Convoso
Customer LoginSchedule a demo
2025 Contact Center Trends - Compliance_Convoso Blog_v2

    TCPA & Call Center Compliance Trends for 2025: Complexity Grows with One-to-One Consent, Revocation of Consent Rules, and State Privacy Laws

    Convoso

    TCPA compliance and optimal performance go hand in hand these days. And with an increasing number of regulatory hoops to jump through, managing a successful and compliant outbound call center only gets more and more complex.

    Make sure that this year is your lead gen and sales team’s best yet by staying on top of the call center compliance trends and outbound calling laws shaping the landscape. Inside this comprehensive guide to TCPA compliance in 2025, you’ll find:

    • A look at the TCPA’s new one-to-one consent rule

    • How to navigate the new consent revocation rules

    • What the end of the Chevron Deference means for your business

    • Clarification on the E-SIGN Act

    • New state-level privacy laws to know

    • The best ways to manage TCPA compliance risk in 2025

    What’s New for 2025

    Major regulatory changes are coming in 2025, tightening how businesses handle consumer consent. The one-to-one consent rule requires individual written consent for each seller, eliminating broad or blanket agreements. Meanwhile, new consent revocation rules give consumers more control, allowing them to opt out across multiple channels with ease.

    To stay compliant and avoid penalties, call centers must adapt quickly, ensuring they collect, track, and honor consent properly.

    The FCC has implemented big changes to consumer consent rules through a two-step rollout:

    • Phase 1 (July 2024): The lead generation loophole was closed. This stopped businesses from gathering blanket consent for multiple unnamed partners through vague terms like “marketing partners” or hyperlinked lists. Now, every seller must be clearly identified in consent forms​​.

    • Phase 2 (January 27, 2025): The one-to-one consent rule kicks in, requiring separate written consent for each business contacting the consumer. No pre-checked boxes are allowed on web forms—consumers must actively select each company they agree to hear from. Also, calls and texts must align with the context of the original consent interaction​​

    By the January 2025 deadline, call centers must fully switch to one-to-one consent. Even leads collected before the rule takes effect must comply with the stricter standards if contacted after January 27. 

    If your call center relies on leads from vendors, you’re still on the hook if those leads don’t meet the new consent requirements. It's essential to evaluate their lead generation practices

    "Start reaching out to those partners, your third parties on either side—the buy or the sell side—and say, ‘How are you thinking about this? What can [we] do to help?’" John Henson, Attorney at Troutman Amin​, said. Open communication and regular reviews of vendor practices are crucial for mitigating compliance risks​.

    Or, to be extra safe, you can focus on generating leads in-house. "If you're responsible for compliance, go to your marketing teams, go to your sales teams, and have them walk you through the process of the lead," Henson said​.

    Regardless of your strategy, your call center needs to update lead forms, document interactions, and ensure messages align with consumer expectations. With penalties on the line, waiting until the last minute is not an option.

    Beginning April 11, 2025, the FCC will introduce stricter rules on revocation of consent, giving consumers more control over their communication preferences. Under the new guidelines, any reasonable method can be used to revoke consent—whether through phone calls, texts, or other communication channels—and your business must honor these opt-out requests within 10 business days to avoid penalties​.

    If a consumer opts out through one channel, such as a phone call, the opt-out applies to both calls and texts unless the consumer explicitly says otherwise. 

    While businesses are allowed to send a follow-up message to confirm whether the opt-out covers all channels, this message must be strictly for clarification—no marketing content is allowed. If the consumer doesn’t respond to the confirmation, the opt-out must be treated as comprehensive, applying to all future communication​.

    These rules place the burden on businesses to ensure they can process opt-outs quickly and accurately. Although the FCC allows up to 10 days to honor requests, acting faster—ideally within minutes—reduces the risk of non-compliance and builds trust with consumers. 

    Reviewing and updating your opt-out procedures before April 2025 is essential to avoid penalties and ensure smooth operations.

    2024 in Review: The Biggest Developments in TCPA & Outbound Calling Regulations

    To understand where TCPA compliance is heading—and to know how your business needs to respond—it’s critical to know just what’s unfolded in the recent past. Read below to see which 2024 changes to outbound calling regulations will have ramifications in 2025 and beyond. 

    Chevron Deference Ends, Creating a Path for Businesses to Contest FCC Rules in Court

    The end of Chevron deference through the Loper Bright Enterprises v. Raimondo decision creates new legal options for businesses. For decades, courts deferred to agencies like the FCC and FTC when interpreting regulations. Now, businesses can challenge those interpretations in court, giving them a chance to push back on rules that may not align with their interests.

    “There may be a great likelihood that an appeal could be successful, especially in the small business,” Michele Shuster, founding partner of Mac Murray & Shuster, said. She highlights that agencies are required to assess the impact of rules on small businesses, and failing to do so opens new paths for appeals.

    This change won’t affect all rules equally. Regulations like the TCPA’s consent requirements, which went through formal rulemaking, are more secure from challenges. As Shuster points out, “That’s not the type of process that Chevron was applying to.” However, for rules based on informal agency guidance, companies now have more leverage to argue for changes or rollbacks in court​.

    With the end of Chevron, businesses—especially smaller ones—should explore whether any past agency interpretations have unfairly impacted them. The legal landscape has shifted, making challenges that once seemed impossible much more viable.

    The recent Bradley v. DentalPlans.com ruling serves as a wake-up call for contact centers about how they collect consumer consent. In this case, the court addressed a key compliance issue: whether a voice recording alone could meet the requirement for prior express written consent under the TCPA and the E-SIGN Act.

    The court’s message was clear: voice recordings alone are not enough to comply with E-SIGN Act requirements. As Shuster said, “Because a voice recording is not a written document or a written disclosure to that consumer, then there is no way that you can comply with the E-Sign requirements strictly by a voice recording.” The E-SIGN Act mandates that agreements and key disclosures be provided in a written format that consumers can retain and review.

    While a recorded verbal agreement can still be part of the consent process, it must be supplemented with written disclosures—such as online forms, emails, or text messages—that consumers can keep for reference. This ensures compliance with the E-SIGN Act’s requirements while minimizing the risk of legal exposure under the TCPA.

    Call Centers Contend with New State Privacy Laws

    With new state privacy laws taking effect in 2025 and beyond, call centers must adapt quickly to stay compliant. These laws vary by state, requiring close attention to consent, data handling, and consumer rights. 

    "If you’re not on the privacy compliance bandwagon, it’s time to do it and start really assessing what kind of data you have, who you’re sharing it with, what your contract provisions are, and whether you’re meeting the requirements of safeguarding that information," Shuster said

    Convoso’s StateTracker™ helps call centers navigate these changing rules with automated compliance management, reducing risks and ensuring smoother operations.

    Here are the new state privacy laws your call center needs to know:

    • Iowa Privacy Law: Effective January 1, 2025, Iowa’s law requires opt-out consent for sensitive data. Violations carry fines of $7,500 per violation​, with 90 days to cure violations. Learn more about Iowa’s new privacy law.

    • Delaware Data Protection Act: Delaware’s law takes effect January 1, 2025, requiring opt-in consent for sensitive data and recognition of universal opt-out mechanisms by January 1, 2026. Fines reach $7,500, with a 60-day cure period until December 31, 2025. Learn more about Delaware’s data protection law.

    • Rhode Island Data Transparency and Privacy Protection Act: "Rhode Island’s new law, effective January 1, 2026, requires businesses to disclose all third parties who may receive personal information,” Shuster said. It also mandates opt-in consent and detailed privacy notices. Fines range from $100 to $500 per violation, with no cure period​. Learn more about Rhode Island’s data privacy act.

    • Indiana’s Consumer Data Protection Act (Indiana CDPA): Indiana’s law, effective January 1, 2026, requires opt-in consent and data protection impact assessments for high-risk activities. Non-compliance results in fines up to $7,500 per violation and offers a 30-day cure period​. Learn more about Indiana’s upcoming data protection law.

    Best Ways to Manage TCPA Compliance Risk in 2025

    With all of these changes afoot and yet more unforeseen events sure to take place in 2025, successful leaders will need to keep outbound call compliance top-of-mind. Here are some of the best ways to manage compliance risks for your company in the current climate:

    1. Use a Dialer Designed—and Updated—with Compliance in Mind

    When it comes to TCPA compliance solutions for outbound call centers, your software platform is your greatest asset. To stay competitive in 2025, you need a dialer that supports TCPA compliance and helps optimize every area of your sales or lead generation operation.

    Your contact center software provider should diligently stay abreast of updates and trends in TCPA regulations to minimize risk to customers. The dialer system should enable responsible dialing strategies (see below). 

    Plus, depending on the type of leads you are calling and the consent associated with those leads, you may want to consider a system that also offers a manual dialing solution, like Convoso’s Click-to-Comply™ product.

    Of course, as we covered earlier, call center compliance issues extend well beyond the reach of the federal TCPA. That’s why your dialer should offer state-level compliance support. And that’s why Convoso offers its users the StateTracker™ tool, the only purpose-built solution for supporting compliance with state “mini-TCPA” laws.

    2. Use a lead fraud detection tool

    In addition to potential fines, violations of TCPA rules are resulting in increased class action lawsuits. Beyond dollars and cents, failure to comply with the TCPA can damage your brand’s reputation and waste valuable resources if your sales team tries to contact potential customers who did not actually ask for the call. However, it’s not simply about brand reputation and consent.

    Fake leads have become a major problem in the lead generation space. Fraudsters often exploit real individuals' contact information to create phony leads or sign-ups. Those individuals didn’t give consent to be contacted, so by mistakenly calling phony leads, you risk TCPA violations in addition to wasted time and money. 

    As Rich Kahn, co-found and CEO of Anura, puts it, “When you start adding up the costs to really do fraud detection and compliance right inside your company—and you're going to have to do it right sooner or later—it becomes cheaper and more efficient to buy or to lease technology like what Anura and Convoso offer, versus trying to go out and build it yourself.”

    Learn more about how our friends at Anura can integrate with your existing framework to help detect fraud to keep your leads genuine so you can avoid wasted marketing dollars and potential TCPA fines.  

    3. Implement Smart Dialing Strategies and Caller ID Reputation Management

    “Over-dialing your leads is the biggest problem,” says Nima Hakimi, Convoso CEO & Co-Founder:

    “Your contact rates will just go down. It’s a failing strategy. We really want to make sure everybody truly understands it will no longer work. You [also] need to have a system in place that can automate that lead follow-up process in a manner that doesn’t abuse the consumer and call them to death. [Then], you won’t be in the position where you’re over-dialing and your calls get blocked.”

    In 2025 and beyond, it’s increasingly essential to avoid call blocking and flagging. Make sure your dialer supports smart dialing strategies and offers caller ID reputation management tools. Convoso customer Jesse Daniels, VP Sales at One Health Direct, describes this as one of the biggest issues for large outbound call centers:

    “We’re making a million outbound calls a day. I read a statistic lately that there’s about a 6% chance that someone’s going to pick up the phone if they see “Spam likely”. So if that’s showing up on their cell phones, they are not picking up the phones. And if people are not picking up the phones, I can’t make money and I can’t keep my business afloat. And I can’t keep the 500 employees that we have nationwide employed. So that’s huge.”

    4. Develop a Sound AI Compliance Foundation

    Call center AI solutions are creating a lot of excitement—and rightly so. Technologies like intelligent virtual agents have the potential to unlock incredible gains in efficiency. However, with each new technology comes potential new questions around compliance and risk.

    During a webinar on the subject, expert attorney Shuster said that many of the primary concerns around AI and contact center compliance remain the same as they have been. 

    Those using AI need to ensure their solutions comply with restrictions on the use of automatic telephone dialing systems (ATDS) as well as rules around the use of prerecorded voice: For now, Shuster says, organizations should take a conservative approach and assume that calls using artificial voice technologies will be treated as prerecorded voice messages.

    In addition, organizations using artificial intelligence in order to help support compliance should evaluate their solutions to ensure they comply with the following checks:

    • Disclosures: Can your AI system consistently deliver the proper disclosures mandated by federal and state law? Not to mention industry-specific requirements, such as in Medicare marketing.

    • Call time restrictions: Can your system be calibrated to call only within allowable times? Beyond the federally mandated calling hours of 8:00 AM to 9:00 PM, systems need to be able to comply with different state calling restrictions that have emerged.

    • Registration requirements: Some states may require registration for the use of automatic dialing and announcing systems, which Shuster says may include AI-enabled systems.

    • Unlisted numbers: Many states prohibit calls to unlisted phone numbers. Do you have a means of scrubbing those numbers from your lists?

    • Disconnect requirements: Is your system able to disconnect in time after a call is terminated and meet requirements?

    • Caller ID types: What type of caller IDs does the system use?

    5. Look to Pivot Ahead of Big Changes in Lead Generation

    The closure of the lead generation loophole in July 2024 and the one-to-one consent requirement starting January 27, 2025, mean your call center can no longer rely on blanket or vague consents. 

    Eric Troutman, Founding Partner of Troutman Amin LLP, advises companies to invest in drive-to-site campaigns that generate quality, first-party leads, giving them greater control over consent collection. He also recommends exploring partnerships with BPOs to handle increased lead volumes efficiently.

    It’s equally important to evaluate your third-party lead vendors to ensure compliance with the new consent rules. "As you move into the future, with things coming at you from different angles every day, the need for expertise is more prevalent than ever,” says Troutman. “That means having the best tools in place to support compliance, even beyond your dialer software."

    By focusing on first-party leads and carefully monitoring third-party sources, your business can reduce compliance risks, maintain trust with consumers, and stay ahead of potential legal challenges.

    6. Enlist Expertise and Assess Your Risks

    “As you move into the future, with things coming at you from different angles every day, the need for expertise is more prevalent than ever before,” says Troutman. 

    That means having the best tools in place to support compliance, even beyond your dialer software. A recent LeadsCon panel recommended implementing TrustedForm from ActiveProspect as a great way to support compliance—and, in case you need to, prove that you’ve obtained customer consent. 

    Enlisting expertise also means obtaining top legal counsel. Getting attorneys on your side who can not only advise on legal issues but aid in audits and risk assessments is essential for supporting compliance, in 2025 and beyond.

    DISCLAIMER: The information on this page and related links is provided for general education purposes only and is not legal advice. Convoso does not guarantee the accuracy or appropriateness of this information to your situation. You are solely responsible for using Convoso’s services in a legally compliant way and should consult your legal counsel for compliance advice. Any quotes are solely the views of the quoted person and do not necessarily reflect the views or opinions of Convoso.