This quarter has been marked by significant regulatory changes that compliance leaders need to be aware of to stay ahead in the ever-evolving landscape. Keep reading for a recap of the latest changes in TCPA, DNC, and contact compliance regulations from Q4 of 2024.

Effective Dates for FCC’s Consent Revocation Announced 

On October 11, 2024, the FCC (Federal Communications Commission) announced long-awaited effective dates for the Strengthening the Ability of Consumers to Stop Robocalls final rules (aka “Consent Revocation”). The FCC introduced these new standards for revoking consent, emphasizing the importance of respecting consumer choices faster. 

On April 4, 2024, one provision of the FCC’s Final Rule took effect: 

  • Confirmed choice: One consent confirmation message can be sent to the consumer revoking consent. The consent confirmation message can confirm multiple types of consent and cannot be promotional 

The following consent provisions become effective on April 11, 2025: 

  • How long and how: Callers must honor do-not-call and consent revocation requests within 10 business days or sooner (this is a compromise from the initially proposed 24 hours) and within 6 days for package delivery services and through reasonable means (although “reasonable means” has not yet been fully defined) 
  • Business impacts: When an opt-out for a marketing (promotional) message is received, ALL automated messaging* must stop for all purposes, except where an exemption exists. When an opt-out of informational message is received ALL automated messaging* must stop for all purposes – NO EXEMPTIONS  
  • Disclosure and terms: Disclosure is required if two-way texting is not available, with the caller providing an alternative method to opt-out and contract terms can’t dictate a consent revocation process 

*Both phone & text 

Click here for more info. 

New Telemarketing Sales Rule (TSR) Required Compliance by 10/15/2024 

October was an important month. New recordkeeping provisions published by the Federal Trade Commission’s (FTC) TSR NPRM in April 2024, were effective on May 16 and require compliance by October 15, 2024. Hopefully, you’ve prepared and are all set!  

A few key points to remember about the new recordkeeping rules: 

  • Applies to consumers only, not B2B 
  • Addresses inbound and outbound calls, including upsell  
  • Redefines “previous donor” (charitable solicitations), to within a 2-year period 
  • Increased records retention from 2 years to 5 years from end of contract 
  • Other category clarifications you need to double check: 
    • Internal DNC use restrictions 
    • DNC Registry access history 
    • Call Detail Record information 
    • Consent requirements, including screenprint capture 
    • Safe Harbor 
    • Customer Record requirements 
    • EBR requirements 
    • Previous donor requirements 
    • Employee information 
    • Service providers 
    • Marketing & Advertising materials 
    • Prize recipient data recipients 
    • And more 

Read our blog post for more information. 

FCC Adopts $6M Robocall Fine for Election Interference Scheme 

On September 26, 2024, the FCC (Federal Communications Commission) adopted the previously proposed $6 million fine against political consultant Steve Kramer for “illegal robocalls made using deepfake, AI-generated voice cloning technology and caller ID spoofing to spread election misinformation” in the NH presidential primary election earlier this year.  

This robocall event occurred in January 2024, and the FCC acted swiftly, passing legislation effective immediately (same day) on February 8th, making AI-generated voices in robocalls illegal and subject to Telephone Consumer Protection Act (TCPA) protections. 

Kramer, who was also indicted in New Hampshire, has 30 days to pay the fine. Last month, the FCC reached a settlement with Lingo Telecom on the same matter. 

See details on the Kramer forfeiture order here. 

A Common Question: Under TCPA, Are Cell Phones “Residential”? 

Whether or not cell phone numbers are considered residential is a widely debated topic, and the answer is usually yes. Unfortunately, the definition is constantly challenged, which is confusing and frustrating for companies trying to interpret legislation and do the right thing.  

As a rule, wireless telephone numbers registered on the FTC’s (Federal Trade Commission) National Do Not Call (DNC) Registry are presumptively residential because no distinction is made between the type of line, e.g. wireline vs wireless phone numbers, and businesses are not allowed to register.  

Courts routinely defer to the Federal Communications Commission (FCC) regulation and interpretations, but on June 28th, the Supreme Court overturned Chevron deference (Loper Bright v Raimondo overruled Chevron v. Natural Resources Defense Council), removing a required deference to previously defined FCC interpretations. 

In Cacho v. McCarthy & Kelly LLP, the plaintiff registered on the National DNC Registry and received 35 telemarketing calls on his cell phone over a six-week period. His phone was identified as personal and used for family and residential purposes. No longer bound by Loper Bright, the court conducted extensive analysis, considering TCPA protections afforded to residential subscribers and privacy safeguards from registration on the National DNC Registry. 

The District Court for the Southern District of New York reasoned the intent of TCPA distinguished between subscriber type and function vs technology types, with a goal to protect consumers, and ultimately the court’s decision was in alignment with previous FCC interpretations, ruling that wireless numbers registered on the DNC registry are considered “residential” telephone numbers. 

Additionally, the issue of “mixed-use” phones was addressed in the case of Lyman v. QuinStreet, Inc. (which was heard almost immediately after the Supreme Court ruling on Chevron), with the U.S. District Court for the Northern District of California denying defendant QuinStreet’s motion to dismiss on July 12, 2024, leaning on Chennette v. Porch.com, and holding that “cellular phones used for both personal and business purposes were presumptively residential.” 

Michigan SB 1037 Telephone Solicitation Act 

Reintroduced in the Michigan State Legislature by Senator Mary Cavanagh on 10/16/2024 as Senate Bill 1037 (original: HB 6307), this Telephone Solicitation Act has been referred to committee for review. Although this bill still has some distance to cover, it’s worth watching. 

Key points of this bill include: 

  • Expanded definition of Express Verifiable Authorization means a written agreement that includes: 
  • Valid signature of the called subscriber 
  • Clear authorization to deliver solicitation via automated technology or (pre)recorded messages 
  • Subscriber authorized telephone number 
  • Clear and conspicuous disclosures regarding telephone solicitations and signature requirements 
  • Definition of a “person” includes terms for business entities (e.g. “partnership,” “corporation,” etc.) 
  • Bans calls to numbers on most recent do not call list (residential landline and wireless) 
  • Includes a rebuttable presumption regarding calls to a Michigan area code are residential 
  • No caller ID blocking or misrepresentation allowed 
  • No calls allowed to individuals or businesses on internal (entity specific) do not call list 
  • Allowable calling window from 9 am – 8 pm 
  • Double penalty possibility (if an action violates FCC’s TCPA, it also violates this state law) 
  • The Attorney General is empowered to serve discovery demands 
  • $25,000 per violation (note: a single call could have multiple violations) 
  • Fines for calls to ‘vulnerable’ numbers can be up to $100k for each “persistent and knowing violation” 
  • Private Right of Action for $1,000 per call plus attorney’s fees 

Read here for more information.  

Scam Robocall Investigation by FCC Enforcement Bureau Leads to Action Against Identidad Advertising Development 

In ongoing efforts to protect consumers from scam robocalls, Federal Communications Commission (FCC) investigators and the Anti-Robocall Multistate Litigation Task Force took action against Identidad Advertising Development for transmitting illegal robocalls from callers impersonating financial institutions.  

Identidad served as the gateway provider allowing over a million scam robocalls made to wireless phones onto the U.S. network between July and September 2024. These prerecorded messages were deceitful transactional fraud alerts posing as courtesy notifications from Visa and Mastercard, stating very specific amounts charged at well-known retailers. Instructions said to hang up if the charges were valid, or “press 1” to report fraud. Return calls resulted in attempts to collect large sums of money from consumers. 

Actions taken by the FCC included a cease-and-desist letter to Identidad to stop the robocall campaign, and the issuance of a K4 public notice to telecom voice service providers to block traffic received from Identidad. If Identidad fails to comply with the cease-and-desist order, blocking of all downstream traffic from Identidad may become mandatory. 

To learn more, click here. 

FCC Approves Georouting NRPM Rules for Wireless 988 Calls and Texts 

On October 17, 2024, the Federal Communications Commission (FCC) adopted new rules intended to enhance and support the 988 Lifeline caller experience. The rules require text and wireless provider solutions enabling georouting of 988 calls to local crisis centers based on call origin. 

The FCC press release states “mental health and crisis counseling experts have long expressed that connecting callers in crisis with local crisis centers is important to connect those in need with life-saving public health and safety resources and enable them to speak with local counselors who may be more familiar with cultural issues or community stressors in the caller’s area.”  

The new rules also revise the Commission’s existing 988 voice and texting rules to allow for routing of 988 calls and texts to the 988 Lifeline without the need for translation to a toll-free number.  

On November 20, 2024, the FCC published the proposed rule in Federal Register, seeking comment “on requiring covered text providers, including wireless providers, to support georouting to ensure that the 988 Suicide & Crisis Lifeline (988 Lifeline or Lifeline) may route covered 988 text messages to appropriate local crisis centers.”   

The Proposed Rule also included the following confirmed dates: 

Comment Date: December 20, 2024 

Reply Comment Date: January 9, 2025 

See the full FCC Third Report and Order and Third Further Notice of Proposed Rulemaking here. 

FTC Announces Final Rule on “Click to Cancel” Practices 

The FTC’s new “Click to Cancel” Rule, announced on October 16th, simplifies subscription cancellations and has sparked mixed reactions. This rule, part of the Rule Concerning Recurring Subscriptions and Other Negative Option Programs, culminates five years of proceedings and modifies several provisions based on public comments. 

While the rule aims to protect consumers from unfair subscription practices, some argue it overreaches. Commissioner Holyoak dissented, stating it exceeds existing laws and preempts state laws. Industry groups have petitioned to vacate the rule, calling it arbitrary and capricious. 

Key provisions include: 

  • Clear Disclosures: Material terms must be disclosed clearly before billing. 
  • Affirmative Consent: Sellers must obtain explicit one-to-one consent before charging consumers. 

These objectives align with upcoming FCC rulings on consent for robocalls and consent revocation, effective in 2025. Businesses should leverage this knowledge to align their practices with both FTC and FCC requirements. 

The final rule will be effective 60 days after publication in the Federal Register, with certain sections effective 180 days after publication. 

Read more here. 

FTC Final Rule on Negative Option (“Click to Cancel”) Effective Dates published 

Recently highlighted in the Gryphon Regulatory Report, the October 16th Federal Trade Commission (FTC) announcement of the controversial Final “Click to Cancel” Rule aimed at simplifying how consumers can cancel subscriptions without undue burden officially has an effective date of January 14, 2025.  

While effective in January, regulated entities have until May 14, 2025, to comply. 

Notable tenets of this new final rule: 

  • Prohibits misrepresentation of any material fact made while marketing using negative option features 
  • Requires clear disclosures of material terms; must be disclosed “clearly and conspicuously” before billing information is obtained 
  • Requires affirmative consent before a consumer can be charged; the seller must obtain “unambiguously affirmative” express informed consent, “separately from any other portion of the transaction” 
  • Requires cancelation simplicity: “Seller to provide consumers with simple cancelation mechanisms to immediately halt all recurring charges” 

Note there are some differences between the final rule and the proposed rule. The proposed rule would have required sellers to send yearly reminders about the negative option feature. It would have also prohibited sellers from forcing consumers to receive offers without clear consent. The Commission reviewed feedback on these points and decided not to include these provisions in the final Rule. Instead, they will seek further comments through a supplemental NPRM and keep the discussion open. 

In response to comments, the Commission added two definitions and two provisions to the Final Rule for clarity. It defines “material” and “interactive electronic medium” as discussed in the NPRM and it includes a severability provision and a provision for requesting exemptions from the Rule. 

Click here for further information. 

Commissioner Brendan Carr Announced as New FCC Chairman 

President-Elect Donald Trump announced new Federal Communications Commission (FCC) leadership. Current FCC Commissioner Brendan Carr will assume the role of FCC Chairman, replacing current FCC Chairwoman Jessica Rosenworcel. 

FTC Adopts Final TSR Rule for Inbound Telemarketing Tech Support Calls   

In April 2024, the Federal Trade Commission (FTC) sought public comment on the Telemarketing Sales Rule (TSR) proposal extending coverage to inbound tech support calls, reported as defrauding consumers 60 and older of more than $175 million in losses within the last year. See this FTC report to Congress on protecting older consumers.    

A tech support scam is a type of fraud where scammers trick people into calling them for fake technical support. They use fake alerts (pop ups or messages on your computer or phone, claiming there’s a serious problem or virus), using urgency to encourage calling for immediate help – which is also phony. The scammers steal money or personal information, often asking for payment through hard-to-reverse methods like gift cards, wire transfers, or cryptocurrency.   

On November 27th, the FTC approved final TSR amendments extending coverage to inbound tech support calls, and it was published in the Federal Register on December 10th.    

The amendments are effective January 9, 2025.   

FCC Adopts Rules Strengthening Caller ID Requirements for Third-Party Authentication Solutions   

“Scammers falsify caller ID information to deceive call recipients into believing they are trustworthy.”    

On November 21st, the Federal Communications Commission (FCC) adopted the 8th Report & Order as part of ongoing efforts to curb illegally spoofed robocalls and maintain consumer protection, with new service provider requirements around third-party authentication.   

Caller ID information must be verified by the service provider, either by meeting STIR/SHAKEN IP protocols, or by relying on third parties for authentication.   

Under new rules, two conditions must be met:   

  • Compliance with STIR/SHAKEN Technical Standards: Service providers remain responsible and accountable for ensuring attestation-level decisions made by the third party align with the STIR/SHAKEN technical standards.   
  • Use of Service Provider’s Credentials: Any calls authenticated by the third party must use the service provider’s Service Provider Code (SPC) token and digital certificate.   

These requirements aim to maintain the integrity of the STIR/SHAKEN framework and ensure accountability in the caller ID authentication process.   

See the FCC Press Release here.    

FCC Announces Robocall Mitigation Database Compliance Failures and Consequences    

The Federal Communications Commission’s (FCC) Robocall Mitigation Database (RMD) requires voice service providers to certify their efforts in combating illegal robocalls, including implementing the STIR/SHAKEN caller ID authentication framework. This database helps the FCC and law enforcement agencies track and enforce compliance, aiming to reduce the number of unwanted and fraudulent calls.   

On December 10th, in partnership with the 51-attorney general Anti-Robocall Multistate Litigation Task Force, the FCC’s Enforcement Bureau issued an order naming 2,411 voice service providers who “failed to file properly” in the RMD, and now, by December 31, 2024, “must show cause why they should not be removed” from the RMD.   

Also on December 10th, state prosecutors for New Hampshire and North Carolina issued warnings to voice service providers transmitting suspected robocalls in their respective states.   

The consequences for being removed from the RMD are steep and would require all intermediate providers and voice service providers to cease accepting all calls directly from the company.   

And that’s not all. Newly proposed FCC RMD rules include annual re-certification, $10,000 fines for submitting false or inaccurate information, and $1,000 for failure to keep information current.    

See the FCC Press Release here.   

About Gryphon.ai  

Staying updated with the latest regulatory changes is crucial for any enterprise aiming to minimize risk and maximize reach. Gryphon.ai is the only automatic, real-time, intelligent contact compliance solution on the market that delivers compliant, real-time intelligence into every customer conversation.  

With Gryphon.ai, enterprises can stay ahead of the regulatory curve and efficiently manage all regulatory changes, ensuring seamless compliance and operational excellence.  

To learn more about how Gryphon can help you manage these updates, reach out to us today. 

Regulatory Report: February 2025

Below is a recap of essential regulatory updates for contact compliance professionals for the month of February.  Reminder: FCC’s Revocation of Consent Rule Goes Into Effect April 11, 2025  In…

Regulatory Round Up: Q4 2024

This quarter has been marked by significant regulatory changes that compliance leaders need to be aware of to stay ahead in the ever-evolving landscape. Keep reading for a recap of…

Regulatory Report: January 2025

Below is a recap of essential regulatory updates for contact compliance professionals for the month of January.  February 2025 Holiday Solicitation Bans  Please be aware of the following U.S. holiday…