Blog Home
Texting 101

SMS compliance checklist

Alia Paavola
6
minute read
Table of contents:

Texting has emerged as a great tool for businesses to connect with customers, leads, and employees. That’s because text messages have higher response, open, and click-through rates than email. Plus, customers spend more than four hours on their phones per day, ensuring your message is seen. However, before adding a business SMS strategy you must understand the laws that govern texting.

Texting is highly regulated to protect customers and limit damaging spam messages. Knowing these rules will help you stay compliant to avoid fines and other legal repercussions. While texting compliance may seem like a daunting task, it isn’t with our eight-step checklist.

Below Textline shares the eight key steps that will help your organization with text message compliance. Please note that this checklist is for informational purposes only and is the opinion of the Textline editorial team. It is not intended to substitute legal advice from a qualified legal counsel. 

1. Ensure your opt-in consent procedures are in place

Before you send a text to any contact, you must get their consent. Your contacts must consent to receive recurring messages, marketing messages, and more. The key to obtaining consent is being as transparent as possible and acquiring customers’ phone numbers on your own. So before you embark on an SMS strategy, ensure your business has a plan in place to get mobile numbers and ask for permission to contact them via SMS. 

There are several ways your business can obtain an opt-in to grow your SMS subscriber list. This includes setting up a text-to-join campaign where you ask customers to text “JOIN” or “HELLO” to your business texting number or using an online form. An online form must state that the consumer is subscribing to get SMS messages upon submission. 

Below is an example of obtaining prior consent via an online popup ad form from Igloo, a seller of coolers and drinkware. You’ll notice the company states exactly what the customer will be opting into.

An example of an online consent form.
Igloo’s online SMS consent form.

You could also work opt-ins into existing signup flow, such as at checkout. For example, you could have customers enter their phone numbers and check a box that says “Yes! Send me promotional updates and updates via text message.” The box can’t be pre-checked on any website form.

2. Offer and acknowledge opt-out requests

In addition to obtaining explicit consent, you must also provide a way for customers to opt out of SMS messages at any time. Make it clear in your text messages that customers can opt out. A best practice is to include a clause at the end of each message that says “Reply STOP to unsubscribe.” 

When a customer asks to unsubscribe, ensure your business acknowledges these requests. This means you must remove the contact from your subscribed SMS list and no longer send messages. If you don’t, you could end up facing legal or monetary penalties.

At Textline, our SMS software automatically unsubscribes contacts who reply with words like STOP, END, CANCEL, UNSUBSCRIBE, and QUIT.

3. Stay consistent with compliance in your industry

The reality is that some industries, like finance and healthcare, have strict rules that govern customer privacy. As a result, it's important to ensure that your organization’s SMS strategy is compliant with those industry-specific regulations.

For example, healthcare providers need to keep HIPAA in mind. The law protects individuals protected health information from being improperly disclosed or accessed. Depending on your use case, you could be sharing PHI via text. As a result, it’s important to pick a secure HIPAA-compliant SMS platform that encrypts data and to train your staff about proper use of texting.

Another example is for financial institutions that follow SOC 2 requirements. These regulations ensure sensitive information is handled responsibly and protected. You should ensure that your SMS platform can help you protect that information. 

One best practice to ensure your text messages are compliant with industry standards is to get a double opt-in. This means confirming a customer’s subscription via text after they gave written consent. 

For example, a single opt-in is when a customer gives you their phone number and consents on a contact form. A double opt-in is confirming that choice via text. 

4. Make your terms and conditions clear 

To be compliant with applicable laws, you must share upfront the SMS terms and conditions. This includes making it clear from the jump what types of messages customers are opting into. Will you be sending customers promotional messages, transactional messages, or conversational text messages? You must let them know. 

The key to staying compliant is being transparent and not hiding your SMS intent. 

Overall, here are the items you should disclose upfront: 

  • Your company name
  • The types of messages customers can expect (ex: appointment reminders, discounts, etc.)
  • Text message frequency
  • Opt-out instructions
  • A link to your full written terms and conditions

5. Include text frequency upon opt-in

You must also give subscribed contacts a clear idea of how many text messages they can expect to receive. Will your business send one text per month, four per month, or only message them about upcoming appointments? Make this clear from the jump.

While it’s a best practice to let contacts know exactly how many texts they will get, you can also tell them that they will just be recurring. However, make sure you don’t send too many text messages to your contacts each month. Sending too many messages could result in a higher unsubscribe rate.

6. Keep time zone in mind

The Telephone Consumer Protection Act prohibits businesses from sending text messages before 8 am and after 9 pm in your recipient’s time zone. These hours are known as “quiet hours.” 

If you have customers in different time zones like Pacific Time and Eastern Time, make sure you stay aware and acknowledge these hours to stay compliant. No one wants to be woken up in the morning or at night from a business text message. 

7. Register with the The Campaign Registry

Another item on the to-do list, specifically if you’re using a traditional 10-digit long code number to text, is to register with The Campaign Registry

The registry was created by mobile network operators like T-Mobile and AT&T to curb spam messages sent to customers. You must register to verify your business, the use case, and the messages you are sending. Once registered and verified, your business will see improved and faster message deliverability. Read our explainer on The Campaign Registry for more information. 

Textline recommends using 10DLC numbers as they are more recognizable and often cheaper than short code numbers. 

8. Avoid off-limit topics

Some topics are heavily restricted or barred for business SMS. This includes topics that fall under sex, hate, alcohol, firearms, or tobacco. This is known in the industry as the acronym SHAFT.

Businesses should avoid sending text messages related to this banned language. However, there are some exceptions. For example, if you own a bar or restaurant, you could send messages about a happy hour deal as long as there are age restrictions in place and the messages aren’t being sent to those under the age of 21. 

Why is SMS compliance important?

Businesses should make SMS compliance a top priority. This ensures you aren’t breaking the law and you don’t tarnish your reputation with customers or potential customers. 

Let’s talk about penalties first. The reality is that fines for violating texting laws can add up fast. Specifically, under the Telephone Consumer Protection Act businesses could face fines of $500 to $1,500 per spam text message violation. That could end up being a costly fine. Plus, you could also face other legal consequences.

Additionally, sending unwanted text messages is bad for your business and reputation. These unsolicited messages will feel like spam to your contacts and likely will drive them away. Ultimately this means you lose customers, leads, and revenue. 

In short, failure to comply with SMS regulations is illegal and could result in lost customers and revenue. However, complying with these texting laws ensures that you are only texting customers who want to hear from you. This will increase your response rate and allow you to improve SMS mobile marketing campaign performance. 

Who and what laws regulate text message compliance?

There are several key federal and industry players that regulate text messaging in the U.S. Plus, several key laws to know. Read on to understand the key laws and regulating bodies.

The regulators:

Federal Communications Commission (FCC). The FCC is a federal agency that regulates media and phone communication in the U.S. The FCC has adopted several rules that protect consumers from unwanted text messages. The agency sets regulations for wireless carriers, issues new rules to protect customers, and oversees the key texting legislation the TCPA (more on that below.)

The Federal Trade Commission (FTC). The FTC is another federal agency that deals with texting. The agency cracks down and investigates businesses or bad actors who use text messaging to scam people. You can report instances of text message fraud to the FTC.

The Cellular Telecommunications Industry Association (CTIA). This is a national trade group that represents the telecommunications industry. The group consists of mobile carriers like AT&T, customer engagement platforms like Twillio, mobile app developers, and more. The CTIA holds the power to block businesses from texting if they don’t comply with texting guidelines. To manage CTIA compliance, read the groups’ principles and best practices.

The key laws:

Telephone Consumer Protection Act (TCPA). Passed in 1991, this legislation protects customers from receiving unwanted calls, texts, faxes, and more. The TCPA grants the FCC enforcement authority. There are several TCPA rules that apply to texting, including requiring opt-ins and always ensuring customers can opt out. The TCPA also maintains that businesses don’t reach customers who are on the national do-not-call list and requires businesses to maintain an internal DNC list of customers who asked to be removed from their program.

Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM Act). This law, passed in 2003, also applies to text messaging. While the law is primarily designed to curb email spam, it still applies to some spam text messages. The key to the CAN-SPAM act is that SMS marketing campaigns must be appropriate and clear, and customers must opt-in first. Additionally, there must always be a free way to opt out and companies must honor that request in 10 days. 

The bottom line

The first step to text message compliance is understanding the rules. Our explainer provides an overview of the key laws, regulators, and steps you can take to help stay compliant. Follow our checklist above to help avoid sending unsolicited text messages to your customers. But remember that ultimately a lawyer is best suited to ensure your campaigns are compliant.

Disclaimer: This article is for informational purposes only and is the opinion of the Textline editorial team. It is not intended to substitute legal advice from a qualified legal counsel. Please check with your legal counsel if you have any questions or concerns. 

Start texting now

Sign up for a free 14-day trial today
Get Started
No credit card required