Text Message Laws Every Business Needs to Follow

What are the text message marketing laws?

Several governing bodies have created regulations regarding telemarketing communications. These laws are updated continually to reflect technological advancements and evolving business practices. Here are some laws you should be aware of.

Telephone Consumer Protection Act (TCPA)

The TCPA is the primary telemarketing law in the United States. Passed by Congress in 1991 and governed by the Federal Communications Commission (FCC), the TCPA has been amended numerous times to target unsolicited text messages and phone calls. It emphasizes privacy rights through the following measures:

• Auto-dialer restrictions: The TCPA restricts auto-dialer calls, also called robocalls, in which an automatic telephone dialing system calls or messages consumers without human intervention by selecting phone numbers from a digitally stored list.
• Identification: Commercial entities must identify themselves in each communication and state their reason for contact clearly.
• Hours of operation: Communication must occur between 8 a.m. and 9 p.m. in the consumer’s local time zone.
• Opt-out functions: Consumers can request that their phone number be placed on a do-not-contact list at any time. All text communications must allow consumers to opt out of the company’s subscriber list by directly replying to the text.
• Prior express written consent: Companies may not contact customers with commercial or marketing offers without obtaining prior express written consent. This consent must be documented and cannot rely on previous contact, verbal confirmation or purchase history.
• One-to-one consent: The TCPA’s one-to-one consent rule aims to end predatory lead-generation practices by requiring telemarketers to acquire explicit consumer consent for individual sellers and brands to call or text their phones. This rule mandates that SMS marketers:
  • Obtain written consent from consumers.
  • Provide clear and conspicuous disclosure about how consumers agree to be contacted.
  • Respect Do Not Call regulations.
  • Keep detailed records of consumers’ consent status.

CAN-SPAM Act

The Federal Trade Commission (FTC) enacted the Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM Act) in 2003 to establish rules for commercial email communications. The Act governs all unsolicited commercial emails and includes provisions for opt-out mechanisms, accurate subject lines and sender identification.

Under the CAN-SPAM Act, informational messages that do not promote new business, such as order confirmations or shipping updates, are valid exceptions and can be sent without express written consent. However, even these messages must allow recipients to opt out of future communications.

While the CAN-SPAM Act primarily regulates email marketing, it has influenced broader digital communication laws. Text message marketing is governed chiefly by the TCPA, with the FCC overseeing compliance. The FTC, meanwhile, has the authority to write additional guidelines for text message marketing within the framework of the CAN-SPAM Act.

Cellular Telecommunications Industry Association (CTIA) guidelines

The CTIA is a national trade group that represents the wireless communications industry. The CTIA is not a governing body. However, it can discontinue and block the texting services of businesses that refuse to comply with its guidelines.

The CTIA provides a Messaging Principles & Best Practices document to clarify and expand on many of the provisions set forth in the TCPA and CAN-SPAM Act. This document outlines best practices for securing clear and verifiable express written consent from consumers for SMS marketing.

Express written consent

Express written consent, as required by the TCPA and defined by the CTIA, validates the contract between a business and its customers to communicate through text messaging. The offer for customer consent to telemarketing must clearly meet the following criteria in writing:

• Explain the reason the business requests the customer’s contact information.
• Provide a clear estimate of how often customers will receive messages and explain the content of those messages.
• Give customers access to the full terms and conditions of their consent, either directly or through a hyperlink.
• Require customers to affirm their agreement, such as by clicking “I consent” or selecting “yes” to sign up.
• Allow customers to opt out of receiving messages at any time and for any reason, typically through a direct reply.
• Inform customers that standard messaging and data rates may apply.

Brian Wilson, former chief revenue officer of SlickText, emphasized the critical importance of obtaining full, express written consent. “The most common mistake we see is not receiving prior consent,” Wilson noted. “If there’s one central rule around compliance with federal regulations, it’s to receive consent from the individuals you are going to be messaging.”

International laws

International consumer privacy laws govern all communication conducted within their territories, regardless of a business’s primary headquarters location. The strictest of these laws is the European Union’s General Data Protection Regulation (GDPR).

In addition to requiring express consent, the GDPR mandates that businesses storing European customer data comply with six key principles of data protection: 

• Lawfulness, fairness and transparency
• Purpose limitation
• Data minimization
• Accuracy
• Storage limitation
• Integrity and confidentiality

Compliance with these regulations often requires significant financial and legal resources to implement proper safeguards.

Canada enforces its own regulations under Canada’s Anti-Spam Legislation (CASL). While CASL primarily governs email, it also applies to SMS and other forms of electronic communication. If your SMS campaigns meet the express written consent criteria defined by the TCPA and CTIA, they will likely align with CASL requirements. However, CASL also mandates that businesses maintain clear records of consent and ensure message content adheres to specific rules. If you are unsure whether your campaigns meet U.S. or international criteria, consult a business lawyer.

What are the penalties and fines for not adhering to the laws?

Even one mistake with text messaging compliance can result in hefty fines. Each violation incurs a fine of $500 per occurrence. Notably, this penalty applies to each individual message in breach of TCPA compliance — not the campaign as a whole.

For example, an SMS campaign that illegally messaged 1,000 contacts could incur fines totaling at least $500,000. If the violations are deemed intentional, the fines are tripled to $1,500 per message. In that same campaign, intentional violations would increase the total penalty to $1.5 million — and this assumes only one message per recipient.

These penalties are uncapped and businesses are held accountable for every violation. As subscriber lists grow, so does the potential liability, often exceeding insurance coverage limits.

Garrett Olexa, vice president of legal affairs at Sun Health, highlighted common mistakes businesses make with text messaging compliance, including “mistakenly assuming that just hiring a third party to send out the texts shields their business from liability.” When using a third-party texting service, businesses remain responsible for their message content. Olexa also warned companies against assuming their business’s general liability insurance coverage will apply to any statutory violation, which is often not the case.

How can businesses avoid violating text message marketing laws?

The potential for fines and regulations might discourage some businesses from using SMS marketing, but mass texting is too effective to ignore. Here are several ways to fulfill TCPA requirements while successfully marketing your business.

Include all information necessary for express written consent.

Use the express written consent guidelines above to ensure your first message to a new subscriber includes all necessary information, including the following:

• Business name
• Reason for messaging
• Message frequency
• Rates disclaimer
• Link to your privacy policy and terms
• Opt-out instructions

Here’s a simple template to get you started:

“Hi [Name], thanks for signing up for the [Company] Summer Sale! We’ll send you personalized deals every week. Up to 4 msgs/month. Msg & data rates may apply. Reply HELP to review terms, STOP to cancel.”

Use keyword shortcodes.

A keyword shortcode is a word or phrase customers can text to a specified number to sign up for your text messages. Businesses can provide that keyword to the customer within a CTIA-compliant disclaimer that includes all components of express written consent. When a customer responds with the keyword, they have provided consent.

Consider a double opt-in.

A double opt-in is the safest way for a business to ensure the legality of its text messages. After a subscriber has provided their phone number, send a follow-up message asking them to confirm their subscription by replying “yes” or “no.” This additional step removes any doubt that a keyword message or email subscription was insufficient to obtain the consumer’s express written consent.

“Any time companies have a certain age level or verification they want to do with an individual … they may want to use a double opt-in to understand how old the person is before [they] agree to include them in [their] text marketing list,” Wilson advised.

Maintain your commitments.

Text message campaigns offer the highest open rates of all marketing channels. This success can tempt a business to inundate its subscribers with SMS notifications, but contacting customers too frequently can put you at risk of violations and damage your brand image. Annoying text message campaigns can quickly lead to unsubscribes and complaints.

SMS regulations are designed to ensure businesses honor their promised messaging frequency. By adhering to these laws, your text messaging will remain an infrequent surprise, and customers will be less likely to grow annoyed and perceive these messages as spam. 

Provide an incentive to sign up.

Offer value for customers who sign up for your text messages. For example, subscribers could receive discounts, limited-time offers or additional features to your core services, such as delivery tracking or real-time alerts. Consider how your favorite brands could convince you to provide your phone number and then see how your business might use a similar approach.

Use reputable text message marketing software. 

Dedicated SMS marketing software is one of the best ways to streamline your marketing program and help ensure compliance with the latest laws and regulations. The best text message marketing services include built-in compliance features like template libraries, integration with third-party business apps and lists to segment and sort subscribers.

In addition, text message marketing platforms can be used for other business purposes, such as customer service, facilitating payments and shipping updates. Regardless of your use case or industry, the right business SMS software can ensure you comply with text message laws and industry regulations.

Sean Peek contributed to this article. Source interviews were conducted for a previous version of this article.