12 min read

Writen by Hristina Jovanovska

Posted on: August 11, 2023

The Essential Guide to SMS Marketing Compliance in the US

For SMS marketing practices to remain ethical and legal, compliance with a complex set of regulations is essential. There’s a lot to know about text messaging compliance, shedding light on the key regulations and requirements (especially if your target is US Citizen Audience). These regulations, serve as the compass guiding marketers towards a principled course of action while safeguarding the interests and privacy of recipients.

Lets explore them.

  • Applicable regulations

There are three layers of Compliance:
1. TCPA – Telephone Consumer Protection Act – This is the federal legislation that governs telemarketing, text messaging, and the Do-Not-Call list. While these laws don’t explicitly mention anything about SMS, it’s been ruled that texts are treated as phone calls under the TCPA. These laws exist to protect people from unsolicited text messages and phone calls.

2. CTIA – Cellular Telecommunications Industry Association – This is a trade group that represents wireless carriers and others in the telecom industry. The CTIA maintains the Short Code Monitoring Handbook which lays out additional guidelines for SMS marketing. The CTIA guidelines align with TCPA laws to protect people from unwanted text messages but extend further to help marketers create a better experience for consumers. In this regard we have the TCPA as a federal law, and the CTIA as a carrier law.

3. Individual Carrier Networks (or MNOs Mobile Network Operators)
Each individual carrier network is privately owned and operated, and as such, they reserve the right to approve, reject, question, or disable any campaign on their network. Some carriers have their own individual Code of Conduct.

The specific requirements for each individual state are outlined in the text below.

Arizona: House Bill 2312

With this regulation a ban on spam text messages was imposed, which prevents SMS marketers from sending unsolicited ads via text messaging. The bill requires telemarketers to receive prior consent before sending automated text messages to mobile phones.

California: California Consumer Privacy Act (CCPA)

Under this act, California customers have the right to request a report on the personal information a company has on them and a list of other companies it’s shared that data between.

To comply with the act, SMS marketers must inform California customers about the personal information they are collecting, provide an option to request data access, update privacy policies with California rights, and offer opt-out methods. Marketers must not send an opt-in request for at least 12 months if a customer opts out of the text messaging program.

Connecticut: Act Prohibiting Unsolicited Commercial Text Messages and Increasing Penalties for Violations of the Do Not Call Registry

In 2014, Connecticut passed a law making it illegal to send unsolicited text and media messages to Connecticut residents (regardless of whether it was auto-dialed or not). Just one text message sent without receiving expressed consent is subject to a $20,000 penalty.

Connecticut is the only state requiring express written consent to receive commercial messages. This law also prohibits SMS marketers from sending texts and media messages to customers listed on Connecticut’s Do Not Call registry.

Florida: Telemarketing Act

This act prohibits telemarketers from sending text messages to Florida customers using automated technology unless they’ve received prior consent. Under this law, telemarketers cannot hide their identity, contact a customer more than three times within 24 hours, or send texts outside the hours of 8 a.m. and 8 p.m. And finally, text messaging applies to the state’s Do Not Call registry.

Indiana: House Enrolled Act 1273

This act expanded current legislation prohibiting “Robo Calls” to include texts, multimedia messages, and all forms of cell phone communication to Indiana cell phone numbers. Also, if an Indiana resident’s phone number is listed on the state’s Do Not Call registry, telemarketers cannot send them unsolicited text messages.

New Jersey: Text Message Privacy Law, A-617

Text messages sent to residents of New Jersey are subject to a new law, A-617, that requires companies to receive permission before sending them, which could result in charges or affect their text allocations. SMS marketers must provide recipients with an opt-out option and provide details on the number of messages they sent.

Oklahoma: Oklahoma Telephone Solicitation Act

This act prohibits SMS telemarketers from messaging an Oklahoma resident more than three times about the same subject within 24 hours. It also forbids companies from sending SMS texts after 8 p.m. and before 8 a.m. And like Florida’s bill, the Oklahoma act prevents companies from sending messages using automated systems without the customer’s prior consent.

Virginia: Virginia Telephone Privacy Protection Act

This act covers customers with Virginia area codes and those with non-Virginia area codes which reside in the state. SMS marketers must also clearly and accurately identify themselves in text message communication. And to top it off, the amendments also increased the damages associated with violations.

Washington: Washington’s Consumer Electronic Mail Act (CEMA)

Under this act it’s illegal for marketers to send commercial text messages without prior permission.

According to Wisconsin law, if your phone number is listed on the Wisconsin No Call program, you are protected against unsolicited calls and texts.

Wisconsin: Do Not Call Law

According to Wisconsin law, if your phone number is listed on the Wisconsin No Call program, you are protected against unsolicited calls and texts.

  • Requirements:
Express Written Consent
Informational – Express Consent Promotional – Express Written Consent
The Consumer should give express permission before a business sends them a text message. Consumer may give permission over text, on a form, on a website, or verbally. Consumer may also give written permission.The Consumer should give express written permission before a business sends them a text message. Consumers may sign a form, check a box online, or otherwise provide consent to receive promotional text messages.

Aside from this, it’s recommended that you use double opt-in method to confirm the recipients’ subscriptions to SMS. Double opt-in text messages will help to confirm the phone number provided by the recipient is legitimate and correct, capture an electronic record of the recipient’s consent, as well as provide a way for the person to opt-out in the initial stage. (this is not something you shoud prefer doing, but it shows transparency from your side and the intent to be compliant).

The Call to Action – Encouraging or Inviting a Customer to Opt-in

You will need to provide:

Product description
Message frequencyComplete Terms & Conditions or link to complete Terms & ConditionsPrivacy Policy or link to the Privacy Policy
Customer Care Contact Information (send Help for help)‘Message and Data rates’ disclosureOpt-out instructions, such as: ‘Send STOP to stop receiving communication’
STOP keyword
Terms & Conditions Requirements
Program/Brand nameDescription of the ProgramOpt-Out Information
Message frequencyCustomer Care Contact Information‘Message and Data rates’ disclosure

There are no specific requirements for the Privacy Policy, however it is important to be transparent with the data subjects, so we strongly advise to include this in the Privacy Policy as well.

Prohibited Content
SpamDepictions or endorsements of violence Profanity or hate speech
Fraudulent or misleading messages Inappropriate content Endorsement of illegal drugs
Sending Time-frame

The TCPA (Telephone Consumer Protection Act) stipulates that text messages may only be sent between 8 a.m. and 9 p.m. in the time zone your recipient is in, however certain states have more restrictive rules. In this regard, you will need to take into consideration the different time zones the recipients will be at.

Some additional things to be aware of are:

Data Retention:

To protect yourself from future disputes, it’s advisable to maintain each contact’s consent for at least four years from that date in which it was given, which is the federal statute of limitations for bringing an action under the Telephone Consumer Protection Act.

Time Zones:

Please make sure that the messages are send at the appropriate time zone. Also, as you might have notices most of the timeframes in the state legislation are from 8am.-8pm.


Please pay attention of the state rules that provide a limitation of up to 3 SMS about the same subject within a 24hour timeframe.

Evidence of Consent:

Please be aware that you need to have a clear record of the consent obtained. In addition, this requires a clearly defined tick box on the registration page with explicit wording. Example: ‘I agree to receiving SMS’.

As SMS marketing continues to innovate and connect, adherence to compliance isn’t just a legal requirement – it’s a testament to your dedication to maintaining genuine relationships. We’d love to hear from you and help you ensure your SMS marketing campaigns are compliant and ready to reach a receptive audience ethically.

For questions about the next steps, call us on +1 303 317 5998 or write to us at [email protected].

Contact Us

Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.

Contact Us

Recent blogs

EU AI Act Summary: Key Compliance Insights for Businesses

The EU AI Act is a pioneering attempt to regulate AI systems, striving for a balance between foster

AI Act: Fundamental Rights Impact Assessments (FRIA) – Who, When, Why, and How to Ensure Ethical AI Deployment

The European Union (EU) has positioned itself as a leader in shaping the responsible development an

How the Privacy Act Protects Personal Information in Australia

 As cyber threats loom larger and data breaches become more common, the significance of strong

Get Your Account Now

Setup in just a few minutes. Enter your company details and choose the services you need.

Create Account

Get In Touch

Not sure which option to choose? Call, email, chat to us

Contact Us

Stay Up-To-Date

Leave your details here and we’ll send you updates and information on all aspects of GDPR and EU Representative. We won’t bombard you with emails and you will be able to tell us to stop anytime.

Full Name is required!

Business Email is required!

Company is required!

Please accept the Terms and Conditions and Privacy Policy