The Marketer's Guide to SMS Compliance

sms compliance
Posted in
SMS Marketing
Published on
Dec 15, 2022
Written by
Pia Tserkonis
Pia is a Director on the Product Marketing Team. During her logged off hours she enjoys traveling, acrylic fluid painting, and long road trips.
Thank you! You've been subscribed.
Oops! Something went wrong while submitting the form.

Before getting started with this powerful marketing channel, make sure to familiarize yourself with these key requirements and regulations.

Disclaimer: the materials in this article are for informational purposes only, and not for the purpose of providing legal advice. You should contact your legal counsel to obtain advice with respect to any particular issues or problems.

Similar to email—which has a set of laws for remaining compliant—SMS is a regulated channel with its own specific rules and requirements. In many cases, it’s illegal to send unsolicited text messages to consumers—and penalties can be steep—so it’s important to be informed about best practices for SMS compliance.

In this post, we’ll walk you through the basics of SMS compliance, to help you build a foundational understanding of how to launch your text message marketing channel with a clear strategy.

SMS compliance overview

The SMS inbox is highly personal. You’re reaching consumers on their phones, where they also connect with their friends and family, and it’s always on: text messages have an average 97% read rate within 15 minutes of delivery.

To protect consumers’ privacy and SMS communication preferences, there are regulations in place that dictate what you can and can’t do with the marketing channel.

In the United States, you must be compliant with the Telephone Consumer Protection Act (TCPA)—which is a federal law—related state laws, and the guidelines of the CTIA—a wireless communication industry trade organization.

At a high level, SMS compliance requirements in the US include the following:

  • Your subscriber must explicitly opt-in for SMS marketing in writing, and it has to be a separate opt-in from email marketing.
  • You must explain to potential subscribers what types of messages they’ll receive and clearly state how they can opt out. 
  • You must respect opt-out requests. 
  • You can’t send text messages during federal- and state-specific “quiet hours.”

Common SMS compliance key terms

From privacy laws to subscriber actions—here are some common terms and acronyms that are good to know as you navigate the world of SMS compliance.

  • CTIA: A mobile industry association (formerly known as the Cellular Telecommunications Industry Association) that publishes a list of requirements for short code programs, and audits program operators against these requirements on behalf of mobile carriers.
  • Opt-in: The action of a consumer giving their explicit consent or permission to receive recurring marketing text messages from a brand (e.g., by entering their phone number and checking a box online).
  • Opt-out (or Unsubscribe): The action of a subscriber indicating they no longer want to receive a brand's text messages (e.g., by replying with a recognized opt-out keyword). Companies are required to remove subscribers who opt-out from their list.
  • Promotional messages: Text messages sent by a brand with the intention to drive revenue (i.e., that contain a sale or marketing promotion). These can be one-time SMS campaigns or triggered messages, like browse and cart abandonment reminders.
  • SHAFT Regulations: A rule created by the CTIA that prohibits companies from sending content that contains or promotes sex, hate, alcohol, firearms, or tobacco. There are some exceptions: companies that sell alcohol or tobacco are required to use age-gating to protect underage consumers and prevent them from opting in to SMS marketing.
  • Telephone Consumer Protection Act (TCPA): A federal statute with related FCC regulations that require marketers to obtain prior express written consent from mobile subscribers before sending them marketing text messages (e.g., legal disclosure in the sign-up unit).
  • Web Content Accessibility Guidelines (WCAG): Guidelines that provide standards for how to make web content more accessible for individuals with disabilities.

Check out our Marketing Privacy & Data Glossary to learn the most common terms and regulations you’ll come across when building your marketing program.

Rules and regulations for SMS

These are the laws and organizations that determine text message compliance in the US:

Telephone Consumer Protection Act (TCPA)

The Telephone Consumer Protection Act (TCPA) is a federal law passed in 1991 that requires marketers to obtain express written consent from mobile subscribers before sending them marketing text messages. 

“In 1991, SMS wasn’t really a tool that people used, yet,” says Troy Lieberman, Associate General Counsel at Attentive. “You have this dated law that’s trying to keep up with today’s technology.” Make sure that your SMS vendor has the expertise to provide you with guidance and recommendations on how to navigate the laws and remain compliant.

“SMS compliance has so many nuances that are constantly changing based on court rulings and decisions from the Federal Communications Commission (FCC),” said Lieberman. “You need to have a strong legal and compliance foundation before engaging in any SMS marketing.”

One of the most important things to keep in mind with TCPA is making it clear to potential SMS subscribers that, by joining your text program, they’re signing up to receive recurring automated marketing text messages. You can't bury this consent language at the bottom of your sign-up unit or landing page, or behind a link that the user has to click through to see. It needs to be clearly visible and in close proximity to the call to action.

sms sign-up unit example with compliance guidelines

“Consumers need to knowingly and voluntarily opt in to receive text messages from your brand. It needs to be clear and conspicuous that by providing your phone number, you are opting in to receive automated text messages from this brand. There’s other required language outlined in the regulations themselves, but the bottom line is that it needs to be very clear and upfront,” added Lieberman.

A best practice for any SMS sign-up method is to enable double opt-in. After a potential subscriber has provided their phone number (through a web form, by sending you a Text-to-Join keyword, or on your mobile site), they should be automatically prompted to send a message (reply “Y”) from that phone number to confirm their opt-in. 

Attentive’s patented two-tap mobile technology also utilizes a double opt-in flow.  After the potential subscriber lands on your website on their mobile device, they’ll be prompted to sign up for your text program. After they tap the button to sign up, a pre-populated text message will appear in their text messaging application. They simply press send to confirm their opt in and begin receiving messages from your brand.

example of sms sign-up unit, legal text message, and welcome text message

“It's a great way to validate and verify that the phone number provided is for the right person, and that they really want to receive these recurring text messages from your brand,” said Lieberman. “It's another touchpoint to show that this person really consented and opted in.”

You also need to make it easy for subscribers to opt out, and you’re required to honor any opt out. Text message responses such as “stop,” “end,” or “unsubscribe”—with variations in capitalization—need to be recognized by your SMS platform as an opt out request.


In addition to TCPA regulations, there’s a set of industry self-regulatory requirements administered by the CTIA. The CTIA is a trade association that represents the US wireless communications industry and provides requirements in their Short Code Monitoring Handbook and Messaging Principles and Best Practices.

Like the TCPA, the CTIA also requires clear opt-in consent, and details can’t be hidden or buried in the Terms and Conditions. Other requirements include:

  • All programs must display a clear call to action. Users must understand exactly what they’re signing up to receive (recurring marketing text messages).
  • Clearly labeled Terms & Conditions and Privacy Policy links must be displayed in the opt-in unit.
  • After a subscriber joins your SMS program, you must send them a message that includes the description of the recurring program (e.g. Text alerts from Hudson & Ivy), the message frequency (e.g. Msg frequency varies), a disclaimer that message and data rates may apply, and information about how to get help or opt out.
  • Subscribers must be able to opt out at any time by responding with “stop,” “end,” “cancel,” “unsubscribe,” or “quit.”
  • Subscribers must be able to get help by responding with “help,” which should automatically return the program name and information about how to get more help.
  • Outgoing text messages must include your brand’s name.
  • Content such as (but not limited to) hate speech, certain firearms, and violence cannot be promoted via text message, in accordance with the CTIA's SHAFT regulations.
  • Programs must display opt-out instructions at regular intervals (at least once per month) in content or service messages. Opt-out information must be displayed on the advertisement or within the Terms & Conditions.

The Americans With Disabilities Act (ADA)

The Americans With Disabilities Act (ADA) establishes standards to make sure that public accommodations are accessible to people with disabilities. Accessibility is particularly nuanced when it comes to websites and the internet. The Web Content Accessibility Guidelines (WCAG) 2.1 cover a wide range of recommendations for making online content more accessible.

With over one billion people (15% of the world’s population) having a disability, it’s important to respect consumers of all ability levels.

chart from the WebAIM Million report showing causes of most common accessibility failures (% of home pages)

Principles of web accessibility for your SMS program

example of accessible sms sign-up unit

Here are the WCAG principles of website accessibility, which you should keep in mind for your SMS marketing program.

  • Perceivable: All website visitors should be able to see, read, or listen to the content on your website. The visual representation of text and images of most text should have a contrast ratio of at least 4.5:1.
  • Operable: All users should be able to easily interact with and navigate through your brand’s website (e.g., through a keyboard interface in addition to mouse inputs).
  • Understandable: The content and instructions on your website should be clearly written with a meaningful information architecture. If an input error is detected, it’s identified and described to the user through text.
  • Robust: Assistive technologies should be able to read and understand the interface and content on your website. Any content elements that use markup language (e.g., HTML) should have complete start and end tags and unique IDs—and should not contain duplicate attributes.

The most important things to know about SMS compliance

We’ve covered a lot of information, so here’s a quick recap of the most important things you need to know—and do—to make sure your SMS program is compliant.

  • Get express written consent from mobile subscribers before sending them marketing text messages. The user’s consent must be unambiguous (i.e., the user must receive a “clear and conspicuous” disclosure in close proximity to the call to action to sign up).
  • Make sure potential subscribers understand exactly what they’re signing up for. It needs to be clear on your sign-up unit, near the call to action, that by sharing their phone number, they’re agreeing to receive recurring marketing text messages from your brand.
  • Link to your Terms & Conditions and Privacy Policy in the sign-up unit. Make sure these are clearly hyperlinked (i.e., underlined, bold, a different color, etc.) in your disclaimer so they’re easily accessible and not hidden. 
  • Send new subscribers an opt-in confirmation message after they join your SMS program. It should include: a description of the recurring program, the message frequency, a disclaimer that message and data rates may apply, information about how to get help and opt out, and a link to your privacy policy.
  • Include your brand’s name in all outgoing text messages. Your subscribers always need to know who they’re getting marketing messages from.
  • Only send text messages at appropriate times. Under the TCPA and related state laws, you can’t send text messages during “quiet hours.” Attentive's default and recommended Quiet Hours are 8pm to 12pm EST.
  • Allow subscribers to opt out of your SMS program at any timeand respect their opt out requests. The Attentive platform recognizes the following terms as opt-out keywords, with variations in capitalization: “stop,” “end,” “cancel,” “unsubscribe,” and “quit.”

Your SMS compliance checklist

Use these questions as a starting point in determining whether you meet the basic requirements for SMS compliance, from your sign-units to the text messages you send on a regular basis.

Is your SMS opt-in experience compliant? Some questions to consider:

  • Is your SMS opt-in separate from email opt-in?
  • Does your sign-up unit design meet accessibility guidelines (i.e., a bold legible offer, a legal disclosure, and CTA that’s easily readable)?
  • Does the disclosure on your sign-up unit clearly state that by joining your text program, subscribers are signing up to receive recurring automated promotional and personalized marketing text messages from your brand?
  • Does the disclosure on your sign-up unit disclose that consent is not a condition of any purchase?
  • Does the disclosure on your sign-up unit disclose that message and data rates may apply?
  • Does the disclosure on your sign-up unit include clearly labeled Terms & Conditions and Privacy Policy links (or full URLs written out)?
  • Does your confirmation message to new subscribers include the following information? Description of the recurring program, message frequency, a "message and data rates may apply" disclosure, opt-out instructions, support information (e.g., help), a link to your privacy policy.
  • Do you require new subscribers to confirm they want to receive your text messages with double opt-in (e.g., reply “Y”)?

Is your ongoing text messaging program compliant? Some questions to consider:

  • Is your brand name included in all outgoing text messages?
  • Can your subscribers get support at any time by responding with “help”? (Note: if you use Attentive, our platform recognizes the help keyword.)
  • Can your subscribers opt-out at any time by responding with “stop,” “end,” “cancel,” “unsubscribe,” or “quit”? (Note: if you use Attentive, our platform recognizes these carrier-mandated opt-out keywords.)
  • Do you regularly remind your subscribers how to opt out (i.e., at least once per month) in content or service messages?
  • Do you remove subscribers who opt out of your text messages from your SMS list?
  • Do you only send text messages during reasonable hours (i.e., never during "quiet hours") based on a subscriber's local time zone?

Remember: the right SMS provider will have the expertise to provide you with guidance and help you check every box for compliance.

How Attentive places SMS compliance at the forefront

Our in-house legal team includes experts on TCPA law and we maintain close relationships with regulators and carriers that help set and enforce the industry guidelines for text message marketing. Our compliance tools include:

  • Audit trails to help our customers defend against TCPA lawsuits 
  • Automatically-recognized opt out keywords and fuzzy opt-out tools that help remove subscribers who no longer want to be subscribed
  • Sign-up units built with accessibility in mind—including valid HTML so that users who rely on assistive technology can easily subscribe to your email and SMS lists
example of sms sign-up unit with good color contrast

We provide in-app validations and visual references that help check whether there is sufficient color contrast between the text color and background color on your SMS creatives. 

All clickable elements of your brand’s sign-up units—including the close (x) icon, input fields, and buttons—are accessible through a keyboard, meaning users can access and move between links, buttons, forms, and other controls using the Tab key and other keystrokes. This is important for web visitors who can’t use a mouse, can’t see the mouse pointer on their screen, or those who should limit or avoid use of a mouse. 

Custom error messages on our sign-up units help identify empty fields or incorrect email and phone number formats, so the user can quickly and easily correct the error.

As retail and e-commerce sales continue to grow in the US and beyond, SMS has become a “must-have” tool in marketers’ tech stacks. Working with the right SMS vendor is a critical first step in making sure your channel is compliant now—and stays that way in the future. 

Get more insights into how you should be thinking about growing your SMS list with compliance in mind by tuning into Privy’s Ecommerce Marketing School podcast episode on how to grow your text list from the ground up.

Related Articles