U.S. VoIP & SMS Compliance Checklist for SMBs (10DLC, E911, TCPA)
VoIP and SMS are powerful communication tools for SMBs, but they come with compliance responsibilities. Ignoring SMS regulations or E911 setup could result in legal penalties, blocked messages, or poor customer experience.
Here’s your comprehensive guide to VoIP and SMS compliance in the United States.
Caller ID and STIR/SHAKEN Authentication
To prevent robocalls and spoofing, the FCC requires VoIP providers to implement STIR/SHAKEN authentication. This technology verifies that the caller ID matches a known, verified source.
Best practices:
- Only use business numbers you legally own.
- Configure your caller ID name (CNAM) with your provider.
- Choose a provider that supports STIR/SHAKEN to avoid your calls being labeled as spam.
SMS Compliance: Consent, Opt-Out, and Content
Texting customers legally requires adherence to TCPA and CTIA rules. Here’s how to stay compliant:
- Obtain consent: Only text users who’ve explicitly opted in.
- Allow opt-outs: Messages should include instructions like “Reply STOP to unsubscribe.”
- Be transparent: Let customers know what kinds of texts they’ll receive and how often.
10DLC Registration for Business Texting
If your business uses a local phone number for SMS, you must complete 10DLC registration to avoid message filtering.
To register:
- Submit your business details (EIN, address).
- Describe your SMS campaign use cases.
- Work with your provider to file with The Campaign Registry.
E911 Setup for VoIP Systems
VoIP systems must support Enhanced 911 (E911) so that emergency responders can locate your business.
Setup tips:
- Register your physical address in your VoIP provider’s admin portal.
- Update it anytime your team changes location.
- Train your staff on using 911 directly from VoIP phones.
OnSIP explains E911 requirements.
Do-Not-Call Registry and Outbound Calling Rules
If you engage in outbound marketing or sales calls:
- Screen contacts against the National Do-Not-Call Registry.
- Follow TCPA rules—no calls before 8am or after 9pm local time.
Avoid robocalling or auto-dialing cell phones without prior express written consent.
HIPAA and Industry-Specific Compliance
Medical, dental, and wellness providers must ensure HIPAA compliance. Choose a VoIP/SMS provider that offers:
- A signed Business Associate Agreement (BAA)
- Secure data storage and encrypted communication
Final Word
Staying compliant with VoIP and SMS regulations is essential for delivering trusted, high-quality communication to your customers. Modern platforms make it easy, but you must take the time to set things up correctly—especially for SMS consent and emergency dialing.
FAQs
Q: Do I need consent to text customers?
A: Yes. Under TCPA rules, you must receive prior express consent before texting a customer—especially for marketing. Consent can be given via online forms, text keywords, or written agreements. Without it, your messages may be illegal and subject to fines.
Q: What is 10DLC and why is it important?
A: 10DLC (10-digit long code) is a standard phone number format for U.S. business texting. Carriers require businesses to register their number and use case to reduce spam. Registered 10DLC numbers enjoy higher delivery rates and credibility.
Q: How do I stop my texts from being blocked?
A: Make sure your number is registered through 10DLC, your messaging content follows CTIA best practices, and you always honor opt-out requests. Unregistered or non-compliant messages risk being filtered or blocked.
Q: What’s E911 and why does it matter for VoIP?
A: E911 links your VoIP number to a physical location so emergency services can respond accurately when someone calls 911. VoIP services are required to collect and maintain this information. Failing to do so could delay emergency response.
Q: Is HIPAA relevant to my VoIP phone system?
A: If you’re in healthcare and use phones or SMS to share patient information, HIPAA applies. Choose a provider that offers HIPAA-compliant features and a signed BAA to protect sensitive data.
