The Definitive Guide to SMS Compliance in Ireland

By Phonovation — trusted SMS delivery for Irish organisations.

Introduction

SMS is one of the most effective and trusted communication channels for Irish organisations. It is commonly used for appointment reminders, delivery updates, customer alerts, and promotional campaigns because messages are opened quickly and taken seriously.

Because SMS is direct and personal, it must be used responsibly. There are clear rules that ensure messages are respectful, expected, and lawful, protecting both the public and organisations.

This guide explains how to send SMS compliantly in Ireland. It is written in simple, practical language for teams across marketing, operations, customer support, IT, CRM, and compliance. The focus is on what organisations need to know and what they need to do to use SMS safely and effectively.

In this guide, you will learn:

•	What SMS compliance means in Ireland 
•	The responsibilities of your organisation, your provider, and mobile networks 
•	What Sender IDs are and why they matter 
•	How to collect SMS contacts correctly 
•	How to classify the messages you send 
•	When consent is required 
•	How opt-outs must work 
•	How GDPR and ePrivacy apply in practice 
•	The internal processes that protect your organisation 

This guide helps you build or improve an SMS programme that is clear, compliant, and trusted.

What SMS Compliance Means in Ireland

SMS compliance in Ireland means sending messages that are lawful, transparent, and expected. It requires organisations to use personal data responsibly, communicate clearly, and give people control over what they receive.

SMS compliance is shaped by three key areas: GDPR, ePrivacy regulations, and ComReg rules.

GDPR - Data Protection Rules

GDPR applies to every SMS you send because a mobile number is personal data.

It requires organisations to:

• Have a lawful basis for sending each message

• Be clear about how data is collected and used

• Handle personal data securely

• Be able to prove consent where required

• Respect people’s rights, including the ability to withdraw consent

GDPR governs how you collect, use, and manage personal data before, during, and after sending SMS.

ePrivacy Regulations — Marketing Rules

ePrivacy rules determine how SMS marketing messages can be sent.

They define:

• When consent is required

• What counts as a promotional message

• How opt-outs must be provided

• How existing customer relationships affect messaging

• How you must identify your organisation

ePrivacy focuses on the content of your messages and the rules around marketing communication.

ComReg — Safety and Trust Rules

ComReg ensures SMS communication is clear, fair, and safe for consumers.

Their role includes:

• Requiring clear sender identification

• Protecting customers from misleading or harmful messages

• Enabling networks to block fraudulent or suspicious SMS

• Regulating premium-rate services

• Handling complaints and enforcement

ComReg focuses on sender identity, fraud prevention, and message clarity, which directly impacts how SMS campaigns operate.

Who Is Responsible for SMS Compliance?

SMS compliance is a shared responsibility between your organisation, your SMS provider, and mobile networks. Each plays a distinct role in ensuring messages are lawful, secure, and trusted.

Your Organisation

Your organisation is primarily responsible for SMS compliance.

You decide:

• Who to contact

• What messages to send

• Whether consent is required

• How consent is collected

• How opt-outs are handled

• How personal data is stored and protected

• What lawful basis applies

• How customers control communication

In practice, your organisation must:

• Send marketing messages only with valid consent

• Maintain accurate, up-to-date consent records

• Use clear and compliant Sender IDs

• Respect opt-outs immediately

• Train staff involved in messaging

• Configure CRM systems correctly

• Manage message timing and frequency

• Ensure all content is compliant

Most compliance issues arise from internal processes, not intent.

SMS Providers

SMS providers are responsible for the secure and compliant delivery of your messages.

They should provide:

• Secure, compliant message routing

• Reliable delivery infrastructure

• Fraud and spam protection

• Audit-ready delivery logs

• Sender ID registration and verification

• Approved connectivity with Irish networks

• Message integrity throughout delivery

A compliant provider supports and reinforces SMS regulations, not just message delivery.

Not all providers meet these standards. Some organisations choose providers that take a compliance-first approach, including:

• Using approved or direct network connections

• Verifying Sender IDs in line with Irish rules

• Blocking suspicious or anonymous traffic

• Maintaining clear audit trails

Choosing the right provider helps reduce risk and supports compliance with GDPR, ePrivacy, and ComReg requirements.

Mobile Networks

Mobile networks enforce rules that protect SMS users.

They are responsible for:

• Filtering harmful or suspicious messages

• Blocking spoofed Sender IDs

• Enforcing transparency and fairness rules

• Monitoring high-risk traffic

• Supporting investigations and fraud detection

Networks are increasingly strict, especially around sender identity, making compliance essential for successful message delivery.

Sender IDs

To send SMS in Ireland, you must use a registered and verified Sender ID.

A Sender ID is the name that appears at the top of a text message before it is opened, such as:

Phonovation, HappyStore, ParcelTrack, or CityClinic.

If your Sender ID is not registered, your messages may be labelled as “Likely Scam.” This is a critical requirement introduced in Ireland and a common cause of delivery and trust issues.

Why Sender IDs Are Required

Sender ID registration is now mandatory due to fraud prevention measures.

In the past, anonymous SMS messages were used to imitate trusted organisations. To address this, Irish networks introduced stricter controls:

• Unverified Sender IDs may be rejected

• Numeric or generic senders may be blocked

• Spoofed or misleading Sender IDs are filtered

• Businesses must register Sender IDs before sending

These rules ensure messages are identifiable, trustworthy, and safe for recipients.

What Makes a Valid Sender ID

A valid Sender ID is clear, recognisable, and consistent.

It must be:

• Registered with your messaging provider

• Recognisable to the customer

• Unique

• Consistent across systems

• Non-misleading

• 11 characters or fewer

Examples of valid Sender IDs:

• Phonovation

• IrishClinic

• ParcelTrack

Examples likely to be blocked:

• Generic names like “Info” or “Offers”

• “DeliveryNotice”

• Misleading or unclear names (e.g. “ZSK-Info”)

What Businesses Must Do

To comply with Sender ID requirements, your organisation must:

• Register your chosen Sender ID

• Audit all systems that send SMS

• Use a consistent Sender ID across teams

• Avoid names that resemble government bodies or banks

Poor Sender ID management can result in delivery failures, customer confusion, fraud concerns, and complaints.

Why Sender IDs Matter

A clear and consistent Sender ID improves trust and message performance.

It helps to:

• Reassure customers

• Reduce suspicion

• Improve open rates

• Lower opt-out rates

• Support network trust

• Strengthen brand recognition

Using a compliant Sender ID is one of the simplest ways to improve both trust and compliance.

Understanding SMS Message Types: Promotional vs Transactional

Every SMS message is either promotional or transactional, and this determines your compliance requirements.

It affects:

• Whether consent is required

• Whether an opt-out must be included

• What lawful basis applies

• How much content you can include

• How your messaging flows should be structured

Getting this distinction right is essential, as mistakes often lead to complaints or delivery issues.

Promotional Messages (Consent Required)

A promotional message is any SMS that encourages a commercial action.

This includes messages designed to sell, promote, or drive engagement.

Examples:

• “20% off today only”

• “New stock just in — shop the latest arrivals”

• “Exclusive offer for SMS subscribers”

• “Refer a friend and receive €10 credit”

If the primary purpose of the message is to drive revenue, sign-ups, or engagement, it is promotional and requires explicit SMS consent.

Mixed-content rule:
Adding promotional content to a service message makes it promotional.

Examples:

• “Your appointment is tomorrow — and enjoy 10% off your next treatment”

• “Your delivery is arriving today. Shop our new arrivals here”

These messages require consent because they include marketing content.

Transactional Messages (Consent Not Required)

A transactional message supports an existing service or customer action.

These messages are:

• Expected

• Necessary

• Service-related

• Non-promotional

Examples:

• Appointment reminders

• Delivery updates

• One-time passwords

• Account notifications

• Service outage alerts

If the message exists to support a service rather than promote something, it is transactional.

Key rule:
If a customer would reasonably expect the message based on an action they took (such as booking or ordering), it is typically transactional.

Why This Distinction Matters

Correctly classifying messages protects your organisation and improves customer experience.

It helps to:

• Prevent non-compliance

• Reduce opt-outs and complaints

• Improve customer satisfaction

• Apply the correct lawful basis

• Reduce reputational risk

• Maintain clear and consistent communication

Clear message types lead to clearer, safer, and more effective SMS communication.

Building Your SMS Lists the Right Way

To send SMS in Ireland, you need a clean and compliant SMS list.

An SMS list defines who you can contact and what messages you can send. There are two types:

• Marketing SMS list: people who have explicitly opted in

• Transactional SMS list: customers who provided their number for a service and expect updates

These lists follow different rules and must be managed separately.

Two Types of SMS Lists

Every organisation manages two SMS lists, even if they exist in one system.

Marketing SMS List (Consent Required)

This list includes people who have clearly agreed to receive promotional SMS.

To add someone to this list, you must have:

• Clear and specific permission

• Informed consent

• A deliberate opt-in action

• Consent that is recorded and provable

Marketing lists must be carefully collected, securely stored, and kept separate from transactional data.

Transactional SMS List (Consent Not Required)

This list includes customers who expect service-related messages.

Numbers are collected when customers:

• Book appointments

• Place orders

• Create accounts

• Request deliveries

• Use a service

You can send SMS when:

• The message is necessary

• The customer expects it

• The message is non-promotional

Transactional data must still follow GDPR rules, including data minimisation, purpose limitation, and security.

Transactional contacts cannot be used for marketing without separate consent.

Valid SMS Consent for Marketing

Valid SMS consent must be clear, informed, and provable.

It must be:

• Freely given: no pressure or forced opt-in

• Informed: clear explanation of what will be sent

• Unambiguous: a deliberate action (e.g. ticking a box)

• Specific: applies to SMS only

• Recorded: stored and provable

If consent cannot be proven, it is not valid.

What Invalid Consent Looks Like

Invalid consent cannot be used for SMS marketing and creates compliance risk.

Common examples include:

• Bundled consent (email + SMS together)

• Pre-ticked boxes

• Vague wording (“receive updates”)

• Hidden consent in terms and conditions

• Missing purpose or frequency

• No record of how consent was captured

A list built on invalid consent is a liability.

How Businesses Build SMS Lists

Compliant SMS lists are built through clear, transparent opt-in methods.

Common methods include:

• Web forms: clear SMS checkbox and automatic logging

• Paper forms: structured and securely stored

• Staff-assisted sign-ups: verbal consent recorded

• Competitions: optional SMS opt-in, not required to enter

• VIP or loyalty clubs: clear value and expectations

Every method must clearly explain what messages will be sent, how often, and how to opt out.

Building Transactional Lists

Transactional lists do not require consent but must still be controlled and purpose-specific.

You can add a number when:

• It is provided during a service interaction

• The message is expected and necessary

• The message is non-promotional

You must not:

• Use transactional data for marketing

• Send promotional content without consent

• Retain data longer than necessary

• Use data for a different purpose

Transactional list management must be structured, accurate, and secure.

Why List Quality Matters

A compliant SMS list improves performance and reduces risk.

It leads to:

• Higher engagement

• Lower opt-outs

• Cleaner data

• Fewer complaints

• Stronger customer trust

• Easier compliance

A compliant SMS list is a business asset. A non-compliant list creates risk and cost.

Opt-Out Requirements (How Customers Stay in Control)

All promotional SMS messages must include a clear and immediate opt-out option.

The standard format is:
“Reply STOP to opt out.”

This wording is widely recognised, simple to follow, and supported across Irish networks.

What Makes a Compliant Opt-Out

A compliant opt-out is easy, immediate, visible, and low cost.

It must be:

• Easy: clear instructions with minimal effort

• Immediate: processed without delay

• Visible: easy to find within the message

• Low-cost: standard rate only, no premium charges

Sending messages after an opt-out is a common cause of complaints and non-compliance.

Non-Compliant Opt-Out Practices

Opt-out methods must be simple and direct.

Avoid:

• Asking users to visit a website to unsubscribe

• Multi-step processes (e.g. “Text STOP, then confirm”)

• Unclear or uncommon keywords

• Hiding opt-out instructions in long text

• Not including an opt-out option

Complex or unclear opt-outs increase complaints and reduce trust.

Business Responsibilities

Your organisation must ensure opt-outs are respected across all systems.

You must:

• Sync opt-outs across all platforms

• Stop promotional messages immediately

• Enable teams to process manual opt-outs

• Maintain and review suppression lists

If a customer opts out, marketing must stop. Only necessary transactional messages may continue.

Common Mistakes and How to Fix Them

Most SMS compliance issues are caused by small, preventable mistakes.

Below are the most common issues and how to fix them:

• Sending marketing without consent
  Fix: Audit consent processes, refresh old lists, and use dedicated SMS opt-in checkboxes

• Missing or unclear opt-outs
  Fix: Include “Reply STOP to opt out” in every promotional message

• Inconsistent Sender IDs
  Fix: Use one standard Sender ID across your organisation

• Mixing promotional and transactional messages
  Fix: Clearly define and train teams on message types

• Over-messaging customers
  Fix: Set clear frequency limits (e.g. 2–4 messages per month)

• Using outdated or purchased lists
  Fix: Do not buy lists and regularly remove inactive contacts

Fixing these issues improves compliance, delivery, and customer trust.

GDPR in Plain English

GDPR applies to every SMS because a mobile number is personal data.

It requires your organisation to:

• Have a lawful basis for every message

• Use data fairly and transparently

• Send only necessary information

• Avoid sensitive data in SMS

• Store data securely

• Maintain clear records

Lawful basis for SMS:

• Promotional messages: Consent

• Transactional messages: Legitimate interest (only if expected and necessary)

In practice, GDPR means:

• Do not send unexpected messages

• Do not overshare information

• Do not include sensitive data

• Protect customer data at all times

• Keep clear records of consent and decisions

Ireland’s ePrivacy Regulations

ePrivacy rules govern SMS marketing.

They apply to any message that promotes, advertises, or encourages a commercial action.

Promotional SMS must include:

• Explicit SMS consent

• Clear sender identification

• A simple opt-out option

• Honest and transparent content

• Appropriate message frequency

For your organisation, this means:

• Only contact users who have opted in to SMS

• Do not reuse email consent for SMS

• Store and document consent clearly

• Process opt-outs immediately

• Ensure messages are expected

ePrivacy ensures SMS communication is controlled, relevant, and trusted.

When Consent Is Not Required (Transactional SMS)

SMS consent is not required for transactional messages, but strict conditions apply.

A message must be:

• Expected

• Necessary

• Service-related

• Non-promotional

Examples of transactional messages:

• Appointment reminders

• Delivery updates

• Order confirmations

• One-time passwords (OTP)

• Account alerts

• Service outage notifications

Key rule:
If a message includes any promotional content, it becomes marketing and requires consent.

Keeping transactional messages short, factual, and service-focused prevents compliance issues.

Industry-Specific Guidance (Practical Examples)

SMS compliance risks vary by industry, but the rule is consistent: keep messages clear, necessary, and non-promotional where required.

Retail

Retail SMS must separate service updates from marketing.

Safe examples:

• “Your click-and-collect order is ready”

• “Your receipt is attached”

Common risks:

• Adding promotional content to transactional messages

• Including unnecessary purchase details

Healthcare

Healthcare SMS must never include sensitive personal data.

Safe example:

• “Your appointment is scheduled for tomorrow at 10am”

Key rule:
Keep messages minimal, neutral, and non-sensitive.

Logistics and Delivery

Logistics SMS should provide expected delivery updates only.

Safe example:

• “Your parcel is arriving today between 1–3pm”

Key rule:
Messages must be timely, relevant, and service-focused.

Hospitality

Hospitality SMS must avoid adding promotions to booking messages.

Safe example:

• “Your booking is confirmed for Friday at 7pm”

Common risk:

• Including upsells in confirmation or reminder messages

Financial Services

Financial SMS must not include account or sensitive information.

Safe example:

• “Your one-time code is 839204”

Key rule:
Only send essential security or account-related alerts without sensitive detail.

Clear, industry-specific messaging reduces risk and ensures SMS remains compliant and trusted.

Internal Workflows for Compliance

SMS compliance requires clear internal processes, not just rules.

To stay compliant long-term, organisations should implement workflows for:

• Message classification

• Consent capture and storage

• Opt-out syncing across systems

• Sender ID management

• Message template reviews

• Approval processes

• CRM data hygiene

These workflows ensure SMS communication is consistent, controlled, and compliant.

This section acts as a practical guide to implementing SMS compliance across your organisation.

Best Practices

Effective SMS communication is clear, consistent, and respectful.

Follow these best practices:

• Keep messages short

• Send at appropriate times

• Use consistent branding

• Do not send unexpected messages

• Avoid sensitive information

• Monitor opt-outs

• Remove inactive contacts regularly

• Review message templates regularly

Consistent best practices improve compliance, delivery, and customer trust.

Compliance Checklist

Use this checklist before sending any SMS campaign.

✓ Do you have SMS consent (if the message is promotional)?

 ✓ Is the message type correctly classified?

✓ Is the opt-out clear and visible?

✓ Is the Sender ID registered and consistent?

✓ Does GDPR allow this content?

✓ Is the timing appropriate?

✓ Has the SMS list been reviewed?

This checklist ensures every message meets compliance requirements before sending.

FAQs

Is SMS marketing legal in Ireland?
Yes. SMS marketing is legal with explicit consent.

Do transactional messages require consent?
No. Consent is not required if the message is expected and necessary.

Can transactional SMS include promotional content?
No. Adding promotional content makes the message marketing.

Can organisations buy SMS lists?
No. Purchased lists are not compliant.

Can customers opt out at any time?
Yes. Opt-outs must be processed immediately.