Is cold email legal in Singapore? PDPA and the Spam Control Act (2026)

One of the first questions APAC founders ask before running outbound is simple: is cold email even legal in Singapore? The short answer is that B2B cold email to business contacts, done properly, is generally permitted, but there are real rules to follow. Here is a plain-English overview of how the two relevant laws work and a checklist to stay on the right side of them.

This is general information, not legal advice. Singapore's rules do change, so confirm the specifics with a qualified professional before you scale a campaign.

PDPA and business contact information

Singapore's Personal Data Protection Act (PDPA) governs personal data, but it carves out what it calls business contact information: a person's name, position, business title, business phone, business email, and business address, when provided and used for business purposes rather than personal ones. Consent obligations that apply to personal data generally do not apply to business contact information used to reach someone in their professional capacity. That is the legal basis most B2B cold outreach in Singapore relies on: emailing a work address about a relevant business matter.

The Spam Control Act

Sending unsolicited commercial messages in bulk is governed by the Spam Control Act, which covers email and SMS. The practical requirements that matter for a cold email program are straightforward and good practice anyway:

• Provide a clear way to unsubscribe in every message.
• Honour an unsubscribe request promptly; the Act sets a limit of ten business days.
• Do not use false or misleading subject lines or header information.
• Include accurate sender details so the recipient knows who is contacting them.

A practical compliance checklist

• Send to business email addresses about genuine business matters, not personal accounts.
• Keep an unsubscribe link in every send and process opt-outs automatically.
• Maintain a suppression list so opt-outs and bounces are never contacted again.
• Keep subject lines honest and your sender identity accurate.
• Keep volumes sensible and your targeting relevant; irrelevant blasting invites complaints regardless of the law.

HuntSales is built to make the mechanical parts of this the default: every sequence supports an unsubscribe, opt-outs and bounces drop into a suppression list that is automatically excluded from future sends, and reply detection stops a sequence the moment someone responds. That does not replace your own legal judgement, but it removes the easy ways to slip.

Treat compliance as part of good outreach, not a tax on it. Relevant, well-targeted, easy-to-unsubscribe email is both more lawful and more effective than volume blasting. Again, this is general guidance only; check the current rules with a professional before scaling.