The SMS rate disclosure—standardly phrased as “Message and data rates may apply” or “Msg & data rates may apply”—is a mandatory consumer notice required in every opt-in flow for business SMS programs and in every SMS message sent as part of a marketing or promotional campaign. Its presence is a carrier compliance requirement enforced during DCA review for TCR campaign registration and a consumer protection standard enforced by the FCC. The TCR 101 guide covers the broader A2P compliance framework; this article isolates the rate disclosure element specifically—what it must say, where it must appear, and what happens when it is absent.
The disclosure communicates to consumers that receiving or sending SMS messages may incur charges from their mobile carrier depending on their plan. Plans with unlimited text messaging incur no additional charges; plans with per-message billing or data caps may. The disclosure does not specify an amount because the charge, if any, is determined by the consumer’s carrier plan, not by the sending business. Its purpose is notification, not quantification.
SMS Rate Disclosure Required by Law: The Regulatory Framework
The SMS rate disclosure is required by a combination of FCC regulations governing consumer disclosures in commercial communications and CTIA carrier compliance standards that carriers enforce through their DCA review processes. The FCC does not publish a specific mandatory phrase, but CTIA’s guidelines—which carriers adopt as their compliance standard—require the disclosure in all promotional SMS opt-in flows.
The msg and data rates may apply tcr requirement emerges from TCR’s campaign registration process: DCA reviewers verify that sample messages and opt-in form language contain required disclosure elements, including the rate disclosure. A campaign registration that omits the rate disclosure from all sample messages may generate a rejection in the 8000-series error codes (sample message deficiency). An opt-in form submitted during brand verification that omits the disclosure from visible consent language raises a compliance flag.
The practical enforcement mechanism is carrier-level: AT&T, T-Mobile, and Verizon all require CTIA-compliant opt-in flows as a condition of campaign approval, and their DCA review processes verify that sample messages reflect what actual subscribers receive. More on carrier registration context is available in the TCR / 10DLC / A2P FAQ.
The Exact Wording and Acceptable Variations
The standard sms rate disclosure phrase has several accepted formulations, all of which satisfy the regulatory and carrier compliance requirement:
“Message and data rates may apply” — the full-phrase standard, preferred for website opt-in forms and email opt-in confirmations where character count is not constrained.
“Msg & data rates may apply” — the abbreviated standard, used in SMS messages themselves where character count matters. This formulation appears in TCR sample message requirements and carrier approval documentation.
“Msg and data rates may apply” — an acceptable hybrid. The word “and” rather than the ampersand is a matter of style, not compliance.
“Standard msg & data rates may apply” — sometimes used to specify that charges are at standard carrier rates rather than premium rates. Acceptable but adds no compliance value over the standard phrase.
What is not acceptable: omitting the disclosure entirely, replacing it with a general data notice that does not specifically address message rates, or burying it in a linked terms document rather than presenting it in the opt-in flow itself. An opt-in form that links to a Terms of Service page containing the disclosure but does not display it adjacent to the consent action fails the CTIA placement standard even if the language is technically present somewhere on the linked page.
Where to Place the SMS Rate Disclosure in Opt-In Forms
The CTIA placement standard for sms rate disclosure opt-in form placement requires that the disclosure appear adjacent to the consent action—visible to the consumer before they complete the opt-in, not after. For digital opt-in forms, this means placing the disclosure in the form body, between the phone number field and the submit button, as part of the consent statement rather than in a footer below the submit button.
Compliant opt-in consent block for a promotional SMS program:
“By submitting this form, you agree to receive promotional text messages from [Brand Name] at the number provided. Message frequency varies. Msg & data rates may apply. Reply STOP to unsubscribe, HELP for help.”
The rate disclosure appears within the consent statement, before the submit action. The consumer encounters the disclosure as part of the opt-in language they are affirming, not as a footnote after they have already consented.
For SMS opt-in collected via keyword (text JOIN to 12345), the disclosure must appear in the immediate confirmation message the subscriber receives after opting in: “You’re now opted in to [Program Name] updates. Msg & data rates may apply. Reply STOP to unsubscribe.”
For verbal opt-in collected by phone or in person, the disclosure must be stated verbally as part of the consent collection script and documented in the opt-in record.
SMS Rate Disclosure in Sample Messages for TCR Registration
When registering an SMS campaign with TCR, sample messages must reflect the content actual subscribers will receive. For promotional campaigns, at least one sample message must contain the opt-out instruction and rate disclosure. DCA reviewers verify that sample messages include required compliance elements; samples that represent only the promotional content without disclosure elements fail content review.
The data rates may apply short code vs. 10dlc disclosure requirement is functionally identical between the two number types for consumer-facing communications. The distinction is in registration architecture: short code programs are registered through the Short Code Registry with carrier-specific approval processes, while 10DLC programs are registered through TCR. Both require the MDRA (Message and Data Rate Advisory) disclosure in opt-in flows and in campaign materials.
Where to place the disclosure in actual messages: if your message is a promotional send, include the disclosure in the first or last message of a campaign series. Repeating the disclosure in every promotional message is not required but is common practice for high-volume programs. For triggered transactional messages (shipping updates, appointment reminders), the disclosure must be present in the opt-in confirmation but does not need to appear in every individual triggered message.
SMS Rate Disclosure Examples for Opt-In Forms Across Use Cases
Appointment reminder opt-in (healthcare, service businesses): “By providing your phone number, you consent to receive appointment reminders from [Business Name]. Msg & data rates may apply. Reply STOP to opt out.”
E-commerce promotional opt-in: “Sign up for exclusive deals. Text DEALS to 55555 or check the box below. Message frequency varies. Msg & data rates may apply. Reply STOP to unsubscribe, HELP for help.”
Loyalty program opt-in: “Join [Brand] Rewards texts to earn points. By opting in, you agree to receive updates about your rewards balance and exclusive member offers. Msg & data rates may apply. Approx. 4 msgs/month. Reply STOP to cancel.”
Real estate lead response: “By submitting this form, a [Brand Name] agent may contact you by text about your property inquiry. Msg & data rates may apply. Reply STOP at any time to stop receiving messages.”
Each example positions the rate disclosure as part of the consent statement, visible before the opt-in action, in the standardized phrase CTIA requires.
Building a Complete SMS Opt-In Compliance Audit
The sms rate disclosure is one required element within a larger consent compliance framework. Complete opt-in language for CTIA compliance includes: the business name, program description, message frequency statement, rate disclosure, opt-out instructions (STOP keyword), and HELP information. Missing any one of these elements creates a compliance gap independent of the others. The TCR Registration Checklist covers all required elements across the full registration workflow. Full consent management framework guidance is available through Consent Management Resources.
Validate your SMS opt-in disclosure language—including rate disclosure placement, wording, and the surrounding consent elements—through the SMS Consent Language Validator before deploying it at scale. The validator checks each required element against current CTIA and TCR registration standards and flags any gaps that would trigger a DCA review failure or carrier compliance issue.
