SMS & Email Marketing Laws and Regulations What to Know


Text message marketing and email marketing are subject to several regulations that organizations must be aware of. These laws protect consumers from unwanted contact, privacy concerns, and security issues.

We’ll address a few of the most common regulations in the United States, Canada, United Kingdom, European Union, and Australia. However, you should remember that this list is not absolute. There are many laws in place domestically and worldwide that you must consider when adopting text message and email marketing strategies.


Telephone Consumer Protection Act (TCPA)

Established by the FCC, the TCPA governs text message marketing. Under this law, organizations must receive explicit written consent from their customers to send them text messages. In addition, companies must disclose what the text messages will contain and how many notifications subscribers will receive per month.

All organizations must provide their clients with transparent instructions on how to opt out of the messaging program if they choose to do so.

Acceptable written authorization from clients includes paper and online forms, keyword texting, and website popups promoting the program.


The CAN-SPAM Act applies to both text message and email marketing. Under the law, text messages must be clearly identified as promotions. Individuals must be able to unsubscribe from the messages at any time.

All marketing emails must meet specific requirements:

- The sender must reflect the name of the company.

- The subject line should emulate the content of the email.

- The email should clearly identify that the message is an ad.

- A physical address for the company should be included in the message body.

- All messages should include a way to unsubscribe from future emails.

- Any recipient who chooses to opt out must be removed within ten business days.

- The issuing company remains responsible for compliance with CAN-SPAM, even if it outsources promotional emails to another organization.


The FCC can charge a penalty of up to $46,517 for each infringement of the CAN-SPAM Act, so you’ll want to ensure all of your messages are fully compliant to avoid significant expense.


General Data Protection Regulation (GDPR)

The GDPR protects privacy for all European Union residents and citizens. Under the law, you cannot purchase bulk email addresses. The rules stipulate that:

- You must notify subscribers that you are collecting data for marketing purposes

- You must state that you plan to send them promotional emails regularly

- You must provide any user who asks for their electronic data a copy

- You must store only data that is reasonable to hold for marketing purposes

- You must inform users of any security breach involving their data within 72 hours

The penalties for non-compliance with GDPR are stiff. If GDPR is violated, the organization may be subject to fines of €20 million or 4% of revenue, whichever is greater.

Canada Anti-Spam Legislation (CASL)

The CASL is similar to CAN-SPAM. Under the law, organizations must receive consent to send clients text or email marketing messages.

The sender must be clearly identified in the marketing message, and subscribers must be able to opt out of future messages. If a subscriber chooses to opt out, they must be removed from the list within ten business days.

Under CASL, violations are subject to fines of up to $1M for individuals and $10M for businesses.


Spam Act 2003 (Australia)

Under the Spam Act 2003, all subscribers must receive a copy of the organization’s Privacy Policy and give their written consent to receive marketing materials. Anyone who chooses to unsubscribe must be removed from the marketing list within five days. In addition, Australia has banned the use of bulk email purchases.

Privacy And Electronic Communications Regulations (UK)

The United Kingdom’s marketing act is similar to Canada’s and Australia’s. You must receive written consent to send marketing materials.

Your sender name should be clearly identifiable, and contact details must be included within the email. However, companies have a longer period to remove subscribers from their mailing lists — up to 28 days.