Skip to main content
Free call deliverability test

TCPA for Text Messaging

people leaning against a wall, looking at smart phones

Table of Contents


In the world of marketing, different dialing methods carry different amounts of risk relating to potential Telephone Consumer Protection Act (TCPA) violations. Text messaging platforms are among the most widely used dialing methods and, thanks to constantly evolving court, the nature and extent of its risk is frequently changing.

The most notable such court decision is the Supreme Court’s ruling in Facebook v. Duguid from earlier this year. While that ruling did significantly reduce one source of risk for text platforms, it did not remove TCPA risks entirely. Indeed, mistakenly believing that the Facebook ruling freed text message platforms from TCPA regulation entirely could become a source of risk in and of itself.

ATDS Restrictions and Facebook v. Duguid

Numerous Federal Communications Commission (FCC) Declaratory Rulings have reaffirmed that text messages are subject to the same TCPA restrictions as voice calls. This means that automated text messages would be subject to the same consent requirements as phone calls placed from Automatic Telephone Dialing Systems (ATDS). These ATDS restrictions on text messaging systems have been at the root of countless TCPA lawsuits and multimillion-dollar class actions in the years leading up to the Facebook decision.

SCOTUS’s decision in Facebook does not change the fact that ATDS texting systems are subject to the TCPA’s consent requirements. Rather, it clarifies and standardizes the TCPA’s ATDS definition in such a way that very few, if any, text messaging systems in use today would be considered to be autodialers. However, should future court decisions, FCC rulemaking, or legislative changes further redefine what constitutes an ATDS, text messaging systems could again be subject the TCPA’s consent requirements. Additionally, the TCPA has other provisions unrelated to the ATDS restrictions that could present risks.

Risks for Platform Users

Time-Based Restrictions

Marketers should only send messages between 8 a.m. and 9 p.m. according to the recipient’s local time. Some states have laws mandating stricter calling and texting time restrictions. Do not assume that your automated text message platform will heed these restrictions for you.

Do Not Call List

In the immediate wake of the Facebook decision, multiple plaintiffs filed TCPA complaints in which ATDS allegations were swapped out for alleged violations of the National Do Not Call (DNC) Registry. Some of these complaints specifically alleged that the defendants sent text messages to numbers on the DNC list.

Reassigned Numbers

With approximately 100,000 mobile phone numbers reassigned by wireless carriers every day, it is absolutely essential to check your data for reassigned numbers. Phone numbers may change, but the risk of TCPA liability is inevitable.

Disconnected Numbers

While a phone call placed to a disconnected number will likely produce a message informing the caller that the number has been disconnected, a text message sent to a disconnected number is unlikely to do so. In order to avoid wasting time and resources, you should have a disconnected number solution.

Internal DNC List

You are required by law to keep a company-specific DNC list. You should immediately honor the requests of consumers who ask to be placed on your internal DNC list. You are also required by law to keep an updated internal Do Not Call policy and must provide such policy to your clients upon request.

Risks for Platform Providers

Text message platform providers also face TCPA risks. The primary source of risk for platform providers is vicarious liability. Vicarious liability is defined as an attachment of responsibility to a party for harm or damages caused by another party in a lawsuit or civil action. Text platform providers could potentially be found vicariously liable for TCPA violations committed by users of their platforms. In some circumstances, platform providers have even been found directly liable for violations committed by their users. Because the FCC and courts have repeatedly declined to shield text message platform providers from liability, platform providers need to have their own TCPA compliance solutions.

In 2009, a text message platform petitioned the FCC for a declaratory order that the FCC should evaluate TCPA liability for text platform providers such that “liability will attached only if a text broadcaster ‘demonstrates a high degree of involvement in, or actual notice of, the unlawful activity and fails to take steps to prevent such transmissions.’” This is the standard that the FCC had held for fax broadcasters.

Seven years later, the FCC finally responded, releasing an order denying the petition. It explained that, according to its 2015 Omnibus Declaratory Ruling and Order, “text broadcasters can be liable for TCPA violations based on the factors discussed in that decision.” Among the reasons it cited for this decision were concerns about “the extent to which a person willfully enables fraudulent spoofing of telephone numbers or assists telemarketers in blocking Caller ID, by offering either functionality to clients,” or whether the text broadcaster “has knowingly allowed its client(s) to use that platform for unlawful purposes.”

Similarly, an educational technology company that, among other things, provides texting communication services for schools petitions the FCC for an Expedited Declaratory Ruling. After being sued for TCPA violations relating to its service, filed a petition with the FCC, requesting clarification that all automated, informational phone calls and text messages sent by educational organizations are sent for emergency purposes and are thus allowed by the TCPA. The FCC declined to exempt all informational calls made by educational organizations from the TCPA but clarified that schools may deliver messages without consent if related to unexcused absences and emergencies such as weather closures, health risks, threats, or fires.

Frequently Asked Questions

Text messaging compliance is a particularly complex aspect of TCPA compliance. While the previous sections should provide a good overview, some potential questions may slip through the cracks.

Am I legally required to let consumers know how to opt-out?

For debt collection texts, yes, you are required to provide opt-out instructions, according to the Consumer Financial Protection Bureau’s (CFPB) debt collection rule

If my consent language covers both calls and texts, does a consumer opting out of one mean they have opted out of both?

Yes, opting out of one should result in opting out of both unless you’ve made it clear that there are different requirements. However, you can clarify with the consumer whether they are seeking to opt-out of one particular program or all calls and texts to the number. 

Are there state-specific telemarketing laws related to texting?

Yes. 15 states have their own laws regarding text messaging. State-level laws on texting are typically more complex and stringent than federal-level laws. Florida recently passed a law that closely mirrors the TCPA and does not have an ATDS definition, potentially exposing anyone who markets to Florida residents to ATDS risks similar to the pre-Facebook risks.

Also, please note that when congress passed the TCPA it explicitly said it did not preempt state laws. You must follow both federal and state laws governing calling and texting.

Do I need to make special considerations for declared states of emergency?

Yes, some state telemarketing laws prohibit you from making calls during a state of emergency. However, it is less clear when it comes to texting. Other than the 15 states that treat text messages separately, it is not clear whether a regulator would say texting is a call. A lot of state-level statutes about states of emergency are worded in such a way that calls are explicitly prohibited while texts are not. But as a practical matter, it is best to limit the use of text message campaigns during states of emergency.