A2P 10DLC Registration: Step-by-Step for 2026

If your team is sending business text messages in the U.S. and you haven't registered for A2P 10DLC yet, your messages are being blocked. Not filtered. Blocked. As of February 1, 2025, all major U.S. carriers cut off 100% of unregistered 10DLC traffic.

But if you registered back in 2023 or early 2024 and haven't revisited your setup since, you may have a different problem. The requirements have changed significantly. Authentication+ verification, mandatory reseller IDs, and updated EIN matching rules have all changed. So has the FCC's new one-to-one consent rule, effective January 27, 2026. Together, they've reshaped what a compliant registration actually looks like.

This guide walks through the full process as it stands in 2026, including every gotcha that causes rejections.

What is A2P 10DLC?

A2P (Application-to-Person) messaging covers any SMS sent from a software system, platform, or AI agent to a consumer. 10DLC refers to standard 10-digit local phone numbers used to send those messages. The registration system exists so carriers can verify who is sending messages and why, before allowing delivery.

TL;DR

• Register your Brand with The Campaign Registry (TCR): EIN, legal business name, business type, website
• Register your Campaign: use case, message samples, opt-in URL, volume estimates
• Submit to your carrier or messaging provider (Twilio, Bandwidth, etc.) for approval
• Timeline: 1 to 4 weeks depending on use case complexity and carrier review queue
• New in 2026: Authentication+ required for public companies ($12.50 fee), reseller ID mandatory if registering on behalf of another entity, EIN must be at least 15 days old, opt-in URLs must be live and carrier-verifiable

What Changed in 2025-2026 (Read This Before You Start)

Most guides online were written when A2P 10DLC launched. They describe the original process accurately, but they miss several rule changes that now directly determine whether your registration gets approved.

Authentication+ Verification

TCR introduced Authentication+ in August 2025 as a new identity verification tier for public companies. The fee is $12.50 and it runs a deeper verification against public business records. If your company is publicly traded, this step is now part of the standard brand registration flow. Skipping it or submitting without it will result in an incomplete registration.

Reseller ID Is Now Mandatory

If you are a platform, agency, or SaaS provider registering on behalf of a client or end-user business, you must include a Reseller ID in your submission. The rule prevents third parties from registering campaigns under their own brand while the actual messages come from a different business. Carriers will reject campaigns where the registered brand does not match the entity doing the sending.

FCC One-to-One Consent Rule (January 27, 2026)

This is the most consequential regulatory change for teams that use lead generation or shared opt-in forms. Under the new rule, each seller must collect separate, explicit consent from each consumer. A single form shared across five companies satisfies consent requirements for none of them. Audit your opt-in flow before registering if it aggregates leads from multiple sources.

TCR Fee Updates (August 2025)

• Item: Brand registration — Old Fee: $4.00 — New Fee: $4.50
• Item: Standard brand vetting — Old Fee: $40.00 — New Fee: $41.50
• Item: Authentication+ (public companies) — Old Fee: N/A — New Fee: $12.50
• Item: CSP Migration fee — Old Fee: N/A — New Fee: Added

These are small amounts, but they confirm the registration is paid and non-refundable even if your campaign is rejected. Get the details right before you submit.

Step 1: Register Your Brand with The Campaign Registry (TCR)

Brand registration establishes who you are. TCR cross-references your submission against IRS records, so accuracy is more important than speed here.

What You Need Before You Start

Gather these before opening the registration form:

• Legal business name: Must appear exactly as filed with the IRS. No abbreviations, no DBAs, no trade names. If your IRS filing says "Acme Holdings LLC," that is what you enter.
• EIN (Employer Identification Number): Required for all LLCs, corporations, and most U.S. businesses. DUNS numbers are not accepted and will put your brand in an unverified state. Your EIN must also be at least 15 days old. Newly issued EINs are rejected by TCR.
• Business type: LLC, Corporation, Non-Profit, Government, etc.
• Business industry/vertical: Select the closest match to your actual operations.
• Official business website: Must be live and functional at the time of submission.
• Business address: Use your registered address, not a branch or mailing address. Mismatches lower your trust score.
• Authorized representative: Full name, title, email, and phone number for the person submitting on behalf of the business.

The EIN Matching Rule: Where Most Rejections Happen

This is the single most common reason brand registrations fail. TCR verifies your EIN against IRS records, and the match must be exact. Common errors include:

• Using a DBA or trade name instead of the legal entity name
• Abbreviating "Corporation" to "Corp" when the IRS filing spells it out
• Entering the address of a branch office instead of the registered company address
• Submitting a DUNS number in the EIN field

Not sure what name is on file with the IRS? Check your CP 575 form, the letter sent when your EIN was assigned. It shows the exact legal name TCR will try to match.

Public Companies: Add Authentication+

If your company is publicly traded, you will be prompted to complete Authentication+ verification during brand registration. This is a $12.50 fee that runs a deeper identity check against public business records. It is not optional for public companies.

Once submitted, brand review typically takes 1 to 3 business days.

Step 2: Register Your Campaign

Once your brand is approved, you register the campaign. This is where you tell carriers what you are sending and why. Vague or generic descriptions are a leading cause of campaign rejections.

Campaign Fields You Will Fill Out

• Field: Use case type — What Carriers Are Looking For: Select the closest standard category (Customer Care, Marketing, 2FA, etc.)
• Field: Use case description — What Carriers Are Looking For: Specific explanation of your messaging program. "We send appointment reminders to confirmed customers who opted in via our booking form at [URL]."
• Field: Message samples — What Carriers Are Looking For: 2 to 5 real examples of messages you will send. Must match the declared use case.
• Field: Opt-in flow URL — What Carriers Are Looking For: A live URL where carriers can see your opt-in language. Must be accessible at time of review.
• Field: Message volume estimate — What Carriers Are Looking For: Estimated daily or monthly volume. Be accurate; underreporting and then sending at higher volume triggers filtering.
• Field: Opt-in confirmation message — What Carriers Are Looking For: Must be under 160 characters. Include company name, message frequency, "Msg&Data rates may apply," and reply HELP/STOP instructions. Example: "[Company]: Thanks for signing up! Msg freq varies. Msg&Data rates may apply. Reply HELP for help, STOP to cancel."
• Field: Opt-out keywords — What Carriers Are Looking For: STOP, CANCEL, END, UNSUBSCRIBE must all be honored. Your opt-out reply must confirm the user will receive no further messages. Example: "[Company]: You have been unsubscribed. You will not receive any more messages from this number."
• Field: HELP reply — What Carriers Are Looking For: Must provide a support resource. Example: "[Company]: For help email support@company.com or call [toll-free number]."

Writing a Use Case Description That Gets Approved

Carriers read these. A description like "We send business messages to our customers" will not pass review. A good description is specific about who receives messages, what triggers them, and how consent was collected.

Weak: "We send promotional and transactional messages to customers."

Strong: "We send booking confirmations, check-in reminders, and post-stay follow-ups to guests who provided their mobile number and consented to text communication during the online reservation process at [your website URL]. Messages are sent via our property management system."

The more specific your description matches your actual message samples, the faster the approval moves.

Opt-In Consent: What Twilio and Carriers Actually Require

The opt-in form is where most campaigns fail carrier review. These are the hard rules:

• SMS consent must be optional and exclusive. It cannot be bundled with account creation, purchase completion, or any other service agreement.
• Each use case needs its own opt-in. Marketing messages require a separate checkbox or CTA from transactional or informational messages. You cannot combine them on a single consent field.
• No pre-checked boxes. If a checkbox or toggle is pre-selected, carriers treat it as forced consent and will reject the campaign.

Every opt-in form must display all of the following before the user submits their number:

• Program description (what types of messages they will receive)
• Your company name
• "Message and data rates may apply"
• Message frequency ("Message frequency varies" is acceptable if the exact number is unknown)
• Links to your Privacy Policy and SMS Terms
• Opt-out and help instructions: "Reply HELP for help or STOP to opt-out"

Your Website Must Have These Two Pages

As of October 2025, carriers require that your opt-in form page link to both a Privacy Policy and Terms of Service. These must be:

• On a live, publicly accessible URL (not a PDF download, not a Google Doc)
• Specific enough to mention SMS messaging and how consumer data is used
• Present at the time of carrier review, not added after submission

Privacy policy restriction: Your privacy policy must not state that personal data is shared with third parties or affiliates. If it does, you must add this exact disclaimer in the data-sharing section: "Text messaging originator opt-in data and consent will not be shared with any third parties, excluding aggregators and providers of the Text Message services."

Missing either document on your opt-in page means rejection. It does not matter how strong the rest of your submission is.

Step 3: Get Approved by Your Carrier or Messaging Provider

After TCR approves your campaign, it flows to your messaging provider (Twilio, Bandwidth, Vonage, Sinch, and others) and then to the carriers themselves (AT&T, T-Mobile, Verizon). Each layer does its own review.

How the Approval Chain Works

1. TCR reviews and approves your brand and campaign
2. Your CSP (Communication Service Provider) reviews the campaign against their own policies
3. Carriers do a final review before enabling delivery on their networks

This is why timelines vary. A clean customer care campaign can move through in 5 to 7 business days. Marketing campaigns with complex opt-in flows or high volume estimates often take 3 to 4 weeks.

What Providers Like Twilio and Bandwidth Check

Your messaging provider will verify that:

• Your campaign use case matches the type of messages you are actually sending
• Your opt-in URL is live and shows compliant consent language
• Your message samples include proper opt-out instructions (e.g., "Reply STOP to unsubscribe")
• Your business website is active and consistent with the brand you registered

Note for platforms and agencies: If you are registering on behalf of a client, your Reseller ID must be included in the submission. Omitting it is grounds for rejection under the 2025 rule changes. Your CSP will likely flag this during their review if TCR did not catch it first.

Realistic Timeline Expectations

• Scenario: Standard brand, simple use case, clean documentation — Expected Timeline: 5 to 10 business days
• Scenario: Standard brand, marketing use case, high volume — Expected Timeline: 2 to 3 weeks
• Scenario: Complex use case or re-verification of old campaign — Expected Timeline: 3 to 4 weeks
• Scenario: Rejection and resubmission — Expected Timeline: Adds 5 to 10 business days

The most common delay is a fixable mistake: mismatched EIN, missing Privacy Policy link, or an opt-in URL that returns a 404. Check all three before submitting.

Step 4: Start Sending

Once all three layers approve your campaign, your 10DLC numbers are enabled for A2P traffic. At this point, you can assign phone numbers to your approved campaign and begin sending.

A few things to keep active after approval:

• Keep your opt-in URL live. Carriers can re-verify it at any time. If the page goes down or the consent language changes significantly, your campaign can be suspended.
• Send only what you registered. If your campaign is registered as "customer care" and you start sending promotional offers, you risk being flagged. Use case drift is a real issue, especially for teams using AI-driven conversation workflows. A good conversation engineer designs message flows that stay within the declared use case boundaries and handles opt-outs automatically.
• Honor opt-outs immediately. STOP requests must be processed without delay. Virginia now requires 10-year opt-out record retention. Other states are moving in the same direction.
• Monitor deliverability. Unexplained drops in delivery rates are often an early signal that a campaign has been flagged for filtering. Check weekly, not monthly.

If You Registered in 2023 or 2024

Campaigns registered under the older requirements may need re-verification. TCR and carriers have evolved their standards, and outdated registrations can trigger filtering even if they were approved at the time. Seeing deliverability issues on a previously approved campaign? Check two things: whether your opt-in URL is still live, and whether your use case description still matches what you are actually sending.

Common Gotchas That Kill Registrations

These are the issues that cause the most rejections and delays. Run through this list before you submit anything.

• Gotcha: EIN doesn't match IRS records — Why It Matters: Exact match required, including legal name formatting — Fix: Pull your CP 575 form and copy the name character for character
• Gotcha: EIN is less than 15 days old — Why It Matters: TCR rejects newly issued EINs — Fix: Wait at least 15 days after IRS assignment before submitting
• Gotcha: Opt-in URL is not live — Why It Matters: Carriers verify the URL during review — Fix: Test the URL from an incognito browser before submitting
• Gotcha: No Privacy Policy on opt-in page — Why It Matters: Required as of October 2025 — Fix: Add a linked, live Privacy Policy that mentions SMS
• Gotcha: Privacy policy mentions third-party data sharing — Why It Matters: Carriers flag this without the required disclaimer — Fix: Add: "Text messaging opt-in data will not be shared with third parties, excluding aggregators and providers of the Text Message services"
• Gotcha: No Terms of Service on opt-in page — Why It Matters: Required alongside Privacy Policy — Fix: Add a linked, live Terms of Service page
• Gotcha: Opt-in confirmation message missing or over 160 chars — Why It Matters: Carriers require a compliant confirmation on subscribe — Fix: Keep it under 160 chars with company name, frequency, rates, HELP/STOP
• Gotcha: Pre-checked consent box — Why It Matters: Counts as forced consent, grounds for rejection — Fix: All SMS consent checkboxes must be unchecked by default
• Gotcha: Marketing and transactional consent combined — Why It Matters: Each use case requires its own opt-in — Fix: Use separate checkboxes or CTAs for each message type
• Gotcha: Vague use case description — Why It Matters: Carriers reject generic descriptions — Fix: Be specific: who, what triggers the message, how consent was collected
• Gotcha: Message samples don't match use case — Why It Matters: Mismatch triggers rejection — Fix: Write samples that directly reflect your declared use case
• Gotcha: Missing Reseller ID (agencies/platforms) — Why It Matters: Mandatory if registering for another entity — Fix: Obtain your Reseller ID from TCR before submitting
• Gotcha: DBA used instead of legal name — Why It Matters: TCR matches against legal entity, not trade name — Fix: Use the exact name on your IRS filing
• Gotcha: DUNS number entered instead of EIN — Why It Matters: DUNS is not accepted for A2P registration — Fix: Use your 9-digit EIN in XX-XXXXXXX format

One more thing: do not use the same email address for more than five brand registrations. TCR flags this as suspicious and it can trigger additional review or rejection across all associated brands.

Send Smarter Once You're Registered

Getting approved is the compliance layer. What you do with that approval is the performance layer.

Businesses that get the most out of their 10DLC registration are the ones treating SMS as a managed conversation channel, not a broadcast tool. That means routing messages intelligently, handling opt-outs automatically, and keeping message content tightly aligned with the use case you registered.

If your team is managing high-volume customer conversations across SMS and other channels, Conduit's AI agents are built to handle exactly that within compliant, registered messaging infrastructure. Book a demo to see how teams are using Conduit to automate customer conversations at scale while staying within carrier compliance requirements.