Quick answer: The TCPA (Telephone Consumer Protection Act) governs calls and texts in the US. Cold calling and texting are not banned, but the rules are real: automated/prerecorded calls and most marketing texts generally require prior express consent, the National Do Not Call Registry must be respected for marketing calls, and texting carries especially strict consent expectations. Penalties run roughly $500–$1,500 per violating call or text, which adds up fast. B2B has some narrower exposure than consumer outreach, but it is not exempt — and rules tighten over time. This is general information, not legal advice.
Phone and text outreach can be powerful — especially combined with cold email in one multi-channel cadence — but they're regulated far more tightly than email, and the penalties are per-message, so a careless texting blast can become a six-figure problem quickly. The TCPA is the main federal law here, enforced by the FCC, and it's worth understanding before you pick up the phone at scale. Talk to a qualified attorney for your specific situation; what follows is the plain-English lay of the land.
What the TCPA actually covers
The TCPA regulates telemarketing calls, autodialed calls, prerecorded/artificial-voice calls, and text messages. The FCC administers it. The core ideas:
- Consent — automated or prerecorded marketing calls, and most marketing texts, generally require prior express written consent. Manual calls have different (but not zero) requirements.
- Do Not Call — marketing calls must respect the National Do Not Call Registry and any internal do-not-call requests.
- Identification and honesty — you must identify who's calling and why, and honor opt-outs.
- Time-of-day rules — telemarketing calls are restricted to reasonable hours.
- Autodialer restrictions — using automated dialing technology to call cell phones without consent is a core TCPA risk area.
Texting is the strictest channel
Cold texting deserves special caution, because people treat unsolicited texts as far more intrusive than email and the law reflects that. Marketing texts generally require prior express written consent, and 'I found their cell number' is not consent. The combination of strict consent rules and per-message penalties makes mass cold texting one of the riskiest things you can do in outreach. If you text, do it only to contacts who have genuinely opted in, include clear opt-out instructions (like 'reply STOP'), and honor opt-outs immediately.
The per-message structure is what makes the TCPA dangerous: at roughly $500–$1,500 per violating call or text, a single automated blast to a few thousand numbers without consent can theoretically expose you to penalties in the millions. Volume is exactly what turns a small mistake into a catastrophic one here.
B2B isn't a free pass
A common myth is that the TCPA only applies to consumers, so business-to-business calling is unrestricted. It's more nuanced. Some TCPA provisions and Do-Not-Call rules center on residential and personal lines, which gives B2B calling to business landlines somewhat more room than consumer outreach. But the moment you're calling or texting cell phones — and many business contacts are cell numbers — or using autodialers and prerecorded messages, you're squarely in TCPA territory regardless of B2B intent. Treating 'it's B2B' as a blanket exemption is how companies get into trouble.
Rules tighten — assume stricter, not looser
TCPA interpretation and FCC rules evolve, and the trend has consistently been toward stricter consent requirements, not looser ones — including moves toward more granular, one-to-one consent for marketing calls and texts. The safe posture is to assume the rules will get tighter and build your process to the stricter standard now, rather than relying on a permissive reading that may not survive the next update. Compliance built for today's loosest interpretation ages badly.
What actually counts as consent
Most TCPA trouble comes down to a misunderstanding of consent, so it's worth being precise. For automated or prerecorded marketing calls and for marketing texts, the standard is generally prior express written consent — an affirmative, documented agreement to receive that kind of contact, not an inference. What does not count as consent: finding someone's cell number in a directory, the number being publicly listed, a past unrelated business interaction, or the contact 'not having opted out.' Consent has to be given, not assumed from silence or availability. This is the single most common place well-meaning teams go wrong — they treat a reachable number as a contactable one. If you can't point to when and how a person agreed to be called or texted in this way, you don't have consent for the high-risk channels, and you should treat that contact accordingly. When the basis for contact is unclear, the safe assumption is that you don't have it.
State laws stack on top of the federal TCPA
The TCPA is the federal floor, not the whole picture, because many states layer their own telemarketing and texting rules on top — additional calling-hour restrictions, state do-not-call lists, stricter consent or registration requirements, and in some cases private rights of action that make violations even costlier. A practice that's compliant federally can still violate a specific state's rules, and since you're often contacting businesses across state lines, you can be subject to several regimes at once. This is another reason a blanket 'it's fine, it's B2B' assumption is dangerous: the rules depend on where the person is, what you're using to reach them, and which state's law applies. You don't need to memorize all fifty states, but you do need to know that federal compliance isn't automatically full compliance, and to get advice on the states you actively work before scaling phone or text outreach there.
Suppression is your safety net
Given the per-message penalties, the most important operational habit is a suppression system that actually works — one place where every opt-out, do-not-call request, and 'stop' is recorded and honored across every channel, immediately and permanently. The danger scenario is a contact who opted out of texts still getting a call, or someone who said 'remove me' months ago getting re-added from a fresh list. That happens when suppression lives in scattered tools or someone's memory rather than a single enforced list. A genuine 'no' isn't an objection to handle; it's a legal line, and honoring it instantly protects both your compliance and your reputation. Build suppression into your process from the first message, not after the first complaint, and make it impossible for an opted-out contact to re-enter any campaign. The teams that stay safe treat the suppression list as sacred.
When to involve a lawyer
This guide is plain-English orientation, not legal advice, and the genuinely smart move with the TCPA is knowing it's a question for a professional before you scale. Talk to a qualified attorney before you launch any significant automated calling or texting program, when you're unsure whether your consent basis is adequate, before relying on a B2B or peer-to-peer carve-out, and any time you're operating across multiple states. The cost of a consultation is trivial next to per-message penalties that compound into the millions on a single careless blast. The companies that get hit hard are almost never the ones who asked a lawyer first; they're the ones who assumed a permissive reading, scaled on it, and discovered the rules the expensive way. When phone or text outreach is becoming a real part of your motion, make the legal review part of the launch, not the post-mortem.
Practical ways to stay on the right side
- Get and document consent before automated calls or marketing texts — keep records of when and how.
- Scrub against the Do Not Call Registry and maintain your own internal do-not-call list.
- Honor opt-outs immediately and suppress those contacts everywhere.
- Be careful with autodialers and prerecorded messages to cell phones — this is the highest-risk zone.
- Identify yourself and your purpose on every call, and stick to reasonable calling hours.
- When in doubt, prefer channels and approaches with clearer consent — and get legal advice before scaling phone or text outreach.
Because the channels differ so much in risk, many teams lead with email (governed by the more permissive CAN-SPAM Act — see is cold email legal) for cold outreach, and reserve calls and especially texts for warmer contacts who've engaged or opted in. Whatever mix you choose, build suppression and consent tracking into your process from the start. Platforms like JYNI help by keeping outreach, opt-outs, and contact preferences in one place, so a do-not-contact request is respected across channels rather than slipping through a gap between tools.
Bottom line: cold calling and texting are legal but tightly regulated, the penalties are per-message and large, texting is the strictest channel, and B2B is not exempt. Build consent and suppression into your process, assume the rules will tighten, and get qualified legal advice before you scale phone or text outreach.
Frequently Asked Questions
Is cold calling legal under the TCPA?
Yes, but with real restrictions. Marketing calls must respect the National Do Not Call Registry and internal opt-outs, automated and prerecorded calls generally require prior express consent, and calling cell phones with autodialers is high-risk. Cold calling isn't banned, but doing it at scale without a compliance process is dangerous.
Do I need consent to cold text a business?
Generally yes — marketing texts typically require prior express written consent, and simply having someone's cell number is not consent. Texting is the strictest channel under the TCPA, with per-message penalties, so cold texting without documented opt-in is one of the riskiest forms of outreach.
Does the TCPA apply to B2B calls?
It's not a blanket exemption. Some Do-Not-Call and consumer provisions give B2B calling to business landlines more room, but calling or texting cell phones, or using autodialers and prerecorded messages, puts you squarely under the TCPA regardless of B2B intent. Treating 'it's business' as a free pass is a common, costly mistake.
What are the penalties for violating the TCPA?
Roughly $500 to $1,500 per violating call or text. Because it's per message, a single non-compliant automated blast to thousands of numbers can theoretically expose you to penalties in the millions — which is why volume turns small TCPA mistakes into catastrophic ones.
Is email safer than calling or texting for cold outreach?
From a compliance standpoint, generally yes — email is governed by the more permissive opt-out CAN-SPAM regime, while calls and texts fall under the stricter consent-based TCPA. Many teams lead with email for cold outreach and reserve calls and texts for warmer, opted-in contacts. This isn't legal advice — consult an attorney before scaling any channel.
Do I need to check the Do Not Call Registry before cold calling?
For marketing calls, yes — you must respect the National Do Not Call Registry and any internal do-not-call requests, and scrub your list against it. You should also honor opt-outs immediately and keep your own suppression list. Skipping the registry check is a common and avoidable TCPA violation.
Is cold texting illegal?
Cold texting isn't automatically illegal, but sending marketing texts without prior express written consent generally violates the TCPA, and having someone's cell number is not consent. Because penalties are per message (roughly $500–$1,500 each), unsolicited mass texting is one of the riskiest forms of outreach. If you text, do it only to opted-in contacts, include clear opt-out instructions like 'reply STOP,' and honor opt-outs immediately. This is general information, not legal advice.
Is peer-to-peer (P2P) texting TCPA compliant?
Manually-sent, one-to-one peer-to-peer texts avoid the autodialer rules that make automated texting so risky, but they don't escape the TCPA's consent and opt-out requirements for marketing messages. P2P platforms reduce one category of exposure, not all of it — you still need a lawful basis to text and must honor opt-outs. Confirm your specific setup with counsel before scaling.