SubscriberVerify View full article

TCPA and SMS Compliance in 2026: Carrier Restrictions, Cold Call Rules and Key Changes

TCPA compliance in 2026 is not one checklist — it is two overlapping systems. Federal and state telemarketing laws (including the TCPA and FTC Telemarketing Sales Rule) govern whether you may contact someone. U.S. wireless carriers and messaging providers govern whether your SMS will actually deliver.

A campaign can satisfy TCPA rules and still fail because 10DLC registration, consent evidence or message content does not meet carrier requirements. Sustainable outreach needs both legal permission and carrier approval.

What changed for TCPA and SMS compliance in 2026?

The Eleventh Circuit vacated the FCC's one-to-one consent rule before it became nationwide law. That does not relax the need for conspicuous, campaign-specific consent disclosures and documentation.

SMS carrier restrictions businesses must follow in 2026

A2P 10DLC registration is effectively mandatory

Businesses using ordinary U.S. local numbers for A2P messaging should register the brand, the campaign use case, and the numbers assigned to that approved campaign. By 2026, major carriers block unregistered business traffic on 10-digit long codes.

Toll-free SMS also requires verification

Toll-free numbers are not an unregulated shortcut. Complete toll-free messaging verification with accurate company, use-case, consent-flow and sample-message information. Providers may request EIN or other business-registration details for new toll-free registrations in 2026.

Registration must match the live campaign

Common rejection or suspension triggers include registering one use case but sending another, using a different brand name in messages, hiding recurring-message disclosures, inaccessible opt-in pages, purchased lists without provable consent, sharing one campaign across unrelated businesses, and volume far above what was described.

Carrier approval is not TCPA consent

A2P registration verifies the sender and declared use case. It does not prove each recipient opted in. You need both proper carrier registration and legally sufficient, documented recipient consent.

SMS opt-in requirements for marketing messages

Before promotional texts, the disclosure near the phone field or CTA should identify the sending business, message type, whether messages recur, that message and data rates may apply, how to get help, how to opt out, that consent is not required to purchase (when applicable), and links to terms and privacy policy.

Do not bury consent inside terms consumers never open. Retain phone number, timestamp, exact language shown, source URL or form, checkbox status, lead source, policy version, confirmation-message records and subsequent opt-out history. For screening workflows, pair consent records with litigator checks and DNC screening before launch.

The FCC's one-to-one consent rule was vacated

The proposed rule would have required consent separately for each seller and limited messages to topics logically related to the interaction that produced consent. In January 2025 the Eleventh Circuit vacated it, finding the FCC exceeded its authority.

Lead generators and comparison sites should still name the sellers that may contact the consumer, avoid vague "marketing partner" language, record which sellers were displayed, and prevent buyers from using leads outside agreed scope. That is prudent risk management — not reliance on a rule that never took effect.

TCPA opt-out and consent-revocation requirements

Consumers may revoke consent through reasonable methods — not only your preferred channel. Recognize STOP, QUIT, END, REVOKE, OPT OUT, CANCEL, UNSUBSCRIBE, and natural-language requests such as "don't text me again."

Sync suppressions across SMS platforms, dialers, CRM, support tools, lead-distribution systems and vendors. A stop request in one channel must not be lost when another team launches a campaign. Confirmation messages should acknowledge the opt-out only — no new promotional content.

TCPA rules for cold calls in 2026

Rules vary by whether the call is manually dialed, uses an autodialer, artificial or prerecorded voice, ringless voicemail, soundboard or AI-generated audio. Manual dialing does not automatically make every cold call lawful — Do Not Call and state restrictions apply independently.

National Do Not Call Registry

For consumer telemarketing, register where required, obtain relevant area codes, scrub on schedule (at least every 31 days for the National Registry), maintain an internal company DNC list, honor direct do-not-call requests and document exemptions. The Telemarketing Sales Rule prohibits calling consumers who asked not to be called and restricts calls to National DNC numbers except where an exemption applies.

Established business relationships support some calls under certain rules but do not override a consumer's company-specific opt-out or solve prerecorded/automated-call consent requirements. Follow federal calling-hour limits and tighter state windows where applicable. Disclose caller identity, the business on whose behalf you call, commercial purpose and material offer terms; do not spoof caller ID.

Does the TCPA apply to B2B cold calls and texts?

Many traditional B2B calls are exempt from FTC Do Not Call provisions, but B2B is not a universal shield. Risk remains when the number belongs to an individual mobile subscriber, the recipient uses one phone for work and personal use, an automated or prerecorded call reaches wireless, a state mini-TCPA applies, the person opted out, or the pitch is ultimately a consumer transaction.

State mini-TCPA laws add another layer

Identify the recipient's state and apply the strictest relevant rules before dialing or texting. States may regulate calling hours, frequency caps, state DNC lists, caller registration, licenses or bonds, autodialing, prerecorded messages, consent language, record retention and private lawsuits with statutory damages.

Content carriers commonly restrict

Even legal products may be blocked when messaging platforms classify them as high risk: cannabis/CBD, illegal drugs, certain financial services, debt relief, gambling, firearms, adult content, hate-related material, phishing, fraudulent jobs and SHAFT categories (sex, hate, alcohol, firearms, tobacco). Restrictions vary by carrier, provider and sender type.

Why compliant SMS still gets filtered

TCPA compliance controls lawful authority to contact someone. Carrier compliance controls whether the network delivers the message. You need both.

Recordkeeping for calls and texts

Retain consent records, opt-outs, internal DNC entries, National DNC scrub logs, campaign registrations, templates, call detail, vendor contracts, lead-source documentation, suppression transfers and complaint investigations for the period required by federal and state law, contracts and your retention policy. The FTC's amended Telemarketing Sales Rule expanded recordkeeping for campaign calls, prerecorded messages and claimed established business relationships.

Vendor and lead-generation compliance

Sellers often remain liable for vendor activity. Contracts should require TCPA, TSR, carrier and state compliance; approved consent language; complete consent evidence; suppression sharing; complaint reporting; audit rights; indemnification; and data return or deletion at termination.

Before contacting a lead: validate the number, confirm line type, verify consent covers your seller and channel, scrub federal and state DNC lists, check internal suppression, confirm calling hours, and store the compliance decision with evidence. SubscriberVerify API and bulk validation support carrier, litigator and DNC checks in one workflow.

2026 TCPA and SMS compliance checklist

  1. Register every A2P 10DLC brand and campaign.
  2. Verify toll-free messaging numbers.
  3. Obtain clear consent before promotional texts or automated marketing calls.
  4. Preserve the disclosure shown at consent.
  5. Identify the sender in every message.
  6. Include functional opt-out instructions.
  7. Recognize natural-language opt-outs.
  8. Synchronize opt-outs across every platform and vendor.
  9. Scrub cold-call lists against applicable Do Not Call databases.
  10. Maintain an internal Do Not Call list.
  11. Apply federal and state calling-hour restrictions.
  12. Review state mini-TCPA requirements.
  13. Avoid prohibited carrier content categories.
  14. Monitor complaint, filtering and opt-out rates.
  15. Audit lead sellers and telemarketing vendors.
  16. Retain campaign, consent and suppression records.
  17. Test HELP, STOP and links before launch.

Screen numbers before every campaign. Carrier lookup, litigator flags and DNC status in one pass. Start free · LitigatorVerify · DNC Screening

Frequently asked questions

Is cold texting illegal in 2026?

It depends on purpose, technology, recipient type, consent records and state law. Unsolicited promotional texts to consumer wireless numbers create substantial TCPA risk and are often blocked by carriers even when a sender believes it has a legal basis to contact.

Do I need consent to send marketing SMS?

Promotional texts should generally be sent only after obtaining legally sufficient, documented consent. The required form depends on message type, dialing technology and applicable federal and state rules.

Is A2P 10DLC registration legally required?

A2P registration is primarily a carrier and messaging-industry requirement, not a substitute for TCPA consent. In practice, unregistered local-number business traffic is generally blocked by major U.S. carriers, making registration operationally mandatory.

Did the one-to-one consent rule take effect?

No. The Eleventh Circuit vacated the FCC's one-to-one consent rule in January 2025. Businesses should still use clear, specific consent that identifies which companies may contact the consumer.

Does typing something other than STOP count as an opt-out?

It can. Treat reasonable language such as "do not text me," "remove my number" or "I don't want these messages" as potential revocations — not only exact keywords.

Can businesses cold-call B2B leads?

Many B2B calls are exempt from parts of the federal Telemarketing Sales Rule and National Do Not Call rules, but TCPA, carrier, wireless-number and state mini-TCPA requirements may still apply.

Can I text a purchased lead list?

Purchasing a list does not itself provide consent. Verify the original disclosure, named parties, channels, purpose, date and complete evidence before calling or texting any purchased lead.

Protect your next campaign. Start with 10,000 free lookups — no credit card required — or create an account with 100,000 lookups for $50. Explore LitigatorVerify Start Free Trial

Protect your next campaign. Screen litigators and validate numbers before you call or text. LitigatorVerify Start Free Trial