About  /  411 Blog  /  The Complex World of Business SMS Texting Regulations: A Guide for Business Owners

The Complex World of Business SMS Texting Regulations: A Guide for Business Owners

Business SMS texting is a powerful communication tool, but it is also subject to regulations. These regulations are put in place to protect the rights of consumers and businesses and ensure that text messaging is used in a responsible manner. In this article, we will explore some of the key regulations that apply to business SMS texting, and how they can impact your organization.

As part of this article, we will cover the following regulations, as well as some special notes:

  • TCPA (Telephone Consumer Protection Act)
  • CAN-SPAM Act
  • GDPR (General Data Protection Regulation)
  • 10DLC (10 Digit Long Code)
  • State & Industry Specific Regulations
  • Some Additional Considerations

TCPA (Telephone Consumer Protection Act)

The TCPA is a federal statute in the United States managed by the FCC (Federal Communications Commission) that regulates the use of telemarketing, which includes SMS text messaging. The TCPA requires businesses to obtain prior express written consent before sending text messages to consumers. This means that businesses must have a system in place to obtain and record consent from customers before sending text messages. Consent fields can be added to contact forms or obtained directly from customers or clients when interacting with them by phone or email.

Some might ask or wonder how a statute initiated in 1991 that governs phone calls relates to SMS text messaging, but it is important to know that the FCC updated this statute in 2015 reaffirming that text messages are subject to the same TCPA restrictions as phone calls.

The TCPA also regulates the frequency of text messages and limits the number of calls or text messages that can be made to a consumer in a given period of time.

The most common violations of the TCPA include:

  • Autodialing cell phones listed in the Do-Not-Call Registry.
  • Automated messages delivered to cell phones without PEWC (consent).
  • Unsolicited marketing robocalls.
  • Inadequate or absent disclosures during a phone call.

It is also important to note that there are some exceptions to TCPA in regard to communications. Those exceptions include non-commercial calls or messages to a residence, calls or messages that do not constitute telemarketing or marketing of any kind, or calls or messages from a registered, tax-exempt NPO (non-profit organization). Additionally, HIPAA (Health Insurance Portability and Accountability Act of 1996) and package delivery notifications are excluded.


The CAN-SPAM Act is a federal law that required the FCC to issue rules that regulate commercial email and some text messaging. The law applies to any business that sends commercial text messages and requires businesses to provide a way for recipients to opt-out of receiving future messages. Businesses must also include their contact information in each text message and the message must not be misleading in nature.

This is something to consider for businesses moving from personal cell phones to business SMS texting as CAN-SPAM does not cover personal SMS text messaging, only commercial messaging by email or SMS texting from a business number.

GDPR (General Data Protection Regulation)

First and foremost, it is vital to note that the GDPR is a European Union regulation that regulates the handling of personal data. It only applies to businesses in the United States that do business in the EU and process the personal data of EU citizens. To comply with GDPR businesses must obtain explicit consent from customers before sending text messages and must provide customers with the option to opt-out of receiving text messages at any time. Businesses must also ensure that they have implemented robust security measures to protect personal data.

A business should also have clear statements available on their website with specific information about what information is collected and how it is stored (if applicable). This can be handled in a standard privacy policy, but it can be placed into a separate statement for data management and protection. Having both may be ideal for your business, especially if you not only do business in the US and the EU, but within certain states in the US like California. See the next section for more information about that.

10DLC (10 Digit Long Code)

10DLC stands for 10 Digit Long Code. Businesses must use a 10DLC number to send Application-to-Person (A2P) SMS messages, i.e. for marketing or even just standard communication. This format is regulated and has somewhat replaced and improved upon traditional shared short codes you might see from companies when they send marketing messages, 2FA (2-Factor Authentication) messages, or other transactional notifications.

10DLC numbers can be leased by businesses from carriers like Intulse, and are unique numbers used to send bulk SMS messages to their customers. The older short code format numbers can be shared by businesses which often causes delays and delivery issues for messages, which is one of the reasons why 10DLC is better for both reliability and customer experience.

While not a federal or state regulation, it is important to note that 10DLC numbers are regulated by the Cellular Telecommunications Industry Association (CTIA) within the US, and there are fees associated with registration and compliance that are part of registering a business number for SMS texting. Some of the CTIA restrictions placed on businesses include guidelines and requirements and frequency restrictions on how often messages can be sent, and message content.

One of the biggest challenges to note is that the CTIA regulations for 10DLC frequently change, unlike the other regulations discussed here that are codified by law and go through a legal process for changes and approvals. While these changes to 10DLC can be frustrating to both carriers and businesses, you can count on the team at Intulse to be current on 10DLC regulations and changes. We send regular updates to our clients about any changes.

If you’re curious about 10DLC regulations and best practices, here are some links to CTIA documentation for registration and use of 10DLC for business SMS texting:

State-Specific Regulations

In addition to federal regulations, many states have their own laws that govern the use of SMS texting for business purposes. California’s CCPA (California Consumer Privacy Act) of a state-specific regulation within the United States. The CCPA is very similar to the EU’s GDPR in form and function by regulating all communication by a business to a customer. State-specific regulations like the CCPA can be more restrictive than federal laws, and businesses must comply with all applicable regulations to avoid penalties and legal issues.

Industry-Specific Regulations

Certain industries may have their own specific regulations when it comes to SMS texting. For example, healthcare providers must comply with HIPAA regulations, which require them to protect the confidentiality of patient information. Financial institutions must comply with regulations such as the bank secrecy act and the Gramm-Leach-Bliley Act.

While not related to texting, a huge regulatory shift was seen this past year with the CMS (Centers for Medicare & Medicaid Services) ruling is that health care provider field agents must record all calls with beneficiaries, including the enrollment process. This serves as a practical example of how the Intulse system can answer two regulatory needs: call recording and business SMS texting.

To ensure compliance with these regulations, businesses should develop a text messaging policy that outlines their procedures for obtaining consent, managing opt-outs, and protecting personal data. Businesses should also educate their employees on the regulations that apply to business SMS texting, and ensure that they are following the appropriate procedures. Additionally, businesses should work with a reputable SMS messaging provider that can help them comply with regulations and ensure the security of their text messaging communications.

So, Are Regulations Something Businesses Should Worry About?

Because business SMS texting is subject to a number of regulations at the federal, state and industry level, it is extremely important for business owners to make sure they are in compliance with these regulations. Failure to comply with these regulations can result in penalties and legal issues for businesses.

Our focus at Intulse is to help businesses and organizations make a more cost-effective decision about their communications technologies. Our VoIP phone systems integrate deeply with popular and industry-specific CRM systems, offer standard and extended features that help businesses comply with regulatory requirements, and make your business communications much easier. If you would like to learn more, please contact a member of our team!