US SMS compliance guide
Last updated: 3/16/2023
This US SMS compliance guide provides an overview of SMS compliance in the United States.
SMS in the United States can be seen as quite complex, especially in comparison to other regions or other channels of messaging. The purpose of this guide is to provide an overview of SMS compliance in the USA. Navigate through essential rules, regulations, and best practices to maintain compliance with US SMS laws.
This compliance guide is intended to be for information only and does not serve as legal advice. You should consult your counsel for legal advice.
US SMS compliance layers
In the US, there are three layers of compliance:
- Individual carrier networks
The TCPA stands for Telephone Consumer Protection Act, and it is the federal legislation (originally written in 1991) that governs telemarketing, text messaging, and the Do-Not-Call list. While these laws do not explicitly mention anything about SMS, it has been ruled that texts are treated as phone calls under the TCPA. These laws exist to protect people from unsolicited text messages and phone calls.
The CTIA stands for Cellular Telecommunications Industry Association, and it is a trade group that represents wireless carriers and others in the telecom industry. The CTIA maintains the Short Code Monitoring Handbook which lays out additional guidelines for SMS marketing. The CTIA guidelines align with TCPA laws to protect people from unwanted text messages but extend further to help marketers create a better experience for consumers.
Individual Carrier Networks (MNO)
Each individual carrier network is privately owned and operated, and as such, they reserve the right to approve, reject, question, or disable any campaign on their network. Some carriers have their own individual Code of Conduct. For details, see Industry Guides.
Text message laws
The TCPA and CTIA guidelines should be adhered to, however, it is important to distinguish between what is law and what is regulation. There is a lot of overlap between the two, however, you can view the TCPA as federal laws preventing unsolicited text messages and CTIA guidelines as carrier regulations further protecting consumers.
It is important to recognize that although failure to comply with TCPA laws can trigger large class-action lawsuits and penalties of up to $500 per text, failure to comply with carrier requirements can also result in fines.
What is consent?
CTIA defines consent as an individual subscriber’s election to participate. How do you get consent? TCPA defines express written consent as permission given by someone on paper or electronically to receive promotional messages via an auto-dialer.
How to obtain consent?
Obtaining consent is fairly simple. Consent means that the subscriber you are messaging agreed to receive those messages. This could be by checking a box on a web form, sending a keyword, agreeing to a verbal request, or providing a phone number in a field.
When it comes to messaging, consent can be broken down into three categories depending on the type of messaging being used. Check out this guide provided by CTIA to outline the types of messaging content and associated consent principles.
|Conversational messaging is a back-and-forth conversation that takes place via text. If a consumer texts a business first and the business responds quickly with a single message, then it is likely that it is conversational. If the consumer initiates the conversation and the business simply responds, then no additional permission is expected.
|Informational messaging is when a consumer gives their phone number to a business and asks to be contacted in the future. Appointment reminders, welcome texts, and alerts fall into this category because the first text sent by the business fulfills the consumer's request. A consumer needs to agree to receive texts for a specific informational purpose when they give the business their mobile.
|Promotional messaging is a message sent that contains a sales or marketing promotion. Adding a call-to-action (e.g., a coupon code to an informational text) may place the message in the promotional category. Before a business sends promotional messages, the consumer should agree in writing to receive promotional texts. Businesses that already ask consumers to sign forms or submit contact information can add a field to capture the consumer's consent.
First message is only sent by a consumer.
Message responds to a specific request.
First message is sent by the consumer or business.
One-way alert or two-way conversation.
Message contains information.
First message is sent by the business.
Message promotes a brand, product, or service.
Prompts consumer to buy something, go somewhere, or otherwise take action.
If the consumer initiates the text message exchange and the business only responds to each consumer with relevant information, then no verbal or written permission is expected.
The consumer should give express permission before a business sends them a text message. Consumer may give permission over text, on a form, on a website, or verbally. Consumer may also give written permission.
Express written consent
The consumer should give express written permission before a business sends them a text message. Consumers may sign a form, check a box online, or otherwise provide consent to receive promotional text messages.
Consent in real-time
When you understand the importance of consent, the different types, and their required consent level, you will need to understand how to collect that consent via opt-in. Even though implied consent and express consent are allowed for conversational and informational messaging, much of the messaging in the industry today is promotional, and, as such, Infobip recommends always collecting express written consent.
Obtaining consent requires having a Call-to-Action. The Call-To-Action is the language encouraging or inviting a consumer to opt-in to a program.
CTIA requires these Call-to-Actions to have some key things. Firstly, the Call-to-Action must be unambiguous. Consumers must be made aware of what they are signing up to receive.
How do you do that?
By ensuring you have six key things:
- Product description
- Message frequency
- Complete terms and conditions or link to complete terms and conditions
- STOP keyword
- Message and Data rates may apply disclosure
There are many ways to accomplish this online: your opt-in mechanism may be built into an order form, appear as a pop-up on a website, be embedded into an existing page, or may even be a stand-alone page. Whichever mechanism you choose, you will need to ensure that it is TCPA and CTIA-compliant and that it collects the subscriber's phone number.
Text to join is also an incredibly popular way to collect opt-in consent for SMS. Text opt-in works by directing a consumer to text in a keyword, or a phrase to a short code or phone number. For this to be considered compliant, the advertisement instructing someone to send the keyword must include some required wording.
While web forms and text to join are the most common forms of obtaining consent, there are others. Keep in mind that your Call-to-Action must be compliant and a user must agree to receive the messages.
The next requirement for compliance is confirming the opt-in. When a user subscribes, they should immediately be sent a confirmation message. The confirmation message should include the name of the program or brand, information on how to unsubscribe, how to get in touch for help, the message frequency, and “Message and data rates may apply disclosure”.
A double opt-in is a great way to re-verify a consumer's intent and desire to subscribe to a program. It requires the user to agree to receive messages twice. When the user sends in their text to join keyword or fills out their webform, they are first sent a message asking them to confirm they want to subscribe. If the user replies YES, they are then sent a final confirmation message. Double opt-in is also a great way to validate that phone numbers filled in on web forms are accurate.
Additional US SMS compliance requirements
In addition to the information about how to advertise the opt-in (Call-to-Action), how to obtain your opt-in, and what to send after someone opts in (confirmation message), what else is required?
All SMS programs are required to have a few key elements to support the SMS program.
Customers need to know how to unsubscribe from the program if they wish and that request must be honored and confirmed immediately.
Reply STOP to cancel.
Infobip: You have been unsubscribed from Infobip messages; no further messages will be received.
Customer Care contact information
This is how a subscriber gets ahold of someone for assistance. This should be advertised in the HELP instructions. Anytime a user texts the keyword HELP, the program should respond and provide a phone number or email address that a consumer can use to get assistance.
Reply HELP for Help!
Infobip: For more information call us at 888-949-9540 or email [email protected].
All messaging programs must have a supporting website. This can be an existing website that a brand already has with a section that references SMS, a whole website dedicated to information about a brand's SMS program, or a small snippet at the bottom of a page.
As a business, you can determine what suits your needs best but make sure that you have the minimum required information.
Terms and Conditions requirements
To meet compliance requirements, a Terms and Conditions page is a must. The link to your terms and conditions page must be easily accessible, and it must be advertised in the Call-to-Action. What is required to be listed within the Terms and Conditions is pretty basic. Many brands choose to add more information or add an SMS section to their existing terms and conditions. You must have the following:
- Program or brand name
- Message frequency
- Description of the program
- Customer Care Contact information
- Opt-out information
- Message and Data rates may apply disclosure
The above excludes text messaging originator opt-in data and consent; this information will not be shared with any third parties.
As noted earlier in this guide, there are multiple levels of compliance, CTIA, and individual carrier networks.
Any unlawful, unapproved, or illicit content is prohibited, as listed by CTIA. The following are examples of prohibited content:
- Fraudulent or misleading messages
- Depictions or endorsements of violence
- Inappropriate content
- Profanity or hate speech
- Endorsement of illegal drugs
Carriers also define some additional disallowed content:
- High Risk Financial Services such as payday loans, or loans from non-direct lenders
- Debt Forgiveness Programs including credit repair
- Illegal substances (cannabis or illegal prescriptions)
- Work and Investment Opportunities such as work-from-home programs or job alerts from third parties
- Lead generations or affiliate marketing indicating the sharing of collected information with third parties