End of an era for spam calls in South Africa
New regulations require all direct marketers to register with the National Consumer Commission’s opt-out registry and to provide consumers with stronger protections against unsolicited marketing.
However, Cliffe Dekker Hofmeyr’s (CDH) Tim Fletcher and Kgatlhiso Mofokeng warned that the effectiveness of these regulations in robust enforcement and in tackling spam calls from outside South Africa is in question.
The latest Consumer Protection Act Amendment Regulations were published in the 15 April 2026 Government Gazette.
These amendments significantly raise the compliance threshold for direct marketing in South Africa and also provide consumers with more mechanisms to limit unsolicited communications.
The new rules also introduce stricter compliance rules for direct marketers in South Africa, Fletcher and Mofokeng explained.
Everyone engaged in direct marketing is now required to register with the National Consumer Commission’s opt-out registry before making any contact with consumers.
This is not simply a once-off obligation. Marketers must renew this registration every year and pay the prescribed fees.
Importantly, the regulations stress that direct marketing may not be conducted at all unless the marketer is duly registered. This means that any direct marketing activity by an unregistered marketer is unlawful.
“This gives consumers greater protection,” Fletcher and Mofokeng said. “By registering on the opt-out registry, they can proactively block all electronic direct marketing communications.”
“Once a consumer has registered, direct marketers are prohibited from contacting that individual for marketing purposes.”
The new regulations also require businesses engaged in direct marketing to perform monthly data cleansing exercises.
This will ensure that the contact details of consumers who have exercised a pre-emptive block are removed from marketing databases and are not used for any further direct marketing communications.
The Regulations further enhance transparency by imposing stricter communication requirements on direct marketers.
All direct marketing communications must clearly identify the sender and include accurate and comprehensive contact details.
This includes the sender’s name, electronic and physical addresses. In addition, the opt-out registry must be kept up to date.
The regulations introduce a structured fee framework that will apply from 2026 onwards. The prescribed fees are as follows:
- R2,574 for initial registration;
- R1,930.50 for annual renewal; and
- additional monthly data-cleansing fees, calculated per data entry.
These fees will increase on a three-year cycle. This means that businesses that engage in high-volume direct marketing must continually factor these costs into their compliance and budgeting processes.
Will these regulations help consumers?

Fletcher and Mofokeng clarified that the Regulations operate alongside and do not replace the requirements of the Protection of Personal Information Act 4 of 2013 (POPIA).
Importantly, a consumer’s registration on the opt-out registry does not constitute consent for the purposes of POPIA.
In many instances, particularly where the individual is not an existing customer, direct marketers must obtain explicit consent before engaging in any marketing activities.
This means that compliance with POPIA remains a critical and separate obligation, Fletcher and Mofokeng explained.
Overall, these amendments materially raise the compliance threshold for direct marketing in South Africa while also providing consumers with more stringent mechanisms to limit unsolicited communications.
The position in other countries is largely similar, with the centralised opt-out registry being a well-established international model.
The mandatory marketer registration plus the annual fee distinguishes South Africa’s new approach, Fletcher and Mofokeng said.
They stressed that businesses engaging in direct marketing must urgently review their practices to ensure they comply with the new rules and avoid legal and regulatory risks.
This includes reviewing their registration status, consent frameworks, database management processes, and internal compliance controls.
According to Fletcher and Mofokeng, the burning question now is whether this will make any real difference to consumers.
“International experience is that do-not-call registries have reduced legitimate telemarketing, but we know that large volumes of spam calls originate outside our country and are therefore not subject to our regulations.”
“It is also not clear whether technical measures at the network level have been implemented to identify marketers who are not following the rules.”
Fletcher and Mofokeng stressed that a registry without robust enforcement will only bind companies that are already compliant.
While this is a step in the right direction, “the ultimate question is whether it works or if we are just being given traffic lights without policing.”
Comments