On April 11, 2025, the US Federal Communications Commission (FCC) will begin enforcing an enhancement to The Telephone Consumer Protection Act (TCPA) regarding the way that consumers revoke consent for voice and messaging business communications.  While these rules also apply to voice, for the purpose of this post, we’ll focus on messaging.  However, we must keep in mind that the rules also cross over channels – so a revocation of consent on one channel applies to the other channel (and other messaging campaigns or programs) for a particular business.  Nice, huh! 

The Report and Order and Further Notice of Proposed Rulemaking (Docket #02-278) makes it easier for consumers to revoke consent and requires that “callers and texters implement requests in a timely manner.” These are important changes that everyone in A2P / Business Messaging (SMS, MMS, RBM) will need to comply with to stay in compliance with TCPA regulations.

It should be noted that, first and foremost, this does not change in any way, the existing requirements for consent and revocation of consent that are detailed in the CTIA Principles and Best Practices as well as Short Code Handbook.  But it does provide TCPA-level clarifications and more stringent regulation around revocation of consent. While, as of this writing, I’m not aware of any pending updates to the CTIA documents, I would not be surprised that we will see an upcoming update that covers this new ruling, should it actually go into effect on April 11^th.  

Also, as of this writing, there is more than one request for delay (one year), based on valid arguments from medical as well as banking / credit union associations.

Let’s review the four specific requirements:

1. Consumers may revoke consent through any reasonable means

For compliant A2P messaging, we’ve always included “Reply STOP to opt-out” type messages, but brands should be prepared to respond to many other keywords such as: END, QUIT, UNSUBSCRIBE, STOP IT, CANCEL, REVOKE, NO MORE, and others. This is a good opportunity to incorporate AI language processing into CRM systems or messaging flows, to detect a reasonable revocation request.  Because the FCC says, and other legal interpretations have indicated that the consumer can use a non-prescribed method of revoking their consent.  Certainly, any and all prescribed methods (as indicated by the standard “Reply STOP to opt-out of further messaging.”) are definitely opt-out requests that must be applied.

There could also be other channels if the brand/businesses use voice for example.  The rules include the ability to opt-out via other channels outside of messaging (email, social media, if either are available; or, even through a phone call or personal interaction). But that opt-out must also apply to messaging.  Business must be in a position to process other opt-out options which can be considered “reasonable.”

Additionally, the consumer may alternatively revoke consent on a channel different from the channel they received the original communications.  For example, they can send STOP or END to a known short code or 10DLC after receiving a marketing voice call.

The primary guidance here is to enable employees of the business that could potentially receive or review these revocation requests (if not automatically done via receipt of an appropriate revocation text response), to review the consumer request, however it comes, and act upon it in the brand/business’s messaging flow or CRM.  In other words, the business should be ready for an opt-out in a number “reasonable methods.”

But really, since the business messaging industry has been following the CTIA Guidelines and/or Short Code Handbook, the basic guidance of opt-out, which is now further codified (and expanded) in TCPA, has always been rather clear (from Section 5.1.3 of the CTIA Messaging Principles and Best Practices:

“Message Senders should acknowledge and respect Consumers opt-out requests consistent with the following guidelines:

• Message Senders should ensure that Consumers have the ability to opt-out of receiving Messages at any time.
• Message Senders should support multiple mechanisms of opt-out, including phone call, email, or text; and
• Message Senders should acknowledge and honor all Consumer opt-out requests by sending one final opt-out confirmation message per campaign to notify the Consumer that they have opted-out successfully. No further messages should be sent following the confirmation message.”

So, for this, we in the messaging industry, should already be doing this.

2. Brands and Businesses must honor the opt-out requests within 10 business days.

Now for most A2P messaging (short code, 10DLC, and now RBM), the opt-out is almost instant for most implementations. But this actually tightens the TCPA rules. Carrier / CTIA Guidelines currently indicate that the receipt of the opt-out should absolutely mean that “No further messages should be sent following the confirmation message.”  While no specific timeline has been set, the general guidance has been that after the confirmation message is sent, NO additional messaging for that specific campaign or messaging program should be sent – whether the possible time of the next message is 10 seconds or 30 days or more.

The new TCPA regulations set this at 10 business days, and this should not be a problem for most messaging solutions in place today. But it’s worth reviewing any messaging practices to make sure that is absolutely the case. But in #3, below, the default revocation applies to all channels.  So, while messaging may be easily covered, it is important to pay attention to all channels.

3. By default, when a consumer revokes consent on one channel, that revocation applies to all channels and messaging campaigns (across all sender IDs for that brand: toll-free, short code, 10DLC, RBM).

This particular rule or the Scope of the Revocation is quite important. In their discussion the FCC notes (somewhat obscurely, I think, and I’m not a lawyer, nor do I play one on TV) that:

“…we take this opportunity to confirm that, when consent is revoked in any reasonable manner, that revocation extends to both robocalls and robotexts regardless of the medium used to communicate the revocation of consent. For example, if the consumer revokes consent using a reply text message, then consent is deemed revoked not only to further robotexts but also robocalls from that caller.”

I read this to be any, barring any clarification, to be any consented communications from that brand or business.  And herein is the I think the most impactful part of these regulations.

For many businesses, recipients may have opted in to multiple messaging campaigns/programs. For example, a bank may send out marketing communications, as well as fraud alerts, balance statements, notifications of transactions and more. If the user replies “STOP” to the marketing communications, it may not mean that they wish to also stop all of the other important notifications.  (As an aside, herein is the core issue where the Banking / Credit Union consortium is asking the FCC for a 1-year delay).  And this can definitely be an issue, if not handled correctly.  Item 4 below outlines how the regulations allow for a request for clarification message after the message sender receives the revocation of consent (or the STOP message if sent by the recipient).

4. The brand/business have a single opportunity to reply with a clarification message that helps the consumer understand that they can preserve consent for other campaigns and channels. 

For the messaging world, this clarification message effectively replaces the standard “STOP” message confirmation message.

As of this writing, there are no standard requirements for the structure of a clarification message; however, we should ultimately expect some guidelines from the US carriers, DCAs and quite possibly CTIA, The Campaign Registry, and Toll-free Gateways, as well as CPaaS / CSP providers that are managing RBM implementations. This is an important clarification, because by default, without consumer clarification, the single opt-out or consent revocation applies to all messaging and voice programs/campaigns for this particular brand to the extent that the messaging and voice calling fits within the FCC guidelines for consented communications.

If we use the guidelines that are in place for Opt-out confirmation messages, we can project these to the clarification message as well.  Here is a suggested Clarification Message.  Note that it is similar to what is required in a Confirmation Message.

[Brand Name] You have unsubscribed from receiving texts from us. Do you wish to unsubscribe to these messages only ( [1-2 word description] ) or all messaging and communications from us.  Reply 1 for All messaging and communications, 2 for just these particular [description] messages.

So now a messaging clarification might read:

[Big National Bank] You have unsubscribed from receiving texts from us. Do you wish to unsubscribe from these messages only (Marketing) or all messaging and communications from us.  Reply 1 for All messaging and communications, 2 for just these particular marketing messages.  

Alternatively, the message might read a little differently if the recipient was opting out from robocalls instead of texts:

[Big National Bank] You have unsubscribed from receiving calls from us. Do you wish to unsubscribe from these calls only (Marketing) or all messaging and communications from us.  Reply 1 for All messaging and communications, 2 for just these particular marketing calls.  

Now the recipient or consumer must make a choice.  No response assumes the consumer has opted out of all messaging and communications from the brand or business, per the FCC regulations.

Replying 1 has the same effect as no response from the consumer.  Replying 2 only stops the particular kind of communications that the consumer has opted out from and should preserve the other communications.

These confirmation messages may vary, of course, and there could be other options, but they must be accurate and simple to understand – especially when a brand offers different messaging campaigns and robocalls. Many brands/businesses have only one messaging campaign, so this isn’t a big issue. In fact, for them, the normal opt-out confirmation message is perfectly fine. But for businesses with marketing, notifications, 2FA, and other types or classes of messaging and calling – this needs to be handled carefully. I expect, in some cases, especially in the beginning months, there will be some unintended opting out from messaging programs that are different than what the consumer wanted to originally opt out of.

As the industry moves to RBM for A2P, here is an opportunity to design a well-functioning clarification message that could potentially list all possible messaging / calling options and enable the consumer to choose which one they wish to opt-out from.  But with SMS it will be a bit tricky.

From what I can see, the FCC is silent on whether or not the brand may also include a confirmation message after the consumer has responded to the clarification message – confirming what they have opted out of and indicating there will be no further communications.  Certainly, if I were opting out of a bank’s marketing messages, but wanted to keep fraud alerts, balance alerts, etc., — I would want that option to be clear.

---

April 11^th is coming quickly, and while there have been some requests for a 1-year delay, discussions I have had with some lawyers have indicated that it is likely to go into effect on the original date. That doesn’t mean that there might not be some last-minute pushback – look at what happened to the one-to-one consent rule, prior to the January 27^th date.

These are my thoughts from the messaging perspective and from someone who has been a part of this for many years. But I am not a legal expert. I would certainly consult legal advice on the ramifications of these new regulations.

Here are a couple of references that I used for this post:

• The TCPA’s New Opt-Out Rules Take Effect on April 11, 2025 – What Does This Mean for Businesses
• From TCPAWorld:  Quick One-Pager: TCPA Compliance Alert: New Revocation Rule Effective April 11, 2025

I know there are probably more, so if you have any more resources, please add them in the comments (here or where I post this on LinkedIn).

I hope we, as messaging stakeholders, can hear from CTIA and other registries that we all use and count on for successful business messaging. The 10DLC DCAs and Direct Connection partners for short codes should also be hearing from carriers as to what they prefer to see (which could be codified in the CTIA Guidelines).  Remember what we have in the CTIA Guidelines is both compliant with US carrier wishes as well as TCPA requirements.  And now with RBM building momentum, if there was ever a time for a new revision of the Guidelines, it is now. Additionally, these rules make it very clear that accurate, concise management of opt-in or consent across these key channels is a key feature that businesses must start to pay attention to. They must also keep these lists scrubbed by processing carrier deactivations as well as unassigned numbers. They should pay closer attention to Do-Not-Call registries. Non-compliance could become very expensive for brands who get caught. And, in fact, there will be violations.

Consent remains one of the most important parts of a successful business messaging program. In August 2022, I wrote a piece called The Case for Consent in Messaging.  Think it might be time to review that again?  Its importance cannot be overstated with these new revocation rules coming to fruition.

Let me hear your thoughts or questions.