What is A2P 10DLC?

Why A2P 10DLC was introduced

A2P 10DLC was introduced by the three major US mobile carriers (AT&T, T-Mobile, and Verizon) to separate legitimate business messaging from spam. Before A2P 10DLC, businesses often sent automated texts from personal-style phone numbers or shared short codes, with no standardized way for carriers to verify who was sending what. The result was a flood of spam and phishing messages that eroded consumer trust in SMS.

To address this, the carriers created The Campaign Registry (TCR), a centralized database where businesses must register their identity (brand registration) and the type of messages they intend to send (campaign registration) before any traffic is allowed through. Since February 2025, carriers block all SMS traffic from unregistered 10DLC numbers outright. Registration is handled through a Campaign Service Provider (CSP), which is typically the SMS platform a business uses to send messages, such as Twilio, Bandwidth, or similar services.

What is A2P?

A2P stands for Application-to-Person, meaning the messages originate from software rather than a human typing on a phone. Unlike traditional Person-to-Person (P2P) messaging, A2P is primarily one-way, where businesses send messages without expecting a reply.

Businesses use A2P messaging for a wide range of purposes, but the most common use case is marketing: promotional offers, product announcements, discount codes, and sales campaigns. Beyond marketing, A2P 10DLC also covers transactional messages like appointment reminders, order confirmations, shipping notifications, two-factor authentication codes, and customer service communications.

Do I need to register for A2P 10DLC?

Yes. If your business sends SMS or MMS messages to US phone numbers using 10-digit long code numbers, A2P 10DLC registration is mandatory. If you do not send messages to US numbers, registration is not required. Your brand type and registration path depend on your Tax ID status, messaging volume, and use case.

What are the compliance requirements for businesses sending SMS in the US?

To send A2P SMS or MMS messages to US phone numbers, businesses must meet the following compliance requirements:

• Register with The Campaign Registry (TCR) by completing both brand registration (verifying your business identity) and campaign registration (detailing your messaging use case) through your SMS provider.
• Obtain express consent for transactional messages and express written consent for marketing messages before sending any texts.
• include a terms of service with SMS-specific language and a privacy policy that discloses phone number collection and usage.
• Include HELP and STOP in every message, allowing recipients to opt out by texting STOP and request support by texting HELP at any time.
• Avoid including prohibited content categories in SMS content, such as gambling, cannabis, firearms, adult content, and certain financial products.
• Adhere to the Telephone Consumer Protection Act, which governs unsolicited messaging and carries penalties of $500 to $1,500 per violation.
• Align your messaging practices with the CTIA Messaging Principles and Best Practices, which carriers use to evaluate compliance.

Why A2P 10DLC compliance matters in 2026

Compliance with A2P 10DLC is no longer optional. Since February 2025, all major US carriers block SMS and MMS traffic from unregistered 10DLC numbers entirely. If your business sends messages from an unregistered number, those messages will not reach your recipients. But there’s even more reasons to make sure you’re compliant.

Failed compliance results in a failed application and wasted time.

Campaign vetting by TCR currently takes up to 10 business days, and rejected applications require resubmission with corrected information. Businesses that submit incomplete registrations or fail to meet website compliance requirements face weeks of delays before they can send a single message. Getting your compliance documentation right the first time avoids that bottleneck entirely.

Non-compliant traffic results in significant fines

Carriers enforce their own penalty structures for non-compliant traffic. T-Mobile, for example, charges $10,000 per content violation and $10,000 for sending messages from unapproved numbers, with additional tiered fines ranging from $500 to $2,000 for other offences such as phishing or prohibited content. In a statement to The Associated Press, T-Mobile confirmed these fines apply to third-party messaging vendors that send commercial mass messaging campaigns on behalf of other businesses.

The Telephone Consumer Protection Act (TCPA) creates a separate layer of legal exposure. Under 47 U.S.C. § 227, businesses face statutory damages of $500 per unsolicited text, rising to $1,500 per message for willful violations. These penalties are routinely enforced through class-action litigation. In 2025 and 2026 alone, Kaiser Permanente settled for $10.5 million, SiriusXM for $28 million, and Zales Jewelers for $7.5 million over TCPA violations related to unsolicited marketing messages.

How to register for A2P 10DLC

Registration is completed through your Campaign Service Provider (CSP), which is the SMS platform you use to send messages, such as Twilio, Bandwidth, or Infobip. The process involves two steps: brand registration and campaign registration.

Your chosen CSP will manage your A2P 10DLC registration through The Campaign Registry (TCR), the centralized database that tracks all registered brands and messaging campaigns in the US. Businesses do not interact with TCR directly.

Step 1: Brand registration

Before you can register a messaging campaign, your business must be registered as a brand. You provide your legal business name, Employer Identification Number (EIN), registered address, website URL, and contact details. TCR cross-references this information against IRS records to verify your business is legitimate. If your details match, brand approval is typically instant. Discrepancies trigger a manual review that can take up to seven days.

The type of brand registration you need depends on your business structure and messaging volume:

• Sole Proprietor: For individuals or small businesses without a Tax ID (EIN). This option supports low-volume traffic, with a hard limit of up to 1,000 messages per day to T-Mobile and up to 3,000 messages per day to US numbers overall.
• Low Volume Standard Brand: For businesses with a Tax ID (EIN) sending fewer than 6,000 SMS segments and MMS per day. This tier supports mixed messaging campaigns with multiple numbers per campaign and higher throughput than Sole Proprietor registration.
• Standard Brand: For businesses with a Tax ID (EIN) sending more than 6,000 SMS segments and MMS per day. This tier supports all campaign types with the highest available throughput.

Step 2: Campaign registration

Once your brand is approved, you register each messaging campaign you intend to run. You describe the type of messages you will send (marketing, transactional, two-factor authentication, etc.), provide three to five sample messages, and demonstrate how recipients opt in to receive your communications. Campaign vetting currently takes up to 10 business days for standard use cases, though timelines vary depending on submission volume and the complexity of your use case.

Once both registrations are approved, TCR assigns your campaign a trust score based on factors including your business’s legitimacy, web presence, and compliance history.

What is the TCR A2P 10DLC trust score?

A trust score is a numerical rating between 0 and 100, assigned to each brand by The Campaign Registry (TCR) during the A2P 10DLC registration process. This score informs mobile carriers (AT&T, T-Mobile, and Verizon) how trustworthy a business is, directly impacting the speed and volume of SMS and MMS messages that can be sent.

A2P 10DLC registration fees

TCR charges the following fees for A2P 10DLC registration, updated as of August 1, 2025:

These are TCR fees only. Your Campaign Service Provider may charge additional fees for campaign registration, monthly campaign maintenance, and per-message carrier surcharges. Check with your provider for a full breakdown of costs.

Registration for direct brands vs. ISVs

The registration process differs slightly depending on whether you are a direct brand or an Independent Software Vendor (ISV). A direct brand sends messages for its own products and services, such as a retailer sending order updates to its own customers. An ISV provides messaging services to other businesses, such as a SaaS platform that enables hair salons or hotels to text their clients. ISVs register their own brand first, then register each of their clients’ brands and campaigns through the same CSP, either via the platform’s console or through registration APIs.

What information do you need to register?

The information required for A2P 10DLC registration depends on your brand type. Gathering everything before you start the process helps avoid delays and rejected submissions.

What carriers and TCR review on your website

Many businesses assume A2P 10DLC compliance is purely about registration forms and message content. In practice, carriers and TCR reviewers examine your website as part of the vetting process, and what they find there directly affects whether your campaign is approved or rejected. Here is what reviewers look for:

Business name consistency

Your legal business name must match across your TCR registration, your website, and your email domain. Discrepancies between any of these are a common reason for rejection.

Visible terms of service

Your site needs a published terms of service (or terms and conditions) page that includes SMS-specific language covering message frequency, HELP and STOP instructions, and consent disclosures. Failure to provide this will result in a failed submission.

A functioning, professional website

Your domain must be a live, active site that reflects a real business. Parked pages, placeholder sites, and coming-soon pages will result in lower trust scores or outright rejection.

• A published privacy policy: Reviewers expect a privacy policy that addresses how phone numbers are collected, used, and stored.
• Opt-in disclosures at collection points: Any form, checkout flow, or sign-up page that collects phone numbers must include clear opt-in language explaining what the user is consenting to receive.
• Contact information: A visible physical address, phone number, or contact page that aligns with the details provided during registration.

Types of text messaging numbers

There are three main types of numbers businesses can use for text messaging, short codes, tell-free numbers and 10DLC numbers.

Businesses have several options for sending A2P messages, including short codes, toll-free numbers, and 10DLC. Here’s a quick comparison:

What your terms of service needs to include for A2P 10DLC

This is where most businesses run into trouble during A2P 10DLC registration. Carriers and TCR reviewers expect your terms of service to contain specific SMS-related language. If it is missing, your campaign will likely be rejected.

Make sure your SMS terms include

• A clear statement that your business sends SMS and/or MMS messages, along with a brief explanation of what those messages will contain (order updates, marketing promotions, appointment reminders, authentication codes, etc.).
• An indication of how often recipients can expect to receive messages. This can be a specific number (e.g. “up to 4 messages per month”) or a general statement such as “message frequency varies.”
• Message and data rates notice informing recipients that their mobile carrier may charge for receiving texts, e.g. “message and data rates may apply,”
• HELP and STOP instructions explaining that recipients can text HELP for assistance and STOP to opt out of further messages at any time. These keywords must also be honoured in every message your business sends.
• A description of how users consent to receive messages from your business, including where and how that consent is collected (sign-up forms, checkout flows, account registration, etc.).
• A statement explaining that once a user opts out by texting STOP, they will receive a confirmation message and no further texts will be sent.
• Contact information for recipients who wish to reach your business with questions about your SMS programme, whether that is an email address, phone number, or support page.

Without these elements, TCR reviewers may reject your campaign registration or request revisions, adding days or weeks to your timeline. GetTerms’ terms and conditions generator includes A2P 10DLC-ready language out of the box, covering each of these requirements so your terms are compliant from the start.

What your privacy policy needs to include for A2P 10DLC

TCR reviewers check for a published privacy policy during campaign vetting, and carriers expect it to address how phone numbers and messaging data are handled. Presumably, if your business is registering for A2P 10DLC, your business collects phone numbers for the purposes of SMS messaging – your privacy policy must reflect that.

Your privacy policy should cover:

• A clear statement that your business collects mobile phone numbers, including where and how they are collected (forms, checkout, account creation, etc.).
• An explanation of why phone numbers are collected and how they will be used, whether for transactional messages, marketing, authentication, or customer service.
• Disclosure of whether phone numbers are shared with third parties, including your Campaign Service Provider (CSP), SMS aggregators, or mobile carriers involved in delivering messages. If numbers are never shared for marketing purposes, state that explicitly.
• How long phone numbers and messaging records are stored, and under what circumstances they are deleted.
• How recipients can exercise their right to opt-out request deletion of their data or withdraw consent for SMS communications.

For businesses with recipients in California, the CCPA requires additional disclosures around the sale or sharing of personal information, including phone numbers. If your audience spans the EU or UK, GDPR obligations around lawful basis for processing, data subject rights, and international transfers also apply. These requirements sit alongside A2P 10DLC compliance rather than replacing it.

GetTerms’ privacy policy generator covers SMS data collection disclosures alongside TCPA, CCPA, and GDPR requirements, so your policy addresses both messaging compliance and broader data privacy obligations in a single document.

Opt-in requirements and where consent must appear

Both the TCPA and CTIA guidelines require businesses to obtain clear user-consent before sending SMS or MMS messages.

There are two levels of user consent:

1. express consent (required for transactional messages like order confirmations and appointment reminders)
2. express written consent (required for marketing and promotional messages, where the recipient must actively agree through a documented action such as checking a box or submitting a form). Pre-checked boxes do not count.

Opt-in disclosures must appear at every point where your business collects phone numbers, including sign-up forms, checkout flows, and account registration pages. The disclosure should state what messages the user will receive, the approximate frequency, and how to opt out.

A compliant example: “By providing us with your mobile phone number and/or opting in to receive Communications from us, you expressly consent to receiving our Communications at the mobile phone number you provided…To opt out of our Communications at any time, reply with “STOP” or “UNSUBSCRIBE” to any text Communications we send you.”

TCR reviewers may request screenshots or URLs showing your opt-in flow during campaign vetting, so keep your consent process clearly visible and well documented.

Content and messaging rules

Carriers enforce strict content restrictions on A2P 10DLC messaging.

1. Your actual message content must align with the use case you registered during campaign vetting. If you registered a campaign for transactional notifications, sending promotional marketing messages from that same campaign is a violation. Keep your messaging consistent with what was approved.
2. Every message your business sends must include your brand name and working HELP and STOP keywords. Recipients must be able to text STOP to opt out and HELP to receive support information at any time. Failing to honor these keywords is a compliance violation that can trigger carrier fines and campaign suspension.
3. Your message should include clear, non-spammy URLs. Avoid using public URL shorteners such as bit.ly or tiny.url in your messages. US carriers frequently block messages containing these links due to their association with phishing and spam. Use branded short links tied to your own domain instead.
4. The content of your message must not include prohibited content, regardless of how your campaign is registered. Prohibited content includes gambling, cannabis and CBD, firearms, adult content, hate speech, and certain financial products such as payday loans, debt relief, and credit repair. Carriers refer to these restricted categories collectively as SHAFT content (Sex, Hate, Alcohol, Firearms, and Tobacco).
5. You must not share mobile phone numbers, text messaging originator data, or text messaging consent data of consumers with third parties or affiliates, unless they are aggregators or providers of the text message services.

How to get your website compliance-ready

Before you begin A2P 10DLC registration, audit your website against the requirements covered in this guide. Specifically:

1. Confirm your legal business name is consistent across your website, email domain, and the details you plan to submit during registration.
2. Publish a terms of service page that includes SMS programme disclosures: message types, frequency, HELP and STOP instructions, message and data rates notice, and consent language.
3. Update your privacy policy to disclose that your business collects phone numbers, how they are used for SMS messaging, and whether they are shared with third parties.
4. Add compliant opt-in disclosures to every form, checkout flow, or sign-up page that collects a mobile phone number.
5. Ensure your website is live, professional, and includes visible contact information that matches your registration details.