Express Written Consent for Lead Generation: What You Need to Know

TL;DR

• Express written consent (technically “prior express written consent” or PEWC) is the legal standard required before making telemarketing calls or texts using automated systems.
• For lead generation, this means the consumer must see a clear disclosure identifying who will contact them, agree to it with a signature (electronic counts), and not be forced to consent as a condition of purchase.
• Most TCPA liability doesn’t come from missing consent — it comes from consent that can’t be proven. The disclosure existed, the consumer clicked, but nobody captured what actually happened.
• If you generate or buy leads, your consent process needs to be built for proof, not just collection.

What Is Express Written Consent Under the TCPA?

The Telephone Consumer Protection Act (TCPA) sets different consent thresholds depending on the type of outreach. For telemarketing calls and texts made using an automatic telephone dialing system (ATDS) or prerecorded/artificial voice, the standard is prior express written consent.

This is the highest bar under the TCPA, and it’s the one that matters most for lead generation.

Under FCC rules, prior express written consent requires:

• A written agreement — paper or electronic, signed by the consumer
• Clear disclosure that the consumer is authorizing telemarketing contacts
• Identification of the seller — the specific company (or companies) that will be making contact
• Disclosure of technology — that calls or texts may be made using an ATDS or prerecorded voice
• No purchase condition — the agreement must state that consent is not required to buy anything
• The phone number to which calls or texts will be made

The E-SIGN Act allows electronic signatures — clicking a button, checking a box, or typing a name — as long as the process demonstrates the consumer’s intent to agree.

Why This Matters More for Lead Gen Than Direct Marketing

If you’re a brand collecting leads on your own website for your own sales team, express written consent is relatively straightforward. The consumer knows who you are. Your disclosure names your company. The path from consent to contact is direct.

Lead generation adds layers of complexity:

For publishers (lead generators):

• The consumer may be consenting to be contacted by companies they’ve never heard of
• Disclosure language must name the seller or provide a clear mechanism for seller identification
• The same form may generate leads for multiple buyers across different verticals
• Consent scope must match how the lead will actually be used downstream

For buyers (lead purchasers):

• You’re relying on someone else’s consent collection process
• If that process was flawed — vague disclosure, missing seller identification, buried language — you inherit the risk
• “The publisher said they had consent” is not a defense that holds up in litigation
• You need to verify what the consumer actually saw and agreed to before you dial

This is where lead generation consent gets complicated. The legal standard is clear. The operational challenge is proving compliance across a multi-party chain.

The Five Elements of Compliant Consent Language

1. Clear and Conspicuous Disclosure

The consent language must be easy to find and easy to read. This means:

• Positioned directly above (not below) the submit button or call-to-action
• Readable font size — not fine print, not light gray on white
• Sufficient contrast against the background
• Works on mobile screens, not just desktop

Courts have consistently held that consent language buried in terms of service, hidden behind hyperlinks, or rendered in illegible font sizes does not meet the “clear and conspicuous” standard.

2. Seller Identification

The disclosure must make clear who will be contacting the consumer. In a direct relationship, this is your company name. In lead generation, this gets more nuanced:

• Named sellers: The disclosure explicitly lists the company or companies authorized to make contact
• Seller lists: Some forms link to a list of potential buyers, though the sufficiency of this approach depends on implementation and jurisdiction

The key principle: the consumer should understand who they’re giving permission to before they give it.

3. Technology Disclosure

If outreach will use an ATDS, prerecorded voice, or artificial voice, the consent language must say so. This isn’t optional — the FCC requires it as part of the express written consent standard.

Common language includes phrases like “using automated technology, including automated calls, pre-recorded messages, and text messages.” The specific wording matters less than clarity — the consumer must understand the nature of the communications they’re authorizing.

4. No Purchase Condition

The consent agreement must include a statement that the consumer’s consent is not a condition of purchasing any goods or services. This prevents companies from bundling consent into mandatory terms.

Typical language: “You are not required to consent as a condition of purchasing any property, goods, or services.”

5. Consumer Signature

A valid electronic signature can be a button click, checkbox selection, or typed name — as long as the process demonstrates the consumer took an affirmative action to agree. Pre-checked boxes do not count as valid consent under the TCPA.

The signature must be attributable to the specific consumer, meaning you need to be able to demonstrate that a particular person took a specific action at a specific time.

Common Mistakes That Create Liability

Vague or Ambiguous Language

Consent disclosures that use phrases like “may be contacted” without specifying the method, or “our partners” without identifying who those partners are, create ambiguity that plaintiffs’ attorneys exploit.

Disclosure Below the Fold

If the consent language appears below the submit button, below the visible area on mobile, or requires scrolling to find, courts may find it wasn’t “clear and conspicuous” — even if it existed on the page.

Pre-Checked Consent Boxes

A pre-checked checkbox does not constitute affirmative consent. The consumer must take an action to opt in. This is one of the most common and most litigated compliance failures in lead generation.

No Record of What the Consumer Saw

This is the gap that creates the most liability in practice. The consent language existed on the form. The consumer submitted the form. But nobody captured what the page actually looked like at the moment of submission.

Forms change. A/B tests run. Disclosure language gets updated. Without a record of the specific page state the consumer interacted with, proving compliance months or years later becomes extremely difficult.

Mismatched Consent Scope

If the disclosure authorizes calls but the buyer sends texts, or the disclosure names Company A but Company B makes the contact, the consent doesn’t cover the outreach. Consent scope must match actual use — and that means buyers need to verify what was authorized before they act on a lead.

Building a Consent Process That Holds Up

Compliance isn’t just about having the right language on the page. It’s about being able to prove what happened when someone challenges it.

A defensible consent process includes:

At the point of collection:

• Clear, conspicuous disclosure language that meets all five elements above
• An affirmative consent mechanism (unchecked checkbox or clear CTA with consent language)
• A timestamp and record of the submission event
• Capture of the actual page state — what the consumer saw, not just what the form was supposed to show

In your records:

• Per-lead documentation of the consent event, not aggregate or batch records
• Retention for the full statute of limitations period (TCPA has a four-year window in many jurisdictions, and some state laws extend further)
• The ability to retrieve and present consent evidence for a specific lead on demand

In your buyer-seller relationships:

• Contractual requirements for consent standards
• A mechanism for buyers to verify consent quality before scaling spend
• Clear documentation of consent scope so outreach matches authorization

A Note on Independence

One pattern gaining traction is platform-level or publisher-side consent recording — where the same tooling that builds the lead funnel also captures and hosts the proof of consent.

This is better than no documentation at all. But it has a structural limitation: the evidence is generated, stored, and served by infrastructure controlled by the sell side. When a buyer needs to verify consent — or when a court evaluates it — proof produced by the party that benefits from the lead’s validity carries less weight than documentation from an independent source.

Think of it like financial reporting: self-reported numbers aren’t fraudulent by default, but there’s a reason public companies use independent auditors. The same principle applies to consent documentation. Independence strengthens the evidentiary value of the record.

Consent Revocation: The Other Half of Compliance

Collecting consent is only the beginning. The TCPA also requires businesses to honor revocation — when a consumer withdraws their permission to be contacted.

Current requirements include:

• Providing clear opt-out instructions in every marketing text message
• Honoring internal Do Not Call requests within 10 business days
• Accepting revocation through reasonable channels (text reply, IVR, web form)

The FCC has been evolving revocation rules, with additional provisions around broader revocation requirements expected to take effect in early 2027. Businesses should build processes that can accommodate stricter revocation standards as regulations develop.

Key Takeaways

1. Express written consent is the baseline for outbound lead gen — not a nice-to-have, but a legal requirement for telemarketing calls and texts using automated systems.

2. The five elements are non-negotiable — clear disclosure, seller identification, technology disclosure, no purchase condition, and consumer signature.

3. Most liability comes from proof gaps, not missing consent — the form had the right language, but nobody captured what the consumer actually experienced.

4. Lead gen adds complexity — multi-party chains mean publishers must collect consent correctly and buyers must verify it independently.

5. Build for the challenge, not just the checkbox — consent processes should produce per-lead, auditable evidence that holds up months or years later.

Whether you generate leads or buy them, the question isn’t whether you have consent. It’s whether you can prove it when someone asks.