Do customers have to opt in for non-marketing SMS?

Non-marketing texts still require prior express consent under TCPA. Learn exactly when opt-in is needed, what counts as transactional, and where exemptions end.

LeadCompliant Team
22 min read
In This Article

Last updated 2026-07-10

Person reviewing an incoming text message notification on a smartphone at a desk
Person reviewing an incoming text message notification on a smartphone at a desk

TL;DR

Non-marketing SMS still needs prior express consent under TCPA when sent through an auto-dialer or prerecorded system. Purely informational texts get a lower consent bar than marketing, but they are not opt-in-free. Real exemptions are narrow: emergency alerts and certain healthcare messages get limited carve-outs. Every other business-to-consumer text to a cell phone needs documented prior express consent.

What does TCPA actually say about non-marketing texts?

Yes, customers still have to opt in for non-marketing SMS. The paperwork bar is lower than for marketing. It is not zero.

The Telephone Consumer Protection Act, 47 U.S.C. § 227, bars calls or texts to a cell phone using an automatic telephone dialing system without prior express consent. The statute carves out no blanket exemption for informational or transactional messages. What it does, through FCC rulemaking authority under 47 U.S.C. § 227(b)(2), is let the FCC set different consent tiers for different message types.[1]

The FCC used that authority in its 2012 Order (FCC 12-21). That order created two consent levels. Marketing messages that include or connect closely to a commercial solicitation require prior express written consent, meaning a signed agreement (paper or electronic) that specifically authorizes autodialed texts. Informational messages that are purely transactional or relational require only prior express consent, an oral or written agreement that is easier to document but still real.[2]

The honest answer is short. Opt in first, then text.

What counts as a non-marketing or transactional SMS?

A text is transactional or informational when its dominant purpose is to give the customer information they need or that relates to something they already started. The FCC and courts draw the line around whether the primary purpose is commercial solicitation. That word, dominant, does most of the work.

Messages courts and the FCC usually treat as informational: appointment reminders, delivery notifications, one-time passcodes, account balance alerts, prescription refill notices, fraud alerts, and flight status updates. If a message starts as a delivery notice but ends with a discount offer, courts have said the commercial part can pull the whole message into the marketing tier.[3]

A 2003 FCC ruling set up the "dual purpose" doctrine. When a message has both an informational purpose and a selling purpose, the primary purpose decides its category. In practice, if your legal team can't clearly explain why a message isn't solicitation, assume it is and get written consent.

See the tcpa sms compliance overview for how these tiers play out across industries.

Message typeConsent tier requiredWritten signature needed?
Appointment reminder (no offer)Prior express consentNo
Order status / shipping updatePrior express consentNo
Account balance alertPrior express consentNo
OTP / security codePrior express consentNo
Promotional discount, sale announcementPrior express written consentYes
Cross-sell or upsell inside a transactional messagePrior express written consentYes
Emergency alert (life-safety)No consent required (FCC exemption)No

What is the FCC's exemption for purely informational texts, and how narrow is it?

Narrow. The FCC's 2012 TCPA Order created a limited exemption for certain non-marketing calls and texts. It lets autodialed or prerecorded messages reach cell phones without prior express consent only if the message is free to the recipient, not marketing, and inside a defined category such as a financial account alert or a healthcare appointment reminder.[2]

In 2015, the FCC expanded the healthcare carve-out under the HIPAA context. Covered entities can send appointment reminders, prescription notifications, and post-discharge follow-ups without prior express consent, but only under strict content limits: one message per day, three per week maximum, opt-out instructions in every message, and no marketing content at all.[4]

Those limits bite. The FCC's 2015 Declaratory Ruling (FCC 15-72) says the healthcare exemption vanishes the moment a message includes "any marketing, advertising, or debt collection information."[4] Plenty of compliance teams treat this exemption as too risky, because the line between a clinical reminder and a soft pitch is genuinely blurry in healthcare.

Outside healthcare and financial alerts, there is no standing FCC exemption for autodialed informational texts. You need documented prior express consent.

TCPA SMS consent: key numbers at a glance Statutory damages, penalty tiers, and statute of limitations under 47 U.S.C. § 227 500 Statutory damages per viola… (unintentional) 1,500 Statutory damages per viola… (willful) 4 Statute of limitations (yea… 3 Healthcare exemption: max t… per week Source: U.S. Code, 47 U.S.C. § 227 (Cornell LII), 2024

Prior express consent for non-marketing texts doesn't have to be written. It does have to be real and provable. The FCC has said consent can come from the customer giving you their cell number in connection with the reason you're texting them. A customer who hands over their mobile number while placing an order has, under that doctrine, consented to order status texts about that order.[2]

That implied-from-context consent is fragile in court. If you can't document exactly when, how, and in what context the number came in, you're relying on an argument instead of a record. Courts vary on how much weight they give contextual consent. Some plaintiffs' attorneys have built entire practices around this gap.

Documentation minimum: a timestamp, the source field where the number was entered, the disclosed purpose at collection, and an IP address or session ID. If you use a sms opt-in form, log the form version the customer saw. That log is what saves you when a plaintiff swears they never consented.

For higher-volume programs, treat informational texts like marketing texts from a documentation standpoint, even though the consent tier is lower. The cost of proving contextual consent in litigation usually beats the cost of a clear checkbox at sign-up.

Do customers have to opt in to SMS in Virginia specifically?

Federal TCPA applies in full to Virginia texts, and no Virginia-specific exemption loosens those consent rules. Virginia has no standalone SMS consent law. The Virginia Consumer Protection Act (Virginia Code § 59.1-196 et seq.) bars unfair or deceptive trade practices, which regulators have applied to undisclosed text programs.[5] Virginia businesses sending consumer texts stay fully subject to TCPA.

Virginia's Consumer Data Protection Act (CDPA), effective January 1, 2023, covers how personal data including phone numbers gets collected and used, and it grants opt-out rights for targeted advertising. The CDPA doesn't regulate the act of sending a text directly. But using a number collected in ways that break CDPA consent rules to fire off texts stacks a second layer of exposure on top of TCPA.[11]

Here's the short version for Virginia. TCPA federal rules apply in full. The CDPA adds obligations around how you collected the number. The state consumer protection act adds a deceptive-practices layer. Text a Virginia resident and your consent documentation has to meet the federal standard, full stop.

See lead generation compliance news for updates when state laws like Virginia's CDPA collide with TCPA in enforcement.

Can a business use an existing customer relationship to skip opt-in?

No. A prior purchase, an open account, or a long business history does not substitute for consent to receive autodialed texts. This is one of the most misunderstood areas in TCPA.

Having a prior business relationship (an "established business relationship," or EBR) used to give a consent safe harbor under older FCC rules. The FCC removed that safe harbor for autodialed calls and texts to cell phones in its 2012 order.[2] The only way an existing relationship helps now is if it involved the customer providing their cell number in a context that implies consent to the exact kind of message you're sending.

Some companies try to thread this by arguing the customer "reasonably expected" texts. Courts have been skeptical when that argument has no documentation of what the customer was actually told. In Marks v. Crunch San Diego LLC (9th Cir. 2018), the court read the ATDS definition broadly, which means the range of devices that trigger TCPA consent requirements stays litigated and uncertain.[7]

Safest position: treat EBR as zero protection for cell phone texting, and document actual consent.

TCPA statutory damages run $500 per violation and up to $1,500 per willful violation, with no cap on class size.[1] A blast to 50,000 numbers without proper consent is a $25 million exposure floor, and up to $75 million if a court finds the violation willful.

These cases settle constantly. The TCPA plaintiffs' bar is active and organized. Class actions routinely settle in the seven- to eight-figure range. Papa John's settled a text-message case for $16.5 million in 2013. Domino's settled another for $9.85 million. Neither was exotic. They involved the same kind of transactional and marketing text programs most small businesses run.[8]

Private plaintiffs don't need to show actual damages. That statutory structure is what makes TCPA so attractive to class counsel. A recipient who was mildly annoyed by an unwanted text carries the same $500-per-message standing as one who suffered real harm.

The FCC also has enforcement authority and can issue its own forfeitures. State attorneys general can enforce under 47 U.S.C. § 227(g). Virginia's AG holds that standing.

For a full breakdown of exposure and how cases actually unfold, the tcpa reference explains the statute's damage mechanics.

How should a small business get and document non-marketing SMS consent?

Build consent into your intake process as if it were written consent, even for purely informational texts. The extra effort is trivial next to the cost of arguing contextual consent after a demand letter lands.

A minimum disclosure for an informational text program reads something like this: "By providing your mobile number, you agree to receive [description of message type, e.g., order status updates and appointment reminders] from [Company Name] at the number provided. Message and data rates may apply. Reply STOP to cancel." That language covers the FCC's required disclosures for express consent.

Document three things. What the disclosure said. When the customer saw it (timestamp). That the customer affirmatively provided their number after seeing it. A pre-checked box does not count. The customer has to take an action, even if the action is just typing their number into a clearly labeled field.

LeadCompliant's free compliance kit includes consent language templates and a documentation checklist sized for small outbound teams. The sms opt-in form guide walks through the exact elements regulators and courts look for in a compliant collection form.

If you send both marketing and transactional texts from one platform, keep the consent records separate and tagged by type. Mixing them creates ambiguity a plaintiff's attorney will use.

Does the TCPA apply to texts sent manually or from a CRM?

This is a real gray area and one of the most contested questions in TCPA litigation right now. The statute's consent requirements attach to calls made with an "automatic telephone dialing system" (ATDS), defined in 47 U.S.C. § 227(a)(1) as equipment with the capacity to store or produce telephone numbers using a random or sequential number generator and dial them.[1]

The Supreme Court took this up in Facebook, Inc. v. Duguid (2021), holding that an ATDS must actually use a random or sequential number generator, not merely hold a large stored list. That decision narrowed the ATDS definition and gave some businesses more room to text from CRM systems without triggering full ATDS consent rules.[9]

Don't read Duguid as a free pass. Many modern texting platforms carry ATDS characteristics depending on how they function. Several states have their own mini-TCPA laws with broader ATDS definitions that Duguid never touched. And even non-ATDS texts can trigger liability under other theories, including state consumer protection laws.

If you send texts through a platform like Twilio, Salesmsg, or any bulk SMS tool, ask counsel whether it qualifies as an ATDS after Duguid. The twilio-tcpa-compliance guide takes a platform-specific look at this.

How does double opt-in affect your compliance posture for informational texts?

Double opt-in, where a customer confirms by replying YES to a confirmation text, is not required by TCPA for informational messages. It is still the single best consent documentation tool available to small teams.

Here's why. A double opt-in creates a record of affirmative confirmation that's hard for a plaintiff to attack. It shows the person controlled the number at the moment of consent, understood they were opting in, and chose to do it. Single opt-in forms are defensible too, but they invite arguments that the number was mistyped, the form was pre-filled, or the disclosure was buried.

For any program sending more than a few hundred messages a month, the sms double opt-in confirmation flow is worth the small friction at sign-up. You'll lose some subscribers. The ones you keep are consent-clean.

Carriers like T-Mobile and AT&T watch complaint rates and opt-out rates when deciding whether to filter or block your messages. Clean consent records tend to produce lower complaint rates, which means better deliverability on top of lower legal risk.

What should your opt-out process look like for non-marketing texts?

Any consumer who sends STOP (or a similar opt-out keyword) must be removed from future texts, and that removal has to be honored right away for all messages from that sender. TCPA and FCC rules require it.[2]

Many businesses assume the opt-out rules soften for informational texts. They don't. A customer who texts STOP to your appointment reminder program must stop getting those reminders. You can send one final confirmatory message acknowledging the opt-out. After that, silence.

A few practical requirements from FCC guidance: honor STOP, QUIT, CANCEL, UNSUBSCRIBE, and END. Don't text the customer again after opt-out, even for a transactional reason, until they re-subscribe. Keep a suppression list and check new contacts against it before texting.[10]

This last point trips up a lot of small teams. Someone opts out of your SMS program. Six months later they buy from you again and hand over a phone number at checkout. They have not re-opted into texts by making a purchase. You need fresh, explicit consent for texts, separate from the transaction. Run them against your suppression list before adding them to any text queue.

Are B2B texts subject to the same opt-in rules?

Yes, when the number is a personal cell phone. The TCPA's cell phone protections turn on the type of number, not the purpose of the call or text. A text to a person's personal cell for a business reason is still a personal cell text and still needs consent under 47 U.S.C. § 227.

The B2B context matters in one narrow way. If you text a dedicated business line registered as a business number and not a personal cell, TCPA doesn't apply the same way. But almost every business person you're trying to reach uses their personal cell as their main contact. You rarely know for sure whether a number is a personal cell or a business-dedicated line.

Some plaintiffs have won on the argument that texts to personal cell phones violate TCPA even when the commercial purpose was clearly B2B. The safe approach: treat every cell number as TCPA-protected unless you have documented evidence it's a dedicated business line.

For B2B teams working international contacts, GDPR and related frameworks stack consent requirements on top of TCPA for EU-based contacts. The b2b lead generation platforms gdpr compliance article covers that overlap.

Frequently asked questions

Yes. Appointment reminders sent via an autodialer or bulk SMS platform require prior express consent under TCPA. They don't need signed written consent (that tier is for marketing), but they do need documented prior express consent. The simplest fix: collect the cell number on a form with a clear disclosure that texts will be sent, and log when the customer submitted it.

Is a shipping notification considered a marketing text under TCPA?

A pure shipping status notice with no promotional content is informational, not marketing. It requires prior express consent, not the higher written tier. Add a discount code or product recommendation inside that shipping notice and the whole message may be reclassified as marketing, which needs prior express written consent. Keep transactional messages clean of any commercial solicitation.

Can I text a customer who gave me their number at checkout without getting separate SMS consent?

Possibly, but it depends on what the checkout form said. If the form disclosed that providing the number means consenting to the specific type of text you're sending, that consent holds. If the field just asked for a contact number with no SMS disclosure, the implied contextual consent argument is weaker, and courts have gone both ways. Add SMS language to your checkout form to close the gap.

Prior express consent can be oral or written and applies to informational, transactional messages. Prior express written consent requires a signed agreement (paper or electronic) specifically authorizing autodialed marketing texts, and it applies to any message with an advertising or telemarketing purpose. Written consent must also include an acknowledgment that consent is not a condition of purchase.

Does the FCC healthcare exemption let me skip SMS opt-in for patient reminders?

The FCC's 2015 healthcare exemption lets certain covered entities send appointment reminders and clinical notifications without prior express consent, under strict limits: one message per day, three per week, and no marketing content. The moment a message includes any promotional element, the exemption disappears. Most compliance counsel advise getting consent anyway, because those content limits are hard to enforce programmatically at scale.

Do Virginia customers have any extra SMS opt-in rights beyond federal TCPA?

Virginia has no separate SMS consent law, but the Virginia Consumer Data Protection Act (effective January 2023) governs how personal data including phone numbers can be collected and used for targeted advertising. Combined with the Virginia Consumer Protection Act's bar on deceptive practices, Virginia residents have practical protections that overlap with TCPA. Federal TCPA is the floor; Virginia data law adds requirements on top for data handling.

Does the Supreme Court's Facebook v. Duguid ruling mean I no longer need consent for CRM-based texts?

Duguid narrowed the ATDS definition, which cut TCPA exposure for some systems. It did not erase consent requirements. If your platform uses a random or sequential number generator, ATDS rules still apply. If it doesn't, state mini-TCPA laws may still cover it. And Duguid changed nothing for messages with a marketing purpose. Get counsel's read on your specific platform before leaning on Duguid as a defense.

TCPA has a four-year federal statute of limitations, so keep consent records at least four years from the last text sent to a given number. Some state laws extend that. Keep the form version the customer saw, the timestamp, the IP address, and the phone number. Store them so you can pull a single record fast; you may need it within days of a demand letter.

What opt-out keywords am I required to honor for informational texts?

FCC guidance and carrier requirements mean you must honor STOP, QUIT, CANCEL, UNSUBSCRIBE, and END at minimum. You can also choose to honor REMOVE and similar terms. After any opt-out keyword, you can send one confirmatory message and then must stop all texts until the customer re-opts in. This rule applies equally to informational and marketing programs.

Can I call or text a number on the National Do Not Call Registry for informational reasons?

The National DNC Registry covers telemarketing calls and marketing texts. Purely transactional texts, those with no promotional purpose, aren't subject to DNC restrictions the same way. But you still need TCPA consent for the text itself if it's sent via an ATDS. DNC and TCPA consent are two separate questions, and clearing one doesn't clear the other.

Does texting a lead who filled out an online form count as having consent?

Only if the form clearly disclosed that filling it out means consenting to receive texts. A contact form or quote request that says nothing about SMS does not create TCPA consent. The form must identify the texter (or class of texters), describe the message type, and the consumer must have actively submitted it. Buying leads from a third party adds complexity; you need their consent chain documented.

What is the per-message TCPA penalty for sending texts without consent?

TCPA provides $500 per violation (per message, per recipient) for unintentional violations and up to $1,500 per violation for willful or knowing violations. There is no statutory cap on class size, which is why a single text blast to tens of thousands of numbers can produce eight-figure liability. Courts have discretion to raise or lower awards within those ranges based on the circumstances.

Do non-marketing texts from real estate agents require opt-in?

Yes. Real estate texts, including property alerts, showing reminders, and market updates, require prior express consent if sent via an ATDS to a cell phone. If the message promotes the agent's services or listings in a way tied to commercial solicitation, it needs written consent. Agents who text clients often should build a compliant opt-in into their CRM intake flow from the start.

Sources

  1. U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act (Cornell LII): TCPA statutory text establishing $500/$1,500 per-violation damages and prohibition on autodialed calls/texts to cell phones without prior express consent
  2. FCC, In the Matter of Rules and Regulations Implementing the TCPA of 1991, FCC 12-21 (2012 Order), via Federal Communications Commission: FCC 2012 Order establishing two consent tiers (prior express consent for informational messages, prior express written consent for marketing), eliminating EBR exemption for cell phones, and defining STOP opt-out requirements
  3. FCC, 2003 Report and Order Implementing the TCPA (dual purpose doctrine), via Federal Communications Commission: FCC dual-purpose doctrine: messages with both informational and commercial purposes are classified by their dominant purpose
  4. FCC, Declaratory Ruling and Order FCC 15-72 (2015 TCPA Omnibus Ruling, healthcare exemption), via Federal Communications Commission: FCC 2015 healthcare exemption limits: one message per day, three per week maximum, no marketing content, opt-out instructions required; exemption voided by any marketing element
  5. Virginia Code § 59.1-196 et seq., Virginia Consumer Protection Act (Virginia Legislative Information System): Virginia Consumer Protection Act prohibits unfair or deceptive trade practices, applicable to undisclosed text messaging programs
  6. Federal Trade Commission, business guidance on telemarketing and consumer protection (FTC): FTC business guidance on telemarketing and text-message consumer protection obligations
  7. Marks v. Crunch San Diego LLC, 904 F.3d 1041 (9th Cir. 2018), CourtListener: Ninth Circuit took a broad view of ATDS definition, illustrating ongoing judicial uncertainty about which texting platforms trigger TCPA consent requirements
  8. Facebook, Inc. v. Duguid, 592 U.S. 395 (2021), Supreme Court of the United States: Supreme Court held that an ATDS must use a random or sequential number generator to produce or store numbers, narrowing the ATDS definition under TCPA
  9. Virginia Consumer Data Protection Act, Code of Virginia § 59.1-575 et seq. (Virginia Legislative Information System): Virginia Consumer Data Protection Act statutory text, effective January 1, 2023, governing personal data including phone numbers collected for commercial purposes and requiring opt-out rights for targeted advertising

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit