Skip to content

The full SMS compliance guide 

March 6, 2024

Telesign Team

Business-to-client SMS messaging has increased in popularity over the last few years, to the point where it can benefit almost every business. But how easy is it to launch into texting to reach out to your clients, and which regulations should you adhere to? 

Today, we provide the complete SMS compliance guide, exploring the following:

Table of Contents

What is SMS regulation?

Text messages serve many purposes, from account sign-in alerts to increasing awareness of your company’s promotions. However, misusing this technology can lead to swift legal action, which is precisely why SMS regulations exist.

SMS regulations have been established to protect people from companies who misuse their personal information. To communicate with your client, they must opt-in to receive text messages from you, and you are not allowed to send them messages they did not agree to receive under any circumstances. 

You should always know which regulations to follow, but understanding all the buzzwords surrounding text messages is unnecessary for implementing SMS systems. In the US alone, this format of client contact must adhere to: 

  • The Telephone Consumer Protection Act (TCPA). This federal law explicitly restricts telephone solicitations and automated telephone equipment.
  • State laws related to SMS communication. Florida, for example, permits only three attempts to communicate with a client within 24 hours, and only exempts B2B non-telemarketing calls.
  • Guidelines of the CTIA. The Wireless Association – initially known as the Cellular Telecommunications Industry Association. 
  • Restrictions by the Federal Communications Commission (FCC). 
  • Conditions of the Federal Trade Commission (FTC).

SMS compliance guidelines

As a quick rule of thumb, you can follow these guidelines: 

Clients must explicitly opt-in for SMS marketing

You cannot legally send clients marketing materials if they did not unequivocally elect to receive such messages. Note that SMS marketing opt-in is different from email marketing opt-in, so do not mistake the two for the same thing. 

Explicitly state for which purpose clients will receive messages. The clients must have comprehensive information about the messages they can expect when opting for marketing messages. You cannot claim promise to send only two-way authentication messages and then proceed to send marketing messages as well. 

Respect opt-out requests

If you plan to use SMS communication for marketing purposes, you must respect any customer opt-out requests. Sending customers marketing messages after they opt-out is a quick way to breach regulations and can lead to trouble for your business. 

Respect federal and state quiet hours

The TCPA prohibits text messages and telephonic solicitation before 8 am and after 9 pm. This restriction relates to the recipient’s time zone. The distinction between your time zone and the client’s is vital to avoid legal trouble. 

Achieving SMS compliance

SMS compliance is not optional. If you breach the relevant laws, you can land in serious hot water with the authorities. Fortunately, you can expect exhaustive SMS compliance assistance from providers like Telesign. Let’s investigate the finer details to provide a comprehensive guide for those who want information. 

How to be SMS-regulation compliant

The purpose of SMS laws is to protect people from unwanted text messages. Using this understanding as a springboard can help determine whether sending that text can lead to problems. 

Receiving an answer to whether the client wants the message is as simple as asking for consent. Usually, during sign-up to the company’s services, the customer can use a tick box indicating they would like to receive promotional texts or emails. There should also be a link to comprehensive information on what types of promotional texts the customers agree to receive. 

You may be out of compliance without the proper consents or a straightforward explanation about what customers are consenting to. Do not send clients a promotional text about products if they have only consent to receiving delivery notifications. 

Specifics about TCPA regulation

The TCPA (Telephone Consumer Protection Act) is the primary federal law regulating telephone solicitations and automated telephone equipment. This Act applies to any device capable of sending texts to a client’s number. This Act also applies to entities within the United States or international organizations sending texts to recipients within the United States. 

Notable restrictions on telemarketing include:

  • No messages to unsubscribed clients.
  • Restrictions on messages to subscribed clients before 8 am and after 9pm based on the receiver’s time zone. 
  • No marketing calls to any number on the national do-not-call registry.
  • Mandatory disconnection of unanswered telemarketing calls before four rings or 15 seconds. 

The Act refers to telemarketing calls or messages initiated by a company to encourage the purchase, rental of, or investment in property, goods, or services. There are a few exceptions to this rule, including calls: 

  • Manually dialed without a pre-recorded message.
  • For emergency purposes. 
  • Not for commercial purposes.
  • For commercial purposes that don’t include or introduce an advertisement or constitute telemarketing.
  • Made by or on behalf of a tax-exempt nonprofit organization
  • Delivering a “health care” message made by, or on behalf of, a “covered entity” or its “business associate”, as defined in the HIPAA privacy rule. 

You cannot send customers text messages they did not consent to receiving. Providing the appropriate systems for lawful consent inquiry and using such consent is non-negotiable. The consumer must give express permission. The most common way to do this is through digital tick-boxes, asking clients if they want to receive promotional texts. 

It is important to remember that clients can only expressly consent to receiving promotional texts from your business if the prompt provides all the necessary information. This information includes detailed explanations of what the client can expect from you. Under no circumstances are you permitted to send the client texts related to topics that were not disclosed during the consent process. For example, Consent must always include the option to unsubscribe. 

Any client permission becomes invalid if they do not have the opportunity to unsubscribe from marketing and promotional messages whenever they choose. Opt-in must also adhere to the time zone limitations set forth by federal and state laws. So, you cannot ask a client to consent to receiving texts outside these hours (9am and 8pm in their time zone). 

Opt-in mechanisms

There are many ways to ask clients for consent to receive texts from your business. The most important element is that for marketing or promotional purposes, you cannot imply or hide these mechanisms. There must always be a clear indication to a client that they agree to receive your text messages. 

Examples of opt-in mechanisms include: 

  • SMS keywords that a client sends to your business. Upon receiving this keyword from the client, your company can send the customer relevant text messages. Please remember that by employing this method, you must make it explicitly clear–whether through a confirmation text or any other means–what the client is agreeing to when they send a keyword to your SMS number.
  • Web forms are another forthright opt-in mechanism. This web form can be part of the account creation web form, for example, where a tick box at the end asks for consent from the customer. 
  • Paper forms also work, although this method will likely see much less implementation. Remember that these paper forms must indicate clearly what the client agrees to receive via text from your business.
  • In-app check boxes are another way to ask clients’ consent to receive marketing texts. You can implement these on the app’s home screen when the client launches it for the first time. Some apps integrate the marketing check box into the same menu that asks clients to agree to their terms and conditions.

Opt-out mechanisms

If your business plans to send marketing or promotional texts to clients, you must implement an opt–out mechanism. Clients retain the right to unsubscribe from marketing and promotional texts at any time, and ignoring this right can lead to serious trouble with regulatory bodies. 

Examples of how you can implement opt-out mechanisms include: 

  • SMS keywords that a client sends to a number belonging to or representing your business. The most common keyword for this type of opt-out mechanism is “STOP”, and usually is a response to one of your marketing texts. However, clients should also have the option to opt out by using this keyword, without having to wait for your initial message. 
  • Account profiles can also include the relevant check boxes that give or withdraw consent from a customer. This mechanism is helpful, as it’s always easy to find, and might be the first place a client looks when unsubscribing from marketing texts. 
  • In-app unsubscribe buttons, like an account profile unsubscribe button, are also a safe way to implement an opt-out mechanism. Clients can find these settings easily, especially if their primary interaction with your platform is via an app.
  • Email footer unsubscribe links are another tool for sending clients marketing emails. These links to an unsubscribe form can ask clients which messages they no longer want to receive. Allowing them to select SMS and email marketing here is a good strategy. 

Message content guidelines

Here is a short list of what your texts must include:

  • Your business name–or personal name, if applicable–must be in the first message you send to clients, so that they can immediately identify you. Follow-up messages do not require an introduction.
  • Content of value. 
  • Clear opt-out instructions, such as “to stop receiving messages like this, reply STOP”.
  • Non-SHAFT content. SHAFT refers to anything related to sex, hate, alcohol, firearms, or tobacco. 

Data protection and user privacy

Another important consideration is the client data you receive or store. Many federal and state laws cover distinct aspects of data protection, from health data to financial information and data collected from children. 

Compared to the European Union, which has a comprehensive data privacy law called the General Data Protection Regulation, the US lacks a complete governing document. Some examples of data protection guidelines you can expect from the FTC include: 

  • Children’s privacy 
  • Consumer privacy
  • Credit reporting
  • Data security 
  • Privacy shield framework updates

How Telesign can assist with SMS compliance

At Telesign, we provide extensive tools for sending text messages. 

We provide verification services with reliable global coverage and completion rates. You can use our systems to verify new accounts with SMS and voice through one-time passcodes (OTPs). Additionally, we can provide tools to cater to Silent Verification for a frictionless experience. 

Our business model emphasizes business and client safety with dynamic, risk-based recommendations on every interaction. These recommendations coupled with other security processes, help you make smarter decisions for future roadmaps. 

Through Telesign, you can expect: 

  • Extensive global coverage. 
  • Omnichannel waterfall delivery for increased delivery rates. 
  • High quality routing using hundreds of providers in a global network.
  • Assistance with compliance when using our SMS systems. 

Start optimizing your SMS communications, talk to our experts today.