The Act, regulations, and guidelines

Canada’s Anti-Spam Legislation (CASL) and its regulations target spam, computer programs installed without consent (e.g. unwanted software and malware) and unsolicited redirections (e.g. malicious interception of internet traffic). We want to ensure that businesses have the information they need to compete in the global marketplace.

The 4 main requirements of CASL

  1. When sending a commercial electronic message (e.g. email or text), you must:
    • obtain prior consent from the recipient (either express or implied);
    • provide identification and contact information; and
    • include a working unsubscribe mechanism.
  2. When installing a computer program on another person’s computer system in the course of a commercial activity, you must:
    • obtain the express consent from the owner or authorized user of the computer system; and
    • when requesting this consent, you must clearly and simply describe the function and purpose of the program (there are additional requirements when the program performs certain invasive functions).
  3. You cannot alter, in the course of a commercial activity, the transmission data in an electronic message so that the message is delivered to a destination other than or in addition to that specified by the sender, without the express consent of the sender or the recipient.
  4. You cannot enable and facilitate violations to any of the above requirements.

Violations may result in monetary penalties, and directors of corporations who authorized or participated in those violations may be held liable.

The Act and regulations

CASL and its two sets of regulations include many details, exemptions and exceptions. Read those to understand whether CASL applies to your business activities and make sure to comply:

  • Canada’s Anti-Spam Legislation (The Act)
  • Electronic Commerce Protection Regulations (CRTC)
  • Electronic Commerce Protection Regulations (Governor in Council)


Two orders have been issued related to the coming into force:

  • Order Fixing Certain Dates as the Days on which Certain Provisions of the Act come into force
  • Order Repealing the Coming into Force of the Private Right of Action dispositions

Guidelines and Advisories

  • Interpreting the Electronic Commerce Protection regulations
  • Using toggling to obtain express consent
  • Developing corporate compliance programs
  • Our approach to section 9 of Canada’s anti-spam legislation CASL
  • Implied consent
  • Keeping records of consent
  • Requirements for installing computer programs
  • Web hosting providers
  • Businesses collecting customer data with in-store WiFi
  • Guide for business doing e-marketing (PIPEDA)


CASL infographics provide visual representations regarding express consent, express versus implied consent, managing consent, identification, and the personal relationship exemption.

Couldn’t find your list?

Contact us, we will help you building more list.

Contact Us