Quick answer. A compliant US RCS program needs, at minimum: a registered brand and approved use-case/campaign; a verified RCS sender; a clear opt-in call-to-action with all required disclosures; documented, explicit consent (written for marketing); a confirmation message; easy opt-out with STOP honored within 10 business days; an accessible privacy policy and terms; no prohibited (SHAFT) content; and consent/audit records kept for at least five years. The checklist below is the practical version.
The checklist
- Register your brand (KYC) and get each campaign / use case approved through the Campaign Registry and carriers.
- Verify your RCS sender so every message carries your name, logo, and verification — never a random number.
- Publish a clear call-to-action with brand name, message description, frequency, “msg & data rates may apply,” and opt-out instructions.
- Capture explicit opt-in — prior express written consent for marketing; prior express consent for transactional — and record the source, method, and timestamp.
- Send a confirmation (opt-in) message, and include opt-out instructions on recurring programs.
- Honor opt-outs: treat STOP/QUIT/END/CANCEL/UNSUBSCRIBE/OPT OUT/REVOKE as valid, stop within 10 business days, send only one clarification message.
- Link a privacy policy and terms from the opt-in, and use data only for the disclosed purpose.
- Avoid prohibited SHAFT content (sex, hate, alcohol, firearms, tobacco) and other restricted categories.
- Keep consent and opt-out audit logs for at least five years (FTC TSR).
- Follow CTIA Messaging Principles, all four carriers’ rules, and Google RBM policies.