Text Marketing Laws: What Every Business Needs to Know

Type: Blog
Topic: Consent Mgmt

Topic: Do Not Call Solution

Marketing text messages are regulated by multiple federal and state laws. The Telephone Consumer Protection Act (TCPA), the FTC’s Telemarketing Sales Rule (TSR), and state-level mini-TCPA statutes each set their own rules for consent, opt-out handling, disclosures, and recordkeeping. Wireless carriers also enforce their own rules, with the power to block messages or suspend campaigns that don’t meet industry standards. Every non-compliant text counts as a separate violation, and penalties range from up to $1500 per message under the TCPA to more than $53,000 per contact under the TSR.

PossibleNOW’s DNCSolution® and MyPreferences® are built to help enterprises navigate this complex regulatory landscape, providing centralized consent management, automated suppression enforcement, and up-to-date regulatory guidance across federal, state, and carrier-level requirements.

Key topics covered in this guide:

• The federal and state laws that apply to marketing texts
• What each law requires for consent, opt-outs, scrubbing, and recordkeeping
• How penalties and fines are calculated and enforced
• How PossibleNOW helps businesses stay compliant

The Laws That Regulate Text Marketing

Multiple laws govern text marketing, and they vary by country and jurisdiction. This guide focuses primarily on U.S. regulations, but businesses that text consumers in Canada or the EU must also account for the laws that apply in those regions. These laws overlap in some areas and differ in others, so compliance with one does not guarantee compliance with another.

Telephone Consumer Protection Act (TCPA)

The TCPA is the primary federal statute that covers marketing texts. It is enforced by the FCC and requires businesses to obtain prior express written consent before sending automated marketing messages. It also protects consumers’ right to revoke that consent and bars businesses from texting numbers listed on the National Do Not Call Registry unless a valid exemption applies.

The TCPA also includes a private right of action, so businesses face litigation risk not just from regulators but from every consumer they text. These cases are frequently filed as class actions, and settlements for SMS violations regularly reach multi-million-dollar amounts.

FTC’s Telemarketing Sales Rule (TSR)

The TSR governs telemarketing activity, including marketing texts sent for promotional purposes. It is enforced by the FTC and operates alongside the TCPA with its own requirements for disclosures, opt-out handling, recordkeeping, and DNC list management. The TSR also establishes how long businesses must retain consent and suppression records.

State-Level Text Marketing Laws

Several states – including Florida, Oklahoma, and Maryland – have passed their own text marketing statutes with stricter consent standards and higher statutory damages than federal laws provide. Some state SMS telemarketing laws also give consumers the ability to bring private lawsuits, creating class action exposure on top of federal claims. Businesses that text consumers across multiple states face the challenge of keeping track of which rules apply where and ensuring their campaigns meet each jurisdiction’s specific requirements.

CTIA Wireless Carrier Standards

CTIA is the trade association representing U.S. wireless carriers. Its standards are not federal law, but carriers enforce them directly. Programs that fail to meet CTIA requirements risk having messages blocked, short codes suspended, or campaigns removed from carrier networks entirely.

CTIA standards cover message frequency disclosures, data rate notices, STOP and HELP keyword recognition, and quiet-hour expectations. A business may satisfy the core TCPA and TSR rules for a campaign and still have messages blocked or the program suspended for violating carrier or aggregator standards.

Canada’s Anti-Spam Legislation (CASL)

CASL applies to any business that sends commercial electronic messages to recipients in Canada, including marketing texts. It requires express or implied consent before sending, clear sender identification, and a functioning unsubscribe mechanism in every message. Unlike the TCPA, CASL is enforced by the Canadian Radio-television and Telecommunications Commission (CRTC) and other Canadian regulators, and administrative monetary penalties can reach up to C$10 million for businesses.

General Data Protection Regulation (GDPR)

The GDPR applies to any business that sends marketing texts to individuals in the European Union or European Economic Area, regardless of where the business is based. It requires a lawful basis for processing personal data, which for marketing texts typically means explicit consent. The consent must be freely given, specific, informed, and unambiguous. GDPR also gives individuals the right to withdraw consent at any time and to request deletion of their data. Penalties for violations can reach up to €20 million or 4% of global annual revenue, whichever is higher.

Essential Rules for Text Marketing Under Federal and State Laws

Together, these regulations create a set of specific obligations that businesses must meet when sending marketing texts.

Obtain Prior Express Written Consent Before Sending Marketing Texts

No marketing text can be sent without the consumer’s prior written agreement. The consent form or opt-in mechanism presented to the consumer must include:

• A clear disclosure that the consumer is agreeing to receive marketing texts.
• An affirmative action by the consumer to opt in. Pre-checked boxes are not valid.
• The name of the specific business or brand that will send messages.
• A statement that consent is not required to make a purchase.
• Disclosure that automated technology may be used.
• Message frequency and data rate information.
• Instructions for opting out.

Each consent must be recorded with enough detail to demonstrate it was properly obtained.

Honor Opt-Out Requests Within 10 Business Days

Federal law requires businesses to stop sending marketing texts as soon as possible and no later than 10 business days after receiving a revocation request.

The rules are broad about how consumers can opt out. Recognized methods include:

• Reply keywords like STOP, QUIT, END, CANCEL, or UNSUBSCRIBE
• Informal replies like “take me off this list” or “no more texts”
• Phone calls, emails, web forms, or customer service requests

Businesses cannot require consumers to opt out in only one way. They must honor any reasonable opt-out request, not just STOP replies. A single confirmation message may be sent after the opt-out, but it must contain no promotional content.

Opt-outs must also be shared across every system and vendor involved in texting. If one platform records the opt-out but another keeps sending messages, the business can still face complaints, lawsuits, or fines for texts sent after consent was revoked.

Scrub Telemarketing Text Lists Against Federal and State Do Not Call Lists

Federal regulations require that telemarketing lists be checked against the National Do Not Call Registry no less than every 31 days. Internal suppression files should be reviewed more frequently to make sure recent opt-outs are reflected before the next campaign.

A handful of states, including Florida and Louisiana, operate their own do-not-call registries with separate scrubbing obligations.

For a detailed breakdown, see PossibleNOW’s guide on Do Not Contact rules for SMS and text messaging.

Verify That Numbers Have Not Been Reassigned

Phone numbers change hands regularly, and consent does not transfer to a new owner. If a business texts a reassigned number, it may be contacting someone who never agreed to receive those messages.

The FCC’s Reassigned Numbers Database (RND) helps businesses identify numbers that may no longer belong to the original consenting party. A TCPA safe harbor may apply when a business properly checks the RND before texting and receives an incorrect result.

Only Send Texts During Permitted Hours

Federal rules limit marketing texts to between 8 a.m. and 9 p.m. in the recipient’s local time zone. Some states set narrower windows. Carrier standards may impose additional quiet-hour expectations, and violations can trigger message filtering or blocking.

Use Clear Sender Identification and Specific Brand Disclosures

Marketing texts should clearly identify the specific business or brand behind the message. Vague language such as “on behalf of our partners” or unnamed affiliates creates risk because the consumer may not know who is contacting them or what consent applies.

Retain Consent and Suppression Records

Businesses must keep consent records for at least five years under federal rules. Some states extend this to 10 years, and many businesses choose to retain them indefinitely as a best practice.

In addition to consent documentation, businesses should maintain records of every opt-out request, including when it was received and through which channel. Scrub receipts and vendor-related communications should also be preserved, since regulators and courts may request evidence that compliance practices were followed consistently.

Penalties and Fines for Text Marketing Violations

Every non-compliant text counts as a separate violation, which means a single campaign can generate substantial financial exposure.

• TCPA statutory damages: $500 to $1,500 per message. Consumers do not need to prove actual harm, and the TCPA’s private right of action allows them to bring lawsuits directly against the business.
• TSR civil penalties: Up to more than $53,000 per non-compliant contact.
• State-level damages: Mini-TCPA statutes can add their own penalties on top of federal fines. Several states also allow private lawsuits, which compounds the litigation risk.
• Class action settlements: TCPA claims are often brought as class actions, which can turn a high-volume texting campaign into major financial exposure. When large numbers of consumers are affected, settlements can quickly reach into the millions of dollars.
• Vicarious liability: Courts have consistently found that brands are responsible for the actions of their third-party marketing partners, including lead generators, vendors, and remarketers. If a partner sends non-compliant texts on a brand’s behalf, the brand shares the legal exposure.

How PossibleNOW Helps Businesses Keep SMS Marketing Compliant

PossibleNOW gives enterprises the tools and expertise to manage text marketing compliance across every regulation and every system involved in outbound messaging.

• MyPreferences® captures and stores consent with full audit detail, manages customer communication preferences, and distributes opt-outs in real time across connected platforms. When a consumer revokes consent, every system reflects that change.
• DNCSolution® scrubs outbound lists against federal, state, wireless, and internal Do Not Contact registries, the Reassigned Numbers Database, and a list of known TCPA litigators.
• RegInfoHub® tracks regulatory changes at the federal and state level, including SMS-specific rules and mini-TCPA developments, and delivers updates so compliance teams can respond before new requirements take effect.
• Strategic Consulting and Compliance Advisory Services work with organizations to design consent workflows, audit vendor practices, and build SMS operations that hold up under regulatory scrutiny.

Text marketing laws are enforced per-message, and the penalties add up fast. Businesses that lack centralized consent management, automated scrubbing, and current regulatory intelligence face growing exposure as enforcement activity continues to be aggressive. PossibleNOW helps enterprises close those gaps and manage TCPA compliance with confidence.

Ready to strengthen your text marketing compliance? Contact a PossibleNOW expert today to see how DNCSolution® and MyPreferences® can help.