top of page
Search

What the NCC Opt-Out Registry Means for Business Compliance

  • Writer: Sue Singh
    Sue Singh
  • 3 days ago
  • 4 min read

"Do Not Call Me — I'll Call You"

What the NCC Opt-Out Registry Means for Business Compliance?

The amendments to the Consumer Protection Act Regulations, issued under section 120(1)(a), read with section 11(6), of the Consumer Protection Act 68 of 2008 (“CPA”), came into effect on 15 April 2026 and materially alter the legal framework governing direct marketing in South Africa.


The introduction of a National Consumer Commission (“NCC”) opt-out registry establishes a formal regulatory regime for direct marketing activities across SMS, email, telephonic campaigns, WhatsApp messaging, digital communications and outsourced call-centre operations.


Direct marketing is no longer merely a marketing function. It is now a regulated compliance activity requiring documented governance, operational controls and ongoing oversight. The amendments took effect immediately, with no transitional period.


Key Legislative Amendments

The Amendment Regulations introduce new definitions and the mechanism for implementing a consumer’s right to restrict unwanted direct marketing. Key definitions include:

  • “Direct marketer” — any person who engages in direct marketing, regardless of channel. Any business sending emails, SMSs, WhatsApps, calls, or newsletters from CRM or website lists triggers full CPA obligations.

  • “Electronic communication recipient” — a consumer who receives electronic communications from a direct marketer and who has registered a pre-emptive block.

  • “Cleansing” — the process by which a direct marketer removes from its database all consumers who have opted out, ensuring they are no longer contacted.

  • “Pre-emptive block” — the registration of a block on the opt-out registry to prevent receipt of unwanted electronic communications from direct marketers.


The pre-emptive block applies exclusively to unsolicited electronic communications. “Electronic communication” is broadly defined under the CPA to include telephone calls, facsimile transmissions, SMS, email, wireless computer access, and similar technologies. Direct marketing conducted through non-electronic means, including physical mail, printed materials, or in-person canvassing, falls outside the scope of the opt-out registry.


Historic CRM consent does not constitute a valid defence under the current regulations. Where a consumer is registered on the opt-out registry, the responsible party is obliged to remove such consumer, irrespective of when or how consent was originally obtained.


Compliance Obligations

  1. Registration. No direct marketer may contact any consumer by electronic communication unless registered on the NCC opt-out registry, using the prescribed Annexure P form.

  2. Annual renewal. Registration is not a once-off step. The prescribed annual renewal fee must be paid to maintain valid registration status.

  3. Monthly database cleansing. Marketers must submit their full marketing database to the NCC monthly and remove all consumers who have registered a pre-emptive block. Regulation 4(7)(i) is framed in absolute terms — monthly removal is not discretionary. Suppression must apply across all channels without exception.

  4. Sender identification. Every electronic direct marketing communication must display the marketer’s name, electronic address, physical address, and contact number. Marketing may not be sent from platforms where the originator cannot be identified.


Cost Implications

Compliance carries a direct financial cost. The prescribed fee structure includes registration, annual renewal, and monthly per-record cleansing fees, with the cleansing tariff escalating annually over a three-year cycle.


Figure 1: Cost Implications — GBS Internal Compliance Briefing, John Botha (April 2026)


Enforcement

The NCC may issue a compliance notice under section 100 of the CPA. Failure to comply is a criminal offence carrying a fine or imprisonment of up to 12 months, or both. The National Consumer Tribunal may impose an administrative fine of up to 10% of annual turnover or R1 million, whichever is greater.


CPA and POPIA: Concurrent Obligations

The CPA amendments do not replace POPIA. The Information Regulator has confirmed that consumers who are not on the pre-emptive block remain protected under POPIA. A lawful basis for processing and section 69 compliance are required regardless of NCC registration status. Critically, a consent request under section 69(2) must be solely to obtain consent — marketing content may not be included in the same communication.


CPA Obligations

  • Register on the NCC opt-out registry

  • Cleanse database monthly

  • Remove all opted-out records

  • Identify sender in every communication

  • Pay annual renewal fee


POPIA Obligations

  • Lawful basis for all processing

  • Prior consent for electronic marketing (section 69(1))

  • One unsolicited approach to request consent only (section 69(2))

  • Existing-customer exception applies narrowly (section 69(3))

  • Maintain consent records independently


Recommended Compliance Position

Businesses should adopt a conservative compliance model. The legally safer and commercially sounder position is to treat a registered pre-emptive block as overriding prior marketing consent for CPA purposes.


Figure 2: Recommended Compliance Position — GBS Internal Compliance Briefing, John Botha (April 2026)


The introduction of the NCC opt-out registry marks a significant evolution in South Africa’s direct marketing regulatory landscape. Businesses can no longer approach direct marketing as a low-governance commercial activity. Organisations that proactively adapt their compliance frameworks will be better positioned to reduce enforcement exposure, preserve consumer trust, and maintain sustainable marketing operations.



This article is for informational purposes only and does not constitute legal advice. For specific legal guidance on compliance obligations, consult a qualified practitioner.


Certain content and illustrative material in this article have been sourced from the GBS Internal Compliance Briefing: CPA Direct Marketing & POPIA Obligations, presented by John Botha, Global Business Solutions, April 2026.


© 2026 Global Business Solutions (GBS). All rights reserved.


Stay informed, stay compliant, and stay ahead of workplace change by joining the Mid-Year Labour Law Update 2026 (#MLLU2026), presented by Jonathan Goldberg and the expert GBS team. This practical and highly relevant labour law event will unpack the most important Labour Court, Labour Appeal Court, Constitutional Court, and CCMA decisions from the first half of 2026, together with key statutory developments, NEDLAC proposals, and emerging workplace risks. With live sessions in five cities, online attendance options, 100+ updated case summaries, 6 CPD points, valuable take-home resources, and 6 months’ access to the MLLU/ALLU Bot, MLLU2026 is designed to help employers, HR, ER, IR, and legal professionals prepare confidently for the second half of the year. The MLLU/ALLU Bot is trained on case summaries and findings from recent Mid-Year and Annual Labour Law Update sessions and gives delegates practical post-session support, including help with policy drafting, checklists, case lookups, and summaries. With more than 610 delegates attending #MLLU2025, the Mid-Year Labour Law Update is one of the biggest and most relevant labour law updates in South Africa. Register now to secure your place.



View our upcoming events: Upcoming Events and Qualifications, like AI Compass Intake 2, DIGITAL INTELLIGENCE: Leading in a Technology-Transformed World (Harvard ManageMentor®), B-BBEE: Procurement with Purpose, and #MLLU2026.


*All workshops are offered as customised in-house training that can be presented virtually or on-site.

Comments

bottom of page