Germany has issued updated cold email compliance guidance that places tighter constraints on how businesses and marketers can legally conduct B2B outreach in the country. Germany already holds the strictest cold email regulations in the EU, and the combination of GDPR with the German UWG (Act Against Unfair Competition) creates a compliance environment where most generic cold email approaches fail. The new guidance, covered in detail by the Puzzle Inbox Blog, consolidates the requirements that every international sales and marketing team sending email into Germany must now meet.
For growth teams building European outbound pipelines, ignoring these rules carries real financial risk. Violations expose senders to fines up to €300,000 per administrative offence under UWG §20, plus GDPR exposure reaching €20 million or 4% of global annual turnover under Article 83. A single unsolicited email can trigger a cease-and-desist (Abmahnung) with associated legal costs of €500 to €5,000.
Two Laws, One Compliance Problem
German email marketing is shaped by two primary legal sources: GDPR, which governs the collection, storage, and processing of personal data, and Germany's Act Against Unfair Competition (UWG), a national law that specifically addresses marketing behavior. UWG §7 functions as lex specialis on electronic communications, overriding GDPR on the specific question of whether a commercial email can be sent at all.
Most outbound teams make the mistake of treating these frameworks as one. According to DLA Piper's data protection resource, German authorities have historically taken the view that processing personal data for marketing communications that breaches Section 7 UWG also constitutes a breach of GDPR, because it does not follow a legitimate purpose. That double-exposure is precisely what makes Germany the highest-risk email market in Europe.
Germany has issued updated cold email compliance guidance that places tighter constraints on how businesses and marketers can legally conduct B2B outreach in the country. Germany already holds the strictest cold email regulations in the EU, and the combination of GDPR with the German UWG (Act Against Unfair Competition) creates a compliance environment where most generic cold email approaches fail. The new guidance, covered in detail by the Puzzle Inbox Blog, consolidates the requirements that every international sales and marketing team sending email into Germany must now meet.
For growth teams building European outbound pipelines, ignoring these rules carries real financial risk. Violations expose senders to fines up to €300,000 per administrative offence under UWG §20, plus GDPR exposure reaching €20 million or 4% of global annual turnover under Article 83. A single unsolicited email can trigger a cease-and-desist (Abmahnung) with associated legal costs of €500 to €5,000.
Two Laws, One Compliance Problem
German email marketing is shaped by two primary legal sources: GDPR, which governs the collection, storage, and processing of personal data, and Germany's Act Against Unfair Competition (UWG), a national law that specifically addresses marketing behavior. UWG §7 functions as lex specialis on electronic communications, overriding GDPR on the specific question of whether a commercial email can be sent at all.
Most outbound teams make the mistake of treating these frameworks as one. According to DLA Piper's data protection resource, German authorities have historically taken the view that processing personal data for marketing communications that breaches Section 7 UWG also constitutes a breach of GDPR, because it does not follow a legitimate purpose. That double-exposure is precisely what makes Germany the highest-risk email market in Europe.
What the New Guidance Requires
The updated guidance from Puzzle Inbox sets out four non-negotiable requirements for every compliant B2B cold email sent to a German recipient.
Legitimate Interest Testing (LIA)
Cold B2B email in Germany is regulated by both GDPR and the UWG. It is permissible under strict conditions: legitimate interest must be documented, the recipient must be a relevant business contact, the message must be clearly identifiable and contain an opt-out, and personal data must be processed lawfully. The LIA (Legitimate Interest Assessment) is not a formality. It must be documented per campaign and per data source, specifying the commercial purpose, the target audience, and why the sender's interest is not overridden by the recipient's rights.
Specific Context in Every Message
Mass-blast templates fail. Each email must reference specific prospect context, such as a company event, recent post, or business need. The guidance frames this as a substantive legal requirement, not just a personalization tactic. Generic outreach without documented relevance cannot satisfy the presumed-interest test under UWG §7.
Bilingual Unsubscribe Language
Unsubscribe text must appear in both German and English, formatted as "Abmelden / Unsubscribe," with German preferred for German prospects. A single-language opt-out in English is no longer considered sufficient for recipients based in Germany.
Impressum Footer Requirement
All commercial digital service providers must publish a complete Impressum in every commercial communication. DDG §5 mandates specific company identification information in every commercial email, and missing even one field is sufficient grounds for a competitor complaint or a regulatory fine. German courts have consistently held that the Impressum obligation applies to the email itself, not just the sender's website. A valid Impressum on your website does not satisfy §5 if the information is absent from your email footer. Each commercial email must stand alone.
B2B Cold Email Remains Legal, With Conditions
B2B cold email to Germany is legal with strict compliance: named individuals, legitimate interest, functional unsubscribe, sender identification, and Impressum. The guidance does not close the door on outbound, but it narrows the viable path considerably.
UWG §7 generally requires prior consent for electronic advertising. The B2B context allows a presumed-interest exception when the recipient is contacted in their professional role at a work email address, the offer is plausibly relevant to their professional responsibilities, the message clearly identifies the sender, and the message contains a low-friction opt-out link.
What the New Guidance Requires
The updated guidance from Puzzle Inbox sets out four non-negotiable requirements for every compliant B2B cold email sent to a German recipient.
Legitimate Interest Testing (LIA)
Cold B2B email in Germany is regulated by both GDPR and the UWG. It is permissible under strict conditions: legitimate interest must be documented, the recipient must be a relevant business contact, the message must be clearly identifiable and contain an opt-out, and personal data must be processed lawfully. The LIA (Legitimate Interest Assessment) is not a formality. It must be documented per campaign and per data source, specifying the commercial purpose, the target audience, and why the sender's interest is not overridden by the recipient's rights.
Specific Context in Every Message
Mass-blast templates fail. Each email must reference specific prospect context, such as a company event, recent post, or business need. The guidance frames this as a substantive legal requirement, not just a personalization tactic. Generic outreach without documented relevance cannot satisfy the presumed-interest test under UWG §7.
Bilingual Unsubscribe Language
Unsubscribe text must appear in both German and English, formatted as "Abmelden / Unsubscribe," with German preferred for German prospects. A single-language opt-out in English is no longer considered sufficient for recipients based in Germany.
Impressum Footer Requirement
All commercial digital service providers must publish a complete Impressum in every commercial communication. DDG §5 mandates specific company identification information in every commercial email, and missing even one field is sufficient grounds for a competitor complaint or a regulatory fine. German courts have consistently held that the Impressum obligation applies to the email itself, not just the sender's website. A valid Impressum on your website does not satisfy §5 if the information is absent from your email footer. Each commercial email must stand alone.
B2B Cold Email Remains Legal, With Conditions
B2B cold email to Germany is legal with strict compliance: named individuals, legitimate interest, functional unsubscribe, sender identification, and Impressum. The guidance does not close the door on outbound, but it narrows the viable path considerably.
UWG §7 generally requires prior consent for electronic advertising. The B2B context allows a presumed-interest exception when the recipient is contacted in their professional role at a work email address, the offer is plausibly relevant to their professional responsibilities, the message clearly identifies the sender, and the message contains a low-friction opt-out link.
Purchased lists are a particular liability. Purchased email lists are almost always non-compliant under German law unless each recipient has explicitly consented to receive marketing from your specific company.
The Enforcement Reality
Germany does not treat these rules as a paper exercise. In 2023, the Bundesnetzagentur imposed fines totalling €1.435 million for unsolicited marketing communications, up from €1.15 million in 2022. In 2024, the agency received 37,561 written complaints about unsolicited marketing, an increase of around 8% compared with 34,714 complaints in 2023.
Although enforcement is distributed among the individual states' data protection authorities, coordination is common. In addition to regulatory penalties, companies may face legal claims from consumers or competitors, and Germany allows competitors to bring action under unfair competition laws, which can result in court orders and fines beyond those imposed by regulators.
What Marketers Should Do Now
For any team running outbound campaigns into Germany, the practical checklist is clear:
Document a written LIA before each campaign, naming the target audience, data source, and specific relevance justification.
Personalize every message with a documented, verifiable context reference specific to the recipient.
Add a bilingual "Abmelden / Unsubscribe" link to every email.
Include a complete Impressum footer in every commercial communication, not just a link to your website.
Maintain formal LIA documentation, email list origin records, opt-out request records with timestamps, and email templates with approval dates. Store all documentation for a minimum of five years.
Teams that have not yet audited their German outbound process against the GDPR and UWG dual framework should treat the new guidance as a prompt to act before they receive a complaint, not after.
Purchased lists are a particular liability. Purchased email lists are almost always non-compliant under German law unless each recipient has explicitly consented to receive marketing from your specific company.
The Enforcement Reality
Germany does not treat these rules as a paper exercise. In 2023, the Bundesnetzagentur imposed fines totalling €1.435 million for unsolicited marketing communications, up from €1.15 million in 2022. In 2024, the agency received 37,561 written complaints about unsolicited marketing, an increase of around 8% compared with 34,714 complaints in 2023.
Although enforcement is distributed among the individual states' data protection authorities, coordination is common. In addition to regulatory penalties, companies may face legal claims from consumers or competitors, and Germany allows competitors to bring action under unfair competition laws, which can result in court orders and fines beyond those imposed by regulators.
What Marketers Should Do Now
For any team running outbound campaigns into Germany, the practical checklist is clear:
Document a written LIA before each campaign, naming the target audience, data source, and specific relevance justification.
Personalize every message with a documented, verifiable context reference specific to the recipient.
Add a bilingual "Abmelden / Unsubscribe" link to every email.
Include a complete Impressum footer in every commercial communication, not just a link to your website.
Maintain formal LIA documentation, email list origin records, opt-out request records with timestamps, and email templates with approval dates. Store all documentation for a minimum of five years.
Teams that have not yet audited their German outbound process against the GDPR and UWG dual framework should treat the new guidance as a prompt to act before they receive a complaint, not after.