SMS marketing is a fundamental component for businesses and organizations that allows you to reach consumers more effectively and at lower costs. SMS messages allow you to engage with your audiences through the channel they’re most likely to see, open, and respond to.

But before you start sending SMS messages, it is vital that you understand the various SMS compliance laws and regulations that are enacted to protect consumers and prevent brands from abusing or over-using this relationship. Penalties for non-compliance are stiff and can include fines or even legal action. Furthermore, spamming users with unsolicited messages drives them away from your business and results in lost customers and lost revenue.


This article serves as a guideline and should not be considered as legal advice. We recommend that you work with your legal counsel for compliance with applicable laws regarding SMS messaging in your country of operation.

SMS compliance laws and regulations

SMS compliance essentially means that you as a business must continuously confirm that you are engaging with customers on their terms. In the U.S., SMS compliance rules fall under the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act.

TCPA - Telephone Consumer Protection Act - This is the federal legislation that governs telemarketing, text messaging, and the Do-Not-Call list and was introduced to protect customers' privacy. This law mandates that a business must receive express written consent to send messages to customers and that you must be clear with the customer about how you intend to use SMS messaging to communicate with them. TCPA also allows individuals to file lawsuits and collect damages for receiving unsolicited telemarketing calls, faxes, pre-recorded calls, or auto-dialed calls.

The CAN-SPAM Act (Controlling the Assault of Non-Solicited Pornography and Marketing Act) enhances and adds to the TCPA and was enacted to try and curb the spate of unsolicited commercial email and text messages sent to wireless devices.

CTIA (Cellular Telecommunications Industry Association) represents the U.S. wireless communications industry. The CTIA lays out additional guidelines for SMS marketing. These guidelines align with TCPA laws to protect people from unwanted text messages but extend further to help marketers create a better experience for consumers. For more information, see the Short Code Registry’s Best Practices and the Short Code Monitoring Handbook.

You can also refer to the following additional resources:

Best practices to get compliance right

You must use the legal advice provided to you and follow all the laws and regulations when you send SMS messages. The following guidelines will help you to run successful SMS campaigns.

1. Obtain express written consent

Build a compliant database of customers. You cannot send a message to or call a customer without their explicit consent. Consent cannot be implicit and must be express written consent. You can obtain written consent in the form of an electronic or digital signature via a website form, an SMS message with a specific keyword, an email confirmation, and so on.

2. Document and save opt-in permissions

For compliance purposes, you must retain the following information regarding consent:

  1. The time and date on which the customer gave consent
  2. The type of SMS messaging they consented to
  3. The customer phone number
  4. The language in which they opted-in

3. Provide a disclosure about communications you plan to send

You must disclose the full scope of your SMS communications. Customers must clearly understand what messages to expect from you. When customers opt-in to receive communications from you, you must provide the following information:

  • Who you are
  • How often you will be messaging them
  • The purpose of these message
  • And that messages and data rates may apply

4. Identify yourself clearly

Identify your brand and include a clear indicator that the message is a solicitation or advertisement for goods or services. 

5. Provide a way for customers to opt-out

Every message that you send to customers must include a way for them to opt-out from receiving messages. For example, you can include “Reply STOP to unsubscribe” in the message.

6. Send messages only to legally obtained, opted-in phone numbers

Calling or sending SMS messages to customers who have opted-out or who are on the Do Not Call Registry is a violation of the law and can result in stiff fines. Keep your customer database updated and ensure that when a customer opt-out, the customer profile is updated in a timely manner.

7. Ensure SHAFT compliance

S.H.A.F.T. is an acronym created by the CTIA which stands for Sex, Hate, Alcohol, Firearms, and Tobacco. Including content related to any of these topics in your SMS is considered one of the highest violations, and may result in an immediate ban.

Some S.H.A.F.T. content may be marketed through SMS using designated short codes only. This requires an opt-in and an age-gate to be implemented. Check with your carrier and legal team before you proceed.

The CTIA also defines the following message categories that must be excluded from all SMS communications: 

  • Depictions and endorsement of violence
  • Profanity
  • Hate/discriminatory speech
  • Endorsement of illegal or illicit drugs

8. Communicate at the right time

Under TCPA, you may not text or call subscribers during late hours. This SMS behavior is considered abusive and can result in significant penalties. Refer to the TCPA regulations for the exact hours.

9. Add a Privacy Policy to your website

Ensure that your Terms and Conditions and Privacy policy are easily accessible to customers. By sharing your terms and conditions, you can remind customers that you are compliant and taking the law into account. If you update the Terms and Conditions or the Privacy policy, notify your customers immediately. 

You can include some of the following information in the Terms and Conditions page:

  • What information will the SMS messages contain
  • How often will the customer receive messages
  • Is there a cost associated with receiving messages
  • How can the customer opt-out

You can include some of the following information in the Privacy Policy page:

  • Explicitly state how customer information is captured by your website.
  • Information about data sharing or selling to third parties.
  • Information about Location tracking and location-based services

10. Check with your legal team

Double check everything with your legal team to ensure that your SMS messaging is fully compliant with all applicable rules and regulations for the regions your brand operates in.

International messaging

SMS guidelines and regulations vary significantly from country to country and some types of numbers might not be available in some countries. If your customers are located in regions outside the U.S. and Canada, you must research best practices and laws in those areas.

Archiving messages for compliance

If you are running SMS campaigns, you might want to retain copies of all SMS conversations, outgoing and incoming, for regulatory reasons. 

The campaign activity reports capture the message details for every 'sent' event for the SMS channel. If you are using 2-way SMS messages, and a customer replies to an SMS campaign, the customer's reply is captured as an Inbound Message (bsft_inbound_message) event on the customer profile. You can export this SMS Inbound Message event as part of the campaign activity data.

For more information, see Archived SMS messages as part of campaign activity reports

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.