As of April 11, 2025, the FCC’s new revocation rules under the TCPA are in effect. If your company makes telemarketing calls, sends marketing text messages, or purchases leads that result in either, you are now operating under a significantly tighter consent revocation framework.
The two core changes:
-
You have 10 business days to honor an opt-out request. The previous standard was a “reasonable time,” which most companies interpreted as 30 days. That cushion is gone.
-
Consumers can revoke consent “in any reasonable manner.” You can no longer require consumers to use a specific method — like texting “STOP” to a particular short code — as the exclusive path to opt out.
These changes were adopted by the FCC in its February 2024 order (FCC 24-18), with an effective date of April 11, 2025. The comment period is closed. The rules are final. And the enforcement implications are immediate.
The 10-Business-Day Window: What It Actually Requires
Under the prior framework, the TCPA and its implementing regulations at 47 C.F.R. Section 64.1200 required callers to honor opt-out requests within a “reasonable time.” The FCC and courts generally accepted 30 calendar days as reasonable, borrowing from the CAN-SPAM Act’s email opt-out framework.
The new rule replaces that ambiguity with a hard deadline: 10 business days from the date the consumer makes the revocation request. Not 10 calendar days. Business days. Weekends and federal holidays do not count.
That sounds like more time than it is. Consider a consumer who texts “stop” on a Friday afternoon. Day one of the 10-business-day clock starts Monday. If there is a federal holiday in the following two weeks, the deadline extends slightly, but in a typical two-week span, you are looking at roughly 14 calendar days from the revocation to the compliance deadline.
For companies with simple, direct-to-consumer texting programs, this may be manageable. For companies operating in the lead generation ecosystem — where a single consumer’s consent may be shared with multiple buyers, each of whom may be using different CRM platforms, dialers, and SMS vendors — 10 business days is extremely tight.
Every system in the chain must receive and process the suppression within that window. If a lead buyer’s dialer makes a call on business day 11, the seller, the lead generator, and the buyer all face potential TCPA liability.
”Any Reasonable Manner”: The End of STOP-Only Systems
The second change is arguably more disruptive than the first.
Previously, many companies channeled all opt-out requests through a single mechanism. For SMS programs, that typically meant: text “STOP” to this number. For phone calls, it meant: press 1 to be placed on our do-not-call list, or call this toll-free number. If a consumer used any other method — replying “CANCEL,” sending an email, calling a customer service line and asking to be removed — many companies simply did not process it.
That practice is now a violation.
The FCC’s order states that consumers may revoke consent “by any reasonable means that clearly expresses a desire to receive no further messages or calls.” The FCC specifically identified the following text responses as reasonable opt-out requests that must be honored:
- STOP
- QUIT
- END
- REVOKE
- OPT-OUT
- CANCEL
- UNSUBSCRIBE
But the FCC was clear that this list is not exhaustive. A consumer who replies “take me off your list,” “don’t text me again,” “please remove my number,” or any similar language is making a reasonable revocation request. If your system only processes the keyword “STOP” and ignores everything else, you are now in violation of 47 C.F.R. Section 64.1200.
The FCC also confirmed that revocation requests made through other channels — email, voicemail, website contact forms, social media messages, or verbal requests to a customer service representative — are equally valid. A consumer should not need to know your internal systems or preferred opt-out channel. They just need to say, in any reasonable way, that they want the contact to stop.
The Multi-Channel Problem
This is where the operational difficulty multiplies.
Consider a lead generation scenario. A consumer fills out a web form and provides consent for “up to 5 companies” to call about auto insurance. That consent is sold to four different lead buyers, each using a different dialer and CRM. One buyer begins calling. Another begins texting.
The consumer receives a text from Buyer A and replies “CANCEL.” Under the new rules, Buyer A must suppress that number within 10 business days. But what about Buyers B, C, and D? If the consumer’s revocation was directed at the specific consent that generated the leads, the argument can be made that all buyers relying on that same consent event should suppress the number.
The FCC’s order acknowledges this complexity but does not fully resolve it. The burden falls on the caller or texter to ensure they have valid, unrevoked consent at the time of each communication. If a consumer’s revocation was directed at “Company X” specifically, Company Y may still have valid consent. But if the consumer’s message was general — “stop calling me about auto insurance” — all parties relying on that original consent event are at risk.
This creates a practical requirement that many lead generation operations are not equipped to handle: real-time or near-real-time suppression synchronization across multiple buyers and platforms.
CRM and Dialer System Requirements
The new rules expose a gap in how most CRM and dialer systems handle suppression. Here is what your systems need to support as of April 11:
Multi-keyword recognition. Your SMS platform must recognize and process opt-out requests sent as STOP, QUIT, END, REVOKE, OPT-OUT, CANCEL, and UNSUBSCRIBE at minimum. Ideally, it should also use natural language processing or keyword matching to identify free-text opt-out requests like “remove me” or “don’t text.”
Cross-channel suppression. An opt-out received via text must suppress the number across your calling programs as well, and vice versa. A consumer who says “stop calling” on a phone call should not receive a text the next day.
Timestamped suppression records. You need to be able to prove when the opt-out was received and when it was processed. If a plaintiff alleges you called them after they opted out, your defense is the timestamp showing you processed the suppression within 10 business days. Without that record, you lose.
Downstream notification. If you sell leads or share consent with partners, you need a mechanism to notify downstream buyers when a consumer revokes consent. This is not explicitly required by the FCC’s order, but it is a practical necessity. If your lead buyer calls a consumer who already revoked through your platform, the resulting TCPA suit will name everyone in the chain.
Suppression across all numbers. If a consumer has provided multiple phone numbers, or if you are reaching the same consumer on multiple numbers, the suppression should apply to the consumer, not just the specific number they texted “STOP” from. This is an area where over-compliance is far cheaper than litigation.
How eConsent Handles Revocation Tracking
eConsent’s consent management platform was designed from the ground up to treat revocation as a first-class event, not an afterthought bolted onto a CRM.
When a consumer provides consent through an eConsent-verified form, the platform generates a consent certificate that includes the full session recording, disclosure language, timestamp, and consumer identifiers. When that same consumer later revokes consent — through any channel — the revocation event is linked directly to the original consent certificate.
This creates a complete consent lifecycle: grant, use, and revocation, all tied together with immutable timestamps and audit trails. When a TCPA dispute arises, eConsent can produce not just the original consent record, but the exact time revocation was received and processed, satisfying the 10-business-day documentation requirement.
The platform also supports multi-keyword detection across SMS channels and provides API-based suppression notifications to downstream lead buyers, enabling the cross-platform synchronization that the new rules demand.
Enforcement Risk Is Real
The FCC did not adopt these rules as suggestions. The TCPA’s private right of action at 47 U.S.C. Section 227(b)(3) allows individual consumers and classes to sue for $500 per violation, trebled to $1,500 for willful violations. A “willful” violation does not require intent to harm — it requires only that the caller knew or should have known the call was prohibited.
After April 11, 2025, every company has constructive knowledge of the new rules. A company that continues to operate a STOP-only opt-out system, or that takes 30 days to process suppressions, is not making an innocent mistake. It is disregarding published FCC rules. Plaintiffs’ attorneys will argue — persuasively — that this constitutes willful conduct, triggering the treble damages provision.
For a company that sends 50,000 marketing texts per month and has a 2% opt-out rate, failing to process even one month’s worth of revocations within 10 business days could generate 1,000 violations at $1,500 each: $1.5 million in exposure from a single month of non-compliance.
What You Should Do Now
1. Test your opt-out system today. Send “CANCEL,” “QUIT,” “END,” “UNSUBSCRIBE,” and “remove me from your list” to your marketing SMS numbers. If any of those messages are not processed as opt-outs, your system is non-compliant.
2. Measure your suppression latency. Time how long it takes from when a consumer sends an opt-out to when their number is fully suppressed across all calling and texting platforms. If it is longer than 10 business days, you have a problem.
3. Implement cross-channel suppression. An opt-out via text must suppress calling. An opt-out via phone must suppress texting. If your CRM and dialer operate as separate silos, connect them.
4. Document everything. Keep timestamped records of every opt-out received, the channel it came through, the exact language used, and the date the suppression took effect. These records are your defense in litigation.
5. Notify downstream partners. If you sell leads, build a notification mechanism (API webhook, suppression file feed, or real-time sync) to inform buyers when a consumer revokes. Their compliance is your liability.
6. Update your privacy policy and disclosures. Your consumer-facing materials should explain that consumers can opt out “by any reasonable means” and should list multiple methods (reply STOP, email, call, etc.). This both informs consumers and demonstrates your good faith compliance.
The 10-business-day window and the “any reasonable manner” standard are the new floor. Companies that build their revocation processes to meet — and exceed — these requirements will be positioned to defend themselves in litigation. Companies that do not will find that the cost of a system upgrade is a fraction of the cost of a class action settlement.