Skip to main content
VA Horizon
Book a Call
TCPA & Compliance

TCPA Compliance and Solar Lead Generation: What Installers Are Liable For When They Buy Leads

The rule that was supposed to close the shared-lead consent loophole never actually took effect. Here is what you are legally on the hook for when a vendor's calls turn into a lawsuit with your name on it.

Quick answer

Yes: solar installers can be held vicariously liable for a lead vendor's TCPA violations, even when they never placed the call. Courts apply agency principles to hold lead buyers responsible for a vendor's outreach, and the FCC's one-to-one consent rule meant to close this gap was vacated in January 2025.

Damages run $500 to $1,500 per violation, with no cap, and disclosed solar settlements already exceed $57 million since 2018.

In 2021, Sunrun paid $5.5 million to settle a class action alleging robocalls placed by three named third-party vendors, Media Mix 365 LLC, RMC, and Americor. Two years earlier, it paid another $5.5 million in a separate case over robocalls placed by a different named vendor, Clean Energy Experts LLC. Sunrun did not dial either set of calls itself.

That is the part of buying leads most vendor pitches leave out. When a court decides a batch of outreach was not properly consented to, the installer whose name is on the campaign is usually the one holding the bag, not the subcontractor who actually dialed the number. Paying for an appointment does not buy legal cover for how it was generated.

This post covers what "vicarious liability" actually means for a solar installer, what happened to the federal rule that was supposed to close the shared-lead consent problem (it did not survive to its own effective date), what a TCPA violation actually costs, and the specific contract language that moves the risk back onto the vendor where it belongs.

You Can Be Sued for a Call You Never Placed

The Telephone Consumer Protection Act does not require a court to catch the person who physically dialed the phone. Under ordinary agency principles, a company can be held liable for a telemarketing call or text made by a vendor acting, or appearing to act, on its behalf, even if that company never touched the list and never wrote the script. Courts have found lead buyers and lead sellers vicariously liable for each other's actions in TCPA cases, which means signing a vendor contract does not transfer the legal risk the way it transfers the invoice.

How courts decide who is on the hook

The core question is whether the party that placed the call was acting as an agent of the company that benefited from it, or was reasonably perceived that way, and whether there were red flags that should have put the buyer on notice the leads were bad. Courts have sometimes found an agency relationship even where the buyer had little day-to-day control over the vendor's calling practices. That standard is exactly why "we didn't know" is a weaker defense than most installers assume: the legal test is not just what you knew, it is what you reasonably should have known and asked about before you started paying for volume.

The pattern shows up across the largest names in residential solar, not just small regional shops. SolarCity, now part of Tesla, paid $15 million in 2018 over unsolicited robocalls. Vivint Solar paid $975,000 in 2019 over the same theory. None of these cases turned on whether the installer's own W-2 employees made the calls. They turned on whether outreach done in the company's name, by a vendor or affiliate, had valid consent behind it.

What Solar Companies Have Actually Paid

Disclosed TCPA settlements involving solar companies are not hypothetical numbers pulled from a compliance memo. They are court-approved figures, and the pattern is consistent: the company that sold and installed the panels pays, regardless of who originated the call.

CompanySettlementResolvedWhat the calls involved
Momentum SolarUp to $30 million (payable as $20 million if paid within 7 years)Final approval Aug. 18, 2025Automated telemarketing calls without prior consent, across two combined class actions
SolarCity (now Tesla)$15 million2018Unsolicited robocalls, TCPA violations
Sunrun (Loftus case)$5.5 million2021Robocalls placed by three named third-party vendors: Media Mix 365 LLC, RMC, Americor
Sunrun (Slovin case)$5.5 million2019Robocalls without express written consent, placed by named vendor Clean Energy Experts LLC
Vivint Solar$975,0002019Unsolicited robocalls, TCPA violations

Combined, disclosed TCPA settlements across these five cases exceed $57 million since 2018. Two of the five settlements name the specific third-party vendors whose calls triggered the claim, not an in-house call center.

The Rule That Was Supposed to Close the Loophole Never Took Effect

In December 2023, the FCC adopted a "one-to-one consent" rule aimed at exactly the pattern behind cases like Sunrun's: a homeowner fills out one form, and that single consent gets attached to calls from a dozen unrelated sellers. The rule would have required that written consent to receive robocalls or robotexts apply to one identified seller at a time, with an effective date of January 27, 2025.

It never got there. On January 24, 2025, three days before the rule was due to take effect, the Eleventh Circuit vacated it entirely in Insurance Marketing Coalition v. FCC, ruling that the FCC had exceeded its statutory authority by redefining what "prior express consent" means. The FCC did not challenge the ruling, and in September 2025 it issued a final rule formally eliminating the one-to-one consent requirement.

The practical result for 2026: the federal consent standard reverted to what existed before 2023. A single consent can, in principle, still be read to apply to multiple sellers at the federal level, and the specific "lead generator loophole" fix never became binding law.

That does not mean shared leads are now safe to buy on faith. The underlying TCPA requirement, that a real, documented "prior express written consent" exist before an autodialed or prerecorded marketing call goes out, was never touched by the vacatur and is still aggressively litigated, as the settlement table above shows. The regulatory picture stays unsettled in other ways too: a separate FCC rule requiring companies to honor a consent revocation across every channel and business unit, not just the one a consumer contacted, has already been delayed three times, most recently to January 31, 2027. Installers should not assume a pending rule change will do their compliance work for them. None of the rules currently in flux remove the consent requirement that already exists.

What TCPA Actually Penalizes

TCPA is enforced mainly through private lawsuits, not FCC fines against individual companies. The statute sets damages at $500 per violation, rising to $1,500 per violation if a court finds it knowing or willful, and there is no cap on total statutory damages. Since a single bad campaign can generate hundreds or thousands of individual calls or texts, and each one can count as a separate violation, the math scales fast without any single call needing to be worth much on its own.

The volume of litigation is rising, not falling. In the first quarter of 2025 alone, 507 TCPA class actions were filed, up from 239 in the same quarter of 2024, a 112% year-over-year increase. Buying leads or appointments from a vendor with weak consent practices is not a compliance formality you can defer. It is a live and growing source of litigation risk in the exact industry this article is about.

The Contract Language That Actually Protects You

You cannot audit a vendor's calling floor in real time, and you should not have to in order to buy an appointment. What you can do is put the risk where it belongs in writing, before you pay for a single lead.

  • Warranties and representations. The vendor affirmatively warrants, in the contract itself, that every lead or appointment delivered complies with TCPA consent requirements. A verbal assurance on a sales call is not a warranty.
  • Indemnification. A clause requiring the vendor to indemnify you for TCPA claims that trace back to how its leads were sourced or consented, so a defective lead's legal cost does not fall entirely on the buyer.
  • Audit rights. A contractual right to request and review the vendor's actual consent records, not a summary or a compliance badge on their website.
  • A non-agency clause. Language stating the vendor operates as an independent contractor, not as your agent. This helps your legal position but is not a shield on its own, especially if you ignore obvious red flags in the leads you are buying.

None of these four terms eliminate risk by themselves. Together, they give you a documented basis to push financial responsibility back onto the vendor if a claim does show up, instead of discovering after the fact that your contract is silent on the exact issue in the lawsuit.

A Pre-Payment Compliance Checklist

Run this before you commit to a new solar lead or appointment vendor, not after the first invoice clears.

StepWhat to requireWhy it matters
Consent proofThe actual dated record: source page or call, disclosure language, timestampA "trust us, it's compliant" answer is not documentation you can produce later
Source vettingWhere the lead originated, and whether it passed through a resellerResold or aged lists carry the highest documented consent risk
Contract termsWarranty, indemnification, audit rights, and a non-agency clause, all in writingThese are the specific terms that shift financial exposure back to the vendor
Small pilotStart with a limited paid batch before committing to full monthly volumeLimits exposure while you see how a new vendor actually operates, not how they pitch
RetentionKeep consent records on file well beyond the campaign dateYou may need to produce this evidence years after the outreach ran

What this means for you

  • Do not treat the FCC's one-to-one consent rule as a compliance backstop. It never took effect, and it is not coming back in its original form.
  • Vicarious liability means a vendor's bad consent practices can become your lawsuit. Ask for the actual consent record, not a compliance claim, before you pay.
  • Put warranties, indemnification, audit rights, and a non-agency clause in every vendor contract. These are the terms that decide who pays if a claim lands.

FAQ

Am I liable for TCPA violations if my lead vendor made the call, not me?
Often yes. Courts applying agency principles have held lead buyers vicariously liable for calls a vendor placed on their behalf, even when the buyer never dialed the number itself. Sunrun paid $5.5 million in 2021 over robocalls placed by three named third-party vendors, and another $5.5 million in 2019 over robocalls placed by a different named vendor, in both cases for consent problems in outreach the company did not place itself.
Is the FCC's one-to-one consent rule in effect in 2026?
No. The FCC adopted the rule in December 2023 with an effective date of January 27, 2025, but the Eleventh Circuit vacated it on January 24, 2025, three days before it was due to take effect, ruling the FCC had exceeded its statutory authority. The FCC did not challenge that ruling, and in September 2025 it formally eliminated the one-to-one requirement. As of 2026, the federal consent standard has reverted to what existed before 2023.
How much can a TCPA violation actually cost a solar company?
The statute sets damages at $500 per violation, rising to $1,500 if a court finds the violation knowing or willful, with no cap on total damages. In practice that adds up fast: disclosed TCPA settlements from five national solar and home solar companies have totaled more than $57 million since 2018, including a settlement of up to $30 million reached by Momentum Solar, which received final court approval in August 2025.
What should be in a contract with a solar lead or appointment vendor?
Four things at minimum: a written warranty that every lead or appointment complies with TCPA consent requirements, an indemnification clause covering claims that trace back to the vendor's consent practices, a right to audit the vendor's actual consent records on request, and a non-agency clause. None of these eliminate risk on their own, but they shift financial exposure and give you a documented basis to enforce it.
What counts as proof of consent, and why isn't a vendor's word enough?
A vendor's assurance that leads are TCPA compliant is not evidence. What holds up is the actual record: the date consent was given, the specific page or call where it happened, and the exact disclosure language the homeowner agreed to. If a vendor cannot produce that record for a specific lead, you have no way to show a regulator or a plaintiff's attorney that the appointment you paid for was legally obtained.

Appointments you can actually stand behind.

Book a 15-minute call. We walk through how our exclusive, double-confirmed solar appointments are sourced, quote a per-appointment rate for your market, and give you a start date inside the week.

Book a Call