Compliance for Text Messages: a Guide to 3 Critical Regulations

The SMS compliance ecosystem

Compliance with legal frameworks, such as the TCPA, GDPR, and CCPA, may be fact- and context-specific. The information contained in this blog post should not be relied upon as legal advice or to determine how these regulations apply to your use of SMS and our service. This information is provided “as is” and may be updated or changed without notice. You may use this blog post for your internal reference purposes only.

Compliance with federal and local regulations is a focus for any business with a marketing or customer service team. Communications between businesses and customers must be compliant no matter whether your team uses phone calls or emails. Compliance for text messages is no different. 

Though a relatively new channel for professional use, business text messaging has been regulated by federal and local governments across the world. Businesses have to be aware of regulations wherever they operate—and where their customers are located. This makes text message compliance a little tricky for those who haven’t navigated it before.

But with a firm understanding of the biggest regulations out there—and knowledge that your business needs to research local regulations, too—you can navigate the world of text message compliance without worry. 

Read on to learn about 3 regulations that will shape your path to SMS compliance. 

The TCPA and Compliance for Text Messages

The Telephone Consumer Protection Act (TCPA) is one of the most well-known regulations for businesses who are learning about SMS compliance. 


Enacted in 1991, the TCPA wasn’t meant to dictate compliance for text messages at first. It was meant to curb the many telemarketing calls consumers were receiving in the late 80s and early 90s. Today, the TCPA applies to all marketing channels, including business text messaging. There are various spin-offs of TCPA, including the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act


In essence, the TCPA mandates that your business must acquire legal consent from your customers before you connect with them via text message. It also demands that your business provide transparency when publicizing texting services.

TCPA Compliance for Text Messages

The TCPA is a complex document well worth reviewing with your legal team. But for basics, to comply with the TCPA, your business will want to:

  • Clearly outline your services to customers
  • Secure customer opt-ins with written permission (i.e., a text with a specific keyword or a web form) before communicating with them
  • Remove reissued numbers, deleting all contacts who haven’t texting recently
  • Regularly include opt-out instructions in texts, especially at the beginning of chats

The GDPR and Compliance for Text Messages

The General Data Protection Regulation (GDPR) is one of the newer regulations that might affect your business if you communicate with customers in the EU. 


The GDPR was passed in 2016 and implemented in 2018. It was meant to curb some of the data and privacy problems that social media companies were stirring up at the time with their advertising programs. Individual countries within the EU have also created and maintained their own data regulations. Before leaving the EU in 2020, the UK amended the Privacy and Electronic Communications (PECR) Regulations to better compliment the GDPR. 


In essence, the GDPR addresses data protection and privacy for all European Union (EU) citizens, including data transferred outside EU boundaries. It attempts to prevent data theft and protect user privacy. 

GDPR Compliance for Text Messages

If your business connects with users outside of the UK, you have to adhere to the GDPR. For SMS compliance with the GDPR, your business must:

  • Comply with opt-out requestsTeam planning out compliance with text messages
  • Delete stored data after a period of time
  • Ensure your data is accurate
  • Allow customers full data control
  • Inform customers about your policies
  • Notify customers about policy changes 

The CCPA and Compliance for Text Messages

The California Consumer Privacy Act (CCPA) is a new and relatively specific act, only affecting Californian consumers—and many of the businesses that interact with them. 


The CCPA passed in 2019 and became active in 2020. California’s government created it to boost privacy rights and consumer protections for residents of California. It affects any business that collects consumers’ personal data, does business in California, and:

  • Has annual gross revenues above $25 million;
  • Buys or sells personal information of 50,000 or more consumers or households; or
  • Earns over half of its revenue from selling consumers’ personal information


Similarly to the GDPR, the CCPA is concerned with regulating businesses’ handling of consumer data. It requires that businesses create and implement additional security procedures for consumer data protection.

CCPA Compliance for Text Messages

To ensure text message compliance with the CCPA, your business must:

  • Create a process for customers to submit data access requests, including, at a minimum, a toll-free telephone number
  • Update official privacy policies with newly required information, including a description of California residents’ rights
  • Avoid requesting opt-in consent for 12 months after a California resident opts out of your texting program 

Need help with compliance? Check out our SMS compliance checklist.

Share via
Copy link