MessageAgent
All articles

COMPLIANCE

TCPA SMS Compliance: A Guide for Business Texting

A TCPA SMS compliance guide covering prior express consent, written consent for marketing, STOP and opt-out handling, quiet hours, and record-keeping. General information, not legal advice.

By the MessageAgent team · June 2026 · 11 min read

If your business sends text messages to customers, TCPA SMS compliance is something you cannot afford to get wrong. The Telephone Consumer Protection Act governs automated calls and texts in the United States, and violations carry steep statutory penalties per message. This guide explains, in plain language, what TCPA requires for SMS: consent, written consent for marketing, STOP and opt-out handling, quiet hours, and record-keeping. It also shows how a well-built messaging platform helps you stay on the right side of the rules.

This article is general information, not legal advice. TCPA, state laws, and carrier rules change, and how they apply depends on your specific situation. Consult a qualified attorney before launching an SMS program.

What the TCPA is

The TCPA is a federal law, enforced by the Federal Communications Commission and through private lawsuits, that restricts how businesses can contact people by phone and text without permission. It was written to protect consumers from unwanted automated calls and messages. For texting specifically, the core idea is simple: you generally need the recipient's consent before you send them automated text messages, and the level of consent required depends on what the message is for.

The reason TCPA SMS compliance gets so much attention is the penalty structure. Damages run per message, and a single careless campaign sent to thousands of people without proper consent can expose a business to very large liability. The risk is real, which is why getting the fundamentals right is worth the effort.

Prior express consent

The foundation of TCPA SMS compliance is consent. Broadly, there are two levels:

  • Prior express consent is generally required for non-marketing, informational texts, such as an appointment reminder or an order update, where the customer has given you their number in connection with that transaction.
  • Prior express written consent is the higher bar generally required for marketing or promotional texts. This means the customer affirmatively agreed, in writing, to receive marketing messages, and the agreement was not a condition of buying anything.

The practical takeaway is that the same phone number is not a free pass for any message. A customer who gave you their number to get a shipping update has not necessarily agreed to receive promotions. Match the consent you have to the kind of message you are sending.

It is also worth knowing that consent is contextual and specific. A customer who opts in to appointment reminders from your clinic has not consented to a separate promotional campaign, and consent given to one business does not transfer to an affiliate or a sister brand. When in doubt, ask for fresh, specific consent rather than stretching old permission to cover something new. The narrower and clearer your consent, the easier it is to defend.

What valid written consent looks like

For marketing texts, the written consent generally needs to be clear and specific. Good practice usually includes several elements:

  • A clear statement that the person agrees to receive automated marketing texts from your business at the number provided.
  • Disclosure that consent is not a condition of purchase.
  • A note that message and data rates may apply, and an indication of message frequency.
  • Easy access to your terms and privacy policy, and instructions to opt out.

A pre-checked box or burying consent in unrelated fine print is the kind of thing that gets challenged. The consumer should knowingly and affirmatively agree. Keep the language plain and the action deliberate.

STOP and opt-out handling

Even with valid consent, every recipient has the right to opt out at any time, and you must honor it promptly. The standard is to recognize common opt-out keywords, STOP being the universal one, along with words like UNSUBSCRIBE, CANCEL, END, and QUIT. When someone sends one, you should stop messaging that number and send a single confirmation that they have been unsubscribed.

Two things matter here. First, opt-out must be honored quickly, not weeks later. Second, you should treat any reasonable indication that someone wants to stop as a valid opt-out, even if they did not use an exact keyword, for example "please stop texting me." Building opt-out handling that catches these reliably is one of the most important parts of TCPA SMS compliance.

A common and costly mistake is treating opt-out as channel-specific. If a customer says stop on SMS but keeps hearing from you on WhatsApp, or opts out of marketing but still gets promotional content dressed up as a transactional message, you have a problem. The safest posture is to honor a clear opt-out broadly and to keep a single, shared record of who has opted out so that no part of your operation accidentally messages them again. Carriers also watch opt-out behavior closely, and ignoring it can get your numbers filtered or blocked regardless of the legal exposure.

Quiet hours

TCPA and related rules restrict the times of day you can send messages. The widely followed guideline is to avoid texting before 8 a.m. or after 9 p.m. in the recipient's local time zone. Some states impose their own, sometimes stricter, windows. Because your customers may be in many time zones, respecting quiet hours means timing sends to each recipient's local time, not your own. Scheduling that ignores time zones is an easy way to land in trouble.

Record-keeping

If a consent dispute ever arises, the burden is generally on the business to show it had permission. That makes record-keeping essential. For each contact, you should be able to demonstrate when and how they consented, what they consented to, the exact language they agreed to, and whether and when they opted out. Keep these records for as long as your counsel advises. Good records turn a potential dispute into a quick, documented answer.

The best time to build this trail is automatically, at the moment of consent, not retroactively when a complaint lands. A timestamp, the source of the opt-in, and a snapshot of the exact disclosure the person agreed to are worth far more than a vague note that someone signed up. If you cannot reconstruct exactly what a contact agreed to and when, you effectively cannot prove consent at all.

Beyond TCPA: state laws and carrier rules

TCPA is the headline, but it is not the only rulebook. Several states have their own telemarketing and texting laws, some stricter than the federal baseline, including tighter restrictions on calling and texting times. On top of the law, the mobile carriers enforce their own messaging standards through industry registration and content rules. Unregistered or non-compliant traffic can be filtered or blocked outright, which means you can lose deliverability even when you are technically within the law. A complete compliance posture accounts for federal law, the relevant state laws, and carrier requirements together.

A quick TCPA SMS compliance checklist

  1. Collect the right level of consent for the message type, written consent for marketing.
  2. Use clear, specific opt-in language, never pre-checked or buried.
  3. Recognize and honor STOP and other opt-out requests instantly.
  4. Send a single opt-out confirmation, then stop.
  5. Respect quiet hours in each recipient's local time zone.
  6. Keep auditable records of consent and opt-outs.
  7. Disclose your business identity in messages.

How MessageAgent helps you stay compliant

MessageAgent is built so that the mechanics of TCPA SMS compliance are handled for you rather than left as a manual chore. The platform captures and timestamps consent when a contact opts in, so you have a record of when and how permission was given. It recognizes STOP and other opt-out instructions automatically and stops messaging that contact immediately, sending a single confirmation. AI disclosure is on by default, so customers know they are chatting with an AI assistant. And because the same opt-out applies across the unified inbox, an opt-out on one channel is respected, not forgotten.

None of this replaces your own legal review, and it should not. But it removes the most error-prone parts of running a compliant SMS messaging program, so a missed STOP or an out-of-hours send is far less likely to be the thing that exposes you. Compliance is treated as a built-in feature, not fine print.

Texting that captures consent and honors STOP

Consent capture, instant opt-out handling, and AI disclosure built in across every channel, in one inbox.

MessageAgent · Get started

Put one AI on every channel

One agent that answers, qualifies, books, and upsells across SMS, WhatsApp, Instagram, web chat, and email, in one inbox. AI is always disclosed, with human handoff built in.

See features

One AI across every channel

One inbox, one brain, one flat predictable price. No per-resolution surprise bills.

See pricing