Blog

Prior Express Written Consent (PEWC): Complete Requirements Guide for 2026

Prior Express Written Consent (PEWC): Complete Requirements Guide for 2026

The six elements that separate legally tradeable leads from litigation targets, with E-SIGN compliance requirements, sample disclosure language, documentation standards, and the operational procedures that withstand TCPA class actions.

Introduction: PEWC Is the Foundation of the Lead Economy

Prior express written consent is what makes leads tradeable. Without valid PEWC, every outbound call made using automated technology becomes a potential $500-$1,500 liability. With it, leads flow through the marketplace as legitimate commercial assets protected by documented consumer permission.

The distinction has never mattered more. In 2024, 2,788 TCPA cases were filed – a 67% increase over 2023. By September 2025, class action filings were running 97% ahead of 2024’s pace, with September 2025 alone seeing 224 class actions compared to 79 in September 2024 – a 283% spike. The average TCPA class action settlement exceeds $6.6 million. Nearly 80% of all TCPA lawsuits are filed as class actions.

This is not abstract regulatory risk. A mid-sized insurance lead generator in Florida received a process server in March 2025 with a class action complaint alleging 47,000 violations. Potential exposure: $70.5 million. Annual revenue: $12 million. The TCPA litigation statistics for 2025 show just how rapidly this enforcement environment is accelerating.

PEWC is not a compliance checkbox. It is the infrastructure that determines whether your leads are assets or liabilities. This guide covers every element required for valid consent, the technology that documents it, the disclosure language that survives litigation, and the operational procedures that protect your business.

Prior express written consent is the specific form of permission required under the Telephone Consumer Protection Act (TCPA) before making telemarketing calls to cell phones using automatic telephone dialing systems (ATDS) or prerecorded/artificial voice technology. The FCC defines PEWC in 47 CFR Section 64.1200(f)(9).

Understanding PEWC requires distinguishing it from other consent standards.

Prior Express Consent (PEC) can be implied from conduct – such as providing a phone number during a transaction. A consumer who gives their number when scheduling a medical appointment has implicitly consented to appointment reminder calls. This lower standard applies to non-telemarketing autodialed calls to cell phones.

Prior Express Written Consent (PEWC) requires a signed written agreement with specific disclosure elements. This higher standard applies to:

  • Telemarketing calls to cell phones using ATDS or prerecorded voice
  • Telemarketing calls to residential landlines using prerecorded voice messages

The Practical Distinction: If you are selling leads to buyers who will contact consumers about products or services – insurance quotes, home improvement services, solar installation, mortgage refinancing – PEWC is required for those contacts. The “telemarketing” classification captures virtually all commercial lead generation activity.

Why PEWC Matters Operationally

Lead generation exists in the space between consumer intent and commercial contact. A consumer visits a comparison shopping site, enters their information, and expects to hear from companies that can help them. PEWC is the legal mechanism that authorizes that contact chain.

Without valid PEWC:

  • Every autodialed call carries $500-$1,500 in statutory damages per violation
  • Every text message sent using automated technology creates identical exposure
  • Class certification can aggregate individual violations into eight-figure liability
  • No cap on damages exists – exposure scales linearly with call volume
  • The four-year statute of limitations means liability accumulates before lawsuits materialize

With valid PEWC:

  • Leads become assets that can be bought, sold, and contacted legally
  • Documentation provides litigation defense when challenges arise
  • Compliance creates competitive advantage as marginal operators exit the market
  • Insurance underwriters and sophisticated buyers accept leads as market-ready

The difference between valid and invalid PEWC is the difference between running a business and running a liability accumulator.

The Six Required Elements of Valid PEWC

The FCC specifies six elements that must be present for prior express written consent to be valid under 47 CFR Section 64.1200(f)(9). Missing any single element can render consent invalid and expose every downstream caller to full statutory damages.

Element 1: Written Agreement

The consent must be documented in written form. For lead generation, this typically means an electronic form submission rather than physical ink on paper. The FCC has confirmed that electronic agreements satisfying the E-SIGN Act meet this requirement.

Operational Requirements:

  • The consent must create a durable record that can be retrieved and presented in litigation
  • A checkbox clicked on a web form creates a written agreement if properly documented
  • Verbal consent does not satisfy the written requirement for telemarketing consent, regardless of how clearly recorded
  • The agreement must be specific to telemarketing communications using automated technology – general terms of service or privacy policies mentioning phone contact do not satisfy PEWC requirements

What Goes Wrong: Forms that capture phone numbers without a clear, separate consent acknowledgment. The number capture and the consent must be connected in a single transaction with explicit agreement language.

Element 2: Signature of the Person Called

The agreement must bear the signature of the individual to whom calls will be placed. For electronic consent, courts have accepted various signature forms:

  • Checkbox selection acknowledging consent language
  • Typed name in a designated signature field
  • Digital signatures using e-signature platforms
  • Click-through acceptance with clear indication of consent

Critical Requirements:

  • The signature must be affirmative – pre-checked boxes do not satisfy this element
  • The consumer must take a deliberate action to indicate consent
  • The signature must be attributable to a specific individual (anonymous form submissions create documentation challenges)
  • The signature must correspond to the phone number provided (John Smith signing but providing Jane Smith’s number creates no valid consent for that number)

What Goes Wrong: Pre-checked consent boxes that require the consumer to actively uncheck rather than actively check. This fails the affirmative consent requirement.

Element 3: Clear Authorization for the Seller

The agreement must clearly authorize the seller to deliver advertisements or telemarketing messages using an automatic telephone dialing system or artificial/prerecorded voice.

Key Components:

  • The seller making the calls must be identified in the disclosure
  • If a lead will be sold to multiple buyers, the consent must authorize each buyer who will contact the consumer
  • The disclosure must specify that calls may use automated technology – generic language about “receiving calls” without mentioning autodialing or prerecorded messages may not satisfy this requirement

The Lead Generation Complexity: Following the Eleventh Circuit’s January 2025 vacatur of the FCC’s one-to-one consent rule, multi-seller consent remains legally permissible under federal law. However, the disclosure must still clearly identify authorized parties. “Our marketing partners” without specific identification creates litigation vulnerability.

What Goes Wrong: Disclosures that list “up to 100 marketing partners” or reference a link to a separate partner list that consumers never actually click. Vague seller identification weakens consent defense even if technically valid.

Element 4: Identified Telephone Number

The agreement must identify the specific telephone number to which the signatory authorizes calls to be delivered.

Operational Requirements:

  • The phone number field must be part of the consent transaction
  • A number captured on a separate form or at a different time may not be covered by the consent
  • Consent documentation must link the specific number to the specific consent instance
  • If a consumer updates their phone number, new consent may be required for the new number

Best Practice: Phone validation at capture – confirming the number is real, active, and belongs to the person providing consent – prevents situations where consent is challenged based on number mismatch.

What Goes Wrong: Multi-step forms where phone number is collected on step 1 but consent language appears on step 3, with the connection between them unclear in documentation.

Element 5: Not a Condition of Purchase

The agreement may not be a condition of purchasing any property, goods, or services. This requirement prevents companies from burying consent in mandatory terms and forcing consumers to accept telemarketing as the price of doing business.

What This Means Practically:

  • Consent must be genuinely optional
  • The consumer must be able to complete their primary purpose – getting a quote, accessing information, making a purchase – without providing telemarketing consent
  • Separate consent flows may be required when the primary transaction requires contact information
  • Incentivizing consent differs from requiring it – offering a discount for consent is generally acceptable; making consent mandatory is not

Common Violations:

  • “By submitting this form, you agree to receive marketing calls” with no opt-out option
  • Consent language embedded in required terms of service
  • Form submissions that fail or error out when the consent checkbox is not selected
  • Consent checkbox that is visually part of a larger terms acceptance

What Goes Wrong: The form cannot be submitted without the consent checkbox selected. Even if this is unintentional (a developer validation error), it transforms optional consent into a condition of using the site.

Element 6: Clear and Conspicuous Disclosure

The consent language must be presented in a manner that is “apparent to a reasonable consumer” – not buried in fine print, accessible only through hyperlinks, or obscured by surrounding content.

FCC Expectations:

  • The disclosure should be visually prominent
  • Font size, color, and placement should make the consent language easy to find and read
  • The disclosure should not require scrolling or clicking to access essential terms
  • While hyperlinks to full terms may supplement the disclosure, core consent language should be visible without additional action
  • Surrounding content should not distract from or minimize the consent disclosure

Best Practices:

  • Place consent language immediately above or adjacent to the submit button
  • Use font size no smaller than surrounding text (and ideally slightly larger)
  • Avoid burying consent in paragraphs of other terms
  • Highlight consent through formatting – borders, background color, visual separation
  • Test with actual users to confirm the disclosure is noticed and understood

What Goes Wrong: Consent language in 8-point gray text at the bottom of a long form, below the fold, with flashy graphics for promotional content drawing attention away. Courts evaluate what a “reasonable consumer” would actually notice.

When consent is obtained electronically – which describes virtually all lead generation – the federal Electronic Signatures in Global and National Commerce Act (E-SIGN) creates additional requirements. Courts have increasingly recognized that electronic TCPA consent must satisfy both TCPA requirements and E-SIGN requirements.

The Bradley v. Dentalplans.com Standard

In Bradley v. Dentalplans.com (D. Md. 2024), the court held that because TCPA requires “written” consent with specific disclosures, obtaining that consent electronically triggers E-SIGN’s consumer disclosure and consent requirements. This ruling creates a second compliance layer for electronic consent.

E-SIGN Consumer Disclosure: Before obtaining electronic consent to receive telemarketing calls, the consumer must receive a disclosure informing them that:

  • Electronic records will be used
  • They have the right to receive records in paper form
  • They may withdraw consent to electronic records
  • How to obtain paper copies
  • Hardware and software requirements to access electronic records

E-SIGN Consent: The consumer must affirmatively consent to receive required disclosures electronically. This is separate from TCPA consent – it addresses the method of receiving disclosures, not the content of what is being consented to.

Hardware/Software Disclosure: The consumer must be informed of the hardware and software requirements necessary to access and retain electronic records.

Implementation Approaches

Sequential Consent Flows: Capture E-SIGN consent first (consent to receive disclosures electronically), then present TCPA consent in electronic form. This satisfies both requirements but adds steps to the user flow and reduces conversion rates.

Integrated Disclosure: Integrate E-SIGN disclosures into the same screen as TCPA consent, with language covering both requirements. More streamlined but requires careful drafting to address all required elements without overwhelming the consumer.

Pre-Form Disclosures: Present E-SIGN disclosures on a separate page before the lead form, establishing electronic consent at site entry rather than at form submission.

Consequences of E-SIGN Non-Compliance

Electronic TCPA consent captured without E-SIGN compliance may be unenforceable. If a court finds that E-SIGN requirements were not satisfied, the consent may be invalidated even if all TCPA-specific elements were present.

This creates a secondary attack vector for plaintiffs challenging consent validity. Defense counsel increasingly see E-SIGN challenges in TCPA litigation, particularly after the Bradley decision.

Sample PEWC Language That Works

Effective PEWC disclosure language must address all six required elements while remaining readable and understandable. The following examples demonstrate compliant approaches.

Basic Single-Seller Disclosure

By checking this box and clicking Submit, I provide my prior express written
consent to receive marketing calls and text messages from [Company Name] at
the phone number I provided above, including calls and texts made using
automated technology and prerecorded or artificial voice messages. I understand
this consent is not required to obtain a quote or make a purchase. Message
frequency varies. Message and data rates may apply. Reply STOP to opt out.

Analysis: This language identifies the specific seller, specifies automated technology and prerecorded messages, references the phone number field, and explicitly states consent is not required for the transaction.

Multi-Seller Disclosure (Post-Insurance Marketing Coalition)

By checking this box and clicking Submit, I provide my prior express written
consent to receive marketing calls and text messages from [Company Name] and
its marketing partners, including [Partner A], [Partner B], and [Partner C],
at the phone number I provided above. Calls and texts may use automated dialing
technology and prerecorded or artificial voice messages. This consent is not
required to obtain quotes or services. Standard message and data rates apply.
Reply STOP to any message to opt out of text messages. See our full list of
marketing partners at [URL].

Analysis: Following the Eleventh Circuit’s vacatur of one-to-one consent requirements, multi-seller consent remains permissible. This language identifies specific partners and provides a link to a complete list. The disclosure maintains transparency about who may call.

Dynamic Seller Disclosure

By checking this box and clicking Submit, I provide my prior express written
consent to receive marketing calls and text messages from [Dynamically Inserted
Seller Name] at the phone number I provided above. [Dynamically Inserted Seller
Name] may use automated dialing technology and prerecorded or artificial voice
messages. This consent is not required to obtain a quote or purchase any product
or service. Message frequency varies. Message and data rates may apply. Reply
STOP to opt out.

Analysis: This approach uses real-time matching to display the specific buyer’s name in the disclosure at the moment of consent capture. While not legally required after the one-to-one rule vacatur, many operations adopt this approach for stronger litigation defense and buyer requirements.

Required Elements Checklist

Every PEWC disclosure should contain:

  1. Clear identification of who will call (by name, not just “partners”)
  2. Explicit mention of “automated technology,” “autodialer,” or equivalent
  3. Explicit mention of “prerecorded” or “artificial voice” messages
  4. Reference to the phone number being provided
  5. Statement that consent is not required for purchase/service
  6. Opt-out instructions (particularly for text messages)

Language Patterns to Avoid

“By submitting this form, you agree…” This phrasing makes consent a condition of form submission, potentially violating the “not a condition of purchase” requirement.

“You may receive calls from our partners.” The word “may” is ambiguous. “You consent to receive” is clearer.

Hyperlink-only disclosures. While links to full terms are acceptable, core consent language should be visible without clicking.

Consent buried in paragraphs. The consent should be a distinct, identifiable element, not hidden within blocks of unrelated text.

Vague technology references. “Telephone communications” does not specify automated technology. Be explicit about autodialing and prerecorded messages.

Common PEWC Deficiencies and How They Create Liability

Understanding how consent fails helps prevent failures in your own operations. These are the most common deficiencies identified in TCPA litigation.

Disclosure Not Clear and Conspicuous

The Problem: Consent language exists but is not prominently displayed. Small font, low contrast, placement below the fold, or visual competition with other elements makes the disclosure easy to miss.

Litigation Outcome: Courts examine what a “reasonable consumer” would notice. If the consent disclosure is visually subordinate to promotional content, courts may find it fails the “clear and conspicuous” standard.

Prevention: Test your forms with real users. If test subjects do not notice or read the consent disclosure, redesign until they do. Eye-tracking studies and user testing identify visibility problems before litigation does.

Seller Not Adequately Identified

The Problem: The disclosure references “marketing partners” or “third parties” without identifying specific companies. When a consumer receives a call, they cannot confirm the caller was authorized.

Litigation Outcome: Vague seller identification weakens consent defense. Plaintiffs argue they never consented to calls from the specific defendant.

Prevention: Identify sellers by name. If using multiple sellers, list them explicitly or provide a readily accessible list that was available and unchanged at the time of consent. Document what list was displayed when.

Automated Technology Not Specified

The Problem: The disclosure mentions “calls” but does not specify that calls may use automated dialing technology or prerecorded messages.

Litigation Outcome: Consent to receive “calls” may not constitute consent to receive “autodialed calls” or “prerecorded message calls.” The specific technology must be addressed.

Prevention: Always include explicit language about automated technology, autodialing systems, and prerecorded/artificial voice messages. Use the terminology from the TCPA itself.

The Problem: Consent for telemarketing is combined with consent for terms of service, privacy policy, and other required elements. The consumer cannot accept required terms without also accepting telemarketing.

Litigation Outcome: Courts may find the consent was a “condition of purchase” in violation of PEWC requirements.

Prevention: Separate telemarketing consent from other required acceptances. Use a distinct checkbox that can be selected or deselected independent of terms of service agreement.

Pre-Checked Boxes

The Problem: The consent checkbox is pre-selected when the form loads. The consumer does not take an affirmative action to provide consent – they simply fail to uncheck.

Litigation Outcome: Pre-checked boxes do not satisfy the “signature” requirement. Consent must be an affirmative action, not a failure to object.

Prevention: Never pre-check consent boxes. Require affirmative selection. This is one of the clearest rules in TCPA compliance – there is no ambiguity.

The Problem: The phone number is captured in a separate field or on a separate form page from the consent disclosure. The consent does not clearly apply to the specific number.

Litigation Outcome: If the phone number and consent are not clearly connected, plaintiffs argue no consent was given for calls to that particular number.

Prevention: Ensure the consent disclosure explicitly references “the phone number provided above” or similar language linking consent to the specific number field. The form should visually connect the number entry and consent acknowledgment.

E-SIGN Requirements Ignored

The Problem: The consent is captured electronically, but E-SIGN disclosure and consent requirements are not addressed.

Litigation Outcome: Following Bradley v. Dentalplans.com, electronic consent may be invalid if E-SIGN requirements are not satisfied – even if all TCPA-specific elements are present.

Prevention: Implement E-SIGN disclosures and consent as part of your electronic consent flow. Consult with counsel on integration approaches appropriate for your form design.

Documentation and Retention Requirements

Proving consent requires documentation sufficient to withstand litigation. The burden of proof rests with the caller – if you cannot prove consent existed at the time of the call, courts presume non-compliance.

Essential Documentation for Every Lead

Consent Timestamp: The exact date and time consent was provided, in a format that cannot be manipulated. Server timestamps with millisecond precision are preferable to client-side timestamps that can be spoofed.

IP Address: The IP address from which the consent was submitted. This helps establish that a real person – not a bot – provided consent, and can be used to investigate fraud claims.

Consent Language Displayed: The exact disclosure language shown to the consumer at the time of consent, including any seller identifications. This must be the actual language displayed, not a template that might have changed between consent capture and litigation.

Consumer Action: Evidence of the affirmative action taken by the consumer – checkbox selection, electronic signature, or other consent mechanism. Documentation should show the action was taken, not just that the form was submitted.

Phone Number Provided: The specific phone number for which consent was granted, as entered by the consumer at the time of consent.

Form URL and Configuration: The URL of the page where consent was captured and any relevant configuration details. This helps establish context and can be used to reconstruct what the consumer experienced.

Session Recording or Replay: Visual evidence of the consumer’s interaction with the consent form, showing what they saw and how they interacted with it. This is the gold standard for consent documentation.

Retention Period

There is no statutory minimum retention period for consent documentation. However, the four-year statute of limitations for TCPA claims means documentation should be retained for at least four years after the last contact made pursuant to that consent. Our guide on consent documentation and retention covers storage requirements in depth.

Industry Best Practice: Retain consent documentation for five years or longer. This provides margin beyond the limitations period and accounts for delayed discovery of claims.

Buyer Requirements: Many sophisticated lead buyers require documentation retention exceeding the statutory minimum as a condition of purchasing leads. Match your retention period to the longest buyer requirement you serve.

Audit Considerations: Beyond litigation defense, consent documentation may be needed for regulatory audits, insurance claims, or internal quality assurance. Longer retention supports multiple use cases.

Documentation Storage Requirements

Immutability: Consent documentation should be stored in a manner that prevents tampering. Blockchain-based verification, write-once storage, or third-party custody all provide immutability assurance that strengthens litigation defense.

Accessibility: Documentation must be retrievable when needed. A consent certificate that cannot be located is worthless for litigation defense. Implement indexing by phone number, lead ID, date range, and lead source.

Security: Consent documentation contains personal information and must be secured appropriately. Encryption at rest and in transit, access controls, and audit logging are baseline requirements.

Redundancy: Maintain backups of consent documentation in geographically separate locations. Storage failures should not eliminate your litigation defense.

Third-Party Verification: TrustedForm and Jornaya

Third-party consent verification has become industry standard for PEWC documentation. These services provide independent evidence that can be presented in litigation to demonstrate consent. For a detailed breakdown of how these platforms compare, see our TrustedForm vs Jornaya comparison.

TrustedForm (ActiveProspect)

TrustedForm operates by deploying JavaScript on lead capture forms that documents the consumer’s interaction in real time.

Certificate Generation: For each form submission, TrustedForm generates a unique certificate containing:

  • Timestamp of consent capture
  • IP address of the consumer
  • Page URL where consent was captured
  • Visual session replay showing exactly what the consumer saw and did
  • Hash verification ensuring the certificate has not been modified

Certificate Claims: Certificates must be claimed – retrieved and stored – by the lead buyer to be useful. Unclaimed certificates expire (typically after 72 hours for the retain URL). Best practice is to claim certificates at the time of lead purchase, before any contact is attempted.

Certificate Retention: TrustedForm offers certificate retention for up to five years, aligned with the four-year TCPA statute of limitations plus a safety margin.

Verification Features: Beyond basic documentation, TrustedForm offers:

  • Bot detection to identify non-human form submissions
  • Age verification confirming certificate freshness
  • Page scan validation confirming specific elements appeared
  • Consent language verification against requirements

Cost Structure: TrustedForm certificates typically cost $0.15-$0.50 per lead depending on volume and features. For a $30 lead, this represents 0.5%-1.7% of revenue – trivial compared to the $500-$1,500 cost of a single TCPA violation.

Jornaya (Verisk Marketing Solutions)

Jornaya’s LeadiD and TCPA Guardian products provide alternative consent documentation with additional lead intelligence features.

LeadiD: Each form submission receives a unique identifier that tracks the lead through its lifecycle. The LeadiD can be used to verify lead authenticity and consent status across the marketplace.

TCPA Guardian: This service provides consent documentation and compliance reporting specifically designed for TCPA defense. Evidence from TCPA Guardian has been successfully used in legal proceedings to demonstrate consent.

Behavioral Intelligence: Unlike TrustedForm’s focused approach on consent documentation, Jornaya collects behavioral data across its publisher network, providing insights into consumer shopping behavior and intent signals.

What Third-Party Verification Does NOT Guarantee

The mere presence of a verification certificate does not guarantee compliance.

Certificate Documents, Does Not Validate: A TrustedForm certificate documents what happened – it does not ensure that what happened was compliant. If the underlying disclosure was deficient or the form was misconfigured, the certificate documents non-compliance.

Review Is Required: Lead buyers must retrieve, review, and validate certificates against compliance requirements. Assuming a certificate means compliance is a dangerous shortcut that has created defendants.

Technology Is Not Legal Advice: Verification services document facts. They do not interpret whether those facts constitute valid consent under current law. Legal review of consent language remains essential.

Implementation Best Practices

Capture at Generation: Deploy verification scripts on all lead forms. The certificate is only as good as the form interaction it captures.

Claim at Purchase: Retrieve and store certificates when leads are purchased, before any contact attempt. Do not rely on claiming certificates after litigation begins – they may have expired.

Validate Before Contact: Review certificates to confirm they document compliant consent before contacting leads. A certificate showing deficient disclosure language is evidence for the plaintiff, not the defense.

Retain for Duration: Store certificates for the full five-year retention period. Lost certificates cannot be recreated.

Consider Both Services: Many sophisticated operations deploy both TrustedForm and Jornaya simultaneously, capturing both session replay and LeadiDs for maximum documentation flexibility.

The 10-Day Revocation Rule: April 2025 FCC Requirements

The FCC’s April 2025 revocation rules fundamentally changed how companies must handle consent withdrawal. Failure to comply with revocation requirements creates liability even when the original consent was valid.

Any Reasonable Method Standard

Consumers may revoke consent through “any reasonable manner that clearly expresses a desire not to receive further calls or text messages.” Companies may not designate an exclusive means of revocation that precludes other reasonable methods.

Definitive Revocation Keywords: The FCC identified specific keywords that constitute automatic revocation when received via text message:

  • STOP
  • QUIT
  • REVOKE
  • OPT OUT
  • CANCEL
  • UNSUBSCRIBE
  • END

These terms trigger immediate revocation obligations regardless of other language in the message. For practitioners using SMS marketing for lead nurturing, building automated keyword recognition is essential.

Broader Standard: The rule extends beyond these keywords. Any communication that reasonably conveys intent to stop receiving calls or messages must be honored. “No more texts,” “Take me off your list,” or “I don’t want to hear from you” require interpretation, but treating ambiguous communications as revocations is the safer approach.

Ten Business Day Processing Window

Companies must honor revocation requests within ten business days of receipt. This represents a significant tightening from prior practice, where thirty days was often considered acceptable.

Operational Implications:

  • Revocation must propagate across all systems within ten business days
  • Leads in calling queues must be removed before the deadline
  • Scheduled campaigns must be updated
  • Third parties calling on your behalf must be notified
  • System synchronization across all channels is not optional

If consent status is not synchronized across all channels and platforms within ten days, non-compliant contacts can occur after revocation – creating new violations despite valid original consent.

Confirmation Messages

Companies may send a one-time text message confirming a revocation request, but strict conditions apply:

Timing: The confirmation must be sent within five minutes of the opt-out request.

Content Restrictions: The confirmation cannot include any marketing content. It must be purely confirmatory.

Clarification Requests: If the consumer provided consent for multiple categories of messages, the confirmation may request clarification about which categories the consumer wishes to discontinue. If the consumer does not respond to a clarification request, the revocation applies to all message categories.

Current and Pending Requirements

Effective Now (as of late 2025):

  • Honor revocation within ten business days
  • Recognize and process standard opt-out keywords
  • Process any reasonable revocation method
  • Add clear opt-out instructions to marketing texts
  • Honor Do Not Call requests within ten business days

Anticipated April 2025 (currently delayed by FCC waiver):

  • Treat revocation of one message type as applying to all message types from that sender
  • Coordinate revocation across all affiliated systems

Frequently Asked Questions

Prior express written consent (PEWC) is the specific form of permission required by the TCPA before making telemarketing calls to cell phones using automatic telephone dialing systems or prerecorded voice technology. It is defined in 47 CFR Section 64.1200(f)(9) and requires a written agreement with six specific elements: the agreement must be in writing, signed by the consumer, clearly authorize the specific seller, identify the phone number, not be a condition of purchase, and include clear and conspicuous disclosure of what the consumer is consenting to.

PEWC does not have a statutory expiration date. However, consent can become invalid through several mechanisms: the consumer revokes consent, the phone number is reassigned to a new owner who did not consent, the consent was for a specific time-limited purpose that has concluded, or the consented seller no longer exists. Best practice is to treat consent as having a practical life of 18-24 months and implement re-consent campaigns for older relationships.

Consent transfers only if the buyer was identified in the original consent disclosure. If the disclosure authorized calls from “Company A and its marketing partners including Company B,” Company B receives valid consent. If the disclosure authorized only “Company A,” consent does not extend to unidentified buyers. This is why seller identification in consent language matters – leads with narrow consent disclosures have limited market value.

Prior express consent (PEC) can be implied from conduct – such as providing a phone number during a transaction. This lower standard applies to non-telemarketing autodialed calls. Prior express written consent (PEWC) requires a signed written agreement with specific disclosure elements and applies to telemarketing calls using automated technology. For lead generation where buyers will market products or services, PEWC is the operative requirement.

The FCC’s one-to-one consent rule was vacated by the Eleventh Circuit in January 2025 in Insurance Marketing Coalition v. FCC. The rule never took effect and has been formally deleted from the Code of Federal Regulations. Multi-seller consent remains legally permissible under federal law. However, many industry participants maintain one-to-one or enhanced consent practices for stronger litigation defense, buyer requirements, and anticipation of possible future regulatory action.

Following Bradley v. Dentalplans.com (D. Md. 2024), electronic TCPA consent must satisfy both TCPA requirements and E-SIGN requirements. E-SIGN requires disclosure to consumers about electronic records, consent to receive disclosures electronically, and hardware/software requirement disclosure. Electronic consent captured without E-SIGN compliance may be unenforceable even if all TCPA-specific elements are present.

7. What is the penalty for calling without valid PEWC?

Statutory damages under TCPA are $500 per violation for negligent violations and $1,500 per violation for willful or knowing violations. There is no cap on aggregate damages. A calling campaign of 10,000 leads without valid consent creates $5-15 million exposure. Class actions aggregate individual violations, creating potential exposure reaching nine figures for large-scale operations.

8. How long must I retain PEWC documentation?

The TCPA statute of limitations is four years. Consent documentation should be retained for at least four years after the last contact made pursuant to that consent. Industry best practice is five years or longer to provide margin beyond the limitations period and accommodate delayed discovery of claims.

No. A TrustedForm certificate documents what happened during consent capture but does not guarantee compliance. If the consent disclosure was deficient, the seller was not properly identified, or consent was a condition of purchase, the certificate documents the problem – it does not cure it. Certificates must be retrieved, reviewed, and validated against TCPA requirements to serve as effective litigation defense.

10. How quickly must opt-out requests be processed under current rules?

The FCC’s April 2025 revocation rules require companies to honor consent revocation through any reasonable method within ten business days. Standard opt-out keywords (STOP, QUIT, CANCEL, etc.) trigger immediate revocation obligations. Confirmation messages, if sent, must be transmitted within five minutes and cannot contain marketing content.

Key Takeaways

  • PEWC requires six elements to be valid. Written agreement, consumer signature, clear seller authorization, identified phone number, not a condition of purchase, and clear and conspicuous disclosure. Missing any single element can invalidate consent and expose every caller downstream to $500-$1,500 per violation in statutory damages.

  • E-SIGN compliance is required for electronic consent. Following Bradley v. Dentalplans.com, electronic PEWC must satisfy E-SIGN disclosure and consent requirements in addition to TCPA requirements. This creates a second attack vector for plaintiffs that many operations have not addressed.

  • Third-party verification is industry standard, not optional. TrustedForm certificates and Jornaya LeadiDs provide independent documentation that withstands litigation. At $0.15-$0.50 per lead, the cost is trivial compared to $500-$1,500 statutory damages per violation.

  • Documentation must be retained for five years or longer. The four-year statute of limitations plus practical margin means consent documentation must be retrievable years after the original transaction. Lost documentation equals lost defense.

  • The 10-day revocation rule is now in effect. As of April 2025, companies must honor consent revocation through any reasonable method within ten business days. System synchronization across all communication channels is required – revocation in one system must propagate to all systems within the deadline.

  • Multi-seller consent remains legally permissible. The FCC’s one-to-one consent rule was vacated in January 2025. However, sophisticated buyers increasingly require single-seller or enhanced consent practices regardless of regulatory minimums.

  • Consent deficiencies are the primary source of TCPA exposure. Most class actions challenge consent validity. Disclosure clarity, seller identification, automated technology specification, and documentation practices determine whether your leads are assets generating revenue or liabilities generating lawsuits.

  • The burden of proof rests with the caller. If you cannot prove consent existed at the time of the call, courts presume non-compliance. Documentation is the foundation of litigation defense – consent without documentation is consent you cannot prove.

Legal and regulatory information current as of late 2025. TCPA requirements evolve continuously through FCC rulemaking, court decisions, and state legislation. Consult qualified TCPA counsel for current compliance requirements specific to your operations.

The Podcast

Industry Conversations.

Candid discussions on the topics that matter to lead generation operators. Strategy, compliance, technology, and the evolving landscape of consumer intent.

Listen on Spotify