The SMS compliance landscape shifted dramatically in early 2026. If your business sends text messages to customers, the rules you followed last year may no longer be enough. Between a landmark court ruling, stricter carrier vetting, and evolving CTIA enforcement, staying compliant requires more attention than ever.
Here is what changed, what it means for your business, and what you need to do about it.
The Fifth Circuit Oral Consent Ruling: A Seismic Shift in TCPA Law
On February 25, 2026, the Fifth Circuit Court of Appeals issued a ruling in Bradford v. Sovereign Pest Control that sent shockwaves through the telecom and marketing industries. The court held that the Telephone Consumer Protection Act (TCPA) does not require prior express written consent for automated or prerecorded telemarketing calls and texts. Instead, the statute permits either oral or written consent.
This is a significant departure from how the FCC has interpreted the law for over a decade. The FCC’s 2012 rule explicitly required written consent for telemarketing messages sent via autodialer or prerecorded voice. The Fifth Circuit looked at the plain text of the statute and concluded that Congress never made that distinction. The TCPA says "prior express consent of the called party," and the court ruled that consent can be given verbally.
What does this mean in practice? Businesses operating in states within the Fifth Circuit (Texas, Louisiana, Mississippi) now have a credible legal argument that oral consent is sufficient for marketing texts. However, and this is critical, other circuits have not yet weighed in. The FCC’s written consent rule remains on the books. And if your case ends up in the Ninth Circuit or the Second Circuit, you may face a very different legal standard.
The smart play? Continue collecting written consent as your baseline. Treat the Fifth Circuit ruling as a potential defense, not a green light to relax your opt-in processes. The regulatory environment is still evolving, and businesses that cut corners now will pay for it later.
Carrier Vetting Is Getting Stricter Than Ever
While the legal landscape shifts, carriers are tightening their own enforcement mechanisms independently of the courts. If you use short codes, 10DLC numbers, or toll-free numbers for messaging, you have probably noticed that brand registration and campaign vetting have become significantly more demanding in 2026.
Here is what carriers now require during the vetting process:
- Verified business identity. Your EIN, business address, and registered agent information must match public records exactly. Discrepancies trigger rejection.
- Working phone numbers. The contact numbers listed in your registration must be active and reachable. Carriers are actually calling these numbers to verify.
- Real physical addresses. Virtual mailboxes and PO boxes are increasingly flagged. Carriers want to see a legitimate business location.
- Online presence verification. Your business needs an active website, social media presence, or both. Carriers cross-reference your online footprint against your registration details.
- Use case documentation. Generic descriptions like "marketing messages" no longer pass. You need specific, detailed explanations of what messages you send, to whom, and how recipients opted in.
This shift reflects a broader industry push to eliminate spam and bad actors from the messaging ecosystem. Carriers like T-Mobile, AT&T, and Verizon have all increased their filtering and blocking capabilities. Messages from unverified or poorly documented senders are getting throttled or blocked outright, often without warning.
For businesses that depend on SMS as a revenue channel, passing carrier vetting is not optional. It is table stakes.
CTIA Audits: What Triggers Them and What to Expect
The CTIA (Cellular Telecommunications Industry Association) sets the industry’s messaging guidelines through its Messaging Principles and Best Practices (MPBP). While these are technically voluntary, carriers enforce them as conditions of network access. If your messaging program violates CTIA guidelines, you risk suspension or permanent blocking.
CTIA audits can be triggered by several factors:
- Consumer complaints. Unsolicited message reports from recipients are the number one trigger. Even a small number of complaints relative to your volume can initiate a review.
- High opt-out rates. If your STOP request rate exceeds industry benchmarks, it signals to carriers and the CTIA that your messaging may not be fully consensual.
- Content violations. Sending content that does not match your approved use case, or sending prohibited content categories (SHAFT: sex, hate, alcohol, firearms, tobacco) on short codes, will draw scrutiny.
- Random audits. The CTIA also conducts periodic random audits of short code programs, regardless of complaint history.
During an audit, you will be asked to provide documentation of your opt-in flow, sample messages, your privacy policy, and proof that you honor opt-out requests. If you cannot produce this documentation quickly and completely, your program can be suspended within days.
The best defense against audits is not avoiding them. It is being ready for them at all times.
What Your Business Needs to Do Right Now
Compliance is not a one-time setup. It is an ongoing operational discipline. Here are the concrete steps every business sending SMS should take in 2026:
1. Lock Down Your Opt-In Flows
Every recipient in your database should have a clear, documented opt-in. For marketing messages, this means explicit consent, not implied. Whether you collect consent via web form, text-to-join keyword, or point-of-sale, the mechanism must be recorded with a timestamp, the source, and the specific language the consumer agreed to.
2. Handle STOP and HELP Properly
This sounds basic, but it is one of the most common compliance failures. When a recipient texts STOP, they must be immediately suppressed from all future messages on that campaign. No confirmation messages after the opt-out acknowledgment. No "Are you sure?" follow-ups. HELP responses must include your program name, a customer service contact, and opt-out instructions.
3. Maintain Comprehensive Documentation
If you cannot prove compliance, you are not compliant. Maintain records of every opt-in, every opt-out, your message templates, your privacy policy, and your terms of service. These records should be instantly accessible, not buried in a database backup from six months ago.
4. Audit Your Own Program Regularly
Do not wait for the CTIA or a carrier to audit you. Run internal compliance reviews monthly. Check your opt-out rates, complaint volumes, and message content against your approved use cases. Catch problems before they become enforcement actions.
5. Keep Your Registration Current
If your business address, phone number, or contact information changes, update your carrier registrations immediately. Stale registration data is one of the fastest ways to get flagged during vetting refreshes.
How AI and Automation Are Changing the Compliance Game
The volume and complexity of SMS compliance requirements have reached a point where manual processes alone are not sustainable. This is where AI and automation are making a real difference.
Modern compliance systems can monitor messaging programs in real time, flagging content that drifts outside approved use cases before it reaches consumers. Auto-suppression tools ensure that opt-out requests are processed instantly across all campaigns and channels, eliminating the human error that leads to violations.
AI-powered analytics can also identify early warning signs, like rising opt-out rates or unusual complaint patterns, and alert compliance teams before those signals escalate into audits or suspensions. At Tells, our Gideon compliance system uses this kind of proactive monitoring to help clients stay ahead of issues rather than reacting to them after the damage is done.
The businesses that will thrive in this environment are the ones that treat compliance as infrastructure, not paperwork. Automated systems do not forget to suppress a number. They do not miss a STOP request at 2 AM. They do not let a campaign launch with unapproved content.
The Bottom Line
SMS compliance in 2026 is more complex and more consequential than it has ever been. The Fifth Circuit ruling introduced new legal uncertainty. Carriers are raising the bar on who gets to send messages. The CTIA is auditing more aggressively. And consumers are less tolerant of unwanted texts than ever before.
None of this means you should stop using SMS. It remains one of the most effective communication channels available, with open rates that email marketers can only dream about. But the businesses that succeed with SMS in 2026 will be the ones that invest in compliance as seriously as they invest in their messaging strategy.
The rules have changed. Make sure your program has changed with them.
