SMS marketing is a fundamental component for businesses and organizations that allows you to reach consumers more effectively and at lower costs. SMS messages allow you to engage with your audiences through the channel they’re most likely to see, open, and respond to.
But before you start sending SMS messages, it is vital that you understand the various SMS compliance laws and regulations that are enacted to protect consumers and prevent brands from abusing or over-using this relationship. Penalties for non-compliance are stiff and can include fines or even legal action. Furthermore, spamming users with unsolicited messages drives them away from your business and results in lost customers and lost revenue.
This article serves as a guideline and should not be considered as legal advice. We recommend that you work with your legal counsel for compliance with applicable laws regarding SMS messaging in your country of operation.
SMS compliance laws and regulations
SMS compliance essentially means that you as a business must continuously confirm that you are engaging with customers on their terms. In the U.S., SMS compliance rules fall under the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act.
TCPA - Telephone Consumer Protection Act - This is the federal legislation that governs telemarketing, text messaging, and the Do-Not-Call list and was introduced to protect customers' privacy. This law mandates that a business must receive express written consent to send messages to customers and that you must be clear with the customer about how you intend to use SMS messaging to communicate with them. TCPA also allows individuals to file lawsuits and collect damages for receiving unsolicited telemarketing calls, faxes, pre-recorded calls, or auto-dialed calls.
The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) enhances and adds to the TCPA and was enacted to try and curb the spate of unsolicited commercial email and text messages sent to wireless devices.
CTIA (Cellular Telecommunications Industry Association) represents the U.S. wireless communications industry. The CTIA lays out additional guidelines for SMS marketing. These guidelines align with TCPA laws to protect people from unwanted text messages but extend further to help marketers create a better experience for consumers. For more information, see the Short Code Registry’s Best Practices and the Short Code Monitoring Handbook.
You can also refer to the following additional resources:
- The National Do Not Call Registry
- The FCC’s consumer guide on spam and robocalls
- Guidelines and best practices published by the Mobile Marketing Association (MMA)
- California Consumer Privacy Act (CCPA)
- GDPR compliance
Best practices to get compliance right
You must use the legal advice provided to you and follow all the laws and regulations when you send SMS messages. The following guidelines will help you to run successful SMS campaigns.
1. Obtain express written consent
Build a compliant database of customers. You cannot send a message to or call a customer without their explicit consent. Consent cannot be implicit and must be express written consent. You can obtain written consent in the form of an electronic or digital signature via a website form, an SMS message with a specific keyword, an email confirmation, and so on.
2. Document and save opt-in permissions
For compliance purposes, you must retain the following information regarding consent:
- The time and date on which the customer gave consent
- The type of SMS messaging they consented to
- The customer phone number
- The language in which they opted-in
3. Provide a disclosure about communications you plan to send
You must disclose the full scope of your SMS communications. Customers must clearly understand what messages to expect from you. When customers opt-in to receive communications from you, you must provide the following information:
- Who you are
- How often you will be messaging them
- The purpose of these message
- And that messages and data rates may apply
4. Identify yourself clearly
Identify your brand and include a clear indicator that the message is a solicitation or advertisement for goods or services.
5. Provide a way for customers to opt-out
Every message that you send to customers must include a way for them to opt-out from receiving messages. For example, you can include “Reply STOP to unsubscribe” in the message.
6. Send messages only to legally obtained, opted-in phone numbers
Calling or sending SMS messages to customers who have opted-out or who are on the Do Not Call Registry is a violation of the law and can result in stiff fines. Keep your customer database updated and ensure that when a customer opt-out, the customer profile is updated in a timely manner.
7. Ensure SHAFT compliance
S.H.A.F.T. is an acronym created by the CTIA which stands for Sex, Hate, Alcohol, Firearms, and Tobacco. Including content related to any of these topics in your SMS is considered one of the highest violations, and may result in an immediate ban.
Some S.H.A.F.T. content may be marketed through SMS using designated short codes only. This requires an opt-in and an age-gate to be implemented. Check with your carrier and legal team before you proceed.
The CTIA also defines the following message categories that must be excluded from all SMS communications:
- Depictions and endorsement of violence
- Hate/discriminatory speech
- Endorsement of illegal or illicit drugs
8. Communicate at the right time
Under TCPA, you may not text or call subscribers during late hours. This SMS behavior is considered abusive and can result in significant penalties. Refer to the TCPA regulations for the exact hours.
You can include some of the following information in the Terms and Conditions page:
- What information will the SMS messages contain
- How often will the customer receive messages
- Is there a cost associated with receiving messages
- How can the customer opt-out
- Explicitly state how customer information is captured by your website.
- Information about data sharing or selling to third parties.
- Information about Location tracking and location-based services
10. Check with your legal team
Double check everything with your legal team to ensure that your SMS messaging is fully compliant with all applicable rules and regulations for the regions your brand operates in.
SMS guidelines and regulations vary significantly from country to country and some types of numbers might not be available in some countries. If your customers are located in regions outside the U.S. and Canada, you must research best practices and laws in those areas.
Archiving messages for compliance
If you are running SMS campaigns, you might want to retain copies of all SMS conversations, outgoing and incoming, for regulatory reasons.
The campaign activity reports capture the message details for every 'sent' event for the SMS channel. If you are using 2-way SMS messages, and a customer replies to an SMS campaign, the customer's reply is captured as an Inbound Message (bsft_inbound_message) event on the customer profile. You can export this SMS Inbound Message event as part of the campaign activity data.
For more information, see Archived SMS messages as part of campaign activity reports