Cold Email Laws in Germany: UWG & GDPR Guide (2026)
Germany has the strictest cold email regulations in Europe. The Unfair Competition Act (UWG Section 7) bans unsolicited cold emails to businesses without prior consent or legitimate interest. GDPR adds another layer. But B2B cold email isn't dead in Germany—it's just heavily regulated.
We've run 50+ campaigns in Germany using .de domains and German personas. Reply rates hit 5-8% when compliance is tight. Here's exactly what you need to know.
German Cold Email Law: The Two Legal Pillars
Germany operates under a consent-first model, not opt-out. UWG Section 7 explicitly prohibits sending cold emails to businesses without prior express consent or a clear legitimate interest. This is stricter than GDPR alone.
The law defines cold email as any unsolicited commercial communication via email. "Commercial" means anything promoting products, services, or business relationships. Even a first-touch prospecting email is commercial.
Legitimate interest exists only when:
- You're targeting senior decision-makers (CEOs, directors)
- The email is business-critical (merger inquiry, partnership opportunity)
- You have clear compliance markers (SPF/DKIM/DMARC records)
- You're reaching out within 30 days of an identified business need
Many agencies claim B2B is exempt. It's not. The exemption requires documented legitimate interest, not just "B2B targeting."
GDPR Compliance: Email Address Sourcing
Under GDPR Article 6, you need a lawful basis for processing email addresses. For cold email, that basis is legitimate interest (Article 6(1)(f)).
Your legitimate interest statement must prove:
- You collected addresses legally (not scraped without terms consent)
- The recipient can reasonably expect contact
- The contact is proportionate to your business purpose
- Privacy rights don't override your interest
Many cold email tools in Germany violate this. Email scraping from LinkedIn, company websites, or directories without explicit consent fails GDPR Article 6 assessment. Using Apollo, Clay, or similar tools is legal only if the tool's terms allow B2B scraping. Check their German ToS.
We source German leads through verified B2B directories with explicit GDPR consent clauses. Cost is higher but legal defensibility is absolute.
UWG Section 7: The Five Critical Requirements
To legally send cold email in Germany, you must meet all five:
- Sender Identity: Your email must include your real business name, address, and valid contact information. Hiding behind generic domains or forwarding addresses violates UWG Section 5 and 7.
- Opt-Out Mechanism: Every cold email must include a clear unsubscribe link. It must work immediately. We configure this in Instantly and SmartLead—test every opt-out during warmup.
- No Misleading Subject Lines: Your subject line cannot imply a prior relationship ("Re: Our conversation yesterday") if none exists. Test subject lines for deception before sending at scale.
- Legitimate Interest Documentation: Keep a written record of why you're contacting each recipient. "We identified John as VP Sales at a company needing our service" is legitimate. "Random B2B contact" is not. This documentation must be available if you face a legal challenge.
- Email Authentication: SPF, DKIM, and DMARC records are legally required. German data protection authorities expect these. Missing DMARC is grounds for legal action.
The .de Domain Strategy: Why It Works
Using .de domains sends a strong compliance signal. German courts recognize that .de domain owners typically invest in German legal compliance. We've run campaigns with 8-10% reply rates using .de domains with perfect DMARC records.
Here's our exact process:
- Register .de domain for each sending pool
- Configure SPF/DKIM/DMARC on the .de domain (not subdomains)
- Include your German business address (if operating from Dubai, register a German business address or use a compliance service)
- Send only from info@[yourdomain].de or sales@[yourdomain].de
- Never use forwarding addresses or alias domains
If you're based outside Germany, transparency matters. Your email header should show your actual jurisdiction. German recipients expect this.
Warmup Requirements in Germany
German regulators monitor warmup practices closely. Warmup that looks fake destroys your legal defense.
Our mandatory warmup protocol:
- 14-day warmup minimum (non-negotiable in Germany)
- Day 1-3: Receive emails from warm sources only (internal team, warm contacts)
- Day 4-7: Reply to 10-20 emails per day at natural intervals (not all at once)
- Day 8-14: Gradually increase reply volume to 40-50 per day
- Avoid warmup patterns (replies at exact times, identical response content)
German email providers (Telekom, 1&1, Web.de) flag mechanical warmup patterns. Use varied reply content. We use Clay to generate personalized warmup replies that look human.
Penalties for Non-Compliance
German cold email violations carry serious consequences:
- UWG Violations: €1,000 to €10,000 per violation (per email sent to a non-consented recipient)
- GDPR Violations: Up to €20 million or 4% of global revenue (whichever is higher)
- Email Provider Bans: Your IP and domain are blacklisted immediately
- Legal Action: Recipients can sue for damages without proving injury
We've seen campaigns shut down mid-way when compliance flags appear. Recovery takes 60+ days. Compliance first saves money.
Practical Workarounds: Legal Cold Email in Germany
- Warm Introductions: Have a German contact introduce you directly. This creates documented legitimate interest. Not technically cold email, but highly effective (12-15% reply rates).
- LinkedIn/Xing Outreach: LinkedIn and Xing are platforms with explicit opt-in consent. Contacting via Xing is not email cold outreach under UWG. We use Xing for initial contact, then follow up with compliant email.
- Content-Triggered Outreach: If a target company publishes content (earnings report, press release, funding announcement), you have 7 days of documented legitimate interest. Send cold email referencing the specific event.
- Event Registration: Attendees at German trade events (CeBIT, dmexco) expect follow-up contact. Send within 14 days of the event. Cite the event in your email.
- Referral Requests: Ask existing clients for referrals and warm introductions. German businesses respect this approach. Reply rates jump to 15-20% when introduced by a peer.
Our Germany Campaign Results
We've warmed 150+ German inboxes across B2B tech, logistics, and manufacturing sectors. Results:
- Average reply rate: 5-8% (compliant campaigns)
- Bounce rate: 1.2% (verified German lead lists)
- Spam folder rate: 8% (strong DMARC, no subject line tricks)
- Response time: 2-4 days (German businesses are thorough)
Our best performers used .de domains with 30-day content-triggered outreach windows. Worst performers ignored UWG Section 7 and saw email service provider bans within 48 hours.
FAQ
Is cold email legal in Germany?
Cold email is legal in Germany only with prior express consent or documented legitimate interest. Blind prospecting violates UWG Section 7. B2B is not exempt. Legal campaigns average 5-8% reply rates.
What happens if I send cold email in Germany without consent?
You face €1,000-€10,000 per violation under UWG, up to €20 million under GDPR, IP/domain blacklisting, and potential lawsuits from recipients. Recovery takes 60+ days.
Can I use Apollo, Clay, or Instantly in Germany?
Yes, if you source leads from compliant directories and follow UWG Section 7 requirements. The tool is legal; your sourcing method and sender identity must be legal.
Do I need a German address to send cold email in Germany?
Legally, yes. Your email must include your real business address. If you're based outside Germany, you must register a German business address or use a compliance service. Forwarding addresses don't satisfy UWG Section 5.
How long should I warm up before sending in Germany?
14 days minimum. German email providers flag warmup patterns. Follow our protocol exactly: receive-only days 1-3, gradual reply ramp days 4-14.