PDPA Compliance10 min read17 April 2026

Complete Guide to Singapore's Do Not Call (DNC) Registry for Businesses

Everything Singapore businesses need to know about the DNC Registry. Registration, checking obligations, penalties, exemptions, and compliance best practices.

ComplyHQ Team

Complete Guide to Singapore's Do Not Call (DNC) Registry for Businesses

A property agent I know sent 2,000 promotional SMS messages about a new launch. He did not check the DNC Registry first. Within a week, he had three complaints filed with the PDPC. The fines for DNC violations run up to S$1 million, and the PDPC publishes every enforcement decision with the offender's name.

All of it was avoidable with a five-minute check on a government portal.

TL;DR: Everything Singapore businesses need to know about the DNC Registry. Registration, checking obligations, penalties, exemptions, and compliance best practices.

The DNC Registry is one of the most frequently breached parts of Singapore's data protection framework. Many businesses — especially smaller ones — either do not know the requirement exists or assume it only applies to large marketing operations. It applies to everyone, and the PDPC enforces it actively.

What Is the DNC Registry?

A national database maintained by the PDPC under Part IX of the PDPA. Singapore residents can register their phone numbers to opt out of unsolicited marketing.

Three separate registers:

  1. No Voice Call Register
  2. No Text Message Register
  3. No Fax Message Register

Individuals can register on one, two, or all three. You must check the relevant register before sending each type of marketing message.

Who Must Comply

Every organisation sending marketing to Singapore phone numbers: companies, freelancers, non-profits, even overseas companies targeting Singapore numbers. No exemption based on size, revenue, or message volume. Even a single unsolicited message to a registered number is a breach.

What Counts as a "Marketing Message"

Messages whose primary purpose is to offer, advertise, or promote goods, services, or business opportunities. This includes promotional SMS, cold calls, fax ads, appointment reminders that include promotional offers, and loyalty messages promoting new products.

Not marketing: Order confirmations, delivery updates, payment receipts, service notifications without promotional content, legally required messages, responses to enquiries, and government communications.

Watch out: Messages mixing transactional and promotional content. If your appointment reminder includes "enjoy 20% off your next visit," the entire message may be classified as marketing.

How to Check the DNC Registry

  1. Register at dnc.pdpc.gov.sg using CorpPass
  2. Prepare your number list in standard Singapore 8-digit format
  3. Submit the check — the system flags which numbers are registered
  4. Remove all registered numbers (unless you have documented consent to override)
  5. Document the date, numbers checked, results, and which register you checked

Timing: Checks must be performed within 30 days before sending. Stale checks do not count. Best practice: check immediately before each campaign.

Cost: Up to 20 checks free via web interface. Bulk API checks at volume-based pricing. Free is sufficient for most SMEs.

You can send to registered numbers only with clear and unambiguous consent that is:

  • Specific to marketing messages (not just general data collection consent)
  • Active — silence, pre-ticked boxes, or inaction do not count
  • Documented with records of when, how, and what was consented to
  • Current — withdrawable at any time

Valid: Customer signs a form saying "I agree to receive promotional SMS from [Company] about our products and services."

Invalid: Page 12 of your Terms of Service includes "you consent to marketing communications." That is not clear and unambiguous.

Exemptions

B2B marketing to business numbers (not personal numbers) for relevant purposes is narrowly exempt, but the PDPC interprets this strictly. When in doubt, check.

Existing relationship may provide a basis for deemed consent, but does not automatically override a DNC registration. Always get explicit consent at onboarding.

Government and public interest messages are exempt.

Penalties

  • Organisations: up to S$1 million per breach
  • Individuals: up to S$10,000 per message

The PDPC has published numerous enforcement decisions for DNC violations — real estate agents, insurance companies, retailers, and marketing agencies sending messages without checking. Both the commissioning organisation and any third-party agency sending on their behalf can be liable.

Best Practices

Build consent into customer onboarding. Separate, unticked checkboxes specifying channels (SMS, voice, fax). Timestamped consent records.

Check before every campaign. Numbers are added and removed regularly. Never rely on a previous check.

Maintain an internal suppression list of people who withdrew consent, requested opt-out, or complained.

Include opt-out in every message. "Reply STOP to unsubscribe."

Train your team. Everyone involved in marketing — including interns — needs to understand DNC requirements.

Audit quarterly. Are checks being performed? Records maintained? Opt-outs processed? Vendor compliance verified?

DNC as Part of Overall PDPA Compliance

The DNC Registry is one component of the PDPA. Your overall compliance framework should address all 10 obligations, including appointing a DPO, maintaining a privacy policy, and having a breach response plan.

Businesses that fail on DNC often have gaps elsewhere. A comprehensive assessment catches everything at once.

Check your full PDPA compliance status, including DNC readiness. ComplyHQ's AI-powered gap assessment evaluates your practices against every obligation. Start a free assessment

Government Resources

Sources

  1. PDPC — Personal Data Protection Commission
  2. Personal Data Protection Act 2012
  3. CSA — Cyber Security Agency of Singapore

Looking for more? Check out Adaptels.

Simplify Your Compliance

ComplyHQ's AI can assess your PDPA compliance gaps in under 15 minutes and generate the policies you need.

Try Free Assessment

Frequently Asked Questions

Do I need to check the DNC Registry before sending marketing messages?
Yes. Under Part IX of the PDPA, any organisation that sends marketing messages via voice calls, SMS, or fax to Singapore telephone numbers must check the DNC Registry before each campaign. This applies to all businesses, regardless of size. The only exceptions are when you have clear and unambiguous consent from the recipient or when the message falls under a specific exemption.
What are the penalties for breaching the DNC rules?
The PDPC can impose financial penalties of up to S$1 million per breach. For individuals who send unsolicited marketing messages, fines of up to S$10,000 per message can apply. The PDPC has actively enforced DNC violations, with published decisions against organisations of all sizes.
Does the DNC Registry apply to email marketing?
No. The DNC Registry covers only voice calls, SMS/text messages, and fax messages sent to Singapore telephone numbers. Email marketing is not covered by the DNC Registry provisions. However, email marketing is still subject to PDPA consent requirements — you need the recipient's consent to send marketing emails.
How often should I check the DNC Registry?
You must check the registry within 30 days before sending each marketing message. If more than 30 days have passed since your last check, you must check again before sending. Best practice is to check immediately before each campaign launch and to maintain records of every check performed.
Can I still send marketing messages to numbers on the DNC Registry?
Only if you have clear and unambiguous consent from the recipient. This consent must be specific to the type of marketing message (call, SMS, or fax), documented, and not obtained through deceptive means. The burden of proof is on your organisation to demonstrate valid consent.

Ready to get PDPA compliant?

Stop guessing about compliance. ComplyHQ uses AI to assess your gaps, generate policies, and guide you through every PDPA obligation.

Gap AssessmentPolicy GeneratorAI Compliance Chat
5 July 202616 min read

PDPA Compliance Checklist for Singapore SMEs (2026)

A practical, step-by-step PDPA compliance checklist for Singapore SMEs — all core obligations, what to do first, and the penalties for getting it wrong. Free to use and reference.

Read more
11 May 202610 min read

PDPA Compliance for Clinics and Healthcare Providers in Singapore: A Practical Guide

How Singapore clinics, dental practices, and healthcare providers can comply with the PDPA. Covers patient data, consent, NRIC rules, breach notification, and common mistakes.

Read more
10 May 202611 min read

Data Protection Impact Assessment (DPIA) Singapore Guide for SMEs

Learn how to conduct a Data Protection Impact Assessment (DPIA) for your Singapore business. Step-by-step process, PDPA requirements, templates, and common mistakes.

Read more