SMS Compliance: A Mobile Marketer’s Guide to SMS Rules

Understanding the rules for SMS compliance is as crucial as it is complex. Fear not - we've broken down the key components of this highly regulated market so you can more easily understand the various requirements that must be met.

Mara Miller
Director of Marketing
SMS compliance graphic
Table of Contents
Table of Contents

Mobile messaging is on the rise as the most effective way to break through the marketing clutter by directly engaging with consumers. This year, mobile marketing will account for more than half of global ad spend, surpassing desktop and traditional web spending for the first time.

Before you integrate this powerful practice into your marketing strategy, it’s important to understand that mobile messaging comes with its own set of rules and requirements that must be followed.1

What Is SMS Compliance? 

SMS compliance are regulatory rules and laws established by several organizations and legislatures across the country that are to be abided by when sending out marketing text messages. These rules break down into two key sets of SMS compliance regulations: CTIA & Carrier compliance and Legal compliance.

The Importance of SMS Compliance

No one wants phone calls, emails, direct mail, or text messages they didn’t sign up to receive.

Mobile compliance requirements elevate the effectiveness and credibility of text message marketing. Consumers know they can trust the businesses they receive SMS messages from, and businesses know they’re reaching consumers who want to hear from them.

If SMS compliance isn’t followed, steep penalties such as fines or legal action may follow.

Industry rules and regulations establish specific parameters regarding what businesses can and cannot do with their text message marketing. They include:

  • Who you can contact via mobile marketing—and when
  • What potential subscribers need to know before they opt in
  • How to manage opt-out requests

As SMS regulations change over time, it’s important to do your research to make sure you comply with the latest laws and requirements. Trusted mobile marketing partners who understand the importance of SMS compliance can support your mobile efforts by keeping you informed on the changing carrier, CTIA, federal and state regulations. 

Who Makes the Rules for SMS Compliance?

There are several parties that establish mobile marketing laws and regulations.


The Federal Communications Commission (FCC) is a government agency that monitors and regulates communications. It serves as the primary regulator for U.S. communications laws and technological innovation. 


In more recent years we’ve seen local laws being enacted by certain states that apply to mobile messaging. The state of Florida currently has enacted its own law that applies only to Florida residents (more details on this in a moment) and other states, such as Oklahoma, are expected to pass similar legislation in the near future.


Formerly known as the Cellular Telecommunications and Internet Association, CTIA is a nonprofit that develops and monitors rules, regulations, and voluntary best practices to guide the mobile industry.

Wireless Carriers

Wireless carriers like AT&T, T-Mobile, and Verizon may choose to impose their own guidelines for customers to follow when sending business-to-consumer marketing messages via text. While carriers can’t legally enforce laws, they can choose to take their own course of action if marketers violate their policies.

Companies are required to follow these carrier rules to be approved to send text messages on their network, which is one of the reasons why it is very advantageous to partner with mobile marketing companies who have direct connections and relationships with the carriers.

SMS Compliance Terms to Know

As you become familiar with SMS compliance rules, you’ll encounter several terms that are helpful to understand.

  • Calls to Action: A call to action tells the consumer what next step they should take. All mobile marketing programs must display a clear call to action that explains what consumers are signing up to receive—and how to proceed if they agree to these terms.
  • Opt-In/Opt-Out Messages: Opt-in messages give consumers an easy way to indicate that they agree to receive messages from a brand. Opt-out messages give consumers an easy way to decline further communication from the brand. Once a consumer joins your SMS program, explain how they can opt out. Consumers must be able to easily opt in and opt out whenever they choose.
  • Privacy Policy: A privacy policy is a legal document that discloses what kinds of personal information is being gathered from the consumer, how the information is used, and how it’s protected.
  • Terms and Conditions: Terms and conditions outline the relationship between the consumer and the business, including duties, rights, roles, and responsibilities.

Be straightforward and transparent about your program’s terms and conditions and privacy policy. Provide links to these documents in the call-to-action or opt-in prompt to ensure consumers are agreeing to those terms when they complete their signup into your mobile program. 

The Latest SMS Compliance Legal Considerations 

Marketers must not only be aware of the authorities when it comes to mobile compliance, but also recognize the mobile regulations and laws these authorities put in place. 


The Telephone Consumer Protection Act (TCPA) of 1991 established required national requirements for telemarketers and the use of automated telephone dialing equipment. Since then, it has been updated to include regulations for text message marketing as well. 

In 2013, a clause was added that requires businesses to gather “prior express written consent” (PEWC) prior to sending marketing messages via SMS (more on that later).

The TCPA lays out other requirements as well:

  • Before sending text and opt-out instructions, your business must identify itself
  • Consumers must be able to easily opt out through any reasonable means, such as texting the word STOP to the number (known as a short code) they no longer want to receive messages from  
  • Messages must be sent only within commercial texting times (8 a.m. to 9 p.m. based on the recipient’s time zone) 

PEWC must also be obtained prior to sending any commercial or marketing-based messages (we are getting to that part, we promise). 

Supreme Court decision in April 2021 regarding autodialer definitions may affect whether TCPA requirements apply to you. This is why Vibes recommends seeking the advice of your legal counsel to determine the best approach for your brand as it relates to the TCPA.

Florida Telemarketing Act2 

Commonly known as a "mini TCPA" that applies only to Florida residents, the Florida Telemarketing Act states that:

  • Florida residents cannot be contacted before 8 a.m. or after 8 p.m. local time in the recipient’s time zone
  • The frequency of contacting Florida residents is limited to no more than 3 messages or calls per day regarding the same subject matter or issue
  • PEWC must be obtained before sending any commercial or marketing-based messaging


Put into law in 2018, to protect privacy and personal data, General Data Protection Regulation (GDPR) applies to any country that wants to do business in the European Union or use its citizens’ personal data.

It maps out requirements about:

  • Obtaining consent to send text messages
  • Reporting security breaches to consumers right away
  • Allowing consumers to access their personal data, reuse their personal data outside the business, and completely erase their data if they choose
  • Deploying appropriate security measures to protect consumer data

Prior Express Written Consent (PEWC)

Before you can legally send marketing text messages, PEWC requires you to provide clear and conspicuous written disclosure that outlines the following three points:

  1. The participant understands that “opting in” means they permit delivery of autodialed marketing messages to their mobile device
  2. The participant agrees to receive texts at the phone number they provide
  3. The participant understands that they’re not required to enter the agreement as a condition of making a purchase

PEWC also requires you to obtain the user’s written consent in agreement to these terms prior to sending any commercial or marketing-based messages. Consent cannot be given verbally.

Users must opt in using one of the following written processes that’s tied to PEWC language so that written consent is properly established: 

  • A text message
  • Filling out and submitting an online form
  • An electronic sound or symbol

Many brands choose to go the route of obtaining PEWC through a text message. This process involves asking users to text a specific keyword to their brand’s short code. For example, users can reply “Y” to the opt-in prompt to agree to the PEWC disclosures. 

SMS compliance

We recommend asking your legal team to determine whether you should obtain PEWC for your mobile marketing programs, and here are a few considerations to keep in mind if you will be obtaining PEWC for them:

  • Include PEWC language in a clear, conspicuous location, such as in your call to action or in the message that prompts the user to reply “Y” to complete their opt-in
  • Track the dates for any changes made to consent disclosures for new and existing programs, keeping a record of what has changed

Short Code Monitoring Handbook

Created by the CTIA, the Short Code Monitoring Handbook is a set of best practices that must be met to launch a mobile program on a wireless carrier’s network.

If these best practices are not followed, then it’s very likely that your program will not be approved to launch or may be shut down if already live.

The guidelines include recommendations about:

  • Displaying clear calls-to-action to ensure consumers are aware of what they are signing up for
  • Gathering consent and sending an opt-in confirmation message before sending messages to consumers
  • Giving consumers an easy way to stop receiving message
  • Appropriate ways of capturing consent: online forms, opt-in buttons, opt-in messages, etc.

It's also a requirement to include customer support information and opt-out instructions in at least 1 SMS marketing message per month - most often this information is in the form of "text HELP for help, STOP to cancel".

SMS compliance

Although they're required to be sent at least once per month, brands have the liberty to put customer support information and opt-out instructions in different messages. We recommend sending the opt-out instructions in a message with highly engaging content to help retain your customers, such as a monthly promotion or targeted content relevant to their preferences.

Real-World Consequences of Noncompliance

Recent national news about an oral care company, mortgage company, and bridal chain paints a true picture of the consequences of noncompliance.

In each of these situations, consumers who didn’t opt into SMS marketing were receiving text messages—and the messages continued after the customers followed the appropriate steps to opt-out of further SMS communication.

These three companies are now dealing with the impacts of noncompliance as they face class-action lawsuits that seek to help users recover damages from frequent unauthorized text messages.

Incidents like these can be avoided when you work with a trusted partner to ensure that every SMS marketing message you send complies with laws and regulations.

Uncommon SMS Compliance Mistakes You Should Know

Some SMS compliance mistakes seem more obvious than others.

For example, common SMS compliance mistakes often include actions that blatantly violate the law, such as sending messages without explicit consent, texting outside business hours, or not providing a simple way for users to opt out.

Other mistakes aren’t quite as obvious, but they can still result in company fines and penalties. Here are a few examples. 

Sending messages about shopping cart recovery

All retailers struggle with managing online shopping cart abandonment and enticing those sales later.

When a shopper puts items in their online cart but never initiates a purchase, it makes sense to follow up with a text message to remind them to complete their order—right?

But many retailers don’t realize that some carriers have established guidelines detailing the dos and don’ts of sending cart-recovery reminder messages. In short: abandoned cart reminders can’t be sent on the carrier network unless it's explicitly stated in the call-to-action and opt-in process so that customers know they are giving clear consent on their willingness to receive these reminders.

To comply with these carrier rules, businesses must adjust their opt-in processes, update their privacy policies and terms and conditions, and follow specific rules about text content and frequency when sending cart recovery messages.

SMS compliance

Common “tap-to-join” functionality that simplifies the signup process for a mobile program by pre-populating an opt-in within a mobile device's native messaging app does not comply with carrier rules on cart recovery messages.

Promoting age-restricted products or services without verifying age

Wireless carriers have strict restrictions on certain types of content. The most common content that's prohibited on one or more carriers is SHAFT content (sex, hate, alcohol, firearms, or tobacco).

There are some exceptions when it comes to marketing related to alcohol or tobacco: a process called “age gating”, which is required when sending SMS messages. This includes messages that promote wineries, wine clubs, breweries, bars, nightclubs, tobacco sales, alcohol sales, liquor stores, etc. This ensures that the users who see and receive these messages meet the appropriate age requirements.

If your business sends alcohol or tobacco-related messages of any kind, then age verification needs to be part of the SMS program opt-in process. This is typically done through either the use of an age-gate opt-in process or by only disclosing program opt-in instructions in promotional placements that have already been age gated. Common “tap-to-join” functionality doesn't typically comply with these rules unless a step to capture and verify age information is included.

When it comes to marketing to and communicating with customers about cannabis or gambling, wireless carriers have strict restrictions around what they will allow on their network concerning the promotion of anything that is not legal at the federal level. Certain carriers will not support these messages, regardless of any prior approvals.

Assuming that a third-party texting service transfers liability

Even when you outsource an outside vendor to send your text messages for your business, you are still responsible for the content of those text messages.

By law, for example, your business is liable for ensuring your SMS marketing messages comply with all SMS compliance rules. If something goes wrong, then you must contend with the consequences—including fines and penalties. 

Next Steps to Ensure SMS Compliance

To make sure your SMS marketing strategies are effective and compliant, there are a couple of things you can do.

First, ask your current vendors lots of SMS compliance questions. They should know this subject inside and out. Find out how well they understand federal and state laws as well as specific carrier requirements. If they don’t have clear and confident answers, then it may be time to look for new partners.

Second, because of the level of complexity involved, there are law firms that specialize in TCPA compliance. Building a relationship with these professionals can provide you with valuable counsel, advice, and best practices. If a violation occurs, they can also help you navigate the process to achieve the best possible outcome.

Find a Reliable SMS Compliance Partner

Staying on top of mobile compliance helps you stay on the safe side of lawsuits—and builds trust with your customers at the same time.

With compliance controls integrated into our Mobile Engagement Platform plus dedicated subject matter expertise on the importance of SMS compliance, Vibes keeps you informed as laws, rules and regulations of the industry change and provide tips to keep your mobile marketing campaigns compliant.

To speak with an expert today, contact us here and one of our team members will be in touch with you shortly.

1This article serves to provide general guidance on mobile compliance only and is not legal counsel. Companies must work directly with their own legal teams to determine what is required for their mobile program.

2The FL Telemarketing Act has a slightly different definition of PEWC from the TCPA, so it’s recommended that you review both the TCPA’s language and the FL Telemarketing Act’s definition to ensure you’re meeting all of the necessary requirements.

Mara Miller
Director of Marketing
Cookie Preferences/Do Not Share My Personal Information
Close Cookie Preference Manager
Cookie Settings
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage and assist in our marketing efforts.
Strictly Necessary (Always Active)
Cookies required to enable basic website functionality.
Made by Flinch 77
Oops! Something went wrong while submitting the form.