How to Build a Viber Subscriber List the Right Way
Published: Feb 18, 2026
Viber Business Messages is not a free-for-all.
It's an opt-in environment by design and is supported by the platform and data protection laws in all markets where Viber operates.
Before your first message is sent out, you'll need to have documented, specific, and valid consent.
This guide will walk you through what that looks like in practice: what constitutes valid consent, how to obtain it at different customer touchpoints, and what to do if you fail to comply.
Why Viber Treats Consent as Non-Negotiable
This is because Viber’s business messaging is designed with the user in mind.
The blue check mark, the Business Inbox where business messages are separated from personal ones, and the ability to block and report messages are designed to prevent unsolicited messages from occurring in the first place.
It is not something that businesses can opt in or out of; it is something that they need permission for.
And the rules are enforced.
Viber monitors the block rate of every sender.
If the block rate is too high, the account can be shut off without any notice given to the user.
It is not guaranteed that the account will be reinstated, but the user will have to prove that they have adhered to the rules in order to get it back.
Messages that have not been given consent for will not only be marked as spam by the user but can also get the user in trouble with the service as a whole.
For your business, having a list of subscribers that have not given proper consent is not only a legal problem but can also become an operational one.
Those who have not given proper consent will begin blocking the messages they receive from you, and the high block rate can get the business shut out of the channel altogether.
The Legal Framework You Are Operating In
The rules for giving consent on Viber vary depending on the location of your recipients.
This is because different regions have varying data protection regulations.
The first thing to do is to be familiar with the regulations applicable to your list and to set it up accordingly.
The most effective way to comply is to adhere to the regulations of the EU and EEA and the UK.
This is because these regulations are the most stringent.
The regulations require that you obtain consent as the basis for processing data.
The regulations also state that you cannot use the legitimate interest principle for direct marketing.
The principle of consent requires that it be freely given, specific, informed, unambiguous, and documented.
The regulations also require that users have the right to withdraw their consent at any time.
You are also required to limit the collection of data to what you will actually use.
What Legally Valid Consent Actually Means
Valid GDPR-based consent, as well as best practices worldwide, has five elements.
Each of these elements is important, and failing to meet any of them means that you do not have valid consent.
Free given: The customer cannot be forced to give their consent to get your product or service.
For instance, if your customer must give their consent to get Viber marketing messages to complete their order, they’re not really consenting.
They’re forced to, which is coercion, not free given.
Specific: A customer who gives their consent to get order updates has not given their consent to get promotional messages, or vice versa.
A customer who gives their consent to get your chatbot service has not given their consent to get offers or discounts.
Each case must be given its own basis for consent.
Informed: The customer must understand who they’re consenting to get messages from, through which medium (Viber, by name), what kinds of messages they’ll get, and how often they’ll get them.
Vague language, such as “agree to receive communications,” does not meet this standard.
Unambiguous: The customer must give their consent by an overt, affirmative action, which can include an unticked checkbox or clicking “Yes, subscribe me to Viber updates.”
Documented: You must keep records of your customer’s consent.
Viber requires you to do so.
If your customer says they didn’t give their consent, or if your company gets audited, you must be able to show them your records to prove your case.
Documentation is not optional, it is your compliance.
How to Collect Opt-Ins: Four Compliant Touchpoints
The methods of collecting consents vary for each channel, while the law remains the same for all channels.
Website Sign-Up Forms
The most transparent and auditable approach is to use an opt-in form.
The form must include Viber as a channel, what messages you will send, what you think the frequency of messages will be, and include a link to your privacy policy.
The form must require an affirmative action to complete.
Avoid including this form with your terms of service or another channel's newsletter signup.
These are two separate consents.
There are several ways to include an opt-in form: preference center, settings, or through a pop-up.
Each of these methods will give you different results, but they can all work if done correctly.
E-Commerce Checkout
The checkout page is another good location to collect user consents, as they are engaged with your brand at this time.
The user's information is visible, making it easier to collect Viber consent.
However, collecting Viber consent on an e-commerce checkout page must be done correctly.
For an overview of how Viber can work with e-commerce, outside of the opt-in process, please refer to Viber for E-Commerce.
Viber Chatbot Subscription
The consent for the chatbot to send messages will come when the user subscribes to the chatbot on Viber.
The consent happens when the user receives the welcome message.
Before asking for the user’s confirmation, the user should know what they’re consenting to.
The welcome message should contain information about you, the messages the chatbot will send, the frequency of the messages, and the unsubscribe option.
After the welcome message, you can request the user’s confirmation.
This is as much about consent as it is about messaging.
The experience should look and feel natural for the user on Viber while at the same time being clear and informed for the user.
Using QR Codes for Offline-to-Online
For the consent process, you can use physical materials such as product packaging, receipts, signs, or other materials for the event you’re organizing.
The consent process will take place on the website the QR code redirects the user to.
The QR code alone does not contain the consent information; it’s merely the medium for the consent.
The website should contain the entire consent process, as mentioned earlier.
Make sure you keep track of the source of the user’s consent.
If you’re using the QR code on product packaging, for example, make sure you keep a note such as "opted in via QR code on product packaging, November 2025" rather than "opted in via website."
What Your Opt-In Copy Must Include
It’s not just a formality; it’s the legal mechanism.
It must have the right information for the consent gathered to be legally valid.
For Viber Business Messages, each and every opt-in must have these six components:
Your business name — identical to how it’s displayed on your Viber sender profile
Viber named — the text must state Viber explicitly and not just imply it
Description of message types — not general terms such as “updates”
Approximate send frequency — e.g., “up to 4 messages per month”
Link to your privacy policy — this policy must mention Viber messages
How to unsubscribe — must have at least this statement: “I can unsubscribe anytime”
For example:
Compliant: “Yes, I want to receive order updates, shipping notifications, and occasional promotional offers from [Brand Name] via Viber. I understand I can unsubscribe at any time. [Privacy Policy]”
Non-compliant: “By signing up, you agree to receive communications from us.”
The non-compliant example does not meet the requirements because it does not specify the channel used (“via Viber”), does not specify what kind of messages are being sent (“order updates and shipping notifications”), does not specify the send frequency (“from time to time”), and is included with the sign-up agreement.
Should the consumer claim they didn’t know they were agreeing to Viber marketing, this text does not protect the brand.
Note that Viber OTP messages are not subject to this requirement and are used only for authentication.
Record-Keeping: What to Store and How
But collecting that consent is only half the task.
The other half is recording that consent, and that is important because it demonstrates that you are able to prove that you are complying with regulations.
For each of your subscribers, your records should show:
The phone number or Viber ID
The date and time when they gave their consent
The channel and touchpoint used to collect that consent
What version of that form they saw when they gave their consent
If they opt out of receiving further messages from you, record that date and time too and keep that record; do not delete it.
Make sure that these records are stored securely and that any one record can be retrieved immediately.
Data protection agencies expect you to produce records within days, not weeks.
On record retention, you should keep records for the length of the relationship and for some time thereafter.
How long thereafter will depend on what is reasonable in your jurisdiction.
However, do not keep records forever after the relationship has ended (data minimization principle of the GDPR).
Handling Opt-Outs Correctly
Opt-out handling is often where compliance risks arise in many businesses.
The rules are clear, and the consequences of any errors are felt right away.
Each message must have an opt-out option included.
Viber users can also block the sender inside the Viber app.
This is not something you can control, but you can control the impact it has on your block rate.
When the user has opted out, follow through with the opt-out in 24 hours or less.
The GDPR requirement is to act without undue delay, and 24 hours is the standard practice that is defensible in any compliance investigation.
After the opt-out, the user should not receive the number right away in any of the campaigns.
Do not continue to send the number because the campaign is in the queue.
Do not put the user in another list and say that is the workaround.
Keep the opt-out data.
Do not delete the data.
It is part of the compliance trail and shows that the opt-out request is being handled appropriately.
Monitor the block rate in the analytics dashboard in Dexatel in real-time as a compliance indicator.
A high block rate could indicate that the content of the message is not meeting the expectations of the Viber user, or that the business is sending too frequently, or that the user was on the list in error in the first place.
A high block rate is the compliance indicator before Viber’s systems act on the issue, and it is something that must be addressed by the business before Viber does.
Regulated Industries: Stricter Rules Apply
There are additional rules to follow in these sectors, and their consent and compliance requirements are higher than the standard rules.
Gambling, micro credit, and loan-related businesses must adhere to higher Viber requirements.
This could mean more documented requirements to prove their consent, including needing template approvals, and checking their messages’ content and senders.
If they do not adhere to these requirements, their penalties will come earlier and will be more severe compared to other businesses, considering Viber only allows fewer consent mistakes in these categories.
Financial services must adhere to an additional set of data protection rules specific to their sector, aside from the GDPR rules on consent.
Consent must be given clearly and in writing, especially in financial services, considering that data is highly sensitive, and every decision in their compliance requirements is critical.
When You Need to Re-Consent Your List
Consent given two years ago for a customer that has since altered their relationship with your brand is not relevant today.
There are some circumstances when you must request new consent from your subscribers, not just good practice.
You must request new consent when:
A lot of time has passed since the original consent (the standard period being 18-24 months),
You are changing the type of message, its content, and/or the sending frequency from what was agreed upon in the initial request,
You are trying to reactivate your dormant subscribers’ list,
You are moving subscribers from one channel to another (e.g., from SMS to Viber).
Opt-in on one channel does not automatically apply to another channel.
Viber requires its own opt-in.
To request new consent, send one clear message that includes your brand identity and explains what you are asking them to agree to and how they can easily agree to this request.
If they do not agree within a reasonable time frame (a standard period of seven to fourteen days), they should not be included in future campaigns.
A smaller re-consented list will outperform a larger non-consented one in all key areas.
What Happens When You Get It Wrong
Non-compliance can have the following serious consequences at two different levels:
Platform level: If you break the policy, Viber can disable your sender account.
This means you will not be able to send messages, notify customers, send OTPs, or even send campaigns on the platform until you can prove you’re complying with the policy to Viber’s satisfaction.
Re-enabling the account does not mean you’re guaranteed to get it back.
If you’re disabled and want to get back on the platform, you must disclose information about the content of the messages you’re sending and the way you’re obtaining consent.
Very high block rates can trigger automatic investigation, even without the need for a complaint.
As you sign up as a Viber Business sender through the Dexatel platform, you’re required to sign an anti-spam warranty.
If you break the consent policy, you’re breaking the Viber policy and the warranty you signed when you signed up through the Dexatel platform.
Note that as a real Viber Business Messaging partner, Dexatel must enforce the policy on all senders on the platform.
Legal level: Under the GDPR, fines can reach as high as €20 million or 4% of global annual turnover, whichever is higher.
Data protection authorities throughout the EU are currently investigating and fining businesses for consent violations related to messages.
Neither of the regulations requires a major breach to start enforcing the regulations; any complaint can start the investigation.
Getting Started with Compliant Viber Messaging on Dexatel
Dexatel assists with this from the outset.
You must agree to the anti-spam warranty to begin creating your Viber Business Account via Dexatel—and this includes consent within the agreement prior to sending your first message.
Dexatel also assists with this on a large scale.
You can send automatically with consent via the Viber API.
This means you can send event-triggered messages such as order confirmations, appointment reminders, and authentication codes immediately when they happen without needing to manually upload any lists.
You can also see all incoming replies and opt-outs within the centralized Viber Business Inbox without needing a mobile app.
The cost of Viber Business Messages via Dexatel is pay-per-message with no contract required.
Check Viber's pricing for costs per country and message type.
It only takes under 48 hours to set up with us.
Start your free trial today with $2 in credits included—no credit card required.
Conclusion
A Viber subscriber list that is created with the right consent is an asset, but one created without consent is a liability that can get the sender into legal trouble or get the account suspended by Viber.
The basics of Viber compliance are easy:
- Use proper consent with the right words,
- Document every opt-in with sufficient detail to prove it,
- Respect opt-outs in under 24 hours,
- Monitor your block rate as your primary health metric,
- Follow GDPR best practices everywhere,
- Re-consent your list if the rules have changed.
Companies that follow these rules will build Viber programs that can withstand any level of legal, platform, or business scrutiny.
The list may not be as big as the list they could have had by taking shortcuts, but it will work better, stay cleaner, and not disappear when Viber’s enforcement catches the sender with an uncompliant list.
