The complete guide to European Union email laws and email disclaimers

EU Directive 2003/58/EC 

Introduced in 2007, the EU Directive 2003/58/EC concerns emails sent by European Union companies as part of their business operations.  

Previous regulations applying to written correspondence by letter or fax were extended to emails and other forms of electronic communication. Therefore, all business emails were mandated to include a legally binding EU email disclaimer  with the following information: 

• The company’s registration number 

• The place of registration 

• The registered office address 

Each EU Member State had to enforce the directive before December 31, 2006. Here are some notable examples: 

Ireland 

The EU Directive was implemented by the Irish Minister for Enterprise, Trade & Employment on April 1, 2007. A company's email disclaimer has to include: 

• The name of the company 

• Place of registration 

• Registered number 

• Registered office 

• Whether the company is a limited company 

• If it is exempt from the obligation to include Limited in its name 

• If it is being wound up, in liquidation, etc. 

• Any reference to share capital must be paid-up share capital 

 Failure to display this information in an email disclaimer constitutes a criminal offense and is subject to a maximum fine of €2,000. 

Germany 

Gesetz über elektronische Handelsregister und Genossenschaftsregister was implemented on January 1, 2007. It mandates that all corporate email disclaimers include the following: 

• The company’s registered name 

• The office location 

• Court register 

• Registered office 

• Registration number 

• The name of the managing director and the board of directors 

Failure to use an appropriate email disclaimer comes with a maximum fine of €5,000. It’s also worth noting that privacy statements intended to act unilaterally, confidentiality disclaimers, and liability disclaimers have no legal standing under German law. 

France 

Enacted on May 9, 2007, Article R 123-237 of the French Commercial Code states that all French companies must use an email disclaimer with the following information: 

• Company name 

• Registration number 

• Registry location 

• Registered office 

• If they are in insolvency proceedings 

If the corporate body is a commercial company with a registered office overseas, the email disclaimer has to include: 

• Its name 

• Legal form 

• Address of its registered office 

• Registration number of relevant country 

• If it is subject to insolvency proceedings where appropriate 

• If it is run by a lease manager or an authorized management agent 

Any infringement of these points is subject to a fine of €750 per infringement 

Italy 

All Italian companies must use an email disclaimer including: 

• Company registered name 

• Registration number 

• Place of registration 

• Registered office address 

• If applicable, whether the company is going into liquidation or being wound up 

The Netherlands 

Dutch law requires that every company display their CoC number on all email communications.

Failure to comply can result in a fine of up to €16,750 or up to six months imprisonment as it constitutes an economic crime. 

Denmark 

From May 4, 2006, all Danish companies had to include the following in an email disclaimer: 

• Full company name 

• Location 

• Central Business Register (CVR) number 

The General Data Protection Regulation (EU) 2016/679 

The General Data Protection Regulation (GDPR) came into place May 25, 2018, superseding the EU Data Protection Directive 95/46/EU. GDPR is an EU law focused on data protection and privacy for individuals in the European Union and the European Economic Area. 

The key aim of GDPR is to give individuals control over their personal data. It also ensures companies based both inside and outside the EEA correctly handle the data of individuals living in the EU. Failure to comply with GDPR can result in a fine of 4% of a company's annual turnover or €20 million. 

Using an email disclaimer is not a legal requirement under GDPR. However, a disclaimer can help companies follow the regulation more effectively. 

For example, an important part of GDPR is email consent. Companies should not email someone who has not actively consented to be contacted. It should also provide a clear way for someone to unsubscribe if they wish. Including an unsubscribe link in an email allows recipients to opt-out of any communication from your company. 

Email disclaimers can also showcase your company's compliance with GDPR by linking to your company's privacy policy. The email recipient will then see the steps you've taken to ensure their personal data is handled securely. 

Markets in Financial Instruments Directive (MiFID) 2004/39/EC 

The Markets in Financial Instruments Directive 2004/39/EC came into effect on November 1, 2007, replacing the Investment Services Directive (ISD), which directly affects EU financial markets. 

MiFID extended the coverage of ISD and introduced new and more extensive requirements that firms have to adapt to. In particular, it focused on their conduct of business and internal organization. The European Commission (EC) revised the Directive, known as MiFID II, and was adopted by the European Parliament on April 15, 2014. 

EU Member States had to implement the MiFID II Directive by June 2016 and the package of measures by January 2017. This was designed to make financial markets more efficient and improve investor protection after the 2008 recession.