Blog Home
Texting 101

SMS compliance checklist

Alia Paavola
minute read
Table of contents:

Texting has emerged as an excellent tool for businesses to connect with customers, leads, and employees. That’s because text messages have higher response, open, and click-through rates than email. Plus, customers spend more than four hours on their phones daily, ensuring your message is seen. However, before adding a business SMS strategy, you must understand the laws that govern texting.

Texting is highly regulated to protect customers and limit damaging spam messages. Knowing these rules will help you stay compliant to avoid fines and other legal repercussions. While texting compliance may seem daunting, it isn’t with our nine-step checklist.

Below, Textline shares the nine essential steps that will help your organization with text message compliance. Please note that this checklist is for informational purposes only and is the opinion of the Textline editorial team. It is not intended to substitute legal advice from a qualified legal counsel. 

1. Ensure your opt-in consent procedures are in place

Before you text any contact, you must get their consent. Your contacts must consent to receive recurring messages, marketing messages, and more. The key to obtaining consent is being as transparent as possible and acquiring customers’ phone numbers independently. So before you embark on an SMS strategy, ensure your business has a plan to get mobile numbers and ask for permission to contact them via SMS. 

There are several ways your business can obtain an opt-in to grow your SMS subscriber list. This includes setting up a text-to-join campaign asking customers to text “JOIN” or “HELLO” to your business texting number or using an online form. An online form must state that the consumer is subscribing to get SMS messages upon submission. 

Below is an example of obtaining prior consent via an online popup ad form from Igloo, a seller of coolers and drinkware. You’ll notice the company states precisely what the customer will be opting into.

An example of an online consent form.
Igloo’s online SMS consent form.

You could also work opt-ins into your existing signup flow, such as at checkout. For example, you could have customers enter their phone numbers and check a box that says “Yes! Send me promotional updates and updates via text message.” The box can’t be pre-checked on any website form. It also must be separate from your terms and conditions checkbox.

2. Register your business and phone number

Another item on the to-do list is registering your company and phone number. This step should be completed as quickly as possible, as the approval process can be lengthy. Current estimates put the approval process at about two to three weeks, and texting customers can only be done once your business’ campaign is approved.

This registration process is required across the industry, no matter what phone number type you use (10-digit long codes, toll-free numbers, or shortcodes). This compliance step ensures the right parties, like mobile carriers and direct connect aggregators, can verify the legitimacy of your business, texting use case, and opt-in procedures.

The registration process was created to curb the amount of spam or unsolicited text messages sent to customers.

✅ For an in-depth explainer on registering your company and phone number, read Textline’s help center article.

3. Offer and acknowledge opt-out requests

In addition to obtaining explicit consent, you must provide a way for customers to opt out of SMS messages at any time. Make it clear in your text messages that customers can opt-out. A best practice is to include a clause at the end of each message that says, “Reply STOP to unsubscribe.” 

When a customer asks to unsubscribe, ensure your business acknowledges these requests. You must remove the contact from your subscribed SMS list and no longer send messages. If you don’t, you could face legal or monetary penalties.

At Textline, our SMS software automatically unsubscribes contacts who reply with words like STOP, END, CANCEL, UNSUBSCRIBE, and QUIT.

4. Stay consistent with compliance in your industry

The reality is that some industries, like finance and healthcare, have strict rules that govern customer privacy. As a result, it's important to ensure that your organization’s SMS strategy is compliant with those industry-specific regulations.

For example, healthcare providers need to keep HIPAA in mind. The law protects individuals' protected health information from being improperly disclosed or accessed. Depending on your use case, you could be sharing PHI via text. As a result, it’s crucial to pick a secure HIPAA-compliant SMS platform that encrypts data and to train your staff about the proper use of texting.

Another example is for financial institutions that follow SOC 2 requirements. These regulations ensure sensitive information is handled responsibly and protected. You should ensure that your SMS platform can protect that information. 

One best practice to ensure your text messages are compliant with industry standards is to get a double opt-in. This means confirming a customer’s subscription via text after they give written consent. 

For example, a single opt-in is when a customer gives you their phone number and consents to a contact form. A double opt-in is confirming that choice via text. 

5. Make your terms and conditions clear 

To be compliant with applicable laws, you must share upfront the SMS terms and conditions. This includes clarifying from the jump what types of messages customers consent to receive. Will you be sending customers promotional messages, transactional messages, or conversational text messages? You must let them know. 

The key to staying compliant is transparency and not hiding your SMS intent. 

Overall, here are the items you should disclose upfront: 

  • Your company name
  • The types of messages customers can expect (ex: appointment reminders, promotional messages, order updates, etc.)
  • Text message frequency
  • Opt-out instructions
  • A link to your full written terms and conditions

NOTE: If you’re using an online form with an SMS consent checkbox, it must be separate from the terms and conditions checkbox. It also can’t be pre-selected.

6. Include text frequency upon opt-in

You must also give subscribed contacts a clear idea of how many text messages they can expect to receive. Will your business send one text per month, four per month, or only message them about upcoming appointments? Make this clear from the jump.

While it’s a best practice to let contacts know exactly how many texts they will get, you can also tell them that they will just be recurring. However, make sure you don’t send too many text messages to your contacts each month. Sending too many messages could result in a higher unsubscribe rate.

7. Keep time zone in mind

The Telephone Consumer Protection Act prohibits businesses from sending texts before 8am and after 9pm in your recipient’s time zone. These hours are known as “quiet hours.” 

If you have customers in different time zones, like Pacific Time and Eastern Time, ensure you stay aware and acknowledge these hours to stay compliant. No one wants to be woken up in the morning or at night from a business text message. 

8. Avoid off-limit topics

Some topics are heavily restricted or barred for business SMS. This includes topics that fall under sex, hate, alcohol, firearms, or tobacco. This is known in the industry as the acronym SHAFT.

Businesses should avoid sending text messages related to this banned language. However, there are some exceptions. For example, if you own a bar or restaurant, you could send messages about a happy hour deal as long as there are age restrictions in place and the messages aren’t being sent to those under the age of 21. 

9. Be ready for change

Texting is a relatively new way for businesses to communicate with customers. This means the rules and regulations are also new and very likely to change. Mobile Network Operators like AT&T, T-Mobile, and Verizon continue to monitor text traffic and experiment with the best ways to verify businesses, use cases, and opt-in procedures. As a result, you must be ready to make adjustments as these rules change. Textline will do its best to keep our customers informed of any regulatory changes that affect them. Stay subscribed to our emails, and you’ll be in the know.

Why is SMS compliance important?

Businesses should make SMS compliance a top priority. This ensures you aren’t breaking the law and you don’t tarnish your reputation with customers or potential customers. 

Let’s talk about penalties first. The reality is that fines for violating texting laws can add up fast. Specifically, under the Telephone Consumer Protection Act, businesses could face fines of $500 to $1,500 per spam text message violation. That could end up being a costly fine. Plus, you could also face other legal consequences.

Additionally, sending unwanted text messages is bad for your business and reputation. These unsolicited messages will feel like spam to your contacts and likely will drive them away. Ultimately, this means you lose customers, leads, and revenue. 

In short, failure to comply with SMS regulations is illegal and could result in lost customers and revenue. However, complying with these texting laws ensures that you only text customers who want to hear from you. This will increase your response rate and allow you to improve your SMS mobile marketing campaign performance. 

Who regulates text message compliance?

Several critical federal and industry players regulate text messaging in the U.S. Here are the key regulators.

Federal Communications Commission (FCC)

The FCC is a federal agency that regulates media and phone communication in the U.S. The FCC has adopted several rules that protect consumers from unwanted text messages. The agency sets regulations for wireless carriers, issues new rules to protect customers, and oversees the key texting legislation, the TCPA (more on that below.)

The Federal Trade Commission (FTC)

The FTC is another federal agency that deals with texting. The agency cracks down and investigates businesses or bad actors who use text messaging to scam people. You can report instances of text message fraud to the FTC.

The Cellular Telecommunications Industry Association (CTIA)

This is a national trade group that represents the telecommunications industry. The group consists of mobile carriers like AT&T, customer engagement platforms like Twillio, mobile app developers, and more. The CTIA holds the power to block businesses from texting if they don’t comply with texting guidelines. To manage CTIA compliance, read the groups’ principles and best practices.

What SMS compliance laws do I need to know?

Here are the two main compliance laws to know before you start texting customers.

Telephone Consumer Protection Act (TCPA)

Passed in 1991, this legislation protects customers from receiving unwanted calls, texts, faxes, and more. The TCPA grants the FCC enforcement authority. Several TCPA rules apply to texting, including requiring opt-ins and always ensuring customers can opt-out. The TCPA also maintains that businesses don’t reach customers on the national do-not-call list and requires businesses to maintain an internal DNC list of customers who asked to be removed from their program.

Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM Act)

This law, passed in 2003, also applies to text messaging. While the law is primarily designed to curb email spam, it still applies to some spam text messages. The key to the CAN-SPAM Act is that SMS marketing campaigns must be appropriate and clear, and customers must opt in first. Additionally, there must always be a free way to opt-out, and companies must honor that request in 10 days. 

The bottom line

The first step to text message compliance is understanding the rules. Our explainer provides an overview of the key laws, regulators, and steps you can take to help stay compliant. Follow our checklist above to help avoid sending unsolicited text messages to your customers. But remember that a lawyer is best suited to ensure your campaigns are compliant.

Disclaimer: This article is for informational purposes only and is the opinion of the Textline editorial team. It is not intended to substitute legal advice from a qualified legal counsel. Please check with your legal counsel if you have any questions or concerns. 

Start texting now

Sign up for a free 14-day trial today
Get Started
No credit card required

Earn commission for referrals

Get paid for each customer you bring to Textline.