What Is A2P 10DLC? Registration & Compliance Guide (2026)
A2P 10DLC (Application-to-Person, 10-Digit Long Code) is the US carrier-mandated framework for sending business SMS from local phone numbers. If you send Application-to-Person (A2P) text messages — appointment reminders, order updates, marketing, or two-way conversations — you must register the brand and the campaign with The Campaign Registry (TCR), and you must be able to prove how each recipient consented. This guide walks through everything: 10DLC compliance requirements, brand registration, campaign approval, consent requirements, common rejection reasons, and how to stay compliant after launch.
What is 10DLC?
10DLC is the standardized A2P messaging program operated by US mobile carriers (T-Mobile, AT&T, Verizon) through The Campaign Registry. It replaced the older "long code" approach where businesses could text from any 10-digit number with no oversight.
Under 10DLC, every business that sends application-driven SMS must:
- Register the brand (the legal entity sending the messages).
- Register one or more campaigns (the specific use case — marketing, customer care, 2FA, etc.).
- Provide consent proof — evidence that each recipient explicitly opted in.
- Maintain compliance signals like opt-out (STOP) handling and HELP responses.
Carriers throttle or block traffic from unregistered numbers and from registered numbers whose actual sending behavior doesn't match the approved use case.
Who needs to register
Anyone sending business SMS to US numbers needs 10DLC registration. That includes:
- E-commerce brands sending order updates, shipping notifications, and promos.
- Real estate agents sending property alerts and appointment reminders.
- Marketing agencies running SMS for clients (each client = a separate brand).
- GoHighLevel sub-accounts, Twilio customers, Bandwidth customers, and every other CPaaS user.
- Any service business that sends appointment reminders or quote follow-ups.
The only major exception is Person-to-Person (P2P) messaging — true 1:1 conversations from an actual human. The moment you template, automate, or send to more than a small handful of people, you're A2P and you need to register.
Brand registration
Brand registration is where most businesses get stuck. The brand record must exactly match your IRS-recorded legal entity. The most common rejection is legal name vs. EIN mismatch — for example, registering as a DBA when the EIN is held by the parent LLC.
- What you'll need:
- Legal company name (exactly as it appears on your CP-575 EIN letter).
- EIN (or DUNS for non-US entities).
- Physical business address.
- Website URL.
- Authorized representative contact info.
If your name and EIN don't line up, you'll need to request a 147c letter from the IRS. Plan for this upfront — fixing it after submission can take 1–2 weeks.
Campaign approval
After your brand is verified, you submit a campaign for each use case. The campaign declares:
- Use case (Marketing, Mixed, Account Notifications, Customer Care, 2FA, etc.).
- Sample messages.
- The opt-in flow (URL to your consent form, screenshots, or description).
- Whether you handle subscriber-initiated opt-outs.
The opt-in flow is what trips up the most campaigns. Carriers want to see a real, accessible URL where people opt in — with the SMS consent checkbox unchecked by default, the brand name in the disclosure, message frequency, and "Msg & data rates may apply." If you can't show that page, the campaign gets rejected.
Consent requirements
Express written consent is the legal standard. For 10DLC, that means:
- A separate, unchecked checkbox dedicated to SMS consent (not bundled with email).
- A clear disclosure that includes the brand name, message purpose, frequency, and standard "Msg & data rates may apply / STOP to cancel / HELP for help" wording.
- A timestamped record of who opted in, when, what they saw, and from what IP.
- For litigation defense and carrier audits, that record should be hashed (SHA-256) and ideally accompanied by a session replay of the opt-in moment.
Tools like OptInFix automate all of this and generate a TCR-ready opt-in URL you paste directly into your campaign submission.
Common rejection fixes
Top reasons campaigns get rejected — and how to fix each:
- Opt-in URL not accessible — make sure the page loads publicly (no login wall) and shows the consent UI.
- Sample messages don't include STOP/HELP — every sample should reference opt-out instructions.
- Use case mismatch — if you submitted Marketing but your samples are appointment reminders, switch to Mixed or Account Notifications.
- Brand name missing in disclosure — the consent text must name the legal sending entity.
- Phone field marked required without consent checkbox — TCR reviewers reject this. Make the checkbox the gate.
10DLC pricing
Carriers charge fees layered on top of your messaging platform pricing:
- Brand registration: ~$4 one-time + ongoing vetting fees ($40–$2,000 depending on tier).
- Campaign registration: ~$10 one-time + monthly campaign fees ($1.50–$10/mo per campaign).
- Per-message fees: ~$0.001–$0.005 carrier surcharge per outbound segment, in addition to your CPaaS rate.
These fees are mandatory and non-negotiable. They are passed through by every messaging platform (Twilio, Bandwidth, GoHighLevel, etc.).
Frequently asked questions
How long does 10DLC registration take?+
Brand verification is typically 1–3 business days for low-volume tiers and 5–10 days for vetted standard brands. Campaign approval is usually 1–7 days after the brand is verified, assuming the opt-in URL and sample messages pass review.
Do I need 10DLC if I only text 50 people a day?+
Yes. Volume doesn't determine A2P classification — automation and templating do. If you're using a platform (GoHighLevel, Twilio, Klaviyo, etc.) to send templated messages, even at low volume, you need 10DLC registration.
What happens if I send SMS without 10DLC registration?+
Carriers will throttle, filter, or completely block your messages. T-Mobile applies a $2,000–$10,000 per-violation fee for unregistered traffic. AT&T and Verizon block silently. Beyond carrier penalties, you're exposed to TCPA lawsuits at $500–$1,500 per message.
Can one EIN cover multiple 10DLC brands?+
One EIN = one brand. If you're an agency managing 50 clients, each client needs its own brand registration tied to that client's EIN. You cannot register all clients under your agency's EIN.
Does opt-in via web form satisfy 10DLC consent?+
Yes — provided the form has an unchecked SMS-only checkbox, includes the brand name and required disclosure text, and you can produce a timestamped record showing what the user saw and when. Tools like OptInFix produce this record automatically.
Related reading
First-time 10DLC registration walkthrough with sample messages and consent proof.
How agencies handle 10DLC across 50+ client sub-accounts.
Build a hash-locked consent record that survives discovery.
How the leading consent platforms stack up for SMS.