
- Capture consent at intake, in writing. Put clear language on your estimate forms, website forms, and contracts saying the customer agrees to receive calls and texts about their project at the number provided. If you ever want to send marketing messages, add a separate, unchecked-by-default marketing consent checkbox with the required disclosures.
- Keep records. Consent you cannot prove is consent you do not have. Store when, where, and how each customer consented, tied to the contact record.
- Separate servicing from marketing. Informational calls to your own customers are the safe lane. Treat anything promotional as a different animal that requires written consent, DNC scrubbing, and time-of-day discipline.
- Track and enforce opt-outs. One list, checked automatically before every automated call or text, honored fast.
- Identify yourself. Every automated or artificial-voice call must state the business name at the start and provide a way to reach you. If the call is recorded, disclosure rules apply too; see is it legal to record a phone call with a customer? for the state-by-state consent picture.
- Never buy calling lists. Purchased leads almost never carry valid consent for automated outreach to the buyer.
How this applies to AI voice agents
Because the FCC treats AI-generated voices as artificial voices, every call an AI voice agent places is a TCPA-covered call, full stop. That is why a well-designed agent is built conservative. Coastline's assistant, Current, is a working example of what that looks like: it answers inbound calls and places only informational outbound calls (appointment reminders, follow-ups, invoice reminders) to customers who already have a relationship with the business. It opens every call by naming the business, identifying itself as an AI assistant, and noting the call may be recorded. Opt-outs are tracked per contact and checked before every outbound call, and it does not do cold calling or marketing outbound at all, because that tier demands written-consent machinery that most small businesses do not have in place.
Whether you automate with an AI agent or a texting platform, the framework is the same: know which tier of consent each message needs, get that consent up front, keep proof, and honor every opt-out immediately. Do those four things consistently and the TCPA becomes a set of guardrails rather than a lawsuit generator.
Again, this is general information as of 2026, not legal advice; rules change and the details of your calling program matter, so run anything ambitious past a lawyer.