SMS compliance is not one rulebook — it’s dozens. Cross a border and the rules on consent, sender identity, sending hours, and even which words you’re allowed to send all change. A campaign that’s perfectly legal in the US can be silently blocked in India, illegal in Brazil, and require an “ADV” prefix in Singapore.
If you message customers internationally, here’s the landscape you’re operating in — the shared principles first, then the regional specifics.
For the deep dive on the US specifically, see TCPA Compliance for SMS.
The principles that travel everywhere
Despite the variation, almost every regime rests on the same five pillars:
- Consent. Explicit opt-in is the near-universal baseline — usually stricter for promotional messages than transactional ones.
- Easy opt-out. Leaving must be as simple as joining, typically via a STOP keyword, and honored promptly.
- Sender identification. Many markets require pre-registered sender IDs (numeric, alphanumeric, or both) before you can send a single message.
- Content limits. The SHAFT categories — sex, hate, alcohol, firearms, tobacco — plus gambling and drugs, are restricted or banned in most countries.
- Quiet hours. Many regions forbid promotional sends outside set daytime windows in the recipient’s local time.
Get those five right everywhere, and you’re 80% compliant. The other 20% is local detail — and it’s where messages get blocked.
The world, region by region
| Region | Key law / regime | What stands out |
|---|---|---|
| United States | TCPA + CTIA, TCR registration | Written consent for marketing; STOP keywords; per-message penalties; state-level rules stack on top |
| Canada | CASL | Express consent default; implied consent windows (2 yrs post-purchase); fines up to CAD 10M for businesses |
| EU / EEA | GDPR + ePrivacy Directive | Among the strictest worldwide; explicit opt-in; revoking must be as easy as granting; country quirks (e.g. no Sunday sends in France) |
| India | TRAI DLT platform | Mandatory DLT registration of templates, headers & consent; links must be whitelisted; promo only 10am–9pm |
| China | Template pre-approval | Long codes only; templates, license & website required; broad content bans (finance, real estate, politics) |
| Singapore | PDPA | Promotional messages must begin with "ADV"; consent and opt-out required |
| Australia | Spam Act | Letter of authorization for sender IDs; strict gambling licensing; political/religious content restricted |
| Saudi Arabia | CITC rules | Local presence required; promo only 8am–10pm; "-AD" suffix; shorteners strictly forbidden |
| Brazil | Local carrier rules | Opt-out in every message; quiet hours incl. no Sunday sends; alphanumeric IDs need local presence |
| Colombia | CRC regulations | Explicit opt-in; marketing & debt collection only 8am–9pm; non-Latin identifiers unsupported |
A few patterns worth internalizing
Reading across the table, some themes repeat:
- Registration is becoming the norm, not the exception. India’s DLT, the US TCR, Canada’s new long-code rules, China’s templates — pre-clearing your identity and content is increasingly mandatory worldwide.
- Quiet hours are local, and they vary. 8am–9pm in the US, 10am–8pm in Morocco, no Sunday sends in Brazil or France. Always compute against the recipient’s time zone and calendar.
- Link handling is tightening. Public URL shorteners are filtered or banned in the US and the Gulf; India requires whitelisting every link. Use branded, dedicated domains.
- Sender ID formats differ. Alphanumeric IDs are common but often capped (11 characters in several markets), sometimes barred for two-way traffic, and frequently require a letter of authorization.
Best practices for going global
You can’t memorize every rule, but you can build a process that absorbs them:
- Get explicit, written consent and log it — with timestamp, source, and the exact language shown.
- Verify content legality in each destination country before you send.
- Respect local quiet hours computed in the recipient’s time zone.
- Register sender IDs wherever the market requires it.
- Make opt-out trivial and process it fast, in every market.
- Keep retrievable consent records — they’re your defense if challenged.
- Partner with a provider that has direct carrier relationships and in-market compliance expertise; it’s the difference between delivered and blocked.
The takeaway
100% global compliance can feel unreachable — but the cost of getting it wrong (blocked messages, fines, reputational damage, lost revenue) is far higher than the cost of doing it properly. Standardize on the strictest common denominator, adapt the local details per market, and treat consent and registration as permanent infrastructure. Done right, international SMS stays a reliable retention channel everywhere you operate.
This article is informational and not legal advice. Regulations change frequently; consult qualified counsel for each market you send to.