Can B2B senders ignore opt-in laws?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Here's a myth that floats around B2B sales and marketing teams more than it should: "We're emailing businesses, not consumers, so the rules don't apply to us." It's understandable where the confusion comes from. Some laws do treat B2B contact differently. But "differently" is not the same as "freely," and assuming otherwise can get you into real trouble.
Let's walk through the main frameworks by region, because the answer genuinely depends on where you and your recipients are.
GDPR (EU and UK)
GDPR does not have a B2B exemption. If you're emailing someone at their work address, you're still processing personal data. You still need a lawful basis. Legitimate interest is often used here, and it can work, but it requires a genuine balancing test: your interest in reaching out vs. the recipient's reasonable expectation. "They work in an industry I sell to" is not automatically sufficient. If your email would surprise or annoy the recipient, legitimate interest probably won't hold up. You also need to offer an opt-out in every email, and honor it fast.
CASL (Canada)
CASL is stricter than most people expect. It does have a carve-out for "existing business relationships," which covers things like prior purchases, contracts, or inquiries within the last two years. But outside that window, you need express consent before sending commercial email. Cold outreach to a company you've never dealt with? That needs consent first, not after. The fines under CASL are real (up to $10 million CAD per violation for organizations), and Canadian regulators have enforced it.
CAN-SPAM (United States)
CAN-SPAM is the most permissive of the three. It allows unsolicited commercial email to businesses as long as you identify yourself honestly, include a physical address, and provide a working unsubscribe mechanism that you honor within 10 business days. So technically, cold B2B email is legal in the US under CAN-SPAM. But legal and smart are different things. High complaint rates still damage your sender reputation, regardless of which law applies.
CASL + GDPR overlap
If you're a US sender emailing into Canada or Europe, you don't get to use CAN-SPAM as your standard. You need to meet the requirements of the law that governs your recipient's location. This catches a lot of senders off guard, especially companies scaling into new markets.
But the practical takeaway is this: even in regions where unsolicited B2B email is technically allowed, the deliverability consequences of sending to people who didn't ask for your email are the same everywhere. Complaints hurt your reputation. Spam trap hits hurt your reputation. Low engagement signals to mailbox providers that your email isn't wanted. None of that cares what your legal team says.
Still if you're building or cleaning a B2B list and want to know whether your contacts are actually worth emailing, that's exactly what RME Clean is for. Or if you're stuck on a specific regional question, drop us a line at the SOS hotline and we'll talk it through (no sales pitch, promise).
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.