SMS Compliance Guide & Checklist

SMS regulations and compliance

SMS regulations ensure that consumers only receive SMS communications they have consented to receiving. They mandate simple opt-out processes and consumer data protection laws, among other things.

Applicable regulatory organizations

SMS rules and regulations are built on a foundation laid by the General Data Protection Regulation (GDPR) in Europe and the Telephone Consumer Protection Act (TCPA) in the U.S.

In general, the aim is to protect end users from receiving unsolicited or unwanted messages via SMS. The penalties for getting it wrong can include an immediate shutdown of service or fines ranging from $500 to $1,500 per message.

SMS compliance checklist

1. Obtain express written consent before beginning communications

You must receive explicit written consent before sending SMS messages to consumers. That consent must be documented and saved, otherwise you risk fines. Written consent can be obtained by asking a consumer to submit their information via a paper or online form, click a checkbox on a website, or text a short keyword to your campaign phone number.

2. Provide a clear opt-in and disclose details

After obtaining written consent you should send an opt-in confirmation message (also known as a call-to-action message) reminding consumers that they have consented to receive communications from your organization. That first message should make the following clear:

• Your organization’s name and purpose
• How often consumers will receive texts
• Message and data rate notices
• Messaging campaign terms and conditions (or a link to these details)
• Opt-out instructions

3. Confirm the opt-in and remind subscribers of terms and conditions

After the initial disclosure text, it’s good practice to confirm the receiver’s opt-in and send another reminder of your terms and conditions in case they’ve forgotten that they signed up. You should also notify consumers via text whenever the terms and conditions change. This confirmation text could come before or immediately after your first marketing message.

4. Time your communications appropriately

According to the TCPA, businesses cannot text or call consumers before 8:00AM or after 9:00PM. Ensure your communications are timed so that consumers, wherever they are located, receive messages within that time range to avoid complaints and fines.

5. Include your organization’s name in each new conversation

Make sure to include your organization’s name in the first message of each conversation to maintain transparency and eliminate consumer confusion. Consumers should always be able to recognize who is messaging them and why.

6. Avoid prohibited language

The CTIA’s rules impact the type of content businesses can include in text marketing messages. Use the acronym SHAFT to remember what type of content is not allowed: SHAFT stands for Sex, Hate, Alcohol, Firearms and Tobacco. If your marketing message includes content around these topics, your business risks high fines and permanent bans.

Of course, there are a few exceptions to this rule. For example, if your business is in the restaurant industry, you may be allowed to promote happy hour specials. However, there are additional requirements for marketing campaigns of this nature—anything alcohol-related requires additional safeguards, like preventing underage user signups.

7. Offer a way to opt out

Customers should be able to unsubscribe from your marketing messages easily. It’s important to send opt-out instructions often to remain in compliance. One way to do this is to set up “STOP” response capabilities—then simply include a brief reminder at the end of each marketing message.

8. Respect opt-outs

If a consumer opts out, it’s illegal to continue to text or call them about your marketing communications. You can send one final message confirming that they have successfully opted out, but that’s it.