New Notice of Proposed Rulemaking for the TCPA – What Could Change?

Background

The FCC dropped another bombshell related to the Telephone Consumer Protection Act (“TCPA”), but this one may be welcome for businesses that use telemarketing or send marketing text messages to consumers. The TCPA is a federal law governing telephone, text message and fax marketing and provides a private right of action with statutory damages of $500-$1,500 per prohibited communication.

You may recall that back in March, Federal Communications Commission (“FCC”) Chair, Brendan Carr, opened a new docket titled In Re: Delete, Delete, Delete, asking for the public’s help in identifying “unnecessary” FCC rules, regulations and guidance “for the purposes of alleviating unnecessary regulatory burdens.” [1] Well, this is the moment you’ve been waiting for – the FCC has sharpened its scissors and just put out a draft Notice of Proposed Rulemaking[2], seeking comment on its proposals to “delete, delete, delete” some of your favorite TCPA and STIR/SHAKEN (Secure Telephone Identity Revisited/Signature-based Handling of Asserted Information Using toKENs) regulations. In particular, big changes may be coming to the new revocation of consent rule, portions of which the FCC stayed for a year back in April.[3] The stayed portions of the rule would have required businesses to apply a consumer’s revocation of consent to all future robocalls and robotext messages from that caller across all communications channels and for all purposes, which many businesses have complained would be burdensome. These parts of the rule are now scheduled to take effect on April 11, 2026 – but it looks as if the rule may never go into effect.

In addition to the revocation rule, the Draft Notice highlights potential changes to the TCPA’s internal Do-Not-Call rules and call abandonment rules, as well as to the STIR/SHAKEN call authentication rules. Finally, the Draft Notice proposes to clear the FCC’s backlog of older Petitions and Applications that may no longer be relevant.

The Draft Notice will be discussed at the October Open Commission Meeting on October 28 at 10:30 a.m. ET. Open Meetings are streamed live at https://www.fcc.gov/live.  Assuming it is published, the public may comment on these proposals. The Comment Date will be 30 days after the date of publication in the Federal Register, and the Reply Comment Date will be 60 days after the date of publication in the Federal Register. Businesses will want to carefully review the proposed changes and may want to consider filing a Comment to let the FCC know how the changes would impact their business and others.

Eliminating Outdated TCPA Rules

Rollback the Revocation Rules

Identifying the TCPA’s consent revocation rule as a “more recent rule that might harm consumers,” the FCC proposed either to delete the requirement that a caller must treat an opt-out request made in response to one type of call to be an opt out for all calls, or to modify the requirement in such a way as “to give consumers greater control over their right to stop unwanted calls.”[4] The FCC opined that the global opt-out requirement could interfere with consumers’ ability to receive calls that they do want, such as from health care providers that have more than one location, from banks where the consumer may have more than one type of an account, or from businesses where a consumer is both a customer and an employee.[5] Moreover, it observed that this requirement may be overly burdensome for callers to implement.[6] The FCC seeks public comment on the proposal to delete or modify this requirement.[7]

The FCC further proposes to amend 47 C.F.R. §64.1200(a)(10), which requires that a called party may revoke consent “using any reasonable method to clearly express a desire not to receive further calls or text messages from the caller or sender.”[8] Commenters in the In RE: Delete, Delete, Delete proceeding requested that callers be able to designate the exclusive means of revocation rather than requiring callers to honor all revocation requests made via a “reasonable method.”[9] The FCC now seeks comment on this proposal, noting that the current reasonable-means standard is ambiguous, but expressing concern that businesses may designate complex, difficult, or cumbersome methods of revocation that may prevent consumers from effectively revoking consent.[10]

These proposals could mean a complete transformation of the TCPA’s revocation rules, showing that the FCC is serious about Delete, Delete, Delete.

Eliminate the Internal DNC Rules

The FCC didn’t stop there. It further proposed “to delete the rules requiring callers to record a subscriber’s do-not-call request and place the subscriber’s name, if provided, and telephone number on the company’s DNC list to avoid calling that number.”[11] According to the FCC, two decades of experience with both the National Do Not Call Registry (“NDNCR”) and the company-specific DNC requirements suggest that the National Do Not Call Registry may provide enough protection to consumers, so long as companies honor consumers’ opt-out requests and use the NDNCR.[12] The FCC noted that the company-specific DNC rules “impose unique burdens on callers, such as specific personnel training requirements.”[13]

The FCC seeks comment on whether the NDNCR is sufficient to protect consumers without company-specific DNC requirements, and whether requiring companies to obtain valid opt-ins from consumers and promptly honor opt-out requests accomplishes the same purpose.[14] The FCC also requests comment on whether the requirement in 47 C.F.R. § 64.1200(b)(3) that artificial or prerecorded voice telemarketing messages include an automated opt-out mechanism is also redundant in light of existing rules.[15] The FCC notes that the DNC Implementation Act requires it to maintain consistency with the Federal Trade Commission’s (“FTC”) Do Not Call rules, but this does not mean that the FCC rules should not be modernized.[16]

We expect a lot of buzz – and comments – in response to the proposal to eliminate the company-specific DNC rules. While companies would still be required to manage opt-outs, they would no longer be required to maintain their own internal DNC list, which could change the face of TCPA litigation. If the FCC eliminates the company-specific DNC requirements, other TCPA DNC requirements that plaintiffs’ attorneys love to play “gotcha” with may also go out the window, such as the requirement to have a “written policy, available on demand, for maintaining a do-not-call list.”[17]

Eliminate Fraud Alert Call Rules

The FCC also identified the TCPA’s fraud alert call rules as a “more recent rule that might harm consumers.”[18] The proposal would potentially eliminate the rule limiting financial institutions to only calling the number the consumer provided for a fraud alert or similar call that does not require consent.[19] The FCC expressed concern that these rules may “unduly restrict critical calls about the consumer’s financial accounts,” and that they might fail to properly recognize to benefit to consumers of allowing  financial institutions to use any telephone number they have to alert the consumer of potential fraud.[20]

The FCC seeks comment on whether broadening the exception in this way would create the risk of misdirected calls or financial information being improperly disclosed, and whether financial institutions should be required to obtain prior express consent for these calls.[21] While broadening the rule may reduce consumers’ exposure to fraud, the FCC seeks to understand whether doing so outweighs the risk of misdirected calls.[22]

Financial institutions will likely have a lot to say about eliminating this rule, as doing so would certainly lift a burden on these entities.

Eliminate Call Abandonment Rules

The FCC also posits that the TCPA’s call abandonment rules may “ no longer be necessary.”[23] The call abandonment rules currently prohibit callers from disconnecting an unanswered telemarketing call prior to at least 15 seconds or four rings, and from abandoning more than 3% of telemarketing calls.[24] Noting that modern-day predictive dialers are more efficient than older methods of dialing, the FCC stated that “the calling practices these rules target might no longer be a significant source of consumer frustration.”[25] Tracking these calls can be onerous for companies.[26]

Likely we will see significant commentary on this proposal as well, since it would alleviate a burden for callers.

Streamline Artificial /Prerecorded Voice Caller ID Rules

Another older rule that the FCC believes may be obsolete is the “rule requiring a caller making artificial or pre-recorded voice calls to include a telephone number other than a 900 number or any other number for which charges exceed local or long distance transmission charges.”[27] The FCC proposes to streamline the rule, requiring “only that such callers identify themselves with their telephone number to enable called consumers to know who is calling,” and invites comment on whether this change better reflects the modern telecommunications marketplace, where “local or long distance transmission charges” are largely a thing of the past.[28]

Eliminate Call Blocking Rules

The FCC proposes to “eliminate the rules permitting voice service providers to block calls that are on a do-not-originate list or purport to be from a NANP [North American Numbering Plan] number that is invalid, unallocated, or unused.”[29] The FCC has adopted rules that require voice service providers to block such calls, so this rule will become redundant when the new rules go into effect.[30] This rule impacts voice service providers, but not most commercial businesses.

Update STIR/SHAKEN Framework Rules

The STIR/SHAKEN framework imposes requirements on voice service providers that help combat caller ID spoofing by digitally verifying the authenticity of a call.[31] The FCC’s proposed changes to STIR/SHAKEN will impact voice service providers and gateway providers. These changes would:

• Define “caller identity information” as “caller’s name, location, and ‘other information regarding the source or apparent source of a telephone call,’” as opposed to “caller identification information” which is both the originating telephone number and other information regarding the origination of the call.[32]
• Require voice service providers to transmit specific types of caller identity information.
• Require gateway providers to identify calls from outside the US and non-gateway intermediate voice service providers within a call path to pass indicators that call originated outside the US.
• Require voice service providers who use analytics when determining to block calls, to include whether the call originated outside the US in these analytics.

Clear the Regulatory Backlog

In addition to the proposed changes to the TCPA and STIR/SHAKEN rules, the FCC is also planning to dismiss older Petitions and Applications (2012-2021) from its backlog.[33] However, the FCC listed all of these Petitions and Applications so that the Petitioners and Applicants can inform FCC if they are still interested in pursuing them.[34]

What Does This Mean for Your Business?

Businesses who engage in telemarketing through automated or prerecorded/artificial voice calls and text messages should pay close attention to the FCC’s proposals to amend or eliminate TCPA regulations. Such changes could have major impacts on consent revocation processes, internal DNC lists, and other practices.

Businesses should also consider filing a Comment on the proposed changes when the FCC publishes the Notice of Rulemaking in the Federal Register. For example, the proposed rollback of the opt-out rule would greatly reduce burdens on businesses who would no longer have to implement processes to treat an opt-out request made in response to one type of call to be an opt out for all calls. Businesses should consult with counsel that is experienced with the TCPA and related rules to determine how the proposed changes could impact their business practices and to advise them on how to file a Comment on the proposed changes, if

 

[1]           See Martha Kohlstrand and Annalisa Kolb, Dear Public, What Should We Delete, Delete, Delete? Best Regards, the FCC. See also In Re: Delete, Delete, Delete, GN Docket No. 25-133 (March 12, 2025), available at https://docs.fcc.gov/public/attachments/DA-25-219A1.pdf; “FCC Chairman Carr Launches Massive Deregulation Initiative,” Office of FCC Chairman Brendan Carr (Mar. 12, 2025), available at DOC-410147A1.pdf.

[2]           Draft Further Notice of Proposed Rulemaking, CG Docket No. 02-278 (October 7, 2025), available at https://docs.fcc.gov/public/attachments/DOC-415059A1.pdf (“Draft Notice”).

[3]           See Martha Kohlstrand, Annalisa Kolb and Kristen Kennedy, TCPA Update: The FCC Stays Portions of Revocation of Consent Rules by One Year.

[4]           Notice, ¶103.

[5]           Id., ¶104.

[6]           Id.

[7]           Id., ¶103.

[8]           Id., ¶¶105-106.

[9]           Id., ¶105.

[10]          Id.

[11]          Id., ¶97.

[12]          Id., ¶98.

[13]          Id., ¶99.

[14]          Id., ¶100.

[15]          Id., ¶101

[16]          Id.

[17]          47 C.F.R. 64.1200(d)(1).

[18]          Id., ¶107.

[19]          Id.

[20]          Id.

[21]          Id., ¶108.

[22]          Id.

[23]          Id., ¶95.

[24]          Id.

[25]          Id., ¶96.

[26]          Id.

[27]          Id., ¶102.

[28]          Id.

[29]          Id., ¶109.

[30]          Id.

[31]          “Combating Spoofed Robocalls with Caller ID Authentication,” The Federal Communications Commission, available at https://www.fcc.gov/call-authentication.

[32]          Draft Notice, ¶¶28-29.

[33]          Id., ¶110.

[34]          Id.