The landscape of consent for automated calls and texts remains complex following the 11th Circuit Court’s decision to vacate the FCC’s ultra vires “one-to-one” consent rule. As we’ve discussed previously on the EIA blog (see posts on the AG push back and the rule being overturned), this ruling invalidated the FCC’s efforts to put new restrictions on consumer’s ability to provide consent to receive calls from multiple businesses at the same time.

Now, for the first time, we see states trying to replicate the FCC’s failed efforts, exemplified by North Carolina’s House Bill 936. This bill appears to be a direct state-level effort to implement the core tenets of the vacated FCC rule, but its approach raises significant compliance and constitutional questions for businesses operating across state lines.

HB 936: Reincarnating One-to-One Consent at the State Level

Introduced in April 2025, HB 936 seeks to modify North Carolina’s laws governing telephone solicitations, including robocalls and texts . A key change is the introduction of a new definition for “Prior express written consent” . This definition mandates that consent must be:

1. Obtained via a written agreement signed by the consumer.
2. Given “to a single person” .
3. Obtained only after “clear and conspicuous disclosure that the telephone subscriber will receive future calls on behalf of a specific seller”.
4. Non-transferrable .

This language directly mirrors the invalidated FCC one-to-one consent requirement, demanding consent specific to the end “seller” whose goods or services are being marketed, not just the entity making the call. The bill also adds a rebuttable presumption that a call to a North Carolina area code reaches a resident or person within the state at the time of the call.

The Compliance Conundrum: CPNI, Mobility, and State Lines

While potentially well-intentioned, HB 936 runs headlong into practical and legal barriers, particularly concerning a consumer’s location.

• The CPNI Wall: As detailed in a previous EIA post on location data complexities, the FCC considers real-time location data derived from a carrier’s network to be Customer Proprietary Network Information (CPNI). Strict rules govern CPNI, and carriers are generally prohibited from sharing this sensitive data with third parties, including businesses making calls or the platforms facilitating SMS/MMS messages. This means businesses cannot reliably determine a consumer’s real-time physical location when sending a message or making a call to comply with a state-specific law like HB 936. The bill’s area code presumption is insufficient; it’s merely a starting point that is difficult to either confirm or rebut without access to prohibited CPNI.
  
• Area Code Presumption Creates Unresolvable Conflicts: The bill includes a rebuttable presumption that a North Carolina area code indicates presence within the state. However, as the EIA detailed in recent FCC Reply Comments, relying on such presumptions based on potentially outdated or inaccurate data like area codes is deeply problematic. Businesses often possess various pieces of location-related information (e.g., area code, billing address, IP address from a web interaction) that may conflict. HB 936 offers no guidance on how to resolve these conflicts, forcing businesses to arbitrarily choose which data point to trust. Worse, this ambiguity allows plaintiffs to simply point to the North Carolina area code to establish the presumption, even if other data available to the business (like a recent billing address in another state) suggests otherwise. This essentially weaponizes conflicting data against businesses, making the presumption nearly impossible to rebut reliably and turning a tool intended for clarity into a generator of litigation risk. 
  
• Consumers Aren’t Stationary: People travel. A consumer might provide valid consent under federal law (as it currently stands post-11th Circuit) while physically outside North Carolina. If that consumer later travels into North Carolina and receives a call or text based on that federally-valid consent, the communication could instantly violate HB 936 if the consent doesn’t meet NC’s specific “one-to-one” standard tied to the specific seller . The business sending the communication has no reliable way (due to CPNI rules) to know the consumer crossed state lines.

An Improper Burden on Interstate Commerce?

This creates an impossible situation. Businesses engaged in nationwide communication efforts, relying on consent valid under federal frameworks, face potential liability under NC law based on a factor (consumer’s real-time location) they cannot legally access or verify.

By imposing a state-specific consent definition that is intrinsically tied to the consumer’s physical presence within North Carolina – a presence that cannot be reliably determined by the calling/texting party due to federal CPNI regulations – HB 936 arguably steps into the territory of regulating interstate commerce. It potentially creates liability for lawful activities conducted across state lines based on unknowable, real-time geographical factors. This type of state regulation, conflicting with federal data privacy rules (CPNI) and imposing compliance burdens dependent on inaccessible information, appears vulnerable to legal challenges, including potential preemption arguments.

Conclusion

North Carolina’s HB 936 highlights the regulatory fragmentation following the 11th Circuit’s decision. While aiming for heightened consumer protection via a strict one-to-one consent standard , its practical implementation clashes fundamentally with federal CPNI rules and the reality of consumer mobility. This creates significant legal uncertainty and compliance risks for businesses acting in good faith under existing federal frameworks. As states consider similar measures, the challenge will be balancing consumer protection with the practical and legal realities governing data privacy and interstate communication, ideally seeking harmonized solutions rather than a patchwork of potentially unconstitutional state laws.