People expect to text your firm. AI can jump in fast—triage a lead, book a slot, send a nudge—done. But the TCPA still applies.

If you treat AI texts like a free pass, you’ll buy yourself a headache (and possibly a lawsuit). The rule is about what you send and why, not how clever the tool looks.

Here’s what we’ll cover: when you need consent, PEWC vs. PEC, the FCC’s single‑seller rule for lead gen, state “mini‑TCPA” traps, A2P 10DLC and CTIA basics, clean opt‑in flows, proof you should save, and guardrails that keep AI helpful without crossing into marketing in the wrong thread. We’ll also show how LegalSoul bakes this into your day‑to‑day so you can text confidently.

Quick answer and who this guide is for

Short version: yes, you almost always need consent to use AI for SMS intake. Telemarketing or anything that nudges someone to hire you needs prior express written consent (PEWC). Purely informational updates tied to an active matter can rely on prior express consent (PEC).

Courts and the FCC care about the message’s purpose. Not whether a human or a bot typed it. After Facebook v. Duguid (2021), the definition of “autodialer” narrowed, but consent rules didn’t vanish. The FCC’s 2023 single‑seller change for lead gen made naming your firm in the opt‑in essential.

This guide is for managing partners, intake leaders, and marketing/compliance folks who are investing in automation and want a plan they can defend. Keep marketing and service texts separate, get the right consent, and document everything. Plaintiffs win on sloppy records and mixed threads. Don’t give them that.

What counts as “AI SMS intake” for law firms

Think of any workflow where software drafts, queues, or sends a text during intake or client service. A few common ones: instant replies from a web form (“Thanks for reaching out—reply 1 to pick a time”), chatbot Q&A (“Were you injured in the last two years?”), reminders, retainer follow‑ups, and reactivation pings to old leads.

If the message pushes the person toward hiring you or continuing a sales conversation, regulators see marketing—no matter who typed it. Risk climbs with automation and volume. A typical oops: a bot sends a consult link right after a form submission without PEWC on file. That’s telemarketing.

Lower‑risk: appointment reminders or deadline notices for current clients about an active matter. Pro tip: give each use case its own number, template set, and consent level. Tag messages by purpose so your system can block marketing language in informational threads. It helps compliance and deliverability.

TCPA and related rules for texting in 2025 (the fundamentals)

The TCPA splits texts into two buckets: marketing/telemarketing vs. purely informational/service. Marketing texts typically require PEWC. Informational texts to existing clients can rely on PEC when the client gave the number as part of the relationship.

Yes, Facebook v. Duguid narrowed “autodialer,” but you can still get nailed for prerecorded content, Do‑Not‑Call violations, state mini‑TCPAs, and carrier/CTIA rules. For marketing, scrub the National DNC and your internal DNC lists. Don’t text DNC‑listed numbers without PEWC.

Think in layers: federal law (TCPA/FCC), state laws (FTSA, OTSA, others), and private rules (carriers/CTIA). You have to pass all three. The best habit: classify every message, register your traffic, and keep proof of consent handy. If you can show why you sent it and what consent you had at that moment, you’re already ahead.

Consent levels explained with examples

PEWC is the standard for any marketing, promotions, or lead follow‑ups. A valid disclosure names your firm, says you’ll use automated tech to text, makes clear consent isn’t required for services, and includes a signature (e‑sign works).

Example: a website checkbox (unchecked by default) by the “Submit” button with the full disclosure and links to Terms/Privacy. PEC is fine for informational texts only—like “Your hearing is at 9:30 a.m. Tuesday.” Add “Refer a friend for a discount,” and you just flipped to marketing—PEWC needed.

Another trap: replying to a web lead with “Book your consult here” when you didn’t capture PEWC on the form. That first message is telemarketing. Safer: provide a phone number or send a short informational confirmation if they texted you first about a specific matter. If a number came from a referral or aggregator and your firm wasn’t named in the opt‑in, assume PEWC is required.

How to capture and document opt-in the right way

Treat consent like evidence you’ll need later. Capture it in multiple ways and store everything centrally.

For web forms: a clear PEWC checkbox, timestamp, IP, user agent, page/form version, and the exact language saved with the lead. For SMS programs: use double opt‑in. Someone texts JOIN; you reply with program name, purpose, frequency, “Msg&Data rates may apply,” and HELP/STOP. Start messaging only after they reply YES.

For intake packets: separate lines for service texts (PEC) and marketing texts (PEWC), each initialed. Keep a clean audit trail: where the consent came from, which disclosure version they saw, and all revocations (STOP, email, verbal). Version your disclosures like engagement letters, so you can produce the exact text a person saw months ago. And when someone opts out, kill messages across all systems—CRM, intake, calendar, texting—immediately.

Lead generation, referrals, and one-to-one texting nuances

The FCC’s single‑seller rule means the opt‑in must name your firm, not just “injury lawyers.” Shared consents from aggregator sites are risky. If a vendor says “TCPA‑compliant leads,” ask for the disclosure used, where your name appeared, and the audit trail (timestamp, IP, landing URL). No proof? Treat it as no consent.

For one‑to‑one texts, context matters. If a prospect texts or calls you first about a specific matter and gives you their number, a short informational reply is usually fine—“Got it, here’s where to upload your police report.” Keep sales language out until you have PEWC.

Referrals and co‑counsel? Consent doesn’t transfer unless the original disclosure named your firm. Put consent requirements into your vendor contracts and keep indemnity for noncompliance. When in doubt, ask for permission first or trigger a consent‑capture flow. Build your system to fail closed: no PEWC, no marketing text. Your team will thank you.

Exemptions and edge cases (and what law firms can actually use)

Exemptions are rare. Emergency or security alerts exist but don’t fit most legal messages. For current clients, you can send matter‑related updates under PEC—“Your deposition is set for 2:00 p.m.” Just don’t mix in promotions inside that same thread.

Need to share firm news? Use a separate number/thread with PEWC already on file. B2B doesn’t save you here—mobile numbers are still protected, even if they’re “work cells.”

Make opt‑outs easy. Honor STOP, email, or even a verbal request to staff. Match your disclosure language to your ads—Spanish ad, Spanish consent text. And keep AI prompts for service threads free of salesy language. Plaintiffs love “mixed content” screenshots.

State “mini-TCPA” and time/place/manner restrictions

States have their own rules. Florida’s FTSA covers a wide range of marketing texts and allows private lawsuits. Washington adds quiet hours and other protections. Oklahoma’s OTSA and others tack on more restrictions and statutory damages.

Safest path for multi‑state lists: apply the strictest standard. Use PEWC for marketing, conservative quiet hours (8 a.m.–8 p.m. local is a solid baseline), and sensible frequency caps unless your program disclosure states otherwise.

Tag each record with a jurisdiction at capture and on replies (area code plus last known address/time zone), and record why you chose that rule at send time. If someone moves states, adjust. Regulators and AGs are paying attention, and joint enforcement with FCC/FTC isn’t theoretical.

Carrier and deliverability rules you can’t ignore

Carriers control the pipes. With A2P 10DLC, register your brand and each campaign use case. Align your templates with your registration. Unregistered or mismatched traffic gets filtered or fined.

CTIA requires clear identity, HELP/STOP, and “Msg&Data rates may apply,” especially in your first message. Carriers watch complaints, link reputation, and content signals (watch sensitive categories). Avoid public URL shorteners; use branded links.

Deliverability is a compliance issue wearing a marketing hat. Map message types to registered campaigns, throttle as carriers recommend, and keep your program description in sync with what you actually send. Watch error codes and complaint spikes. And don’t churn numbers—history follows the line. Fewer, cleaner numbers warmed up with compliant traffic work better.

Compliance checklist for AI SMS intake in 2025

• Classify every message as marketing or informational; use separate numbers/threads for each.
• Capture PEWC for marketing; PEC for service updates tied to an active matter.
• Show clear disclosures: firm name, automated texting notice, “not required for services,” HELP/STOP, and rates apply.
• Register A2P 10DLC brand and campaigns; align templates to registered use cases.
• Scrub National and internal DNC before marketing sends.
• Use double opt‑in for higher‑risk programs and store consent artifacts (timestamp, IP, disclosure version).
• Honor STOP immediately and sync revocations across CRM, intake, calendar, and messaging tools.
• Enforce quiet hours and state rules; default to the strictest jurisdiction.
• Log message content, timing, and consent state at send time; audit quarterly.
• Train staff and lint AI prompts so service threads never include marketing language.
• Hold vendors to single‑seller consent; audit lead sources regularly.

Bonus habit: set up “consent regression tests.” Any time you change a form or template, run checks to confirm PEWC language still meets standards before it goes live.

Sample language and message templates

Use these as starting points and tune them for your state and voice.

Law firm texting consent language (PEWC disclosure):
“By checking this box and submitting, you agree [Firm Name] may send marketing and informational texts using automated technology to the number you provide. Consent is not a condition of services. Message frequency varies. Reply HELP for help, STOP to cancel. Msg&Data rates may apply. See Terms and Privacy Policy.”

Double opt-in SMS template for legal services:
- User texts JOIN to your program number.
- You: “Smith Law Alerts: We’ll text about consultations, case updates, and reminders. 2–4 msgs/mo. Reply YES to confirm, HELP for help, STOP to cancel. Msg&Data rates may apply.”
- User replies YES.
- You: “Confirmed. You can reply STOP anytime to opt out.”

First informational message (existing client):
“Smith Law: Court reset your hearing to 9:30 am Tuesday. Reply HELP for help or STOP to cancel texts.”

First marketing message (PEWC on file):
“Smith Law: Free case review. Reply BOOK to choose a time this week. Msg&Data rates may apply. STOP to opt out.”

Tip: add a matter ID in service threads. If the client replies STOP, it’ll opt them out globally, but your archives still link messages to the right case.

Risks, penalties, and how plaintiff’s attorneys build cases

Damages add up fast: $500 per text ($1,500 if willful) under the TCPA, plus state penalties and sometimes attorneys’ fees. Class actions often hinge on uniform conduct—standardized texts sent without PEWC, STOP requests ignored, or brokered leads without single‑seller consent.

Expect discovery on your consent records, message logs, A2P registrations, and staff training. If one system says “opted out” and another keeps sending, that’s painful. Some suits under OTSA also target sends during restricted hours or without proper consent.

What helps: solid audit trails, honoring opt‑outs right away, state‑aware throttling, and vendor hygiene that rejects sketchy leads. Set a litigation hold on consent data if a dispute starts. And be honest about risk in your marketing math—one class case costs more than doing compliance right.

Ethics and professional responsibility considerations

Even if you’re TCPA‑compliant, bar rules still apply. Automated texts often count as attorney advertising. Keep them accurate, not misleading, and don’t imply an attorney‑client relationship before engagement. Add any state‑required disclaimers.

Confidentiality matters. Phones get lost and screens light up at the worst times. Keep texts high level and push details to a secure portal. Get consent at intake to use SMS as a channel, and go extra careful with sensitive practice areas.

Mind your tone and timing. Late‑night pings stress people out. Build “ethics checks” into your AI so it flags outcome promises or fee claims that could trip bar rules. Helpful beats pushy, every time.

How LegalSoul operationalizes compliance for law firms

LegalSoul builds compliance into your daily workflow. We capture PEWC and PEC through web forms, SMS flows, and e‑sign intake, then store everything with immutable trails—timestamp, IP, disclosure version, signature.

We handle A2P 10DLC registration, map templates to approved use cases, and watch deliverability and complaint rates. CTIA must‑haves—firm name, HELP/STOP, frequency, rates apply—are enforced at the template level so your first message always hits the marks.

Jurisdiction rules and quiet hours apply automatically at send time. AI controls keep marketing out of service threads, and purpose tags route texts through the right consent channel. We also collect single‑seller proof from lead sources before any outreach and sync STOPs across CRM, intake, calendar, and messaging in seconds. Every send is logged with the consent state in effect—gold in a dispute.

Implementation plan and next steps

A 90‑day rollout is realistic.

Days 1–30: Inventory all current texts. Label each use case (marketing vs. informational), map systems (CRM, forms, SMS), and spot gaps. Update disclosures and templates. Stand up versioned consent records. Start A2P brand/campaign registration.

Days 31–60: Launch PEWC capture on web forms and e‑sign intake. Turn on double opt‑in for marketing programs. Split numbers/threads for service vs. marketing. Enable DNC scrubs and quiet hours. Train intake/marketing and tighten AI prompts.

Days 61–90: Move traffic to registered campaigns. Sync revocations across systems. Test with a small slice of volume and watch errors, complaints, and opt‑out speed. Run a compliance audit and fix what you find. Lock a quarterly review with KPIs: consent capture rate, opt‑out latency, complaint rate, blocks, and % of sends with documented consent state.

After that, expand carefully. Add states as you grow, refine templates, and require change reviews before edits go live. You’re aiming for managed risk that scales with you.

Key takeaways

• Most AI SMS intake needs consent. Use PEWC for marketing/lead follow‑ups; PEC for strictly matter‑related updates. The purpose of the text decides the rule.
• Get it in writing and save proof. Use single‑seller opt‑ins for lead gen, double opt‑in when you can, version your disclosures, scrub DNC lists, and honor STOP everywhere—fast.
• It’s not just TCPA. Register A2P 10DLC campaigns, include CTIA‑required identity and HELP/STOP in your first messages, respect quiet hours, and default to the strictest state standard.
• Build guardrails so you can scale. Separate marketing and service threads, enforce approved templates, block marketing language in service chats, audit quarterly, and sync revocations. LegalSoul automates these pieces so you can text with confidence.

Conclusion

AI texting can help your firm move faster—if you handle consent right. Classify every message, use PEWC for outreach, PEC for matter updates, and keep proof. Honor STOP across all tools and follow the strictest state rules. Register 10DLC, include identity and HELP/STOP, and keep marketing out of service threads.

Compliance isn’t a footer—it’s how you run the program. Want a cleaner setup without babysitting every message? Book a LegalSoul demo. We’ll handle consent capture, 10DLC registration, deliverability guardrails, and cross‑system opt‑outs so your texts convert and stay on the right side of the rules.