What is CASL?
CASL (Canada’s Anti-Spam Legislation) is Canadian federal law that regulates the sending of commercial electronic messages (CEMs). It came into effect on July 1, 2014, and is enforced by the Canadian Radio-television and Telecommunications Commission (CRTC), the Competition Bureau, and the Office of the Privacy Commissioner of Canada.
CASL is considered one of the strictest anti-spam laws in the world, with significant penalties for non-compliance.
Who Does CASL Apply To?
Section titled “Who Does CASL Apply To?”CASL applies to anyone who sends commercial electronic messages:
- Individuals and businesses of all sizes
- Not-for-profit organizations
- Global organizations sending messages to recipients in Canada
If your message is sent within Canada, from Canada, or to Canada, CASL applies. Messages merely routed through Canada without a Canadian recipient are not covered.
What is a Commercial Electronic Message (CEM)?
Section titled “What is a Commercial Electronic Message (CEM)?”A Commercial Electronic Message (CEM) is any electronic message that encourages participation in a commercial activity, such as:
- Promotional emails or newsletters
- SMS/text messages about products or services
- Instant messages with commercial content
- Social media messages promoting offers or sales
What is NOT a CEM:
- Messages containing only a hyperlink to a website (without commercial promotion)
- Confirmations of successful unsubscribes
- Purely transactional messages (order confirmations, shipping updates)
Three Core Requirements
Section titled “Three Core Requirements”To send a CEM under CASL, you must meet three requirements:
1. Consent
Section titled “1. Consent”You must have the recipient’s consent before sending a CEM. There are two types:
Express Consent
- The recipient explicitly agrees to receive messages (opt-in)
- Must be obtained through a clear, affirmative action (e.g., checking an unchecked box)
- Never expires, but can be withdrawn at any time
- Pre-checked boxes do NOT constitute valid express consent
- You must keep records of how and when consent was obtained
Implied Consent Implied consent exists in specific situations:
| Situation | Duration |
|---|---|
| Existing business relationship (purchase, contract, membership) | 2 years from last transaction |
| Inquiry or application about products/services | 6 months from inquiry |
| Published contact information (e.g., business card, website) | Ongoing, if purpose aligns with their role |
| Voluntarily disclosed contact information | Ongoing, unless they indicate otherwise |
2. Identification
Section titled “2. Identification”Every CEM must include:
- Your name (or your organization’s name)
- A valid mailing address
- At least one of: phone number, email address, or website URL
- If sending on behalf of another organization, identify both parties
3. Unsubscribe Mechanism
Section titled “3. Unsubscribe Mechanism”Every CEM must include a way to unsubscribe that is:
- Easy to use - simple and straightforward process
- Free - no cost to the recipient
- Processed within 10 business days - you must honor the request promptly
- Valid for at least 60 days - the unsubscribe link/method must work
Once someone unsubscribes, you cannot send them CEMs regardless of any implied consent that may exist.
Exemptions
Section titled “Exemptions”The following messages are exempt from CASL’s consent requirements:
- Messages to family members or personal relationships
- Messages within or between organizations (B2B with existing relationship)
- Direct responses to inquiries, complaints, or requests
- Transaction confirmations and receipts
- Warranty, recall, or safety information about purchased products
- Messages from registered charities (for fundraising purposes)
- Messages from political parties or candidates (for contributions)
- Messages providing quotes or estimates requested by the recipient
Penalties
Section titled “Penalties”CASL violations carry significant penalties:
| Violator | Maximum Penalty Per Violation |
|---|---|
| Individuals | Up to $1,000,000 |
| Businesses | Up to $10,000,000 |
Directors, officers, and agents can be held personally liable for violations. The CRTC actively enforces CASL and has issued penalties to organizations of all sizes.
How Does CASL Affect SMS Messaging?
Section titled “How Does CASL Affect SMS Messaging?”CASL is technology-neutral, meaning it applies equally to SMS/text messages as it does to email. Key points for SMS:
- Express consent is typically required for commercial text messages
- Identification can be provided via link - since SMS has character limits, you can include “Info:” followed by a URL to a page with your identification details
- STOP keyword - recipients can opt out by texting STOP (or ARRET in French)
- Opt-out must be honored immediately - stop sending messages as soon as the request is received
For more information on opt-out handling, see Telair Support for Opt-Out Keywords.
Best Practices for Compliance
Section titled “Best Practices for Compliance”- Always obtain consent before sending - when in doubt, get express consent
- Keep detailed records - document how, when, and where consent was obtained
- Include identification in every message - your name and contact information
- Honor unsubscribe requests immediately - don’t wait the full 10 days
- Review your contact lists regularly - remove bounced numbers and expired implied consent
- Train your team - ensure everyone understands CASL requirements
For more information on messaging best practices, see our Acceptable Use Policy.
CASL Compliance with TextFlow
Section titled “CASL Compliance with TextFlow”Telair’s TextFlow platform includes built-in CASL compliance features:
- Automatic opt-out processing - STOP, ARRET, and other keywords are handled instantly
- Consent tracking - track express and implied consent for each contact
- Immediate unsubscribe processing - exceeds the 10-business-day requirement
- Bilingual keyword support - English and French opt-out keywords
Learn more in the TextFlow Documentation.