Running a compliant call center in 2026 means navigating a layered regulatory environment where federal law sets the floor, state laws raise the bar, carrier policies add additional constraints, and the penalty for getting any layer wrong ranges from five-figure FCC fines to eight-figure class action settlements. The operators who survive and grow are the ones who treat compliance as operational infrastructure — not a legal afterthought — and build it into their technology stack from the carrier layer up.
This guide maps the complete compliance landscape for outbound call center operations. SIPNEX is an FCC-licensed carrier that provides SIP trunks for call centers and predictive dialer operations. We see the compliance landscape from the carrier side — we know which rules affect the trunk, which rules affect the dialer, and where the two intersect.
The federal layer: TCPA and TSR
Two federal statutes form the foundation of call center compliance.
The Telephone Consumer Protection Act (TCPA) — 47 U.S.C. § 227 — governs autodialed calls, prerecorded messages, and text messages. The full TCPA compliance breakdown is covered in our dedicated guide. The key provisions for call centers: prior express written consent is required for telemarketing calls using an autodialer or prerecorded voice to cell phones. The Do Not Call Registry must be honored with lists scrubbed at least every 31 days. Calling hours are restricted to 8 a.m. to 9 p.m. in the recipient’s local time zone. The abandon rate for predictive dialing campaigns must stay below 3 percent. Penalties are $500 to $1,500 per violation with no cap on total damages.
The Telemarketing Sales Rule (TSR) — 16 C.F.R. Part 310 — is enforced by the FTC and applies to telemarketing transactions (selling goods or services by phone). The TSR requires additional disclosures beyond what the TCPA mandates: the seller must promptly identify themselves and the purpose of the call. The TSR prohibits calls before 8 a.m. or after 9 p.m. (consistent with TCPA). It requires that the caller transmit caller ID information (you must display a valid phone number that the consumer can call back). It prohibits certain payment methods in telemarketing transactions (cash-to-cash money transfers, remotely created checks in many contexts). TSR violations carry penalties up to $50,120 per violation as of 2025 (adjusted annually for inflation).
The interaction between TCPA and TSR matters because they are enforced by different agencies (TCPA by the FCC, TSR by the FTC) with different priorities. A single calling campaign can violate both statutes simultaneously, exposing the operator to enforcement actions from two federal agencies plus private lawsuits under the TCPA’s private right of action.
The state layer: 50 jurisdictions, 50 rule sets
Federal law sets the minimum. States can and do impose stricter requirements. For a call center making interstate calls, you are subject to the strictest applicable law for each call — typically the law of the state where the called party is located.
State telemarketing registration. Over 30 states require businesses engaged in telemarketing to register with a state agency (typically the Attorney General or Secretary of State) and pay a registration fee before placing telemarketing calls to residents of that state. Failure to register is itself a violation, separate from any TCPA or TSR issues. Some states require a bond in addition to registration. If you call nationally, you should check registration requirements in every state you call into — or use a compliance vendor that tracks this for you.
State Do Not Call lists. Several states maintain their own DNC registries separate from the federal National Do Not Call Registry. Indiana, Pennsylvania, Colorado, Wyoming, and others have state-specific lists. You must scrub against both the federal and applicable state lists. The state lists update on their own schedules and the penalties for state DNC violations are separate from federal penalties.
State calling hour restrictions. The federal window is 8 a.m. to 9 p.m. local time. Some states are stricter — Oregon restricts certain calls before 9 a.m. Some states prohibit telemarketing calls on Sundays or state holidays. Build a state-specific calling hours matrix into your dialer hopper configuration.
State call recording consent. Fifteen states require all-party consent for call recording. If you record calls for quality assurance or compliance documentation, you must disclose the recording and obtain consent in all-party consent states. The penalties for recording without consent include criminal felony charges in some states (Florida, Pennsylvania, Massachusetts).
State-specific TCPA equivalents. Florida’s Telephone Solicitation Act, California’s automatic dialing statutes, and several other state laws impose requirements that go beyond or differ from the federal TCPA. Florida’s statute has a broader ATDS definition than the federal law post-Duguid. California’s statutes impose consent requirements for prerecorded calls to landlines that the federal TCPA does not require. Compliance with federal TCPA alone is insufficient for national calling campaigns.
The carrier layer: STIR/SHAKEN, attestation, and network policies
This is where your carrier selection intersects with compliance, and it is the layer most operators overlook.
STIR/SHAKEN attestation is now a de facto compliance requirement. While there is no law that says “you must have A-level attestation,” the practical reality is that calls with low attestation receive worse treatment from carrier spam filters, which means lower answer rates, which means you need to make more calls to reach the same number of people, which increases your DNC exposure, abandon rate risk, and overall compliance surface area. A-level attestation from a direct carrier like SIPNEX reduces your compliance risk indirectly by improving answer rates and reducing the total number of calls needed to achieve campaign objectives.
Carrier Acceptable Use Policies. Every carrier has an AUP that governs what you can and cannot do on their network. SIPNEX’s Acceptable Use Policy prohibits illegal spoofing, calls to numbers on the National DNC Registry without proper exemption, and traffic patterns consistent with illegal robocalling. Violating the AUP can result in service suspension — a carrier-level enforcement mechanism that is faster and more immediate than regulatory action.
Robocall Mitigation Database (RMD). FCC regulations require carriers to file robocall mitigation plans in the RMD. SIPNEX is registered in the RMD. Carriers that are not registered face downstream blocking — other carriers may refuse to accept traffic from non-registered carriers. If your carrier is not in the RMD, your calls may be blocked at the terminating carrier level regardless of your own compliance practices.
Building a compliance infrastructure
Compliance is not a document you create once and file away. It is an operational system that must be integrated into your technology stack.
Consent management. Build consent capture into your lead acquisition process. Every lead should have a consent record: the exact disclosure language shown, the timestamp, the method (web form, verbal, paper), the phone number consented, and a unique record ID that links to the lead and to subsequent call records. Store consent records in a database separate from your CRM — if a class action firm sends a discovery request, you need to produce consent evidence for every number in the class. Your carrier’s CDR data provides the call records; your consent database provides the authorization records. The two together form your compliance evidence chain.
DNC management. Scrub every list against the National DNC Registry before loading into your dialer. Scrub against applicable state registries. Maintain your company-specific DNC list in your CRM or dialer with a suppression flag that blocks the number across all campaigns, not just the current one. When an agent receives a verbal DNC request, the system must add the number to the company DNC list in real time — before the agent’s next call, not at the end of the shift.
Calling hours enforcement. Configure your dialer to enforce 8 a.m. to 9 p.m. in the recipient’s local time zone. In VICIdial, use the hopper’s timezone filtering and the campaign’s local call time settings. Apply state-specific restrictions on top of the federal window. Test your timezone logic quarterly by checking CDRs for calls placed outside permitted windows — even a 1 percent error rate in timezone calculation can generate hundreds of violations in a high-volume campaign.
Abandon rate monitoring. Configure your predictive dialer to target an abandon rate well below 3 percent — a target of 1 to 2 percent gives you a safety margin. In VICIdial, use adaptive dialing with a drop percentage target. Monitor the 30-day rolling abandon rate (the measurement period the FCC uses) and alert if it approaches 2.5 percent. A single day of aggressive dialing that pushes the daily rate to 5 percent can pull the 30-day average above the threshold.
Recording and documentation. Record all calls in compliance with state recording consent laws (disclose on every call). Retain recordings linked to CDRs with timestamps. Retain consent records, DNC scrub logs, campaign configurations, and training records. Establish a retention period that covers the longer of your industry’s requirement or the statute of limitations for TCPA claims (typically 4 years from the date of the violation).
Frequently asked questions
What federal laws apply to call centers?
The two primary federal statutes are the Telephone Consumer Protection Act (TCPA, 47 U.S.C. § 227) and the Telemarketing Sales Rule (TSR, 16 C.F.R. Part 310). The TCPA governs autodialed calls, prerecorded messages, and text messages, with provisions for consent, DNC, calling hours, and abandon rates. It is enforced by the FCC and carries a private right of action allowing consumers to sue directly. The TSR governs telemarketing transactions, requiring caller identification, prohibiting certain payment methods, and imposing disclosure requirements. It is enforced by the FTC with penalties up to $50,120 per violation. Both laws apply simultaneously to telemarketing call center operations, and a single campaign can violate both.
Do I need to register in every state I call into?
Over 30 states require telemarketing registration before you can place telemarketing calls to residents. The specific requirements — registration forms, fees, bonding, annual renewal — vary by state. If you call nationally, you should either register in every state with a registration requirement or use a compliance service that tracks state registration obligations. Failure to register is a separate violation from TCPA or TSR issues — you can be fully TCPA-compliant but still violate state law by calling without registration. State attorneys general actively enforce registration requirements, and some states impose per-call penalties for unregistered telemarketing.
How does my carrier choice affect compliance?
Your carrier provides the infrastructure that either supports or undermines your compliance program. Key factors: STIR/SHAKEN attestation level (A-level from a direct carrier improves answer rates and reduces the total calls needed, lowering your compliance exposure), call recording infrastructure (carrier-level recording with CDR timestamps provides compliance documentation), CDR access (detailed call records are essential for demonstrating compliance in litigation), and network compliance (carriers registered in the FCC’s Robocall Mitigation Database ensure your calls are not blocked by downstream carriers). A carrier on a reseller trunk with B-level attestation, no recording infrastructure, and limited CDR access creates a structural compliance disadvantage that no amount of policy documentation can overcome.
What are the biggest compliance risks for call centers in 2026?
The three highest-risk areas are: (1) Consent defects — invalid, expired, or poorly documented consent is the number one cause of TCPA class actions. Plaintiffs’ attorneys target consent because the evidence requirements are clear and the statutory damages are large. (2) State-level violations — operators who focus only on federal TCPA compliance and ignore state telemarketing registration, state DNC lists, state calling hour restrictions, and state recording consent laws are exposed on multiple fronts. (3) Abandon rate violations — predictive dialing that exceeds the 3 percent abandon rate threshold generates per-call violations that aggregate quickly at high volume. A single day of aggressive dialing can create thousands of violations.
SIPNEX provides the carrier-level compliance infrastructure that call centers need: A-level STIR/SHAKEN attestation, call recording, real-time CDR access, and a carrier registered in the FCC’s Robocall Mitigation Database. Talk to an operator or see our rates.
Keep Reading
SIPNEX
FCC-licensed carrier with its own STIR/SHAKEN SP certificate. Operator-owned. SIP trunks built for operators who dial at volume.