Mastering The New TCPA Opt-Out Regulations

In 1991, the TV show "Thirtysomething" aired its last episode. While it received several accolades at the time, its endearing contribution is the term in its title — "30-something." I've thought about that term a lot this year with respect to the Telephone Consumer Protection Act, which was enacted in 1991 and is squarely a 30-something.

It's rare that a 30-something-year-old federal statute has significant activity on multiple fronts in one year. But this year really is shaping up to be a big year for the TCPA.

The biggest dog that didn't bark, of course, was the Federal Communications Commission's one-to-one consent result, which dramatically went away (for now) in two rulings — one by the FCC and one by the U.S. Court of Appeals for the Eleventh Circuit — issued just before the close of business on the last business day before the new rule was set to take effect.

And the U.S. Supreme Court's pending ruling in McLaughlin Chiropractic Associates Inc. v. McKesson Corp., in which the justices on Oct. 4 granted a petition for writ of certiorari following the October 2023 U.S. Court of Appeals for the Ninth Circuit decision in True Health Chiropractic Inc. v. McKesson Corp., could fundamentally alter TCPA compliance and litigation.

However, as we sit here in mid-April 2025, there is one major change coming for sure: On April 11, the FCC's new rules on revocation became effective.[1] These updated rules, particularly concerning the handling of opt-out requests for robocalls and text messages, will have significant implications for how companies manage consumer consent and privacy.

It is critical to understand what is changing and why these changes matter. Failure to comply could result in hefty fines, legal challenges and reputational damage.

Key Changes to TCPA Opt-Out Rules: What's New in 2025 … or Maybe 2026?

Single Opt-Out Covering All Communication Channels and All Types of Communications

The most significant change that was scheduled to become effective April 11 is essentially a blanket opt-out rule. This means that if a consumer revokes consent through any channel — text, email or call — it must apply to all future communications across every platform, whether marketing-related or informational.

The FCC codified that senders can include a request for clarification, i.e., a one-time confirmation text, "provided the sender ceases all further robocalls and robotexts absent an affirmative response from the consumer."[2]

For example, if a consumer replies "STOP" to an informational text, businesses are required to halt all communications to that consumer, whether via text, email or phone calls. This change forces companies to rethink their approach to managing consumer communication preferences across different media. The first part — through any channel — will be somewhat cumbersome to implement but at least provides a clear directive.

The second part — the requirement that the opt-out applies to all types of communications — is incredibly significant.

Last month, a collection of trade groups conducted a statutory ex parte meeting with the FCC staff to discuss these changes.[3] And in a down-to-the-wire ruling on April 7, the FCC issued a limited order delaying implementation of these revocation rules only "to the extent that it requires callers to apply a request to revoke consent made in response to one type of message to all future robocalls and robotexts from that caller on unrelated matter."[4]

Specifically, the effective date of these requirements is delayed until April 11, 2026.

The delay is a very big deal. However, it is merely that … just a delay. Businesses should plan on using the time to build out systems to be compliant by next April.

Revoking Consent in Any Reasonable Way

The updated rules broaden the scope of how consumers can revoke consent. Under the new regulations, a consumer can opt out through any reasonable means. This effectively means that a company cannot restrict opt-out requests to specific keywords like "STOP" or "REMOVE."

While the case law on this issue has been mixed,[5] consumers can now express their desire to stop receiving communication in various ways, including more informal requests like "please take me off the list" or even less polite responses.

The change notes that "Specifically, we find that using the words 'stop,' 'quit,' 'end,' 'revoke,' 'opt out,' 'cancel,' or 'unsubscribe' via reply text message constitutes a per se reasonable means to revoke consent."[6]

This requires businesses to be vigilant in interpreting and processing a wide range of opt- out messages, ensuring they respect the consumer's wishes no matter how they phrase the request.

Substantially Reduced Time Frame for Honoring a Do-Not-Call or Revocation Request

Under the new TCPA rules is the reduction of the window for businesses to process opt-out requests. Companies will now have only 10 business days to honor a consumer's request to stop receiving robocalls or texts. This new deadline is a sharp reduction from the previous up-to-30-day time frame,[7] necessitating a more efficient system to track, process and execute opt-out requests in real time.

This change underscores the need for businesses to enhance their internal processes and technology to ensure swift action, preventing noncompliance penalties and preserving customer goodwill.

Limited Clarification Message

While the new rules require businesses to halt all communications once an opt-out request is made, there is a safeguard. For background, in 2019, Capital One filed a petition requesting a declaratory ruling that, if a consumer who has consented to receive multiple types of informational messages from a sender then revokes consent, the sender should be able to clarify the scope of the revocation in a one-time message without violating the TCPA.

With the change, companies will have the option to send a single, brief clarification message within five minutes of receiving the revocation request. This message can confirm whether the consumer intends to opt out of all communications or just specific types. According to a rule in the Federal Register, the FCC notes:

Consistent with the Soundbite Declaratory Ruling, if the confirmation text is sent within five minutes of receipt, it will be presumed to fall within the consumer's prior express consent. If it takes longer, however, the sender will have to make a showing that such delay was reasonable, and the longer this delay, the more difficult it will be to demonstrate that such a message falls within the original prior consent.[8]

However, the clock is ticking: If the consumer does not respond to the clarification message, the business must stop all communications. This makes the content and tone of the clarification message critically important to avoid losing the consumer's engagement.

Steps Businesses Must Take to Stay Compliant

To comply with these changes, businesses need to take immediate action. The following is a breakdown of what steps companies should follow to stay compliant and mitigate risks.

Revise opt-out handling processes.

The most significant change is that a single revocation will apply to all communication channels across the business, and the new regulations demand that businesses accept opt- out requests via multiple methods — text, email, phone call or even verbal requests.

Businesses must implement systems that automatically track and execute opt-out requests across various platforms. This will involve updating customer relationship management systems, ensuring integration across marketing tools, and providing staff with updated training to recognize and act on all types of opt-out requests.

Ensure compliance within the 10-day window.

Given the tightened 10-business-day window to process opt-outs, businesses will need to review and optimize their internal systems. Opt-out requests should be handled in real time, so automated systems that can immediately suppress contacts from marketing or outreach campaigns are essential.

Sales and marketing teams must work hand in hand with legal and compliance departments to ensure that procedures are in place to honor revocation requests quickly and efficiently. This is not just a technological challenge, but a cultural shift in how businesses approach consumer consent.

Craft an effective clarification message.

The clarification message is the last chance to salvage the relationship with the consumer before they fully opt out. Companies must craft a clear, concise message that invites the consumer to clarify whether they want to opt out entirely or just stop receiving certain types of communication.

The language in this message should be neutral and respectful, encouraging the consumer to remain on the list while fully honoring their preferences. It's important to note that this is not a second chance to sell the consumer — rather, it's a critical step in confirming their true intent.

Best Practice Tips

To stay compliant, businesses can implement several key response tactics.

First, they should prioritize high-value messaging, focusing on content that resonates with consumers and eliminating campaigns that tend to result in higher opt-out rates. Additionally, tailoring content to the right audience and minimizing unnecessary outreach is essential.

Next, in larger organizations, it is vital to designate a compliance point person who oversees the strategy, ensuring the company adheres to new rules and acts as a liaison between sales, marketing and legal teams.

Furthermore, offering consumers regular opportunities to reconsent to communications helps maintain a high-quality lead database and ensures ongoing compliance with TCPA guidelines. In addition to this, businesses must monitor free-form responses instead of relying solely on keyword-based opt-out systems. By using vendors to identify such responses, companies can better manage opt-out requests.

Refining clarification messages is also important, as clear communication can guide consumers through adjusting their preferences, preventing full opt-outs and preserving relationships.

Finally, consolidating outbound channels can simplify the process of tracking and honoring revocation requests, making compliance management more efficient.

Reprinted with permission from Law360.

[1] See Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, Report and Order and Further Notice of Proposed Rulemaking, FCC 24-24 (rel. Feb. 16, 2024) (TCPA Consent Order).[1] See Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, Report and Order and Further Notice of Proposed Rulemaking, FCC 24-24 (rel. Feb. 16, 2024) (TCPA Consent Order).

[2] Id. at paras. 25.

[3] Notice of Ex Parte Presentation, In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, Report and Order and Further Notice of Proposed Rulemaking, 39 FCC Red 1988 (2024), Submission ID. 103120311703713. https://www.fcc.gov/ecfs/search/search- filings/filing/103120311703713

[4] https://docs.fcc.gov/public/attachments/DA-25-312A1.pdf.

[5] The case law on this issue is mixed. Some cases such as Epps v. Earth Fare Inc., 2017 WL 1424637 (C.D. Cal. Feb. 27, 2017) and Viggiano v. Kohl's Dep't Stores Inc., 2017 WL 5668000 (D.N.J. Nov. 27, 2017) essentially indicated that it was acceptable (under the soon to be "old" rules) for a company to specify "STOP" (or something like that) as the exclusive manner to opt-out, where as other cases such as Kraemer v. USHealth Advisors LLC, 2024 WL 4880559 (S.D. Ill. Nov. 25, 2024) suggested that communication along the lines of "No duck off" were sufficient to advise the caller to stop calling.

[6] Id. at paras. 12.

[7] The case law on this issue was varied under the old rule. For instance, Orsatti v. Quicken Loans Inc., 2016 WL 7650574 (C.D.Cal., 2016), found that 30 days was sufficient to process a do-not-call request while Nece v. Quicken Loans Inc., 292 F.Supp.3d 1274 (M.D.Fla., 2018). found that calls that persisted for a week unreasonable.

[8] Id. at paras. 24.