The complete guide to European Union email laws and email disclaimers
EU Directive 2003/58/EC
Introduced in 2007, the EU Directive 2003/58/EC concerns emails sent by European Union companies as part of their business operations.
Previous regulations applying to written correspondence by letter or fax were extended to emails and other forms of electronic communication. Therefore, all business emails were mandated to include a legally binding EU email disclaimer with the following information:
The company’s registration number
The place of registration
The registered office address
Each EU Member State had to enforce the directive before December 31, 2006. Here are some notable examples:
The EU Directive was implemented by the Irish Minister for Enterprise, Trade & Employment on April 1, 2007. A company's email disclaimer has to include:
The name of the company
Place of registration
Whether the company is a limited company
If it is exempt from the obligation to include Limited in its name
If it is being wound up, in liquidation, etc.
Any reference to share capital must be paid-up share capital
Failure to display this information in an email disclaimer constitutes a criminal offense and is subject to a maximum fine of €2,000.
Gesetz über elektronische Handelsregister und Genossenschaftsregister was implemented on January 1, 2007. It mandates that all corporate email disclaimers include the following:
The company’s registered name
The office location
The name of the managing director and the board of directors
Failure to use an appropriate email disclaimer comes with a maximum fine of €5,000. It’s also worth noting that privacy statements intended to act unilaterally, confidentiality disclaimers, and liability disclaimers have no legal standing under German law.
Enacted on May 9, 2007, Article R 123-237 of the French Commercial Code states that all French companies must use an email disclaimer with the following information:
If they are in insolvency proceedings
If the corporate body is a commercial company with a registered office overseas, the email disclaimer has to include:
Address of its registered office
Registration number of relevant country
If it is subject to insolvency proceedings where appropriate
If it is run by a lease manager or an authorized management agent
Any infringement of these points is subject to a fine of €750 per infringement
All Italian companies must use an email disclaimer including:
Company registered name
Place of registration
Registered office address
If applicable, whether the company is going into liquidation or being wound up
Dutch law requires that every company display their CoC number on all email communications.
Failure to comply can result in a fine of up to €16,750 or up to six months imprisonment as it constitutes an economic crime.
From May 4, 2006, all Danish companies had to include the following in an email disclaimer:
Full company name
Central Business Register (CVR) number
The General Data Protection Regulation (EU) 2016/679
The General Data Protection Regulation (GDPR) came into place May 25, 2018, superseding the EU Data Protection Directive 95/46/EU. GDPR is an EU law focused on data protection and privacy for individuals in the European Union and the European Economic Area.
The key aim of GDPR is to give individuals control over their personal data. It also ensures companies based both inside and outside the EEA correctly handle the data of individuals living in the EU. Failure to comply with GDPR can result in a fine of 4% of a company's annual turnover or €20 million.
Using an email disclaimer is not a legal requirement under GDPR. However, a disclaimer can help companies follow the regulation more effectively.
For example, an important part of GDPR is email consent. Companies should not email someone who has not actively consented to be contacted. It should also provide a clear way for someone to unsubscribe if they wish. Including an unsubscribe link in an email allows recipients to opt-out of any communication from your company.
Markets in Financial Instruments Directive (MiFID) 2004/39/EC
The Markets in Financial Instruments Directive 2004/39/EC came into effect on November 1, 2007, replacing the Investment Services Directive (ISD), which directly affects EU financial markets.
MiFID extended the coverage of ISD and introduced new and more extensive requirements that firms have to adapt to. In particular, it focused on their conduct of business and internal organization. The European Commission (EC) revised the Directive, known as MiFID II, and was adopted by the European Parliament on April 15, 2014.
EU Member States had to implement the MiFID II Directive by June 2016 and the package of measures by January 2017. This was designed to make financial markets more efficient and improve investor protection after the 2008 recession.