Canada's Anti-Spam Legislation (CASL)

Canada

v2014 (in force)

7 domains

22 controls

Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23) regulates the sending of commercial electronic messages (CEMs), the installation of computer programs, and the unauthorized collection of electronic addresses. It is enforced by the Canadian Radio‑television and Telecommunications Commission (CRTC) for electronic messages, the Competition Bureau for false or misleading representations, and the Office of the Privacy Commissioner of Canada for privacy‑related aspects.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (7)

CASL: Address Harvesting and Misleading Representations

2 controls

Controls in the CASL: Address Harvesting and Misleading Representations domain of Canada's Anti-Spam Legislation (CASL) — 2 controls
Code	Title	Description
CASL-17	Address Harvesting Prohibition	CASL (s.82) amended PIPEDA (s.7.1) to prohibit collecting electronic addresses through address-harvesting software or di...
CASL-18	False or Misleading Representations	CASL amended the Competition Act (s.74.011) to prohibit false or misleading sender information, subject-matter informati...

CASL: Altering Transmission Data (s.7)

1 controls

Controls in the CASL: Altering Transmission Data (s.7) domain of Canada's Anti-Spam Legislation (CASL) — 1 controls
Code	Title	Description
CASL-13	Alteration of Transmission Data	s.7: it is prohibited to alter the transmission data in an electronic message, in the course of a commercial activity, s...

CASL: Commercial Electronic Messages (s.6)

5 controls

Controls in the CASL: Commercial Electronic Messages (s.6) domain of Canada's Anti-Spam Legislation (CASL) — 5 controls
Code	Title	Description
CASL-1	Scope and Applicability	CASL (S.C. 2010, c.23) prohibits sending a commercial electronic message (CEM) to an electronic address without complian...
CASL-10	Messages Sent on Behalf of Others / Third-Party Senders	s.6 covers the person on whose behalf a CEM is sent; s.9 prohibits aiding, inducing or procuring a contravention. Organi...
CASL-4	Identification of Sender	s.6(2)(a): the CEM must set out prescribed information identifying the person who sent the message and the person, if di...
CASL-5	Contact Information	s.6(2)(b) and s.6(3): the CEM must enable the recipient to readily contact the sender, and the contact information must...
CASL-6	Unsubscribe Mechanism	s.6(2)(c): the CEM must set out an unsubscribe mechanism in accordance with s.11(1).

CASL: Consent (s.10)

4 controls

Controls in the CASL: Consent (s.10) domain of Canada's Anti-Spam Legislation (CASL) — 4 controls
Code	Title	Description
CASL-11	Referral and Relationship Exceptions	Electronic Commerce Protection Regulations (SOR/2013-221): limited exceptions, e.g. a first CEM sent following a referra...
CASL-12	Business-to-Business and Other Regulatory Exceptions	Electronic Commerce Protection Regulations: CEMs sent between organisations with an existing relationship, and other pre...
CASL-2	Express Consent	s.6(1)(a) and s.10: a CEM requires consent. Express consent must be obtained by clearly setting out the purpose(s), the...
CASL-3	Implied Consent	s.10(9): implied consent may exist through an existing business relationship or existing non-business relationship (with...

CASL: Enforcement and Compliance

6 controls

Controls in the CASL: Enforcement and Compliance domain of Canada's Anti-Spam Legislation (CASL) — 6 controls
Code	Title	Description
CASL-19	Complaint Handling	Handling of complaints and reports (including via the Spam Reporting Centre) as part of the CRTC enforcement regime and...
CASL-20	Due Diligence Defence	s.33: a person is not to be found to have contravened ss.6-9 if they establish that they exercised due diligence to prev...
CASL-21	Training and Awareness	CRTC compliance guidance: a credible due-diligence defence includes staff training and awareness on CASL obligations.
CASL-22	Penalties and Enforcement	s.20: administrative monetary penalties (up to $1,000,000 for an individual and $10,000,000 for any other person) enforc...
CASL-8	Record Keeping of Consent	s.13 places the onus of proving consent on the person who alleges it. Maintain records of consent (express and implied)...
CASL-9	Transaction and Compliance Records	Records supporting the due-diligence defence (s.33) and demonstrating ongoing compliance: message logs, consent logs, un...

CASL: Installation of Computer Programs (s.8)

3 controls

Controls in the CASL: Installation of Computer Programs (s.8) domain of Canada's Anti-Spam Legislation (CASL) — 3 controls
Code	Title	Description
CASL-14	Installation of Computer Programs - Consent	s.8: it is prohibited to install or cause to be installed a computer program on another person device in the course of a...
CASL-15	Disclosure of Material Software Functions	s.10(3)-(5): for programs that perform specified functions (e.g. collecting personal information, changing settings, int...
CASL-16	Updates and Upgrades	s.10(6)-(8): consent for updates and upgrades to a previously consented program, including conditions for relying on pri...

CASL: Unsubscribe Mechanism (s.11)

1 controls

Controls in the CASL: Unsubscribe Mechanism (s.11) domain of Canada's Anti-Spam Legislation (CASL) — 1 controls
Code	Title	Description
CASL-7	Form and Function of Unsubscribe	s.11: the unsubscribe mechanism must be able to be readily performed at no cost, specify an electronic address or web li...

Your Compliance Coverage

If you comply with Canada's Anti-Spam Legislation (CASL), you already cover:

GDPR

14%

3 controls mapped

Compare →

ISO 37001:2016

2 controls mapped

Compare →

ISO 13485:2016

2 controls mapped

Compare →

+ 1 more: ISO 37301:2021 (5%)

See all 4 mapped frameworks ↓

Maps to 4 other frameworks

22 total controls

GDPR

3 source controls mapped|2 target controls covered

14%

ISO 37001:2016

2 source controls mapped|2 target controls covered

ISO 13485:2016

2 source controls mapped|2 target controls covered

ISO 37301:2021

1 source controls mapped|1 target controls covered

Compare Canada's Anti-Spam Legislation (CASL) with GDPR

Frequently Asked Questions

What is Canada's Anti-Spam Legislation (CASL)?

Canada's Anti-Spam Legislation (CASL) is a compliance framework from Canada with 7 domains and 22 controls. Canada's Anti-Spam Legislation (CASL, S.C. 2010, c. 23) regulates the sending of commercial electronic messages (CEMs), the installation of computer programs, and the unauthorized collection of electronic addresses. It is enforced by the Canadian Radio‑television and Telecommunications Commission (CRTC) for electronic messages, the Competition Bureau for false or misleading representations, and the Office of the Privacy Commissioner of Canada for privacy‑related aspects. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does Canada's Anti-Spam Legislation (CASL) have?

Canada's Anti-Spam Legislation (CASL) has 22 controls organised across 7 domains. The largest domains are CASL: Enforcement and Compliance (6 controls), CASL: Commercial Electronic Messages (s.6) (5 controls), CASL: Consent (s.10) (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does Canada's Anti-Spam Legislation (CASL) map to?

Canada's Anti-Spam Legislation (CASL) maps to 4 other compliance frameworks. The top mapping partners are GDPR (14% coverage), ISO 37001:2016 (9% coverage), ISO 13485:2016 (9% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with Canada's Anti-Spam Legislation (CASL) compliance?

Start your Canada's Anti-Spam Legislation (CASL) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Canada's Anti-Spam Legislation (CASL) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 22 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.

Get Started Free →

Free forever — no credit card required