# SMS Compliance — Australian Spam Act 2003 (ACMA)
**Created:** 2026-02-19
**Status:** ✅ CONFIRMED by Harper (msg-1771444901605-29fb5b)

---

## Three Requirements for Commercial SMS (all confirmed)

### 1. Consent (s16)
- **Cold SMS to businesses IS a CEM** — no grey area. Any message offering/promoting goods or services is caught.
- **NO B2B exemption.** Schedule 1 only exempts factual info, government/charity/political, and educational.
- **Cold outreach is technically non-compliant** under s16 without prior opt-in.
- **Options (need Michael's decision):**
  - (a) Phone calls for first contact (calls not covered by Spam Act) ← safest
  - (b) Get express consent via another channel first
  - (c) Accept the risk — ACMA targets large-scale offenders, warns first for small operators
- **Penalty:** Up to $2.22M per day for serious/repeated breaches. ACMA warns first for small ops.

### 2. Sender Identification (s17)
- Must include full company name: **RateRight Pty Ltd**
- ABN not legally required but best practice

### 3. Opt-Out / Unsubscribe (s18)
- Every commercial message MUST include unsubscribe mechanism
- Must be free or low-cost
- Must be functional for at least 30 days
- Must NOT require personal info or account creation
- Must action within 5 business days
- Standard: **Reply STOP to opt out**

---

## Approved Footer
```
RateRight Pty Ltd | Reply STOP to opt out
```
**42 characters** — all SMS templates must include this.

---

## Upcoming: SMS Sender ID Register
- **Mandatory from 1 July 2026**
- If using branded sender ID, must register or messages labelled "Unverified"
- Flag for Builder/Sentinel closer to date

---

## Outreach Channel Priority (Harper, confirmed 2026-02-19)
| Priority | Channel | Legal Risk | Notes |
|----------|---------|------------|-------|
| 1 | **Phone call** | ✅ Lowest | B2B calls exempt from Do Not Call Register |
| 2 | **Email to published addresses** | 🟡 Low | Same Spam Act applies but lower enforcement risk |
| 3 | **SMS** | 🔴 Highest | Same Spam Act, higher enforcement attention |

## Consent Strategy — DECISION NEEDED FROM MICHAEL
Harper flagged that cold SMS outreach is technically non-compliant. Three options:
1. **Phone-first approach** (safest, recommended) — call leads, get verbal consent, then SMS/email
2. **Consent-first via other channel** — website opt-in, LinkedIn message first
3. **Accept risk** — proceed knowing ACMA warns before penalising small operators

Harper recommends option 1: phone → email → SMS. Phone calls to businesses are legally clean.

*Harper is also flagging this to Michael.*
