Most B2B sales leaders I speak to treat TPS as a B2C problem and stop thinking about it the moment their target market becomes corporate. The cadence tools encourage that view, since the dialler does not flag corporate numbers as risky. The law sees it differently. The register that matters for B2B outbound is the CTPS, and the rules sitting around it are close to identical to the consumer regime. If your team is dialling UK businesses without screening, you are already exposed.

What CTPS is

The Corporate Telephone Preference Service is the UK opt-out register for business numbers. It runs alongside the TPS, holds roughly 3 million corporate numbers, and operates under the same statutory regime: the Privacy and Electronic Communications Regulations, regulations 21 and 21A, enforced by the ICO. A number on CTPS for 28 days or more cannot lawfully receive unsolicited live marketing calls without prior, specific consent from that subscriber. That is the same prohibition that applies to TPS, just pointed at organisations rather than individuals.

For a side-by-side breakdown of how the two registers differ in scope and renewal, see TPS vs CTPS.

Who CTPS covers

CTPS is the right register for any subscriber that the law treats as corporate:

  • Limited companies and LLPs.
  • Scottish partnerships (which have separate legal personality).
  • Public sector bodies, including local authorities, NHS trusts and government departments.
  • Schools, colleges and universities.
  • Sole traders and English or Welsh partnerships only if they have chosen to register their business numbers as corporate subscribers. By default these are individual subscribers and belong on the TPS.

The default-individual point matters. A plumber, a freelance consultant, a single-director services firm: the working number is usually a TPS candidate, not a CTPS one. A B2B team screening only CTPS will miss those entirely.

The myth: "we are B2B, PECR does not apply"

This belief is everywhere, including inside reasonably mature sales organisations. It is wrong. PECR makes no general carve-out for business-to-business marketing calls. The regulator has stated repeatedly that B2B telemarketing is in scope and has fined firms for B2B-only campaigns. The only thing that changes between B2C and B2B is which opt-out register a given number is likely to be on.

What actually changes between B2C and B2B

Under PECR, all unsolicited live marketing calls to UK numbers are regulated. The route to compliance is the same in both directions: either the subscriber has given prior, specific consent, or the number is not on the relevant register. Three things follow from that:

  • Calling a CTPS-registered switchboard is a breach in the same way calling a TPS-registered consumer mobile is.
  • The ICO does not discount fines because the call was B2B. The statutory cap is £500,000 per breach pattern, regardless of who answered.
  • A "we only call businesses" policy is a screening policy in practice, not an exemption.

For background on the underlying regulation, see PECR explained.

Direct dials are the riskiest numbers you hold

The dangerous data on most B2B lists is not the switchboard. It is the direct dial. A prospect's mobile or desk extension behaves legally like a personal number whenever the subscriber has registered it that way. In the wild, that means a "corporate" direct dial pulled from a sales tool can sit on either CTPS or TPS, depending on who pays the bill and how the contract is set up.

Sole-trader contractors, fractional executives and senior leaders who pay for their own mobile are common on the TPS. Direct dials routed through a corporate PBX usually land on the CTPS. You cannot tell from the number alone which register applies, which is why single-register screening is unsafe for any list dominated by direct dials.

Switchboards are usually safer, but not always

Main lines and switchboard numbers are less likely to be registered. Many large organisations never bother to add their published number, since they accept marketing as a cost of being contactable. Smaller firms, professional services partnerships and any organisation that has had a bad telemarketing experience tend to register defensively. Treat switchboards as lower risk, not zero risk, and screen them anyway.

Sales engagement tools do not know about CTPS

The cadence dialler, the sequencer, the auto-tasker: none of these check CTPS by default. They do not even know it exists. The compliance layer has to live one step earlier, in the source of truth for contacts. In practice that is the CRM. If the CRM holds a screened status for every phone number, the cadence tool can be configured to skip calls when the status is registered. If the CRM does not hold that status, the cadence tool will dial whatever you feed it.

That CRM-side screening is what TPSClear is built for. The native CRM integrations page shows the property model, and the B2B sales use case covers how it slots into a typical outbound stack.

What good B2B PECR practice looks like

  • Screen every UK number against TPS and CTPS together, not one or the other.
  • Re-screen on a fixed cadence. Weekly for active outbound lists is a sensible default.
  • Re-screen a final time immediately before any campaign or cadence launch.
  • Store the screen result, the date and the register source against each contact. The dialler reads this property, not a stale CSV.
  • Capture consent where you have it: who gave it, when, through what channel, and for what specific purpose. Generic "opt-in tickbox" evidence will not hold up.
  • Suppress on registration as the default behaviour, and require a documented consent record to override.
If your sales team can show me a CRM property called something like "TPS status" but cannot tell me when it was last refreshed, the screening regime is theatre. The ICO will treat it the same way.

The audit trail problem at scale

At small volumes you can defend a B2B outbound programme with a spreadsheet and a recent screen. At scale you cannot. Once a team is running tens of thousands of dials a month across multiple cadences and multiple data sources, the regulator's question is not "did you screen?" but "show me your screening regime". That means showing the policy, the cadence, the system that enforces it, the timestamped status against each call attempt and the consent record where one exists.

The fines that get reported tend to follow the same pattern: a complaint or two surface, the ICO asks for the regime, the regime does not exist in any documented form, and the penalty lands. The public cases in our ICO PECR fines and enforcement cases write-up follow that shape closely.

Practical close

Treat TPS and CTPS as one screen, applied to every UK number your team might dial, refreshed on a known cadence and stamped against the contact record. That single change removes the bulk of the PECR exposure on a B2B outbound programme and makes the audit trail trivial to produce. If you want the deeper operational detail, the TPS compliance guide covers the workflow end to end, and the developer documentation shows how to wire the screen into whatever sits upstream of your CRM.