Email and other forms of electronic communication have become an integral part of the modern economy – and an indispensable tool in organizations’ business operations, relationships, marketing campaigns and other commercial activities. Electronic spam, however, can be associated with harms ranging from unwanted emails and other electronic communications to malware, viruses and fraud. To address these harms, the Canadian government passed sweeping legislation in 2010 that has become known as Canada’s Anti-Spam Legislation (CASL). After a considerable delay, which involved multiple public consultations and several rounds of draft regulations, the government announced in early December that most aspects of CASL will finally come into force on July 1, 2014.

By most accounts, CASL imposes onerous requirements with respect to the transmission of commercial electronic communications. Penalties for non-compliance run as high as $10 million CAD in potential administrative monetary penalties for organizations. Moreover, starting on July 1, 2017, a private right of action for non-compliance with CASL will become available, exposing organizations to the risk of class actions. Parties found to have sent non-compliant electronic messages could be subject to statutory damages of $200 per contravention to a maximum of $1 million per day, in addition to compensatory damages. It is critical that organizations use the next six months to ensure compliance with CASL.

This alert is intended to guide you through a high-level summary of the main compliance issues that you will need to consider when sending commercial electronic communications, based on CASL and the two sets of regulations registered under it by Industry Canada (the “IC Regulations”) and the Canadian Radio-television Telecommunications Commission (the “CRTC Regulations”). However, the requirements of CASL are detailed and complex. They will be subject to both existing and forthcoming government interpretation guidelines and FAQs. Every organization will need to consider its compliance obligations in light of its own activities and circumstances.

Summary of the Law

The Main Issues related to the Transmission of Commercial Electronic Messages

Click here to view image.

Application Criteria

Are we sending a commercial electronic message?

CASL generally prohibits parties from sending a “commercial electronic message” to a recipient who has not expressly consented to receiving it and unless it complies with prescribed formality requirements such as including the sender’s mailing address and an unsubscribe mechanism. To determine whether CASL applies to your communication, you must first determine whether it is an electronic message, which is defined broadly to include email, text messages, social media communications, and any other message sent by telecommunication. If it is an electronic message, you must determine if it is commercial, meaning that one would reasonably conclude that the message has as one of its purposes the encouragement of participation in a commercial activity. A commercial activity is defined to include activities whether or not carried out with an expectation of profit.

Is a Canadian computer system involved?

If you are sending a commercial electronic message, then CASL will apply to you if a computer system located in Canada is used to send or access the message, subject to exceptions provided in the legislation or regulations. Certain provisions of CASL will also apply where such a computer system is used in routing the message.

Do any exceptions apply?

There are circumstances where neither the express consent nor the formality requirements of CASL apply to the transmission of commercial electronic messages. For instance, CASL provides that these requirements do not apply to commercial electronic messages between parties in a personal or family relationship according to specific criteria. Recently finalized IC Regulations now also include other specific exceptions relevant to businesses and other organizations, including in particular:

  • Organization-to-organization communications: Communications sent within an organization or between organizations that have a relationship, and the message concerns the activities of the organization to which the message is sent.
  • Solicited communications: The message is sent in response to a request, inquiry or complaint.
  • Legal communications: The message involves enforcing or satisfying a right, legal or juridical obligation, court order, judgment or tariff.
  • Limited access accounts: The message is sent to a "limited-access secure and confidential account" provided by the sender to the recipient, and the sender is the only one able to send messages to that account. This exception is expected to apply to systems in which users create an online account with an organization for a limited purpose, such as an online banking account.
  • Electronic messaging service: The commercial electronic message is sent and received on an "electronic messaging service" where the formality requirements are satisfied through the service's user interface, and the person has consented either expressly or by implication. This exception appears to be intended to encompass messages sent within common social media platforms and similar systems.
  • Foreign recipients: The message is sent to a recipient in a jurisdiction outside Canada with its own anti-spam legislation that is listed in a schedule to the IC Regulations and the message conforms with the anti-spam law of that jurisdiction.
  • Charities: The message is sent by or on behalf of a Canadian registered charity and the message has as its primary purpose raising funds for the charity.
  • Political parties: The message is sent by or on behalf of a Canadian political party, organization or candidate and the message has as its primary purpose soliciting political contributions.

Consent Requirements

Is consent required?

If CASL applies to your commercial electronic message, you must determine if you are required to obtain the recipient's consent to receiving the message. CASL outlines a number of circumstances in which the addressee's consent is not required, mainly because the message contains information that the addressee is already expecting or entitled to receive. For example, if a person has purchased a product from you, then you do not need the addressee's consent to send him or her product recall information about that product. If your compliance with CASL is challenged, you bear the onus of proving that you obtained valid consent in all applicable circumstances.

The IC Regulations also establish an exception to the consent – but not the formality – requirement in referral situations, where the commercial electronic message was sent to a recipient who was referred to the sender by a mutual contact, the message discloses the full name of the mutual contact and the message states that it is being sent as a result of the referral. This exception only applies to the first message sent as a result of such a referral, and specific requirements must be met for a party to be considered a mutual contact. However, it would permit a first message to be sent without consent in some cases.

Is consent implied?

If consent is required, CASL provides circumstances in which an individual gives implied consent to receive commercial electronic messages from the sender. For example, consent is implied where the sender and recipient have an existing business relationship, which is generally defined to mean that the sender and recipient have entered a purchase or lease transaction over the past two years or corresponded with respect to a potential transaction over the past six months, subject to transitional provisions. These requirements will impose duties on businesses and other organizations to scrutinize their databases for when an individual recipient last gave implied consent and to keep track of how long it will be before such consent expires.

Consent is also implied where the parties have an existing non-business relationship. CASL provides several circumstances in which such a relationship exists, including where the recipient of an electronic message is or was a member of the sending organization within the past two years, subject to transitional provisions, and the sending organization is a club, association or voluntary organization as defined in regulations.

However, CASL generally limits the circumstances in which consent is implied to specifically listed categories. Importantly, consent obtained under privacy laws may not be sufficient consent for purposes of implied consent under CASL.

Do we have express consent?

If consent is not implied and no other relevant exceptions apply, then you must obtain an individual’s express consent before you are permitted to send him or her a commercial electronic message. The CRTC Regulations help to clarify what information must be included in a request for consent. In particular, you must set out simply and clearly the name of your business or organization, your mailing address and either your phone number, email address or web address, and a statement indicating that you intend to send the individual commercial electronic messages and that he or she can withdraw his or her consent. Guidelines issued by the CRTC state that express consent is obtained through opt-in mechanisms, such as checking a box or typing in an email address.

Formality Requirements

Did we include our contact information?

Unless an exception applies, you must include certain contact information in commercial electronic messages such as the name of your business or organization, your mailing address and either your phone number, email address or a web address. The CRTC Regulations provide that such information may be posted on a readily accessible webpage if it is impracticable to include it in the message itself.

Did we include an unsubscribe mechanism?

Commercial electronic messages must contain a clear and prominent unsubscribe mechanism at no cost to recipients and which uses the same electronic means by which the message was sent, or if impracticable, another electronic means. The unsubscribe mechanism must also include an electronic or web address to which a recipient may send his or her request not to be sent any further commercial electronic messages. The sender must ensure that this address is valid for a minimum of 60 days after the message has been sent and that an unsubscribe request must be given effect within 10 business days. The CRTC Regulations provide that the unsubscribe mechanism may be posted on a readily accessible webpage if it is impracticable to include it in the message itself.

What to Do Before CASL Takes Effect

CASL will impose numerous requirements with respect to the transmission of commercial electronic messages that must be in place prior to July 1, 2014.

To meet this timeline, you will likely need to take some of the following steps over the next six months, if you have not done so already:

  • Determine which of your electronic communications, including commercial and promotional emails, social media communications and text message alerts, would qualify as commercial electronic messages;
  • Establish a system that allows you to record and manage express consents and monitor how long it has been since they were obtained;
  • Prepare a compliant unsubscribe mechanism to accompany all commercial electronic messages;
  • Establish a procedure that ensures that parties that have unsubscribed to your messages or otherwise indicated their request not to receive any more messages will not be sent messages in the future;
  • Identify which exceptions to the consent and formality requirements may apply to your commercial electronic messages;
  • If you rely on any implied consents, establish a system that allows you to record and monitor the status of your relationships with other parties, such as a tickler system that ensures that an existing business relationship continues to exist;
  • Prepare a compliant opt-in mechanism that customers can use to receive promotional messages;
  • Ensure that all necessary contact information accompanies your commercial electronic messages;
  • Make any necessary internal IT infrastructure investments and upgrades to effect these requirements, and approach marketing and other external service providers to ensure they will be able to support activities they undertake on your behalf in full compliance with CASL after July 1, 2014.

CASL also contains other important restrictions relevant to commercial electronic messages, including prohibiting without express consent the alteration of message transmission data or the rerouting of messages to a different destination than authorized; expressly prohibiting the unauthorized harvesting of email addresses; and expanding existing civil and criminal laws prohibiting false or misleading representations to include specifically those in electronic communications, including in text, email headers, sender information, subject lines and URLs.

In addition to these requirements, CASL will impose express consent, notice and other requirements related to the installation of computer programs on the computer systems of others in the course of a commercial activity, which will take effect in January 2015 and may apply if you distribute software electronically or use software to interact with customers and business partners.

If you have business activities in multiple jurisdictions, you will need to consider how certain requirements of CASL may differ from your existing legal obligations under anti-spam laws in other jurisdictions.

Once it takes effect, CASL will be among the most restrictive and onerous anti-spam legislation globally and create significant new risk for companies that are not compliant.

Additional Links to Government Materials

CASL, as adopted in December 2010, is available at 

The final CRTC Regulations are available at

The final IC Regulations are available at

Industry Canada’s Regulatory Impact Analysis Statement is available at

A press release is available at

A backgrounder is available at