Singapore PDPA Do Not Call Registry and Marketing Messages

The Singapore Do Not Call (DNC) Registry is established by the Personal Data Protection Commission (PDPC) under the Personal Data Protection Act 2012 (PDPA). The Singapore DNC Registry allows individuals in Singapore to register their telephone numbers to opt out of receiving unsolicited telemarketing messages. The Singapore PDPA Do Not Call provisions came into effect on 2 January 2014 and apply alongside the Data Protection Provisions in Parts 3 to 6A of the PDPA. Organisations are required to comply with both sets of provisions when conducting marketing activities in Singapore.

The Singapore PDPA Do Not Call provisions apply broadly to any 'person' sending specified messages. Under section 2(1) of the Interpretation Act, 'person' includes natural persons as well as companies, associations, and other bodies of persons, whether corporate or unincorporated. This means sole proprietors, partnerships, and corporations operating in or targeting Singapore are all subject to Singapore DNC obligations when they send, cause to be sent, or authorise the sending of marketing messages to Singapore telephone numbers. The Singapore DNC Registry is operated at www.dnc.gov.sg as a Singapore Government agency service administered by the PDPC.

A 'Singapore telephone number' is defined in section 36(1) of the PDPA as an eight-digit number beginning with 3, 6, 8, or 9 that conforms to the National Numbering Plan referred to in regulation 12A of the Telecommunications (Class Licence) Regulations. This definition covers mobile numbers, fixed-line numbers, residential numbers, and business numbers. The scope of the Singapore DNC Registry is comprehensive: any marketing message targeting these number formats must comply with the Singapore PDPA Do Not Call checking obligations unless a valid exception applies.

The PDPC issued Advisory Guidelines on the Do Not Call Provisions (revised 1 February 2021) to provide detailed interpretation guidance on how the Singapore DNC provisions apply in different scenarios. The February 2021 revision introduced requirements for third-party DNC checkers under section 43A and strengthened prohibitions on dictionary attacks and address-harvesting software under section 48B. These guidelines are advisory and not legally binding, but they represent the Commission's stated interpretation of the Singapore PDPA Do Not Call provisions and are treated as the practical compliance standard.

The Singapore DNC Registry consists of three separate registers, each covering a distinct communication channel. Individuals may choose to register their Singapore telephone numbers on one, two, or all three Singapore DNC registers depending on which types of telemarketing messages they wish to stop receiving. The No Voice Call Register covers opt-out from telemarketing calls. The No Text Message Register covers opt-out from telemarketing text messages. The No Fax Message Register covers opt-out from telemarketing fax messages. Organisations must check the relevant Singapore DNC register for the specific channel they intend to use before sending any marketing message.

The No Voice Call Register under the Singapore DNC Registry covers voice or video calls sent by telephone service, data service, or any other electronic means. This includes traditional phone calls, VoIP calls, and calls made through data applications such as WhatsApp, iMessage, or Viber when they use a Singapore telephone number. The No Text Message Register covers any text, sound, or visual message that is not a voice call or fax, including SMS, MMS, and messages sent through messaging applications targeting a Singapore telephone number. The No Fax Message Register covers facsimile messages sent to Singapore telephone numbers.

When an organisation checks telephone numbers against the Singapore DNC Registry, all three registers are checked simultaneously. The results indicate the registration status of each number on each register. Organisations must respect the registration status for each channel independently when planning Singapore DNC-compliant marketing campaigns. For example, a number may be registered on the No Text Message Register but not on the No Voice Call Register, allowing voice call marketing but blocking SMS marketing to that number. Each Singapore DNC register operates independently, and organisations must match the correct register to their intended message channel.

Under section 43 of the Singapore PDPA, before a person sends a specified message to a Singapore telephone number, they must check with the Singapore DNC Registry to confirm the number is not listed on the relevant DNC Register. The only exception to this Singapore DNC checking obligation is when the sender has already obtained clear and unambiguous consent in evidential form from the user or subscriber of the number. This is the core compliance obligation that every marketing team must build into their outbound workflow when targeting Singapore telephone numbers.

The prescribed checking period for the Singapore DNC Registry is 21 days. This means a person must have made a checking application within 21 days before sending the specified message. Results returned from the Singapore DNC Registry are valid for up to 21 days from the date of receipt. Once this validity period lapses, the organisation must perform another Singapore DNC Registry check before continuing telemarketing activities. For example, if an organisation receives results on 2 February, those results are valid until 23 February. Organisations running campaigns longer than 21 days must schedule recurring Singapore DNC Registry checks to maintain compliance.

There are two methods for submitting telephone numbers for checking against the Singapore DNC Registry. The Small Number Lookup method allows up to 10 numbers to be submitted at a time with immediate results displayed. The Bulk Filtering method requires uploading a CSV file containing a single column of eight-digit telephone numbers, with results available within 24 hours. The bulk filtering results from the Singapore DNC Registry include filtered numbers with their status on each register, a summary of the submission, an on-behalf list if checking for other organisations, and rejected numbers with reasons for rejection. Only eight-digit numbers starting with 3, 6, 8, or 9 are accepted by the Singapore DNC Registry system.

Organisations that use third-party checkers for Singapore DNC Registry compliance should be aware that the PDPC does not endorse any third-party checker. Under section 43A of the PDPA (introduced 1 February 2021), a 'checker' who checks the Singapore DNC Registry on behalf of a sender must ensure the information provided is accurate and must include the date the results were received along with the expiry date. The liability for Singapore DNC infringements resulting from erroneous information falls on the third-party checker. However, the sending organisation remains liable if it had reason to believe the information was expired, false, or inaccurate.

Section 44 of the Singapore PDPA requires that every specified message sent to a Singapore telephone number must include clear and accurate identification information and contact information. This Singapore PDPA caller identification obligation applies to all specified messages regardless of channel -- voice calls, SMS, MMS, fax, and messages through data applications. The information must be reasonably likely to remain valid for at least 30 days after the message is sent. Failure to include proper identification and contact information is a separate violation from failure to check the Singapore DNC Registry.

Identification information under the Singapore PDPA must allow the recipient to determine who sent or authorised the sending of the message. An organisation may use its legal name, a trading name, brand name, or a related name such as a retail outlet or property development name, as long as the recipient can identify the sender. The PDPC Advisory Guidelines on the Singapore DNC provisions make clear that generic pronouns such as 'me' or 'us', informal nicknames, and fictitious names are not acceptable as identification information. A website address may serve as identification if the sender can be identified from the URL text itself or from the landing page content.

Contact information under the Singapore PDPA must enable the recipient to 'readily contact' the sender. The most straightforward approach is to include an operational Singapore telephone number that accepts incoming calls or text messages, or a valid email address that accepts incoming mail. The PDPC guidelines on the Singapore DNC provisions clarify that short codes and no-reply email addresses do not satisfy this requirement because they do not allow the recipient to directly communicate with the sender. A physical address alone is also insufficient because it requires the recipient to make a trip or send a letter, which does not meet the 'readily contact' standard set by the Singapore PDPA.

For voice calls containing specified messages, section 45 of the Singapore PDPA adds a further obligation: the sender must not conceal or withhold the calling line identity from the recipient. The calling line identity is defined in section 36(1) as the telephone number or information identifying the sender. Organisations must ensure their telephony systems are configured to transmit the correct calling line identity for all outbound marketing calls to comply with the Singapore PDPA Do Not Call provisions. Concealing or withholding the calling line identity is a separate contravention under the Singapore PDPA even if the Singapore DNC Registry was properly checked.

The Eighth Schedule to the Singapore PDPA lists categories of messages that are excluded from the definition of 'specified message' and therefore not subject to Singapore DNC provisions. Understanding these Singapore PDPA DNC exceptions is critical for marketing teams because they determine which outbound communications can be sent without checking the Singapore DNC Registry or obtaining DNC-specific consent. However, organisations must still comply with the Data Protection Provisions of the Singapore PDPA for all communications, even those excluded from Singapore DNC requirements.

The ongoing relationship exception under paragraph 1(e) of the Eighth Schedule excludes messages where the sender has an ongoing relationship with the recipient and the sole purpose of the message relates to the subject matter of that relationship. Under the Singapore PDPA, an 'ongoing relationship' means a relationship on an ongoing basis arising from the conduct of a business or activity by the sender. The PDPC Advisory Guidelines on the Singapore DNC provisions provide examples: retail memberships, media subscriptions, insurance policies, bank accounts, loans, and regular participation in an organisation's activities. Importantly, one-off transactions do not establish an ongoing relationship under the Singapore PDPA. The Commission considers factors such as continuity, regularity, and frequency when assessing whether an ongoing relationship exists for Singapore DNC exception purposes.

The sole-purpose requirement for the Singapore PDPA ongoing relationship exception is strict. If a message serves a purpose beyond the subject matter of the ongoing relationship, it loses the exclusion and becomes a specified message subject to Singapore DNC provisions. For example, a message to an existing credit card holder promoting a new credit card of the same type may qualify under the Singapore PDPA DNC exception, but a message that promotes an unrelated product line would not. A message that combines a notification about a change in account terms with a marketing offer for a new product would also lose the Singapore DNC exclusion because its purpose is not solely related to the ongoing relationship.

The B2B exception under paragraph 1(g) of the Eighth Schedule excludes messages sent to an organisation (other than an individual acting in a personal or domestic capacity) for any purpose of the receiving organisation. This Singapore PDPA DNC exception allows company-to-company marketing without checking the Singapore DNC Registry. However, the PDPC guidelines make clear that if a B2B call shifts to marketing a product for the individual's personal use, the Singapore DNC exception no longer applies, and the sender must comply with Singapore DNC provisions for that personal marketing component. Other Eighth Schedule exclusions include public agency non-commercial messages, personal/domestic messages, emergency messages, transaction confirmations, warranty and safety information, product updates under existing contracts, charitable cause solicitations without marketing elements, and messages whose sole purpose is market research or survey.

If an organisation holds clear and unambiguous consent in evidential form from the user or subscriber of a Singapore telephone number, it does not need to check the Singapore DNC Registry before sending specified messages to that number. This Singapore PDPA DNC consent must be specific: the individual must have been clearly and specifically notified that specified messages would be sent to their Singapore telephone number, and the individual must have given consent through a positive action. The PDPC Advisory Guidelines on the Singapore DNC provisions state that mere failure to opt out or inaction does not constitute clear and unambiguous consent.

Consent for Singapore DNC purposes must be evidenced in written or other form so as to be accessible for subsequent reference (referred to as 'evidential form' in the PDPC Advisory Guidelines). Written form includes physical or electronic documents. If consent is not in written form, it must be captured in a manner that can be retrieved and reproduced later, such as an audio or video recording. For electronic consent used to satisfy Singapore DNC obligations, organisations should retain system logs capturing the individual's choice, date and time, the webpage or form presented, and the specific clauses consented to including applicable terms and conditions. This evidential form is a distinctive requirement of the Singapore PDPA Do Not Call regime.

The Singapore PDPA prohibits organisations from requiring consent for telemarketing as a condition of providing goods or services beyond what is reasonable. Under section 46(1), an organisation must not require a consumer to agree to receive specified messages as a prerequisite for receiving goods, services, land, interest, or opportunity. Organisations should offer individuals the option to consent to Singapore DNC marketing messages without denying them products or services for declining. Additionally, consent obtained through false or misleading information or deceptive practices is not valid under the Singapore PDPA. The PDPC treats violations of section 46 as separate contraventions carrying their own penalties.

Individuals can withdraw their consent for Singapore DNC marketing messages by giving notice to the organisation. Under section 47(3), the organisation must cease sending specified messages to the number within 21 days of receiving the withdrawal notice (the 'prescribed period'). The scope of withdrawal depends on the content and channel of the notice. Under the Singapore PDPA, a general withdrawal sent via SMS would typically apply to all specified messages sent by SMS only. If the individual wants to withdraw consent across all channels (voice, text, and fax), the individual should explicitly state that intention. Importantly, an individual's subsequent registration on the Singapore DNC Registry does not amount to withdrawal of consent previously given to a specific organisation.

The Singapore PDPA Do Not Call provisions apply to all means by which a sender may send a specified message to a Singapore telephone number. Under section 36(1), 'send' includes the sending of a message, causing or authorising the sending, or making a voice call containing the message. A 'message' includes messages in sound, text, visual, or other form. This broad definition under the Singapore PDPA means that modern digital marketing channels are subject to Singapore DNC obligations whenever they target a Singapore telephone number, regardless of the technology or platform used.

Messages sent through data applications such as WhatsApp, iMessage, or Viber are subject to Singapore DNC provisions when they use a Singapore telephone number to deliver the message. A voice call made through a VoIP application to a Singapore telephone number is treated the same as a traditional phone call for Singapore DNC purposes and must be checked against the No Voice Call Register of the Singapore DNC Registry. An SMS or rich media message sent through a messaging platform to a Singapore telephone number falls under the No Text Message Register. Organisations must check the appropriate Singapore DNC register before sending marketing messages through any of these digital channels.

The Singapore PDPA Do Not Call provisions do not apply to specified messages that are not sent to a Singapore telephone number. This means location-based broadcasts pushed to mobile phones through data-enabled smart phone applications, or data applications that do not use a Singapore telephone number to identify the recipient, are not covered by Singapore DNC rules. However, the Data Protection Provisions of the Singapore PDPA may still apply to such communications, particularly regarding the collection, use, and disclosure of personal data. Email marketing is also not covered by Singapore DNC provisions because email is not sent to a Singapore telephone number, though the PDPA Data Protection Provisions and the Spam Control Act may apply separately.

Section 48B of the Singapore PDPA prohibits persons from sending messages to telephone numbers generated or obtained through address-harvesting software, and from using dictionary attacks or similar automated means to send messages indiscriminately. This prohibition was strengthened in the February 2021 amendments to the Singapore PDPA. Organisations must ensure their telephone number acquisition practices rely on legitimate sources and properly documented consent, not automated harvesting tools. Violations of section 48B carry the same financial penalties as other Singapore DNC contraventions.

The PDPC has enforcement authority over Singapore DNC violations and can issue directions, financial penalties, and undertakings against organisations that breach the Singapore PDPA Do Not Call provisions. The penalties framework was strengthened by the 2020 amendments to the Singapore PDPA, which came into force on 1 February 2021. Financial penalties for Singapore DNC violations can be significant and are designed to deter non-compliance and encourage organisations to invest in proper Singapore DNC compliance processes.

Under the Singapore PDPA, the PDPC can impose a financial penalty of up to SGD 1 million per breach for violations of the Singapore DNC provisions. For organisations, the maximum financial penalty can reach up to 10% of annual turnover in Singapore, or SGD 1 million, whichever is higher (subject to the amended penalty framework). The PDPC considers factors such as the nature and seriousness of the Singapore DNC contravention, whether the contravention was deliberate or arose from negligence, the volume of unsolicited messages sent, the degree of cooperation with the investigation, and whether the organisation had Singapore DNC compliance policies in place.

In addition to financial penalties for Singapore DNC violations, the PDPC can issue directions requiring the organisation to stop the contravening activity, destroy personal data collected in contravention of the Singapore PDPA, or take other corrective actions. The PDPC may also accept an undertaking from the organisation, which is a binding commitment to take specified steps to address the Singapore DNC breach. Enforcement decisions for Singapore DNC violations are published on the PDPC website and can cause significant reputational harm in addition to the financial penalty.

Individuals also have the right to lodge complaints with the PDPC for unsolicited telemarketing messages received on Singapore telephone numbers registered with the Singapore DNC Registry. The PDPC investigates complaints through its Complaints and Reviews process and may initiate enforcement proceedings for Singapore DNC violations. Organisations should maintain complete records of their Singapore DNC Registry checking processes, consent records, and marketing message logs to defend against complaints and demonstrate compliance with the Singapore PDPA Do Not Call provisions.

Building a compliant outbound marketing workflow under the Singapore PDPA Do Not Call provisions requires integrating Singapore DNC Registry checks, consent management, exception handling, and evidence retention into a single repeatable process. Marketing teams should not treat Singapore DNC compliance as a separate legal checkbox but as a core part of campaign operations. Every campaign brief should include a Singapore DNC compliance section that documents the message type, target channel, consent basis, and applicable exceptions under the Eighth Schedule.

Step one is to classify the message under the Singapore PDPA. Determine whether the planned communication is a 'specified message' under section 37 of the PDPA. A message is a specified message if its purpose (or one of its purposes) is to advertise, promote, or offer goods, services, land, interests, or business/investment opportunities. If the message is purely a transaction confirmation, service notification, market survey, B2B communication, or falls under another Eighth Schedule exclusion, document the applicable Singapore DNC exception and the reasoning before proceeding without a Singapore DNC Registry check.

Step two is to check consent records for Singapore DNC purposes. If you hold clear and unambiguous consent in evidential form from the recipient for the specific channel and message type, document the consent record (including the date obtained, the specific clause, and the evidence form) and proceed. If consent is not available or is uncertain, proceed to step three: perform the Singapore DNC Registry check. Submit the target telephone numbers via Small Number Lookup (up to 10 numbers, immediate results) or Bulk Filtering (CSV upload, results within 24 hours) at www.dnc.gov.sg. Record the date of the check, the numbers submitted, and the results received. Do not send specified messages to numbers registered on the relevant Singapore DNC Register. Ensure the Singapore DNC check was performed within 21 days of the planned send date.

Step four is to prepare the message content compliant with Singapore PDPA requirements. Every specified message must include clear and accurate identification information (sender name) and contact information (operational phone number or valid email). For voice calls, ensure the calling line identity is not concealed as required by section 45 of the Singapore PDPA. Include opt-out instructions using the same medium as the message. Step five is to send and log: execute the campaign, retain logs of all messages sent (numbers, timestamps, message content), and maintain these records alongside Singapore DNC Registry check results and consent records for compliance evidence. Re-check the Singapore DNC Registry every 21 days if campaigns continue beyond the validity window.

To use the Singapore DNC Registry, organisations must first create a DNC Registry account at www.dnc.gov.sg. Each organisation is allowed one main account, with the ability to create sub-accounts for multiple users. Singapore-registered organisations need a Unique Entity Number (UEN) and a representative's Singpass for Singapore DNC Registry registration. Overseas organisations not registered in Singapore must provide company registration information and a phone or utility bill. Individual users register using Singpass. Upon successful Singapore DNC account creation, an activation link is sent to the registered email address.

Singapore DNC Registry account creation involves a one-time fee (inclusive of 9% GST): SGD 32.70 for a main account for Singapore-registered organisations (SGD 65.40 for overseas organisations), SGD 32.70 per sub-account, and SGD 32.70 for individual main accounts. Each main Singapore DNC Registry account receives 1,000 free credits annually (valid for one year). Sub-accounts do not receive free credits. These free credits are consumed first before purchased credits when performing Singapore DNC Registry checks.

For organisations with high-volume Singapore DNC Registry checking needs, the Prepaid scheme allows purchasing credits in advance. One credit is consumed per telephone number checked against the Singapore DNC Registry. Purchased credits are valid for three years. Pricing tiers range from SGD 0.0218 per number (5,000 credits at SGD 109) down to SGD 0.0109 per number (1,000,000 credits at SGD 10,900). The Pay-per-use scheme charges per submission with a minimum of SGD 10. Rates are SGD 0.0273 per number for 1 to 4,999 numbers and SGD 0.0251 per number for 5,000 or more numbers. All Singapore DNC Registry prices include 9% GST.

If your organisation checks the Singapore DNC Registry on behalf of other organisations, you must indicate those organisations on the declaration page during account creation. This list can be updated later. The Singapore DNC Registry Bulk Filtering results include an 'On Behalf List' file showing which organisations you checked on behalf of at the time of submission. Organisations should integrate Singapore DNC Registry checking into their marketing automation platform or CRM by scheduling regular bulk checks and applying filtered results as campaign suppression lists before execution. Payment can be made online via credit or direct debit cards; offline payment (bank transfer) is available for transactions of SGD 5,000 or more.