When using short codes for messaging, it's important to follow CTIA’s compliance guidelines to ensure a safe and trusted experience for consumers. To help enforce these standards, CTIA monitors text messaging programs and assigns Severity Levels to violations.
All customers utilizing Bandwidth’s A2P Messaging services must comply with requirements as outlined in the CTIA Messaging Principles and Best Practices and the CTIA Short Code Monitoring Handbook. Additionally, it's crucial to ensure that the Single Messaging Programs Advertising and Messaging Flow Audit standards are adhered to in all messaging activities. Further, customers are advised to seek independent legal advice to ensure compliance with the Telephone Consumer Protection Act (TCPA) when offering A2P messaging in the United States.
This article breaks down what these Severity Levels mean, how they are identified, and what you need to do if your program receives a violation notice.
What are Severity Levels?
Severity Levels are a way to measure how serious a violation is when your short code program doesn’t comply with the CTIA guidelines. They help determine how quickly you must fix the issue and what actions CTIA or wireless providers may take. For more information, please see the following table and the descriptions below.
Severity Level | Meaning | Impact on your program | Remediation |
🔴 Severity 0 (Critical) | Extreme consumer harm/violation of law (e.g., illegal content, failure to honor STOP). | Immediate suspension of your short code by CTIA until it’s resolved. Wireless providers may block traffic. | Stop all noncompliant activity immediately. Remove harmful or illegal content. Work with Bandwidth and CTIA to resolve quickly. |
🟠 Severity 1 (Serious) | Serious consumer harm (e.g., unsolicited messages, invalid opt-ins, improper STOP flow). | CTIA issues audit notice. Wireless providers may decide to suspend or block until fixed. | Review violation details. Update your opt-in/opt-out or program flow. Provide a written fix back to Bandwidth and CTIA. |
🟡 Severity 2 (Moderate) | Moderate consumer harm (e.g., missing disclosures like “Msg & data rates may apply,” missing contact info). | Audit notice issued. Wireless providers review compliance updates before allowing full operation. | Update disclosures, terms & conditions, HELP/STOP responses, as required. Submit proof of correction. |
🔴 Severity 0 – Most Critical
Definition
Involves noncompliance with the law or extreme consumer harm (e.g., illegal or harmful content).
Detection
Found through CTIA’s in-market audits, where live programs are tested against consumer experience.
Impact
CTIA may immediately suspend your short code from the registry until fixed.
Wireless providers may also choose to block the program.
As of January 1, 2024, T-Mobile assess the following fees for any Sev-0 violations on their network:
Tier 1: $2,000, for phishing, smishing, and social engineering. Social engineering refers to the practice of targeting individuals in a way that manipulates them to reveal private information like credit card numbers or social security numbers.
Tier 2: $1,000, for illegal content (included content must be legal in all 50 states and federally). Illegal content includes, but is not limited to, cannabis, marijuana, CBD, illegal prescriptions, and solicitation.
Tier 3: $500, for all other commercial messaging violations including, but not limited to, SHAFT (Sex, Hate, Alcohol, Firearms, and Tobacco) that do not follow federal and state laws and regulations.
Please review the T-Mobile Code of Conduct Section 5 for prohibited content.
Remediation
Immediately stop the violation.
Remove illegal or harmful content.
Work with the Bandwidth Support Team and CTIA to bring your program back into compliance.
🟠 Severity 1 – Serious Consumer Harm
Definition
Covers issues that cause serious consumer harm but may not rise to the level of illegality. Examples include sending messages without a valid opt-in or failing to honor STOP keyword requests.
Detection
Discovered during routine CTIA audits or from consumer complaints.
Impact
CTIA notifies wireless providers of the details of the violation.
Wireless providers then decide if your short code should be suspended, blocked, or allowed after corrective action.
Remediation
Review the violation details from CTIA.
Adjust your program to fix the issue (e.g., update your opt-in process, fix message flow, or remove noncompliant content).
Provide a response demonstrating how you have resolved the violation.
🟡 Severity 2 – Less Critical, Moderate Harm
Definition
Refers to moderate consumer harm (e.g., missing a required disclosure like "Msg & data rates may apply").
Detection
Identified during CTIA’s compliance audits or complaints reviewed by wireless providers.
Impact
CTIA issues an audit notice that includes details of the violation.
Wireless providers review your response and determine next steps.
Remediation
Make the necessary adjustments, such as updating terms & conditions, adding proper disclosures, or correcting your HELP/STOP response messages.
Provide evidence of corrective actions to CTIA and Bandwidth.
How are violations caught?
CTIA enforces guidelines using a process called In-Market Monitoring:
Weekly audits of live short code programs, testing the consumer experience (from advertisement to HELP/STOP flows).
Audit notices are published weekly, and if your program fails, you’ll receive details on what needs to be corrected.
Consumer complaints may also trigger further investigation.
What do I need to do?
If you receive a violation notice from Bandwidth or CTIA:
Read the notice carefully – it will include the Severity Level and what needs fixing.
Act quickly – especially if Severity 0 is cited (immediate suspension possible).
Correct the issue following CTIA’s required action (e.g., update opt-in flow, adjust message disclosures, honor STOP properly).
Respond in the RCA with the details of the fix, so CTIA and wireless providers know the violation has been addressed.
Key takeaways
CTIA uses Severity Levels (0 = critical, 1 = serious, 2 = moderate) to classify compliance violations.
Violations are caught through audits and complaints.
The faster you remediate and respond, the less disruption you’ll face.
Bandwidth is here to help guide you through fixing violations and ensuring your campaigns run smoothly.