OneLife Marketing Solutions LLC
Lead Center
Blog/Compliance

TCPA Consent for Insurance Agents in 2026: What the Rule Change Means For Your Lead Program

The FCC tried to rewrite consent rules for insurance lead generation. A federal court struck it down. Here is what actually governs your lead program right now — and why your compliance strategy still matters.

June 28, 2026·11 min read·Compliance·By OneLife Editorial
On this page
What the FCC tried to do in 2023What actually happened: the rule was vacatedWhat standard governs insurance leads in 2026Why agents still have significant compliance exposureThe specific risk for Medicare agentsWhat this means for how you evaluate lead vendorsWhy exclusive leads remain the lower-risk modelThe current compliance checklistBefore activating any new lead sourceOngoing operational standardsFor Medicare agents additionallyWhat to watch for in the second half of 2026How OneLife approaches consent documentation

If you have been trying to keep up with TCPA consent requirements for insurance leads over the last two years, you are not alone in being confused. The FCC proposed sweeping changes. A federal court struck them down. The FCC reversed course. And agents are left asking a reasonable question:

What rules am I actually operating under right now?

This guide gives you the accurate, current answer — what was proposed, what got vacated, what replaced it, and what this means for every lead you buy and every dial your producers make in 2026.

What the FCC tried to do in 2023#

In December 2023, the Federal Communications Commission adopted what became known as the one-to-one consent rule — an amendment to the Telephone Consumer Protection Act (TCPA) aimed at closing what regulators called the "lead generator loophole."

Under the old framework, a consumer could fill out a single web form and unknowingly consent to be contacted by dozens of companies simultaneously. Lead generators buried broad consent language in fine print that allowed them to sell the same consumer's information to multiple buyers at once.

The FCC's proposed fix required that consent be specific to one named seller at a time. A consumer consenting to hear from an insurance agency would need to see that agency named specifically — not a reference to "our marketing partners" or "up to 25 companies."

The rule was published in January 2024 with an effective date of January 27, 2025.

What actually happened: the rule was vacated#

The one-to-one consent rule never took effect.

On January 24, 2025 — one business day before the rule was set to go live — the U.S. Court of Appeals for the Eleventh Circuit vacated it entirely in response to a petition filed by the Insurance Marketing Coalition.

The court's ruling was direct: the FCC had exceeded its statutory authority. The Eleventh Circuit found that the TCPA's plain language requires prior express written consent — a standard the court defined as a consumer clearly and unmistakably stating their willingness to receive contact. The one-to-one restriction went beyond what Congress authorized the FCC to impose.

The court specifically rejected the FCC's argument that a consumer cannot be presumed to voluntarily invite contact from companies with no logical connection to the website where they submitted their information. As long as the consumer clearly and unmistakably consented, the court held, the consent is valid regardless of how many sellers are covered.

In April 2025, the FCC confirmed it would not challenge the Eleventh Circuit's ruling. In August 2025, the FCC formally issued a final rule eliminating the one-to-one consent requirement entirely.

The rule is gone. It is not coming back in its original form — at least not in the near term.

What standard governs insurance leads in 2026#

With the one-to-one rule vacated, the industry reverted to the prior express written consent standard that existed before the 2023 FCC order.

Under the current standard, valid consent for autodialed or prerecorded marketing calls requires:

  1. Written consent. The consumer must provide consent in writing — a checkbox, electronic signature, or clear affirmative action on a web form qualifies.
  2. Clear and conspicuous disclosure. The consent disclosure must be clearly visible to the consumer — not buried in fine print or hidden below the fold. It must be presented in a way a reasonable consumer would notice and understand.
  3. Identification of the calling parties. The disclosure must identify who will be contacting the consumer. Under the current standard, this can cover multiple sellers — but those sellers must be identified clearly enough that the consumer understands who they are agreeing to hear from.
  4. Acknowledgment that consent is not a condition of purchase. The disclosure must state that the consumer is not required to consent as a condition of buying any product or service.
  5. Prior to contact. The consent must be obtained before the first outbound call or text is made.

What changed from the one-to-one rule is that consent no longer needs to be limited to a single named seller. A consent form that clearly names multiple sellers — or links to a clearly visible list of partners — can cover outreach from all of them simultaneously, as long as the disclosure is clear and conspicuous.

Why agents still have significant compliance exposure#

Here is the mistake many agents are making in 2026: they read that the one-to-one rule was struck down and concluded that TCPA compliance is less of a concern than it was.

That is the wrong takeaway.

The TCPA itself is fully intact. The prior express written consent standard is fully intact. The statutory damages of $500 to $1,500 per violation are fully intact. Class action exposure is fully intact.

What changed is one specific requirement — the per-seller consent restriction. The underlying framework governing every outbound marketing call your producers make did not change.

Warning
The vendor's TCPA risk is your risk

On a TCPA suit, plaintiffs almost always sue the agency that dialed — not the upstream vendor. Vendor indemnification helps but rarely prevents the suit. Audit the consent flow yourself.

Agents and agencies still face serious exposure from:

  • Calling numbers on the National Do Not Call Registry. The DNC scrubbing requirement is unchanged. Calling a number on the federal or applicable state DNC list remains a violation regardless of consent status.
  • Consent that is not clear and conspicuous. The vacated rule's per-seller requirement is gone — but the clear and conspicuous standard for how consent is presented is still fully in effect. Consent buried in fine print or hidden from the consumer is still invalid.
  • Aged lead lists with stale or invalid consent. Consent has a practical shelf life. A consumer who consented two years ago on a form that no longer reflects current practices or current sellers presents real exposure. Aged data with old consent strings is high risk regardless of which specific rule applies.
  • Vendors who have not updated their consent language. Some lead vendors updated their consent flows ahead of the one-to-one rule's anticipated effective date. When the rule was vacated, some reverted to older practices without updating their legal documentation accordingly. If your vendor's consent language is inconsistent or poorly documented, your exposure is real.
  • State-level TCPA equivalents. Several states have passed their own consent and telemarketing laws that are stricter than the federal TCPA standard. Florida, Oklahoma, and Washington have state-level regulations that do not follow the federal framework. If you are dialing in those states, federal compliance alone is not sufficient.
Calls MadeMin ExposureMax Exposure
50 calls$25,000$75,000
100 calls$50,000$150,000
500 calls$250,000$750,000
1,000 calls$500,000$1,500,000
Statutory damages at $500–$1,500 per call. Excludes attorneys fees and class action multipliers.

The specific risk for Medicare agents#

Medicare agents carry compliance exposure from two separate regulatory frameworks simultaneously — and the vacated FCC rule does not change either of them.

The Centers for Medicare and Medicaid Services has its own marketing rules that are independent of the TCPA. Under CMS guidelines:

  • Outbound unsolicited calls to Medicare beneficiaries are prohibited.
  • Scope of Appointment documentation is required before any plan-specific discussion.
  • Recording retention requirements apply to certain types of Medicare marketing outreach.
  • Third-Party Marketing Organization data sharing rules impose separate consent requirements.

The Eleventh Circuit's ruling addressed the FCC's authority under the TCPA only. It has no effect on CMS marketing rules. A Medicare agent whose lead program is TCPA-compliant under the current standard can still be in violation of CMS guidelines if the lead generation method conflicts with CMS requirements.

If you are a licensed Medicare leads agent, your lead vendor needs to demonstrate compliance with both frameworks — not just one. The same dual-framework reality applies to final expense agents working with senior consumers under additional state-level marketing rules.

What this means for how you evaluate lead vendors#

The vacating of the one-to-one rule does not change the questions you should be asking every lead vendor you buy from. It changes one of the answers — but the diligence process is the same.

What to verify before buying from any lead vendor:

  • Ask for a sample consent record for a specific lead. A compliant vendor should be able to produce the timestamped documentation showing what the consumer saw, when they submitted, and what they agreed to — within 24 hours of your request. If they cannot, move on.
  • Review the actual consent disclosure language. Is it clear and conspicuous? Does it identify who will be contacting the consumer in a way a reasonable person would understand? Would it survive scrutiny if a plaintiff's attorney reviewed it?
  • Confirm DNC scrubbing practices. How often does the vendor scrub against the federal registry and applicable state lists? Real-time or daily scrubbing is the standard you should require.
  • Check the vendor contract for indemnification. Does your contract include a clause protecting you if a lead turns out to carry invalid consent? A vendor confident in their compliance process will include this without negotiation. A vendor who refuses should raise serious concerns.
  • Understand the traffic source. Leads generated through compliant opt-in web forms carry different risk profiles than telemarketing leads or leads from third-party aggregators. Know where every record in your pipeline came from.

The full vendor diligence framework lives in our Insurance Lead Buyer's Guide.

Why exclusive leads remain the lower-risk model#

Even with the one-to-one rule vacated, the exclusive lead model carries meaningfully lower compliance risk than shared lead programs — for reasons that have nothing to do with the specific rule that was struck down. We covered the unit economics side of this in Exclusive vs Shared Insurance Leads; the compliance side reinforces the same conclusion.

When a lead is sold exclusively to one agency, several compliance benefits follow automatically:

  • The consent disclosure can name that agency specifically — meeting the clearest and most defensible version of the consent standard regardless of which specific rule applies.
  • There is no multi-buyer dialing race where multiple agents call the same consumer simultaneously — which is the pattern most likely to generate consumer complaints regardless of technical consent validity.
  • The lead vendor has a direct accountability relationship with one buyer — making it easier to audit consent records, resolve disputes, and maintain documentation standards.

Exclusivity does not make a lead automatically compliant. The consent documentation still needs to meet the current standard. But it removes the most common compliance failure point in the shared lead model by default.

Insight
Compliance as competitive advantage

Agencies with clean TCPA infrastructure get access to better supply, stronger vendor contracts, and carrier-direct relationships. The compliance investment pays itself back.

The current compliance checklist#

Regardless of which specific rules are in effect at any given moment, every agency operating in 2026 should maintain these practices:

Before activating any new lead source

  • Request and review sample consent documentation for a specific record.
  • Confirm the consent disclosure is clear, conspicuous, and identifies the calling parties.
  • Confirm timestamp and IP logging are present on all records.
  • Confirm daily federal and applicable state DNC scrubbing is in place.
  • Review vendor contract for indemnification and right-to-audit provisions.
  • Confirm the vendor's traffic source and lead generation method.

Ongoing operational standards

  • Record all outbound marketing calls — retain for a minimum of four years.
  • Maintain an internal DNC list and honor opt-outs in real time.
  • Conduct quarterly vendor compliance reviews for all active lead sources.
  • Monitor FCC and state regulatory developments — the landscape will continue to evolve.
  • Consult a TCPA attorney before launching any new dialing program or switching lead sources.

For Medicare agents additionally

  • Confirm the lead generation method complies with CMS marketing rules independently of TCPA compliance.
  • Maintain Scope of Appointment documentation before any plan-specific discussion.
  • Follow CMS recording retention requirements for applicable outreach types.

What to watch for in the second half of 2026#

The one-to-one consent rule is gone — but the regulatory environment around insurance lead generation is not stable. Several developments are worth monitoring:

  • Consumer advocacy groups that pushed for the original 1:1 rule remain active and are likely to push for alternative regulatory approaches. Whether through FCC rulemaking, Congressional action, or state-level legislation, tighter consent standards could return in a different form.
  • State laws are moving independently of the federal framework. Florida, Washington, and Oklahoma have already enacted state-level telemarketing restrictions that exceed federal TCPA requirements. Other states are considering similar legislation.
  • The FCC under its current leadership has signaled interest in other consumer protection initiatives that may affect lead generation practices even without reviving the one-to-one requirement specifically.

The safest position for any agency is to operate as if stricter rules are coming — because historically, they do.

How OneLife approaches consent documentation#

At OneLife Marketing Solutions, the approach to consent documentation does not change based on which specific rule is in effect. The standard we hold ourselves to is the one that would survive scrutiny under any reasonable regulatory framework — not just the minimum required by current law.

Every record in our program includes timestamped consent capture, IP address logging, documentation of the exact disclosure language the consumer saw, and single-buyer routing that ensures no record is simultaneously sold to a competing agency.

The exclusive model we operate means that every lead, live transfer, and inbound call your agency receives was generated with a consent structure that can name your agency specifically — the clearest and most defensible consent standard available regardless of which regulatory framework applies.

You can review our compliance framework at OneLife Compliance.

Next step

Want to see our consent documentation on a live record?

Not a slide deck. Not a template. On the call we pull up a real record from a real campaign and show you exactly what compliant consent documentation looks like. That is the standard we hold ourselves to — and the standard you should hold every vendor to.

Book a strategy call

This article is for informational purposes only and does not constitute legal advice. TCPA and CMS regulations are subject to change. Consult a licensed attorney for guidance specific to your agency's compliance situation.

FAQ

Frequently asked questions

No. The Eleventh Circuit Court of Appeals vacated the one-to-one consent rule on January 24, 2025, one day before it was set to take effect. The FCC formally eliminated the requirement in August 2025. The prior express written consent standard that existed before the 2023 FCC order is what governs insurance lead generation in 2026.

No. The underlying TCPA framework — including prior express written consent requirements, DNC scrubbing obligations, and statutory damages of $500 to $1,500 per violation — is fully intact. The one-to-one per-seller restriction is gone, but the consent requirements that existed before it are still in full effect.

Under the current standard, yes — if the disclosure is clear and conspicuous and identifies the calling parties in a way a reasonable consumer would understand. But the practical compliance risks of shared lead programs remain significant regardless of the technical consent standard.

Two years from the date of the alleged violation. Retain consent records and call recordings for a minimum of four years.

Ask for consent documentation on a sample record. The documentation should show what disclosure language the consumer saw, when they submitted, and what they agreed to. If the vendor cannot produce this within 24 hours, that tells you what you need to know.

CMS marketing rules are separate from the FCC's TCPA rules and were not affected by the Eleventh Circuit's ruling. Medicare-specific consent and data sharing requirements under CMS guidelines remain in effect independently. Consult a compliance attorney for guidance specific to your Medicare marketing program.

Explore further

Pages referenced in this article

  • Compliance overview
  • TCPA Compliance for Insurance Lead Buyers
  • Exclusive vs Shared Insurance Leads
  • Insurance Lead Buyer's Guide
  • Medicare Leads
Next step

Want a 30-minute Lead Source Audit?

No pitch — just the math on what your producers are dialing today and where the cost per issued policy is hiding. Book a call with the OneLife team.

Book a strategy call
TCPA complianceinsurance leadsexpress written consentlead generation complianceFCC rules1:1 consent ruleTCPA insurance leadsinsurance lead compliance 2026
Share
XLinkedInFacebook
Keep reading

Related articles

  • Compliance11 min
    TCPA Compliance for Insurance Lead Buyers: The 2026 Survival Guide

    A practical 2026 TCPA compliance guide for insurance lead buyers — consent, 1:1 consent rule, DNC, recordings, and contract terms that protect your agency.

    Read article
  • Lead Strategy9 min
    Exclusive vs. Shared Insurance Leads: The Honest Math for 2026

    Exclusive vs shared insurance leads compared on contact rate, close rate, and cost per issued policy. The full math agencies miss when they benchmark on CPL alone.

    Read article
  • Medicare11 min
    Medicare Advantage Leads: The 2026 Acquisition Guide

    How to acquire Medicare Advantage leads compliantly in 2026: pricing, CMS marketing rules, scope of appointment workflow, and the CPP math that scales.

    Read article
OneLife Marketing Solutions editorial team
About the Author
OneLife Editorial Team
Insurance Lead Generation Specialists

The OneLife Editorial Team covers exclusive insurance lead generation, TCPA compliance, Medicare and Final Expense acquisition, and how modern agencies scale qualified pipeline. All content is reviewed against current CMS guidelines, FCC regulations, and field-tested agency data.

More about OneLife →
Support: info@onelifemarketingsolutions.com
Lead CenterMore Articles
© 2026 OneLife Marketing Solutions LLC · All rights reserved
PrivacyTermsCompliance
Growth strategy intake

Book Your Growth Strategy Call

Tell us about your agency. A strategist will reach out within 24 hours with a tailored plan.

By submitting, you agree to be contacted by OneLife. We never share your data. 100% TCPA-aligned.

Prefer email? info@onelifemarketingsolutions.com