Prior express written consent is the legal standard that determines whether you can legally make a telemarketing call or send a marketing text to a consumer. If you generate, buy, or sell leads, this is the single most important concept in your compliance program. Get it right and you have a defensible business. Get it wrong and you face statutory damages of $500 to $1,500 per call or text, multiplied across every consumer you contacted.
This guide breaks down exactly what prior express written consent means, what the law requires, where companies fail, and how to build consent records that hold up under scrutiny.
The Legal Definition
The term “prior express written consent” comes from the Telephone Consumer Protection Act of 1991 (47 U.S.C. Section 227), as interpreted by the Federal Communications Commission. The FCC codified the modern requirements in its 2012 rule amendments and the 2013 Omnibus Declaratory Ruling, which eliminated the “established business relationship” exemption for telemarketing calls and established the written consent standard.
In plain terms: before you make a telemarketing call using an automatic telephone dialing system (ATDS) or prerecorded voice, or before you send a marketing text message, you need the consumer’s written agreement. That agreement must meet specific criteria. A vague “I agree to be contacted” buried in a terms of service page does not qualify.
The FCC defines prior express written consent as an agreement, in writing, bearing the signature of the person called, that clearly authorizes the seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an ATDS or prerecorded/artificial voice. The written agreement must include the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered.
This definition appears in 47 C.F.R. Section 64.1200(f)(9).
The Four Required Elements
Every valid prior express written consent must contain four elements. Miss any one of them and your consent is potentially invalid.
1. Clear and conspicuous disclosure
The consumer must see a disclosure that tells them what they are agreeing to. The FCC’s 2013 Omnibus Declaratory Ruling specifies that the disclosure must be “clear and conspicuous,” meaning the consumer should not have to hunt for it. It cannot be hidden in a dense privacy policy, collapsed behind an accordion menu, or rendered in 8-point gray text on a white background.
The disclosure must explain that the consumer is agreeing to receive telemarketing calls or texts, that those calls may be made using an autodialer or prerecorded voice, and who will be making the calls.
2. Signature of the consumer
The signature can be electronic. The E-SIGN Act (15 U.S.C. Section 7001) and state equivalents like UETA make clear that a checkbox click, button press, or typed name can constitute a valid electronic signature, provided the consumer took an affirmative action to indicate agreement.
The key word is “affirmative.” Pre-checked boxes do not count. A form submission where the consent checkbox is checked by default does not constitute a signature because the consumer never took action to grant consent. The FCC explicitly addressed this in its 2012 rule amendments.
3. Identification of the specific seller
This is where the FCC’s January 27, 2025, one-to-one consent rule fundamentally changed the game. Prior to this rule, many lead generators collected consent for multiple sellers with a single checkbox and a disclosure that listed dozens of companies, often behind a hyperlink labeled “marketing partners.”
That practice is no longer sufficient. The one-to-one consent rule requires that consent be given for a single, identified seller. The consumer must know exactly which company will contact them and agree to that specific company’s calls or texts. A blanket consent covering a list of partners is no longer legally defensible for calls or texts made after the rule’s effective date.
4. Not conditioned on purchase
The consumer’s consent to receive telemarketing calls or texts cannot be a condition of purchasing a product or service. The disclosure must state that agreeing to be contacted is not required as a condition of purchase.
This is not optional language. The FCC’s rules explicitly require this statement to be part of the written consent agreement. If your form makes it appear that the consumer must agree to marketing calls in order to get a quote, complete a transaction, or access a service, your consent is defective.
Common Mistakes That Invalidate Consent
TCPA plaintiff attorneys know exactly what to look for when challenging consent. These are the mistakes that generate lawsuits.
Pre-checked consent boxes
If the consent checkbox is checked before the consumer interacts with it, you do not have prior express written consent. Period. The FCC addressed this directly and courts have consistently held that pre-checked boxes fail the affirmative consent requirement.
Buried or obscured disclosures
Placing the TCPA disclosure below the fold, behind a “show more” link, inside a scrollable container that is not visually obvious, or in a font size materially smaller than the surrounding text creates an argument that the consent was not “clear and conspicuous.” Plaintiff attorneys will take screenshots of your form on a mobile device and argue the consumer never saw the disclosure.
Dark patterns and misleading design
Form designs that visually steer the consumer toward clicking the consent button without reading the disclosure are increasingly scrutinized. Examples include making the consent button bright and prominent while the disclosure text is faint and small, or placing the disclosure after the submit button so the consumer has already committed before seeing it.
Bundled seller consent
Even before the one-to-one consent rule, courts were skeptical of consent forms that bundled dozens of sellers behind a single checkbox. After the rule’s effective date, this approach is explicitly non-compliant. Each seller needs its own discrete consent.
Stale or transferred consent
Consent is not a permanent, transferable asset. If a consumer gave consent to Company A, that consent does not automatically transfer to Company B when Company B buys the lead. The consent must name the specific entity that will be doing the calling. Similarly, consent obtained years ago for a different purpose may not cover current telemarketing campaigns.
No record retention
Having consent at the time of the call is necessary but not sufficient. You need to be able to prove you had consent when challenged. If your only evidence is a database flag showing “opted in: true,” you will not survive a motion for summary judgment. Courts expect contemporaneous records of the consent event.
How Digital Consent Records Serve as Defensible Proof
The standard for consent proof is higher than most companies realize. A CRM record showing that a lead opted in does not demonstrate what the consumer actually saw, what disclosure was presented, or whether the consent checkbox was pre-checked. When a plaintiff attorney deposes your compliance officer and asks “show me what the consumer saw when they gave consent,” you need more than a database entry.
Defensible digital consent records include:
-
Session recordings. A visual recording of the consumer’s browsing session showing the actual form, the disclosure as rendered, and the consumer’s interaction including scrolling, reading, and clicking the consent checkbox. This is the closest equivalent to a video deposition of the consent event.
-
Consent certificates. A structured document generated at the moment of consent that captures the consumer’s phone number, IP address, user agent, timestamp, the full disclosure text, and a cryptographic hash proving the record has not been modified.
-
Page snapshots. A capture of the form’s HTML and CSS at the time of consent, preserving the exact visual presentation regardless of future page changes.
-
Metadata. IP geolocation, browser fingerprint, and device information that corroborate the consumer’s identity and the circumstances of consent.
When these artifacts are generated automatically at the moment of consent and stored immutably, they create an evidence package that addresses every element a court will examine: what was disclosed, how the consumer agreed, when it happened, and that the record has not been altered.
eConsent generates this complete evidence package with a single script tag on your consent form. Session recordings, SHA-256 hashed consent certificates, and page snapshots are captured automatically at form submission and stored immutably for seven years. When a TCPA challenge arrives, you pull up the certificate and replay exactly what the consumer experienced.
The Practical Takeaway
Prior express written consent is not just a legal concept. It is an operational requirement that touches your forms, your lead flows, your vendor agreements, and your data retention policies. The companies that treat consent as a technical infrastructure problem, rather than a checkbox to satisfy legal counsel, are the ones that build defensible businesses.
If you cannot produce a consent certificate and session recording for every lead in your pipeline, you have a gap. The question is not whether it will be exploited, but when.
Ready to capture defensible consent records automatically? Start for free or schedule a demo to see how eConsent documents every consent event.