Confusion about "opt-in vs opt-out" costs agencies money. Some countries allow cold email freely. Others require explicit consent first. Most fall somewhere in between.
This guide maps every European market and shows you how to operate legally in each.
The Three Models Explained
Model 1: Opt-Out (Most Permissive)
Definition: Send cold email freely. Recipients can unsubscribe.
How It Works:
- No consent required before sending
- You send email to business address
- Recipient can opt-out
- You honor opt-out within deadline
- Legal basis: Legitimate interest (GDPR Article 6(1)(f))
Best For: Maximum volume, fastest scaling
Countries: UK, Ireland, Sweden, Finland
Model 2: Single Opt-In (Permissive with Unsubscribe)
Definition: Send with clear unsubscribe option. Recipient opts out if not interested.
How It Works:
- No prior consent required
- Send email with unsubscribe visible
- Recipient can opt-out (30-day window typical)
- Treat as implied business interest
Best For: Good volume with slight compliance rigor
Countries: Netherlands, Luxembourg, Belgium
Model 3: Double Opt-In (Restrictive, with Exceptions)
Definition: Require explicit consent before sending. Exceptions for business relationships.
How It Works:
- Can't send without prior consent, UNLESS:
- Existing business relationship
- Prior correspondence
- Event registration
- Partner introduction
- Document consent if you have it
- Clear unsubscribe mandatory
Best For: Higher contract value, compliance-conscious markets
Countries: Germany, Austria, Switzerland
Country-by-Country Breakdown
TIER 1: OPT-OUT COUNTRIES
United Kingdom- Model: Opt-out (PECR)
- Can Send: B2B email to business addresses without consent
- Must Include: Clear unsubscribe, sender identification
- Opt-Out Window: 10 business days
- Risk: Low (clear regulation, PECR well-established)
- Fines: Up to £500,000
- Volume Potential: 5,000-30,000 emails/month
- Model: Opt-out (GDPR Article 6(1)(f))
- Can Send: B2B to business addresses without consent
- Must Include: Clear unsubscribe, sender ID, DKIM/SPF/DMARC
- Opt-Out Window: 10 days
- Risk: Low (same as UK, clear precedent)
- Fines: Up to €250,000 or 10% annual turnover
- Volume Potential: 5,000-20,000 emails/month
- Model: Opt-out (GDPR Article 6(1)(f))
- Can Send: B2B to business addresses without consent
- Must Include: Clear unsubscribe, sender identification
- Opt-Out Window: 10 days
- Risk: Low
- Fines: Up to €500,000
- Volume Potential: 3,000-10,000 emails/month (smaller market)
- Model: Opt-out (GDPR Article 6(1)(f))
- Can Send: B2B to business addresses without consent
- Must Include: Clear unsubscribe, sender identification
- Opt-Out Window: 10 days
- Risk: Low
- Fines: Up to €500,000
- Volume Potential: 2,000-8,000 emails/month (smaller market)
Opt-Out Tier Summary:
- Best for: Scaling rapidly, maximum volume
- Compliance: Simple (clear unsubscribe, sender ID)
- Risk: Low (well-established regulation)
- Market: 1,200+ SaaS companies across 4 countries
TIER 2: SINGLE OPT-IN COUNTRIES
Netherlands- Model: Single opt-in (GDPR Article 6(1)(f) + Telemarketing Act)
- Can Send: B2B to business addresses with unsubscribe available
- Must Include: Clear sender ID, unsubscribe link, DKIM/SPF/DMARC
- Opt-Out Window: 30 days
- Risk: Low-Medium
- Fines: Up to €20 million
- Volume Potential: 5,000-15,000 emails/month
- Special Notes: Dutch copy generates 2.4x higher response. Amsterdam SaaS hub.
- Model: Single opt-in (similar to Netherlands)
- Can Send: B2B to business addresses with unsubscribe
- Must Include: Clear sender ID, unsubscribe, DKIM/SPF/DMARC
- Opt-Out Window: 30 days
- Risk: Medium
- Fines: Up to €20 million
- Volume Potential: 2,000-5,000 emails/month
- Model: Single opt-in (GDPR Article 6(1)(f))
- Can Send: B2B without consent, must allow opt-out
- Must Include: Clear sender ID, unsubscribe, DKIM/SPF/DMARC
- Opt-Out Window: 30 days
- Risk: Medium
- Fines: Up to €20 million
- Volume Potential: 500-1,500 emails/month (very small market)
Single Opt-In Tier Summary:
- Best for: Balanced volume and compliance
- Compliance: Medium (unsubscribe visible, 30-day window)
- Risk: Medium (less legal precedent than opt-out)
- Market: 150+ SaaS companies, tight-knit ecosystem
TIER 3: DOUBLE OPT-IN COUNTRIES (WITH EXCEPTIONS)
Germany- Model: Double opt-in with exemptions (UWG Section 7)
- Can Send Without Consent IF:
- Existing business relationship
- Prior correspondence
- Event registration
- Partner introduction
- Cannot Send: Cold email to unknown contacts
- Must Include: Clear unsubscribe, sender ID, German language preferred
- Opt-Out Window: 10 days (strict)
- Risk: High (strict regulation, aggressive enforcement)
- Fines: Up to €300,000 (and competitor lawsuits)
- Volume Potential: 1,000-5,000 legal emails/month
- Note: Highest contract value per customer (larger companies)
- Model: Double opt-in with exemptions (similar to Germany)
- Can Send Without Consent IF: Same as Germany
- Cannot Send: Cold email to unknown contacts
- Must Include: Clear unsubscribe, sender ID, German language preferred
- Opt-Out Window: 10 days
- Risk: High
- Fines: Up to €300,000
- Volume Potential: 500-2,000 emails/month
- Model: Double opt-in (Swiss Privacy Law)
- Can Send Without Consent IF: Existing relationship, event registration
- Cannot Send: Cold email to unknown contacts
- Must Include: Clear unsubscribe, sender ID
- Opt-Out Window: Immediate
- Risk: Medium-High (strict but smaller enforcement)
- Fines: Up to 100,000 CHF (~€106,000)
- Volume Potential: 1,000-3,000 emails/month
Double Opt-In Tier Summary:
- Best for: High-value customers, long sales cycles
- Compliance: Complex (requires consent OR exemption pathway)
- Risk: High (strict enforcement, competitor lawsuits)
- Market: 700+ SaaS companies (Germany dominant), premium pricing
Quick Reference: Volume Potential by Country
| Country | Model | Monthly Volume | Best For |
|---|---|---|---|
| UK | Opt-out | 5,000-30,000 | Highest scale |
| Ireland | Opt-out | 5,000-20,000 | Scale + English |
| Sweden | Opt-out | 3,000-10,000 | Quality growth |
| Finland | Opt-out | 2,000-8,000 | Niche growth |
| Netherlands | Single opt-in | 5,000-15,000 | SaaS-dense market |
| Belgium | Single opt-in | 2,000-5,000 | Secondary market |
| Germany | Double opt-in (exc.) | 1,000-5,000 | Premium pricing |
| Austria | Double opt-in (exc.) | 500-2,000 | Secondary market |
| Switzerland | Double opt-in (exc.) | 1,000-3,000 | Premium pricing |
Strategy by Market Type
For Opt-Out Countries (UK, Ireland, Sweden, Finland)
- Build large lists (5,000-10,000 per country)
- Use legitimate interest as legal basis
- Clear unsubscribe mechanism
- Fast domain warmup (2-3 weeks)
- High volume capacity = maximize reach
For Single Opt-In Countries (Netherlands, Belgium)
- Build lists (5,000-8,000 per country)
- Single opt-in + Telemarketing Act compliance
- 30-day opt-out window
- Use local language (Dutch = 2.4x response)
- Medium-high volume with cultural customization
For Double Opt-In Countries (Germany, Austria, Switzerland)
- Use exemptions (existing relationships, event registration)
- OR collect explicit consent via landing page
- Focus on quality over quantity
- Premium pricing (higher contract value)
- Longer sales cycles but higher win rates
- Language matters (German preferred)
Common Mistakes
- Treating all of Europe the same
- Different countries = different rules. Know your market.
- Confusing PECR (UK) with full GDPR opt-in
- UK is opt-out. Germany is double opt-in. Not the same.
- Ignoring single opt-in as "middle ground"
- Netherlands/Belgium are sweet spot: good volume + clear compliance.
- Assuming "legitimate interest" works everywhere
- Germany requires exemptions or consent. Legitimate interest alone insufficient.
- No unsubscribe testing
- Test your unsubscribe flow before campaign launch. In every market.
Your Market Selection Strategy
If You Want Maximum Volume:
- Focus on UK (5,000-30,000/month)
- Add Ireland (5,000-20,000/month)
- Then Sweden/Finland (small but easy)
If You Want Premium Pricing:
- Focus on Germany (higher CAC, higher deal value)
- Add Austria as secondary
- Solve compliance = defensible moat
If You Want Balanced Approach:
- UK as primary (volume)
- Netherlands secondary (SaaS-dense, single opt-in sweet spot)
- Germany tertiary (premium pricing, quality)
Next Steps
- Identify your target market(s)
- Read the specific country guide(s)
- Understand opt-in/opt-out model for your market
- Build list accordingly
- Implement compliance controls
- Start small (500 emails), test deliverability
- Scale based on response data
Europe isn't one market. It's 9+ distinct markets with different rules. Master one. Own it. Then expand.
---
Frequently Asked Questions
Yes, if you use exemptions: existing relationship, prior correspondence, event registration, or partner introduction. Direct cold email requires consent or exemptions.
Opt-out: send freely, recipient can unsubscribe. Single opt-in: send with unsubscribe visible, 30-day opt-out window. Double opt-in: require consent first (unless exemption applies).
UK (5,000-30,000/month) and Ireland (5,000-20,000/month) are opt-out. Netherlands (5,000-15,000) single opt-in. Germany (1,000-5,000) requires exemptions or consent.
No, but country-specific messaging and email copy helps. Use correct language, reference local context, and customize for decision-maker preferences.
UK. Opt-out model is clearest, largest market (most SaaS companies), and PECR regulation is well-established with low enforcement variation.