10DLC Campaign Compliance Requirements

The purpose of a Call-to-Action (CTA) is to ensure the Consumer consents to receive text messages and understands the nature of the program. The CTA language must encourage or invite a Consumer to opt into a Messaging program and must be clearly and unambiguously displayed with the following disclosures:

• Program (Brand) Name/Product Description

• Message Frequency Disclosure

• Message and Data Rates may apply (if non-FTEU)

• STOP keyword (Opt-out information may appear in the terms and conditions.)

• Complete terms and conditions OR link to complete terms and conditions (Popups are not a method for displaying terms and conditions)

• Privacy policy OR link to a privacy policy

• Opt-in language must be entitled just for text messages. It can not include e-mail or phone calls, this should be separate.

• The phone number field in the website form should be optional, not mandatory, for opt-ins. It shouldn't be a required field.

For TCR compliance, all campaigns must include the URL for the Terms and Conditions and Privacy Policy under the Call-to-Action (CTA). Even though this information is available on the website, it must be displayed within TCR.

TCR provides a specific section for the Privacy Policy and Terms and Conditions links, and these can either be added in those designated fields or within the CTA section.

1) Implied Consent:

If the Consumer initiates the text message exchange and the business only responds to

each Consumer with relevant information, then no verbal or written permission is expected.

Since the consumer initiated the contact, no additional permission is needed

• The workflow needs to be clear and should state that the customer is initiating contact with the business via text message to opt-in for text message communication. For example: "the customer sends a text message to initiate text message communication with the business”.

• First message is always sent by the customer

It's important to emphasize that this should clearly and unmistakably explain how the

customer is contacting the business to provide implied consent.

2) Express Consent:

The Consumer should give express permission before a business sends them a text

message. Consumers may give permission over text, on a form, on a website, or verbally. Consumers may also give written permission.

2.1 Text: the customer opts in by texting a specific keyword to a designated phone number.

The workflow must include both: the exact keyword and the designated phone

number, ensuring no details are omitted.

Example: “Customer opt-in by sending “WELCOME” to phone number 123456789”

2.2 Form: the customer provides consent by completing a form (either electronic or in

paper). This specific form must be attached to TCR for verification purposes.

Example: “The customer completes a form at the doctor's office that includes opt-

in language agreeing to receive text message communications”

.2.3 Website: the customer can opt-in through a webform, which must meet specific

compliance requirements:

• The phone number field should not be mandatory, as this would be considered

forced opt-in.

• Opt-in language should appear at the bottom of the form, clearly stating the

frequency, msg & data rates, and that text messages will be sent. The opt-in must be

exclusively for text messages and should not include email or calls, which must be

handled separately. The form should be designed specifically for text message

consent only.

Example: “By submitting this form and signing up for texts, you consent to

receive marketing text messages (e.g. promos, cart reminders) from [company

name] at the number provided, including messages sent by autodialer. Consent

is not a condition of purchase. Msg & data rates may apply. Msg frequency

varies. Carriers are not liable for delayed or undelivered messages. Unsubscribe at any time by replying STOP or clicking the unsubscribe

link (where available). Privacy Policy [link] & Terms [link]. ”

Best practices for website opt-in:

• If the opt-in takes place on the website but not on the website’s main page, the specific URL where the opt-in occurs should be provided.

• It should clearly specify the exact location on the site where it happens and include the

appropriate opt-in language. For example: "Customers will opt-in through the main

website form, which is located at the bottom of the page."

• Website can display a pop-up form; it should be specified that a pop-up form will appear for customers to opt-in for text messages communication.

2.4 Verbal: customers will have the option to provide verbal consent. For this type of opt-in, the process must clearly outline the scenarios in which the customer is giving their consent.

This could happen during a phone call or in person.

Example: “The customer will verbally opt-in during a phone conversation with one of

our customer service representatives, who will ask if they would like to receive text

messages from our company”

3) Express Written Consent:

The Consumer should give express written permission before a business sends them a text message. Consumers may sign a form

Guidance when a use case is verbal or over email/written, is to provide the script or sample of CTA sent written to verify all aspect of CTA are fulfilled. As noted, requirements of CTA are based on T-Mobile Code of Conduct section 2.5 Calls-to-Action & CTIA Messaging and Best Practices section 5.1.1 Message Senders Should Provide Clear and Conspicuous Calls-to-Action.

Each campaign must include keywords and sample messages for subscriber opt-in, opt-out, and, help requests. There is a specific template that should be followed for these messages.

• Opt-in confirmation message: it should include instructions on how to request help, the frequency of messages, and the program name or product description.

• Help message: it should include program name or product description and customer care contact information.

• Opt-out message: it should include program name or product description and confirmation of opt-out and that no further messages will be sent

Comprehensive terms and conditions might be presented in full beneath the call-to-action, or they might be accessible from a link in proximity to the CTA.

Popups are not a method for displaying terms and conditions.

Where feasible, Message Senders may combine multiple program components (e.g., call-to-action and terms and conditions)

The following SMS program disclosures must be included within the terms and conditions.

• Program (brand) name.

• Message frequency disclosure. (not required for single message programs)

• Product description.

• Customer care contact information.

• Opt-out information. (not required for single message programs)

• “Message and data rates may apply” disclosure. (not required for FTEU rated programs)

It must include the types of messages consumers can expect to receive, texting cadence, message and data rate notices, any associated costs, privacy policy, opt-out instructions and other terms of use.
​

Sample messages must correspond to the registered use case. If a campaign is registered under

multiple use cases (mixed), a sample message for each use case should be provided.

Message Senders are responsible for protecting the privacy of Consumers’ information and must comply with applicable privacy laws. Message Senders should maintain a privacy policy for all programs and make it accessible from the initial CTA.

• When a privacy policy link is displayed, it should be labeled clearly. In all cases, terms and conditions, and privacy policy disclosures must provide up-to-date, accurate information about program details and functionality.

• Any mentioning of 3rd Party Data Sharing, Renting, or Selling is disallowed unless the below disclosure is included: “All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.”If privacy policy already provides for data sharing or selling to nonaffiliated third parties, it needs to clarify that such data sharing or selling will not include a customer’s SMS opt-in data or consent status (because explicit, one-to-one consent is required for SMS). If privacy policy does not currently mention data sharing, you need to insert a similar clarification that you will not share SMS opt-in or consent status for non-service-related purposes.

Example: "We will not share your opt-in to an SMS campaign with any third party for purposes unrelated to providing you with the services of that campaign. We may share your Personal Data, including your SMS opt-in or consent status, with third parties that help us provide our messaging services, including but not limited to platform providers, phone companies, and any other vendors who assist us in the delivery of text messages."

Messaging content for controlled substances or for distribution of adult content might be subject to additional carrier review. This type of messaging should include robust age verification (for example, electronic confirmation of age and identity).

Examples of robust age gates include:

1. Document Upload (Government ID)

2. Third-Party Identity Verification Services

3. Credit Card Verification

4. Reply with your birthdate xx/xx/xxxx

5. A web opt-in form field, which requires the user to include their birthday

Asking a user to “reply YES/AGREE” to confirm they are over a certain age is not considered a robust age verification.

The below points should be considered for political campaigns:

• Political / Organization name

• Politician / organization website

• If donations are part of the program, the statement “Donations will be secured through ____and Accreditation listing is _____.” should be present in program summary. A valid call-to-action and clear product description within the SMS terms of service which clearly discloses that donations will be solicited, should be included.

The following must be adhered to and considered when submitting a campaign for approval. All mechanisms should be in place at the time of submission.

1) User Consent: Messaging programs are expected to provide full transparency so that

Consumers are aware of and only receive messages from Messaging Programs to which

they have opted in.

2) Opt-in: Consumers must opt-in to receive messages associated with a specific program.

Enrolling a Consumer in multiple programs based on a single opt-in is prohibited, even

when all programs operate on the same Short Code.

3) Opt-out: Message Senders must acknowledge and act on all opt-out requests. Monitoring procedures confirm a successful opt-out.

4) Opt-In Confirmation: Messaging programs should send a single opt-in confirmation

message displaying information to verify the Consumer’s enrollment, identify the program, and describe how to opt out. Additionally, opt-in messages must contain the program (brand) name or product description, customer care contact information, message frequency disclosure, “message and data rates may apply” disclosure (non-FTEU), and opt-out instructions (reply STOP to opt-out).