What laws apply to B2B cold email (EU, UK, US, Canada, Brazil)?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

You're planning B2B cold email across five major regions and the legal landscape looks like a patchwork. That's because it is. Here's what applies where.

United States. CAN-SPAM applies to all commercial email, B2B and B2C alike. No consent required, but you've got to follow the rules: identify yourself, include a physical address, and provide a way to opt out. It's an "opt-out" framework, which makes it the most permissive region on this list.

European Union. GDPR applies to any personal data processing. The ePrivacy Directive lets each member state decide if B2B email needs consent. Germany's strict about it. Others are more relaxed. So you've got both GDPR (universal) and member-state-specific ePrivacy rules to consider. This is genuinely the gray zone.

United Kingdom. PECR (Privacy and Electronic Communications Regulations) draws a clear line. Unsolicited email to corporate subscribers (that's organizations, not named individuals) is permitted. But sending to a named person (jane@company.com) follows stricter rules even if they work at a company. The distinction matters.

Canada. CASL (Canada's Anti-Spam Legislation) doesn't give B2B special treatment. All commercial messages need consent. There's limited wiggle room for "implied consent" if you're emailing a "conspicuous business contact" where the message relates to their professional role. That's narrow. CASL's the strictest on this list.

Brazil. LGPD (Lei Geral de Proteção de Dados) mirrors GDPR's structure. You need a lawful basis. That's either consent or "legitimate interest," similar to the EU approach. It's not as prescriptive as GDPR yet, but the direction's the same.

Real talk. Regional compliance is complex and varies based on your specific message, recipient role, and regional interpretation. This isn't legal advice. You need qualified legal counsel in your target regions before you launch. They'll map your exact situation to the rules and tell you what's defensible.

Next step. Write down which regions you're targeting and which job roles you're reaching out to. Take that to a compliance lawyer who specializes in email marketing.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Understand B2B cold email rules by region

I'm doing B2B cold email across EU/UK/US/Canada/Brazil and the rules seem different everywhere. Which laws actually apply to us in each region? Where do B2B and B2C rules diverge most? Which region's easiest to comply with?

Edit the yellow boxes, then send to the AI of your choice.