The No Nonsense Guide to SMS Compliance and Why it Matters

If you’re a business owner, you’re probably already aware of the benefits of SMS marketing – but how much do you know about SMS compliance, and the evolving regulations influencing how you can communicate with customers via text?

SMS gives you the opportunity to reach your customers anywhere, at any time (even if they don’t have an internet connection). With it, you can benefit from world-leading click-through, open and engagement rates, and higher conversions. In fact, SMS messages have an average open rate of 98% - far outshining email open rates.

But SMS is a regulated marketing channel – one with specific federal laws in place designed to protect customers, and their privacy. If you’re not proactive about adhering to text messaging compliance rules, you don’t just put yourself at risk of fines. You could lose the trust of your customers, and suffer from lower deliverability rates.

Fortunately, we’re here to help. Here’s absolutely everything you need to know about SMS compliance laws to stay one step ahead in the SMS marketing era.

Disclaimer: This article aims to provide insights into the best practices companies can follow to adhere to text messaging compliance regulations. It should not be construed as legal advice. If you have any concerns, we do recommend speaking to a legal professional directly.

Find the service, tools, and knowledge you need to build a winning and trustworthy texting strategy.

Schedule a demo

What is SMS Compliance? Introducing Texting Compliance

The term “SMS compliance” refers to the various rules and laws that govern how businesses send text messages to customers, leads, or prospects.

There are actually various types of SMS regulations to consider. They range from overarching rules that apply to various types of texts sent by companies throughout the US and Canada (like TCPA and CTIA guidelines) to marketing laws (CAN-SPAM), and industry-specific regulations, like HIPAA, FINRA, or SEC texting rules.

While different regulations have varying nuances, most are designed to protect customers from privacy issues, spam, and annoying unwanted texts. Many SMS compliance laws also require companies to follow similar best practices, like obtaining consent to text a customer, giving users the option to opt-out of texts, and protecting sensitive data.

Many SMS guidelines even ask companies to securely store text records for a set period of time, or prevent them from including specific terms and content in messages.

On top of that, compliance rules differ depending on the types of messages you need to send, such as transactional, promotional, or conversational messages.

Why is Text Messaging Compliance Important?

The most obvious reason companies should be prioritizing SMS compliance, is that failure to do so can lead to serious legal repercussions and hefty fines. Ignoring TCPA fines can lead to fines of $500 to $1,500 per violation. Overlooking CAN-SPAM rules can subject you to penalties of up to $16,000 per message (or more, if the violation is deliberate).

But adhering to SMS regulations isn’t just about avoiding fines. It’s also crucial to protecting your company’s reputation and relationship with customers. Adhering to governance laws and regulations shows your customers that you put their safety and overall experience first.

It also helps to prevent you from ending up on blacklists (which would limit your ability to send SMS messages to customers in the future). Plus, since compliance forces you to rethink who you can text and when, it prompts you to take a more strategic approach to your marketing campaigns.

SMS Compliance: Exploring the Core SMS Regulations

One of the reasons text message compliance is so complicated these days, is there are numerous different rules to consider. In the US alone, there are various governmental regulations and policies imposed by different groups. On a broad scale, you’ll need to consider the rules of the TCPA (Telephone Consumer Protection Act), the CTIA (Cellular Telecommunications and Internet Association) and the MMA (Mobile Marketing Association).

Beyond that, there are rules set by the Federal Communications Commission (FCC), and specific regulatory bodies for different sectors. For instance, if you’re using SMS for healthcare marketing, you’ll need to adhere to HIPAA guidelines. If you’re operating in the financial sector, there are SEC and FINRA rules to consider.

Here are some of the main regulations you’ll need to master.

TCPA and CTIA Guidelines

Let’s start with perhaps the most significant texting compliance standards for companies in every industry throughout the US. Across the US and North America, cold texting is illegal – SMS regulations also prohibit the use of purchased contact lists for marketing campaigns.

While there are several regulatory bodies that contribute to compliance guidelines, the most important rules to understand are those set by the TCPA and CTIA.

The Telephone Consumer Protection Act

If you’re a business or organization that already sends text messages or plans to in the future, for marketing or informational purposes, TCPA compliance guidelines should govern everything you do. The Telephone Consumer Protection Act requires companies to:

• Obtain consent: If you aren’t already, you should be collecting written, verbal, or implied consent to contact customers. This will also ensure your SMS marketing can adhere to CAN-SPAM Act text messages and similar rules.
• Keep Records: Customer information must be up-to-date, especially for opt-outs or do-not-call requests. You may even need to invest in SMS archiving software, to retain conversations for a specific period of time for auditing purposes.
• Plan Communications Carefully: Businesses need to be mindful of time zones, especially for automated messages and phone calls. They also need to ensure they’re including relevant information (like business details) in messages, while avoiding dangerous content.

In addition to making it easy to access messaging logs, Clerk Chat also integrates with Smarsh and Global Relay text archiving as a way to stay consistent across multiple channels.

We also offer a handy TCPA compliance checklist to help companies dive into their messaging strategies, with fewer risks.

CTIA: The Cellular Telecommunications Industry Association

The Cellular Telecommunications Industry Association (CTIA) builds on the SMS compliance laws introduced by TCPA. Companies still need to adhere to all the rules introduced by TCPA, such as ensuring they collect consent from the people they want to contact.

However, the CTIA also introduces instructions for how companies can improve the customer experience when using SMS marketing. For instance, they ask companies to:

• Detail a clear opt-out process for all potential customers and contacts.
• Include their brand name in communications.
• Display a clear call to action to ensure customers know what their next step should be.

MMA and CAN-SPAM and Content-Focused Laws

The Mobile Marketing Association (MMA) introduces a code of conduct for SMS compliance that requires companies to follow similar best practices as they would when ensuring TCPA compliance. For instance, you need to get and document consent to contact customers, identify yourself in all messages, respect the National Do Not Call (DNC) registry, and make opting out easy.

Similarly, companies sending CAN-SPAM Act text messages need to adhere to specific rules when sending marketing texts. Alongside obtaining consent (and making opting-out simple). You’ll need to ensure that:

• From, To, and Reply-To fields are accurate.
• Subject lines are informative (not misleading)
• Marketing and advertising messages are clearly marked as such.
• Opt-out requests are honored in a timely manner

Prohibited Content in SMS Marketing

Beyond the guidelines above, companies also need to be cautious about the kind of content they include in SMS messages. Whether you’re sending transactional, conversational, or promotional texts, you will need to adhere to prohibited content laws.

The CTIA and cellular carriers disallow certain kinds of messaging content – usually content that falls under the “SHAFT” rules. SHAFT is basically a handy acronym that should help you remember the types of content that are forbidden or subject to specific rules:

• S: Anything related to “sexually inappropriate” content
• H: Hate speech or unnecessary profanity
• A: Alcohol-related content (unless approved by TCR)
• F: Firearms and anything that endorses violence
• T: Tobacco – also vaping and references to illicit drugs

Notably, some forms of content may be allowed by certain carriers, if a campaign is submitted and approved by the TCA in advance and the right “age gate” is in place.

Additionally, some other specific types of content might be prohibited by certain carriers. For instance, some carriers disallow content about debt collection, loans, CBD, and gambling. The best thing you can do to maintain SMS compliance is research the latest content rules in your industry.

Industry-Specific SMS Compliance: HIPAA, SEC, and More

On top of all the various rules mentioned above, there are specific SMS compliance standards to be aware of for companies in certain industries.

For instance, if you run a business in either healthcare or finance, be mindful of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (GLBA).

Oftentimes medical offices send out SMS, so there are times concerns arise around HIPAA texting. HIPAA protects the privacy and security of a patient’s health information. Before sending a message that may contain personal information, you must obtain consent to be allowed to use text messages as a method of communication.

Additionally, if sending SMS related to anything financial, adhere to GLBA compliance, as it protects the privacy of a consumer’s financial data.

Depending on your industry, you might need to be aware of SEC and FINRA rules for companies using an SMS service for financial industries. For instance, SEC requires companies to hold onto SMS records for a specific period of time. There are also FHA texting rules to consider – related to housing communications.

For instance, if a business is using text messaging to communicate for a housing-related matter, it must avoid using any discriminatory language. It is particularly important when building a compliant SMS marketing strategy.

Technicalities of SMS Marketing Compliance

For companies learning how to protect SMS campaigns from compliance issues, there are various other terms to be aware of too. For instance, you’ll encounter different rules depending on whether you’re using SMS for transactional, promotional, or conversational messages.

There are strict rules governing application-to-person text messaging too (for those using mass text messaging software), particularly in regard to when and how often you send messages to customers. Plus, if you’re using specific numbers for messaging, there are other rules to consider.

For instance, if you’re using 10DLC (10 digit long code) numbers for marketing messages, instead of short code texting you’ll need to register your brand with The Campaign Registry, and gain approval for each campaign you want to launch.

This might seem like “extra work” at first, but 10DLC registration has a lot of benefits. First, it’s cheaper and more accessible than standard short codes for texting. Plus, 10DLC numbers are more recognizable (similar to regular numbers) to customers.

Since consumers are more familiar with 10DLC numbers, they’re more likely to open your texts, and trust your company when they receive messages from you.

Understanding 10DLC Registration Compliance

In order to use 10DLC for A2P messaging, you must register your business with The Campaign Registry (TCR). Clerk Chat helps with this process. Once you are set up with your Clerk Chat account, you can access the Brand Registration from the Settings menu.

You will need to have the following business information handy:

• Legal company name
• Brand name
• Country of registration
• Organization legal form (i.e. non profit, government, etc.)
• Company EIN and issuing country
• Address
• Point of contact

You’ll also need to answer some questions including what types of campaigns you plan to send and how you obtain consent from message recipients.

Once you have submitted this form and Clerk Chat has completed the process with The Campaign Registry on your behalf, eventually you will receive a Campaign ID and your account will be considered verified, which means you are all set with 10DLC SMS compliance.

Additionally, if your business is running on a Zoom or Microsoft Teams phone number, you also have the option to enable your number for SMS via Clerk Chat. You would register your number with the Brand Registration form the same way you would for a standard 10DLC number. Once verified, you’ll also be able to use Zoom 10DLC to send SMS campaigns.

Best Practices for Text Messaging Compliance

All of these rules related to SMS compliance can seem overwhelming. But avoiding issues is actually a lot simpler than you might think. All you need to do to adhere to a wide range of different rules and regulations, is follow a few best practices:

1. Register Your Business Texting Number

As mentioned above, you can use a range of numbers with your business texting solution for marketing campaigns, transactional, and conversational texts. But using 10DLC numbers means you benefit from better deliverability rates, greater trust and brand recognition, and cost savings.

The downside is that you need to register your brand (and each campaign you launch) with The Campaign Registry. The good news is that going through this process will actually help you from an SMS compliance perspective.

Once your campaigns and brands are approved by the Campaign Registry, they’re less likely to get flagged by carriers attempting to protect customers from spam. Plus, when you’re registering your campaigns, you’ll have to demonstrate how you’re gathering opt-in consent from customers and what content you’ll be sharing, so you can avoid mistakes later on.

Since Clerk Chat helps you navigate the process of campaign and brand registration with unified data, and step-by-step solutions, getting started is a lot easier than you might think.

Find the service, tools, and knowledge you need to build a winning and trustworthy texting strategy.

Schedule a demo

2. Collect Consent from Contacts

As we’ve mentioned a few times now, there are various different types of business texts, from promotional and informational (transactional) texts to conversational messages. Depending on the types of texts you’re going to be sending, there are different types of consent you’ll need to obtain to adhere to text messaging compliance guidelines.

However, if you obtain express written consent to communicate with customers in various ways from day one – you don’t have to worry as much about updating consent details later.

The key to success is developing a strong opt-in process. Remember, your subscriber’s consent needs to be obtained in writing, before you add their details to your automated messaging service system.

But every customer doesn’t necessarily need to sign a contract. They could just send an “opt-in” text to a specific number or fill out a form. Just make sure you keep records of the consent your customers give in your CRM or archiving platform.

Other quick tips to follow include:

• Using clear language: SMS compliance rules, like those set by the TCPA, require companies to make it clear what subscribers are agreeing to. Be specific and straightforward about the texts your customers will receive and how often they’ll get them.
• Don’t try to trick customers into giving consent: Don’t check the box on your forms that opts customers in to receiving messages from you automatically. They need to make a conscious decision to allow you to contact them.
• Use double opt-in: A double opt-in process will help to protect your business from unnecessary compliance issues. When customers give you their number, send a message asking them to confirm that they definitely want to hear from you.

3. Manage the Opt-Out Process

Mastering texting compliance isn’t just about obtaining consent. You need to follow both SMS opt-in & opt-out best practices if you want to avoid fines and reputation damage. Start by making sure customers know how to opt-out of receiving messages.

Add a page to your website detailing opt-out options. For instance, you might ask your customers to contact your team via email, phone, or SMS, or just send a “STOP” message to a specific number. You could also allow people to opt-out of messages from their private website account.

In general, it’s a good idea to include “opt-out” instructions in virtually all of the messages you send – particularly promotional texts. You can add a simple line to your texting templates that reminds customers of how to opt out by sending you a single keyword like “UNSUBSCRIBE.”

When customers opt-out, respect their request immediately. Don’t send extra messages trying to convince them to change their mind. Remember, if they decide they want to hear from you again, they’ll still know how to sign up for your messages.

Update your SMS CRM integrations and databases automatically too, so you don’t make the mistake of sending scheduled texts to people who have already opted-out.

4. Master Messaging Timing and Frequency

As we mentioned above, various SMS guidelines and texting compliance laws implement restrictions on when companies can send messages to customers – for any reason. Unlike emails, which you can basically send whenever you like, the TCPA prioritizes responsible timing.

For instance, in the US, you can only send promotional messages between the hours of 8am and 9pm- based on your customer’s time zone. This can make scheduling texts tricky if you serve customers in different regions. That’s why it’s such a good idea to use solutions like dynamic lists on Clerk Chat to segment customers based on their location.

Beyond getting timing right, you’ll need to think about frequency too. Many states have different rules for how often companies can send promotional texts to customers. In Florida, for instance, you can only use an SMS blast service to send 3 promotional texts per day. In Maine, you can send one text every eight hours.

Don’t just focus on adhering to the SMS compliance laws in your region. Think about your customer’s preferences too. Most customers won’t want to hear from a company about a specific product multiple times in one day. Your SMS analytics and engagement reports should give you a good insight into how often customers actually expect to hear from you.

5. Plan Content Carefully

Another texting compliance strategy you’ll need to master, revolves around getting your content right. We’ve already mentioned that there are various types of content that shouldn’t be included in virtually any text, such as hateful content, or content related to alcohol.

Depending on your industry, you might need to be cautious about personalizing SMS and RCS messages with sensitive information too. For instance, you can’t include details about a person’s conditions or treatments in a healthcare related text.

But it’s not just the content you “can’t” cover that you need to be aware of. You also need to make sure you’re including the right content in your texts. For instance, most texts should include:

• Your business name
• The reason for the text (in clear language)
• Details about opt-out processes

Depending on the type of text, you might also need to let your customers know when you’re using automated systems or AI to send them messages. For promotional messages, you might need to outline that an agreement to “opt in” to receive information about a new product isn’t also a “condition of purchase.”

For transactional and conversational texts, you may need to provide your customers with insights into how they can get extra help or support, from your team or a customer service AI application.

In some cases, you may even need to let customers know that responding to your messages might cost them money (based on their carrier rates) or share links to your terms and privacy conditions.

6. Stay Up-to-Date with SMS Compliance

The trickiest part of keeping up with SMS regulations is that they’re constantly changing. SMS marketing compliance guidelines and laws about how companies can communicate with other companies evolve as new technologies and strategies emerge.

For instance, just look at the rise of artificial intelligence in SMS campaigns. Some companies use AI for chatbots while others use AI for personalization. Clerk Chat offers AI SMS with options including suggested text or conversation summaries but also with the ability to scale with AI agents.

For the most part, AI-generated messages will need to adhere to the same SMS regulations as human-created text messages. However, new regulations may emerge that require companies to make it clear to customers when they’re interacting with AI.

You may also need to invest in new data governance strategies, which influence how you train and use your AI systems for campaigns.

Beyond adapting to new technologies and automated workflows, you’ll need to update your compliance strategy every time you invest in a new type of messaging, from transactional texts to promotional and conversational messaging campaigns.

The only way to avoid fines and issues constantly, is to stay informed. Make sure all team members are educated on SMS guidelines and leverage technology that can help you maintain accurate records.

Handling Audits for SMS Compliance

Finally, there’s one last thing you’ll need to consider when it comes to mastering SMS compliance: audits. Even if you follow all of the texting compliance guidelines we’ve outlined above, you may still be asked to submit data for an audit.

Many industries, from finance and healthcare to the legal services industry, require companies to follow strict strategies when it comes to protecting data and maintaining records. This means you’ll need to have a plan in place for how you’re going to collect and share the right documentation and data with regulatory bodies, when necessary.

The records you keep will need to be detailed, covering everything from opt-in and opt-out details, to the dates and times when messages were sent and what information was included.

The good news is that a proactive approach to maintaining these records doesn’t just help you navigate audits. It can also support:

• Dispute Resolution and Conflict Management: When conflicts arise, having access to past communication can be invaluable, because it provides a reliable and objective reference point, helping to protect your interests.
• Knowledge Management and Collaboration: Valuable insights, decisions, and instructions from conversations become easily accessible for future reference. This can often benefit new team members and fosters a culture of transparency, accountability, and continuous improvement.
• Security and Data Protection: By keeping all your communication in one place, you can protect sensitive information and prevent data breaches. And by the way, implementing security measures like encryption and access controls, lowers the risk of unauthorized access to private conversations.

Preparing for Text Message Compliance Audits with Clerk Chat

The good news for companies worrying about audits, is that an OTP SMS service or messaging platform like Clerk Chat, can help with record keeping and archiving.

Clerk Chat is a powerful business messaging platform that seamlessly integrates with Microsoft Teams and many other familiar platforms. You can even use Clerk as a standalone web app. With Clerk Chat, you can easily connect your existing number or choose a new one, consolidating all your conversations into one platform, saving you the hassle of managing multiple windows.

Clerk Chat supports SMS, RCS, and MS Teams compliance archiving, with the option to collect data through integrations with tools like Smarsh and Global Relay.

You can also easily export conversation logs from Clerk Chat from the “Settings” bar. Just click on “Logs”, and choose the inboxes (phone lines) and a date range for your export. Clerk Chat will then automatically create a CSV file for you to download.

Simplifying SMS Compliance with Clerk Chat

Navigating SMS compliance standards can be difficult. There are so many different rules to consider, depending on your location, the types of messages you send, and your industry. Plus, the guidelines are constantly evolving, as customer expectations and technologies transform.

But text message compliance isn’t something any business can afford to overlook. Fail to follow the latest rules consistently and you expose yourself to more than just serious fines. You could damage your relationships with customers, and destroy your brand’s reputation.

Fortunately, Clerk Chat makes it simple to master compliance, regardless of your messaging strategy. Companies can take advantage of integrations that help them maintain records, archive data, and even keep track of opt-in and opt-out rates, across channels.

Plus, Clerk Chat helps companies manage 10DLC registration, segment customers, schedule messages to adhere to frequency and timing rules, and even export communication logs for audits.

Ready to take an intelligent approach to SMS compliance? Discover Clerk Chat today.

FAQs

What is SMS compliance?

SMS compliance involves obtaining explicit consent from individuals before sending them text messages and ensuring they are informed about the nature of the messages they will receive. This practice aligns with legal regulations and fosters trust between businesses and consumers.

What are the SMS rules for 2025?

Amendments to the TCPA have expanded consumer rights. Recipients can now more easily revoke consent, and businesses are required to honor opt-out requests in no more than 10 days. Marketers also need to collect and store consent given to them by each recipient and deliver simple opt-out options.

Does GDPR apply to SMS?

Yes, the General Data Protection Regulation (GDPR) applies to SMS communications. While the GDPR governs data protection broadly, the Privacy and Electronic Communications Regulations (PECR) specifically address electronic communications, including SMS. Both require businesses to obtain explicit consent before sending marketing messages via SMS.

Do you need permission to send SMS?

Yes, businesses must obtain explicit permission before sending SMS messages to individuals. This consent ensures compliance with regulations and respects recipients’ privacy. Unauthorized messaging can lead to legal repercussions and damage to the organization’s reputation.

What are the consequences of non-compliance with SMS regulations?

Non-compliance with SMS regulations can result in significant penalties, including substantial fines. Additionally, non-compliance can damage an organization’s reputation and erode consumer trust.

How can businesses ensure SMS compliance?

To ensure SMS compliance, businesses should:

• Obtain explicit consent from recipients before sending messages.
• Provide clear information about the nature and frequency of messages.
• Offer easy opt-out mechanisms and honor opt-out requests promptly.
• Maintain accurate records of consents and communications.
• Stay updated on relevant regulations and adapt practices accordingly.

How does SMS compliance differ between regions?

SMS compliance regulations can vary significantly between regions. For example, the GDPR governs SMS communications within the European Union, requiring explicit consent and data protection measures. In contrast, the United States follows the TCPA, which has its own set of rules regarding consent and message content.

What role do mobile carriers play in SMS compliance?

Mobile carriers are integral to enforcing SMS compliance by implementing measures to detect and block spam or unauthorized messages. They may collaborate with businesses to ensure messaging practices align with regulatory standards and protect consumers from unwanted communications. Carriers also provide guidelines and support to help businesses maintain compliance in their SMS campaigns.