Consent Compliance- It's not just for TCPA Anymore ("Mini-TCPA Laws" by States)
The Growing Threat of State Consent Compliance Laws: What Marketers Need to Know in 2025
In the ever-evolving landscape of marketing compliance, businesses face a mounting challenge: navigating a patchwork of state-specific consent laws that are often stricter than federal regulations. The Telephone Consumer Protection Act (TCPA) has long set the baseline for telemarketing and SMS marketing compliance in the United States, but states are increasingly enacting their own rules, particularly around express written consent, one-to-one consent, and consent storage. These state-level regulations pose significant threats to marketers, including hefty fines, legal liabilities, and operational disruptions. Today, CallerConsent will explore the states leading the charge on consent compliance laws, contrast them with federal TCPA requirements, and will offer actionable insights for businesses to stay compliant in 2025.
Understanding the TCPA: The Federal Baseline
The TCPA, enacted in 1991, is the cornerstone of federal telemarketing and SMS marketing regulation. It governs how businesses can contact consumers via autodialed calls, prerecorded messages, and text messages. Key TCPA requirements include:
Prior Express Written Consent: For marketing calls or texts to mobile numbers using autodialers or prerecorded messages, businesses must obtain prior express written consent. This involves a clear agreement, signed by the consumer (digitally or physically), disclosing that they agree to receive marketing communications.
Exemptions: Informational or transactional messages (e.g., order confirmations) generally don’t require express written consent, though revocation of consent must be honored.
Penalties: Violations can lead to fines of $500-$1,500 per call or text, making compliance critical.
In 2024, the Federal Communications Commission (FCC) introduced a significant update: the one-to-one consent rule, effective January 27, 2025. This rule mandates that consent be obtained separately for each company contacting the consumer, ending the practice of blanket consent for multiple sellers. However, a January 2025 ruling by the Eleventh Circuit Court vacated this rule, allowing businesses to revert to single-consent models for multiple sellers, though the legal landscape remains fluid.
While the TCPA provides a uniform framework, its enforcement is relatively predictable compared to the growing complexity of state laws. States are stepping up with their own “mini-TCPAs,” often imposing stricter requirements that catch marketers off guard.
State-Level Consent Laws: A Growing Threat
As of 2025, at least 12 states have enacted their own TCPA-like laws, with several emphasizing stringent consent requirements. These laws often go beyond federal standards, creating a compliance minefield for marketers. Below, we highlight key states with active efforts to enforce express written consent, one-to-one consent, and consent storage rules, posing significant risks for non-compliant businesses.
1. Florida: A Pioneer in Strict Consent Rules
Florida has emerged as a leader in aggressive consent compliance laws with its Florida Telephone Solicitation Act (FTSA). Since 2021, the FTSA has required express written consent for SMS marketing to Florida residents, with no exemptions for existing business relationships unless explicitly documented. Key points include:
One-to-One Consent: Florida’s law aligns with the TCPA’s now-vacated one-to-one consent rule, requiring specific consent for each marketer. Even with the federal rollback, Florida maintains this standard, increasing compliance burdens.
Consent Storage: Businesses must maintain detailed records of consents, including timestamps, consumer details, and the exact language of the agreement. Failure to produce these records in a lawsuit can lead to penalties of up to $500 per violation, escalating to $1,500 for willful violations.
Threat Level: Florida’s active litigation environment makes it a hotspot for class-action lawsuits. Marketers targeting Florida consumers face heightened scrutiny and must prioritize robust consent documentation.
2. Connecticut: A Unique Outlier
Connecticut stands alone in requiring express written consent for all commercial messages, not just those sent via autodialers or prerecorded systems. This law, part of the state’s broader consumer protection framework, is among the strictest in the nation.
Scope: Unlike the TCPA, which focuses on specific technologies, Connecticut’s law applies to any commercial text or call, making compliance more complex.
Storage Requirements: Marketers must retain consent records for at least three years, with clear documentation of the consumer’s agreement.
Threat Level: Connecticut’s broad scope increases the risk of violations, especially for businesses unaware of the state’s unique requirements. Fines can reach $5,000 per violation in some cases.
3. Other States with Mini-TCPAs
Several states have adopted their own versions of TCPA-like laws, often requiring express written consent and robust record-keeping. These include:
Oklahoma: The Oklahoma Telephone Solicitation Act (2022) mirrors Florida’s FTSA, requiring express written consent for autodialed marketing texts and calls. Businesses must store consent records for at least two years.
Washington: Washington’s Commercial Electronic Message Act demands express written consent for SMS marketing and imposes strict opt-out requirements. Violations carry penalties up to $1,000 per incident.
Maryland: Maryland’s Stop the Spam Calls Act requires express written consent for telemarketing and emphasizes detailed consent logs. Non-compliance can lead to fines of $1,000-$10,000 per violation.
Additionally, 11 states maintain their own Do Not Call (DNC) lists, which complement consent requirements by restricting unsolicited marketing. These states include Louisiana, Missouri, and Pennsylvania, among others. Marketers must cross-reference federal and state DNC lists, adding another layer of complexity.
4. Emerging Trends: One-to-One Consent and Beyond
While the FCC’s one-to-one consent rule was vacated, states like Florida and Oklahoma continue to enforce similar standards. Other states, such as California (under the California Consumer Privacy Act) and Colorado (via its Privacy Act), are exploring consent frameworks that emphasize transparency and individual control. These laws may not explicitly require one-to-one consent but demand clear, specific agreements and robust storage practices, aligning with the spirit of one-to-one rules.
Contrasting TCPA and State Regulations
The differences between federal TCPA requirements and state laws create a compliance tightrope for marketers. Here’s a breakdown of key contrasts:
The Threat to Marketers: Why It Matters
State-level consent laws pose a triple threat to marketers:
Financial Risk: Fines for non-compliance can escalate quickly, especially in class-action lawsuits. A single campaign violating Florida’s FTSA could result in millions in penalties.
Operational Complexity: Tracking state-specific requirements, maintaining separate consent records, and cross-referencing DNC lists demand significant resources. Small businesses, in particular, may struggle to keep up.
Reputational Damage: Non-compliance can erode consumer trust, especially in states like California, where privacy awareness is high. A single misstep can lead to public backlash and lost customers.
How Marketers Can Mitigate the Threat
To navigate this complex landscape, marketers must adopt proactive strategies:
Implement Robust Consent Systems: Use clear, specific opt-in forms that comply with the strictest state laws (e.g., Connecticut’s universal consent rule). Include disclosures naming each marketer, even if federal one-to-one rules are relaxed.
Invest in Consent Management Services: There are plenty of services to document consent on lead forms, but what about for calls when no consent exists?
CallerConsent is the only service of its kind that can protect your callbacks to calls you answer and the calls you can't (via AI Consent Agent).Regularly Audit Compliance: Conduct quarterly reviews of consent records, DNC list compliance, and campaign practices to align with both TCPA and state laws.
Train Staff: Educate marketing teams on state-specific rules, especially in high-risk states like Florida and Connecticut.
Monitor Legal Updates: The Eleventh Circuit’s ruling on one-to-one consent may influence state laws, so stay informed via resources like the National Law Review, Troutman Amin, Mac Murray & Shuster, and John Henson Law Group to name a few.
Conclusion: Stay Ahead of the Curve and Close Your Protection Gap
The threat from state consent compliance laws is real and growing. While the TCPA provides a federal framework, states like Florida, Connecticut, Oklahoma, and others are raising the bar with stricter requirements for express written consent, one-to-one consent, and consent storage. These laws not only increase financial and operational risks but also demand a tailored approach to compliance that can strain resources. By understanding the differences between federal and state regulations, investing in robust systems, and staying vigilant, marketers can mitigate these threats and build trust with consumers.
As a rule of thumb, begin to exercise consent practices that align with the most stringent requirements today. This means capturing and documenting consent when none exists (such as for inbound calls) and for events where consent is uncertain and unreliable (transfers from third parties).
CallerConsent is the easy and efficient way to close the gap in your compliance practices.
https://callerconsent.com
