Hong Kong introduces anti-spam legislation (Unsolicited Electronic Messages Ordinance)

27 June 2007

Marcus Vass

The new Unsolicited Electronic Messages Ordinance (Cap 593) was published in the Hong Kong Government Gazette on 1 June 2007 ("UEMO"). The Commerce, Industry and Technology Bureau has announced that the UEMO will be launched in two phases to regulate the sending of commercial messages by electronic means.

Phase 1, which came into effect on 1 June 2007, regulates the use of improper techniques to send large quantities of commercial electronic messages or unsolicited electronic messages ("UEMs"). These include the supply of electronic databases acquired through the Internet to persons who send UEMs without the consent of the recipients. In addition, the UEMO will regulate techniques such as "dictionary attacks" or "brute force attacks" commonly used by spammers which involve using an automated means to combine all possible words or names or combinations of letters and alphabets to formulate recipient email addresses with a hope to reach some valid mailboxes. Phase 1 will also cover fraudulent and illicit activities such as hacking into computers for the purpose of sending UEMs.

Phase 2, which is expected to come into effect towards the end of 2007, will regulate the sending of UEMs and provide for an "opt-out" mechanism for recipients of commercial electronic messages. Examples of prohibited activities include sending pre-recorded anonymous voice messages (where the sender's telephone number is withheld), not providing recipients an opportunity to "opt-out" of receiving such messages or continuing to send commercial electronic messages despite a recipient's "unsubscribe" request. Under Phase 2, recipients will be able to register their phone, fax and mobile numbers in a "Do-Not-Call" register, to be established by the Office of the Telecommunications Authority ("OFTA"), for the purpose of notifying senders of commercial electronic messages that they do not wish to receive such messages. E-mail addresses cannot be registered in the "Do-Not-Call" register as such e-mail addresses may serve as a source of information for spammers.

Phase 2 will be launched later in the year to allow time for relevant businesses to understand the implications of the UEMO, implement Phase 1 and update their information systems and practices accordingly.

Who does the UEMO apply to?

The UEMO may apply to any businesses or individuals that send messages advertising or promoting goods and/or services by electronic means such as pre-recorded voice messages, SMS/MMS messages, faxes and/or e-mails.

Enforcement and penalties

A breach of the Phase 1 UEMO provisions (that is, Part 3 and Part 4 of the UEMO) may result in a maximum fine of up to HK$1,000,000 and imprisonment up to 5 years.

Non-compliance with the UEMO may be reported to OFTA. OFTA and the Hong Kong Police have the power to investigate any activities which potentially violate the provisions of the UEMO. OFTA may issue enforcement notices to persons who breach the rules relating to the opt-out regime under Phase 2, requiring them to remedy such breaches.

Penalties for non-compliance of Phase 2 UEMO provisions (that is, Part 2 of the UEMO) range from a fine of HK$100,000 for the first conviction and up to HK$500,000 for subsequent convictions.


If you think the UEMO may raise any issues in respect of your business activities or your industry generally, please let us know and we would be happy to assist you in: carrying out an audit of whether your current business practice is in compliance with the UEMO; and/or advising how (if at all) you may alter your current business practice to comply with the UEMO.

For more information please contact Marcus Vass.