Still getting spam calls? South Africa tightens Direct Marketing Regulations
At a glance
- The Consumer Protection Act Amendment Regulations, 2026, published in the Government Gazette on 15 April 2026 are intended to provide stronger measures to regulate direct marketing practices, enhance consumer protection and reduce unwanted marketing communications.
- All persons and entities engaged in direct marketing are now required to register with the National Consumer Commission’s opt‑out registry before making any contact with consumers.
- These amendments materially raise the compliance threshold for direct marketing in South Africa, while at the same time providing consumers with more stringent mechanisms to limit unsolicited communications.
The amendments introduce a more stringent compliance regime for direct marketing activities. All persons and entities engaged in direct marketing are now required to register with the National Consumer Commission’s opt out registry before making any contact with consumers. This is not a once-off obligation, as registration must be renewed annually, and is subject to payment of prescribed fees. Importantly, the Regulations make it clear that direct marketing may not be conducted at all unless the marketer is duly registered, and any direct marketing activity undertaken by an unregistered marketer will therefore be unlawful.
This gives consumers greater protection: by registering on the opt-out registry, they can proactively block all electronic direct marketing communications. Once a consumer has registered, direct marketers are prohibited from contacting that individual for marketing purposes.
To support and enforce this, businesses engaged in direct marketing must perform monthly data cleansing exercises. This will ensure that contact details of consumers who have exercised a pre-emptive block are removed from marketing databases and are not used for any further direct marketing communications.
The Regulations further enhance transparency by imposing stricter communication requirements on direct marketers. All direct marketing communications must clearly identify the sender and include accurate and comprehensive contact details, including the sender’s name, electronic and physical addresses. In addition, the opt out registry must be maintained with a high level of accuracy. The Regulations require that registry data is kept up to date, reinforcing accountability and supporting the effective enforcement of consumer opt out rights.
The Regulations introduce a structured fee framework applicable from 2026, adding a financial dimension to compliance for direct marketers. The prescribed fees are as follows:
- R2,574 for initial registration;
- R1,930.50 for annual renewal; and
- additional monthly data cleansing fees calculated per data entry.
These fees are set to increase on a three-year cycle, meaning businesses that engage in high-volume direct marketing will need to factor these costs into their compliance and budgeting processes on an ongoing basis.
The Regulations operate alongside, and do not replace, the requirements of the Protection of Personal Information Act 4 of 2013 (POPIA). Importantly, a consumer’s registration on the opt out registry does not constitute consent for the purposes of POPIA. In many instances, particularly where the individual is not an existing customer, direct marketers will still be required to obtain explicit, prior consent before engaging in any marketing activities. Compliance with POPIA therefore remains a critical and separate obligation.
These amendments materially raise the compliance threshold for direct marketing in South Africa, while at the same time providing consumers with more stringent mechanisms to limit unsolicited communications. The position in other countries is largely similar, with a centralised opt out registry as a well-established international model. The mandatory marketer registration plus the annual fee distinguishes the Minister’s new approach. What is clear is that businesses that engage in direct marketing must urgently review their current practices, including their registration status, consent frameworks, database management processes and internal compliance controls, to ensure alignment with the regulatory framework and to mitigate legal and regulatory risk.
The burning question is whether this will make a difference to consumers. International experience is that do-not-call registries have reduced legitimate telemarketing, but we know that large volumes of spam calls originate outside our country and are therefore not subject to our regulations. It is also not clear whether technical measures at the network level have been implemented to identify marketers who are not following the rules. It is evident that a registry without robust enforcement will tend to bind only the compliant.
This is clearly a step in the right direction, but the ultimate question is whether it works or whether we are just being given traffic lights but no policing.
The information and material published on this website is provided for general purposes only and does not constitute legal advice. We make every effort to ensure that the content is updated regularly and to offer the most current and accurate information. Please consult one of our lawyers on any specific legal problem or matter. We accept no responsibility for any loss or damage, whether direct or consequential, which may arise from reliance on the information contained in these pages. Please refer to our full terms and conditions. Copyright © 2026 Cliffe Dekker Hofmeyr. All rights reserved. For permission to reproduce an article or publication, please contact us cliffedekkerhofmeyr@cdhlegal.com.
Subscribe
We support our clients’ strategic and operational needs by offering innovative, integrated and high quality thought leadership. To stay up to date on the latest legal developments that may potentially impact your business, subscribe to our alerts, seminar and webinar invitations.
Subscribe