SMS is a marketing tool that is growing, and fast. With people spending almost three hours a day on their mobile devices, being able to stay in touch with them in an instant, short and direct way is imperative. However, as with all marketing tools, there are rules we need to follow not only in order to avoid legal issues, but also to keep a healthy relationship with our leads and customers. If you’re thinking about implementing SMS marketing in your business strategy, continue reading this article to know all about SMS opt-in rules, SMS compliance and regulations (TCPA, GDPR, among others), and list growth and message content compliance.
Primary Law Frameworks
Depending on the geographical location of your business and your potential SMS subscribers, there are different SMS regulations you need to follow:
- In the United States, there are two primary law frameworks that regulate marketing to protect consumers: the Telephone Consumer Protection Act (“TCPA”) and the CTIA’s Short Code Monitoring Handbook and Messaging Principles and Best Practices (“CTIA guidelines”).
- In Canada, the Canadian Anti-Spam Legislation (“CASL”) regulates all commercial electronic messages, including SMS and email.
- Within the European Union countries, the General Data Protection Regulation (“GDPR”) is the law that regulates data protection and privacy in the region, which includes SMS marketing.
- In the UK, SMS compliance is dictated by the UK General Data Protection Regulation (“UK GDPR”) and the Public and Electronic Communications Regulations 2003 (“PECR”).
- In Australia, SMS marketing is regulated by the Spam Act 2003 and the Spam Regulations 2021.
To check where most of your customers and leads are located, refer to Google Analytics to see the demographics of your audience. Here’s a step-by-step on how to check that information.
Once you have identified this information, make sure you review the relevant SMS regulations for your business and audience. This is important because they will give you insights on how to update your Privacy Policy and Terms & Conditions. If the GDPR and/or TCPA guidelines are applicable to your business, find here some text samples you can add to your legal pages to make sure you’re being compliant and transparent about your SMS program.
Even when compliance can look different for every business depending on the laws that regulate its geographical location, there are some general guidelines that we as marketers and you as a business owner can consider best practices. Let’s take a look at them.
SMS List growth compliance
An essential part of your SMS strategy is your list of subscribers. You’ll want to collect all the subscribers you can to keep regular communication with them. However, you need to make sure your ways to do so are compliant. That means you need to collect and confirm express written consent from your subscribers. How? It’s all about the wording you use in your sign-up forms. It should inform users of the following:
- Messages will have marketing/promotional content
- Messages may be sent via an autodialer
- Subscribing to SMS is not a condition of purchase
- Message frequency (For example: “Msg frequency varies.”)
- Message and Data rates may apply
- Link to your Privacy Policy page
- Link to your Terms & Conditions page
- Opt-out instructions (e.g., Reply STOP to unsubscribe)
- Help instructions (e.g., text HELP for help)
Here’s an example of two opt-in methods that are compliant.


Once your subscribers have opt-in, some regulations (like the CTIA guidelines) require you to send a reply text to their subscription, including information like your brand’s name, opt-out instructions, help instructions, and rate information. See the example below of an SMS that includes this information and that it’s included in the Welcome Flow of this brand.
Message compliance
The audience, frequency, and timing of the messages
When you are ready to start sending SMS or MMS campaigns, you should make sure that you send messages only to people that have subscribed to your list and agree to receive marketing messages from you.
You should also refrain from sending SMS or MMS campaigns between 9 a.m. and 9 p.m in each recipient’s time zone. That’s because that timeframe is also known as “quiet hours” and it helps businesses avoid sending intrusive messages to their subscribers at inappropriate times.
If you are working with SMS Bump to manage all your SMS marketing efforts, here’s how you can set quiet hours on the platform. Go to settings, choose your timezone, and set the timeframe in which you want to refrain from sending SMS from flows or campaigns.
As you can see in the example, the timeframe goes from 6 PM to 11 AM. This is because these hours are set based on the timezone you selected. In this case, the selected timezone is US/Eastern. However, a big part of this brand’s list is made up of people in Pacific Time. Therefore, if we were to send a message at 8 AM Eastern Time, someone on the Pacific Coast would get it at 5 or 6 AM, which of course, it’s too disruptive and can cost you a lot of unsubscribers. So keep this in mind when setting the quiet hours in your SMS platform.
Content
There are certain elements you should always include in your message and some you shouldn’t.
- What to include? Brand name, so you are easy to identify with your customers. Opt-out text, so people know how to unsubscribe from your SMS marketing program.
- What not to include? Any terms about or related to sexual content, hateful content, alcohol, firearms, tobacco.
Opt-out compliance
It is as important to be compliant when collecting new subscribers, as it is when letting them go from your SMS program. Make sure you are making the opt-out process easy by including opt-out instructions in all your text messages (or regularly). Once people have unsubscribed, make sure they are being deleted from your SMS marketing list.
SMS Compliance Checklist
Now that we have gone through everything you need to do to stay SMS compliant. Let’s review everything in order with the ultimate SMS compliance checklist every eCommerce store owner should have!
- Discover where your subscribers are from
- Read all relevant law frameworks for those locations
- Decide if you’re gonna send SMS to all of those locations or just some of them. Set that up in your SMS platform
- Update your Privacy Policy and Terms & Conditions on your website
- Set your timezone and quiet hours
- When creating a sign-up form, make sure you are collecting express consent by adding compliant opt-in language.
- Make sure you’re sending a reply message to new subscribers with the required information.
- When sending SMS or MMS campaigns, make sure you’re sending only to people who subscribed to your list.
- Always include your brand name in your SMS or MMS campaigns and opt-put text.
- Avoid using words relates to sexual or hateful content, alcohol, firearms, or tobacco.
This is an always-changing world, especially the virtual world. Therefore, SMS compliance laws are being updated all the time. It can be hard to stay on top of it when you are already juggling a bunch of other aspects of your eCommerce business. So, if you want to make sure your SMS program is compliant (and successful in terms of revenue and ROI), book a free call with us and let our hustlers take care of it. Want to know how far we can take it? Check the results from SMS marketing for four eCommerce stores that started their SMS marketing journey with us at Hustler Marketing in early 2021 and have achieved an average of 12.5% SMS Revenue, 26% monthly growth in ROI, and more.