PECR and B2B Email Marketing: When the Corporate Subscriber Exemption Applies

You're sending cold outreach emails to businesses. A colleague tells you PECR doesn't apply to B2B marketing. You've seen articles saying the same thing. So you build a list and start emailing.

Then an ICO complaint lands. Turns out half your list were sole traders — and under PECR, sole traders are treated as individuals. You needed consent. You didn't have it.

This is one of the most common compliance mistakes in UK B2B email marketing. The PECR corporate subscriber exemption is real, but it's narrower than most people think.

The rule: PECR electronic mail rules don't apply to corporate subscribers

Regulation 22 of PECR restricts sending marketing emails and text messages to "individual subscribers" without consent. The restriction does not apply to "corporate subscribers."

This means if you're emailing a limited company, you don't need PECR consent to send them marketing emails. No opt-in checkbox required. No soft opt-in conditions to meet. PECR's electronic mail rules simply don't cover that transaction.

But "corporate subscriber" has a specific legal meaning, and it doesn't include every business.

Who counts as a corporate subscriber

A corporate subscriber under PECR is an entity with a separate legal identity from its members. The ICO's guidance on B2B marketing lists these as corporate subscribers:

• Limited companies (Ltd, PLC)
• Limited liability partnerships (LLPs)
• Scottish partnerships (which have separate legal personality under Scots law)
• Government bodies with corporate status
• Other bodies corporate — any entity that is a legal person distinct from its individual members

If you're emailing info@acme-ltd.co.uk, and Acme is a registered limited company, PECR's electronic mail rules don't apply to that email.

Who does NOT count — the sole trader and partnership trap

This is where most B2B marketers get it wrong. The following are not corporate subscribers under PECR. They're classified as individual subscribers and get the same protections as consumers:

• Sole traders — even if they trade under a business name, they have no separate legal identity
• Non-LLP partnerships in England, Wales, and Northern Ireland — standard partnerships are not bodies corporate
• Unincorporated associations — clubs, groups, and organisations without separate legal personality

This matters because a significant proportion of UK businesses are sole traders. According to the Department for Business and Trade, sole traders account for roughly 56% of all UK private sector businesses. If you're doing B2B email marketing to small businesses, tradespeople, consultants, or freelancers, you're likely hitting sole traders — and PECR consent rules apply in full.

There is no way to tell from an email address alone whether someone is a sole trader or a limited company. john@smithplumbing.co.uk could be either.

The practical decision tree

Before sending marketing emails to a business contact, work through this:

Step 1: Is the recipient a corporate subscriber? Check Companies House (companies-house.gov.uk) or the company's own website for their registered status. If they're a registered limited company or LLP, PECR electronic mail rules don't apply.

Step 2: If they're a sole trader or non-LLP partnership, do you have consent or soft opt-in? You need either:

• Explicit consent — they actively opted in to receive marketing from your organisation, or
• Soft opt-in — you collected their email during a sale or negotiation, you're marketing similar products/services, you offered an opt-out at collection, and every message includes an unsubscribe. See our guide to soft opt-in conditions.

Step 3: If you're unsure about their status, treat them as an individual subscriber. When you can't verify whether a business is incorporated, the safe default is to treat them as an individual subscriber and ensure you have valid consent or soft opt-in.

UK GDPR still applies — even when PECR doesn't

Clearing PECR doesn't clear you entirely. If you're processing personal data for marketing — and a named email address like jane.smith@company.co.uk is personal data — the UK GDPR still applies.

For B2B marketing to corporate subscribers where PECR consent isn't needed, you'll typically rely on legitimate interests as your lawful basis under Article 6(1)(f) of the UK GDPR. This requires:

1. A legitimate interest assessment (LIA) — document that your interest in marketing to that business is not overridden by the individual's rights and freedoms
2. Transparency — tell people how you got their data and what you're doing with it (typically via your privacy policy)
3. Right to object — every marketing email must include a way to opt out. When someone objects, you must stop.

The Data (Use and Access) Act 2025 explicitly recognised direct marketing as capable of being a legitimate interest under UK GDPR, which strengthens the legal basis — but you still need to do the assessment and document it.

For a broader overview of how PECR and GDPR interact for marketing, see our guide on PECR vs GDPR marketing consent.

What to document for B2B marketing

Whether PECR applies or not, you should be recording:

For corporate subscribers (PECR exempt):

• The company name and registered status (how you verified they're a corporate subscriber)
• Your legitimate interest assessment under UK GDPR
• When the contact was added and the source
• Records of opt-out requests and when they were actioned

For sole traders and partnerships (PECR applies):

• Full consent records: when consent was given, what wording was shown, the collection mechanism
• If using soft opt-in: the original transaction, evidence that an opt-out was offered at collection, confirmation that marketing is for similar products/services
• Opt-out records and actioning dates

Use the PECR compliance checker to assess whether your current consent documentation meets the standard.

Common mistakes

Assuming all businesses are corporate subscribers. They're not. More than half of UK businesses are sole traders. If your B2B list includes tradespeople, freelance consultants, independent professionals, or small unincorporated firms, you're likely emailing individual subscribers.

Using generic email addresses as a workaround. Emailing info@company.co.uk instead of jane@company.co.uk doesn't change PECR status. The subscriber type depends on the entity (sole trader vs. limited company), not the format of the email address. However, a generic address like info@company.co.uk is less likely to constitute personal data under UK GDPR, which may affect your GDPR obligations — but not your PECR obligations.

Buying B2B email lists without checking subscriber types. List providers rarely distinguish between sole traders and limited companies. If you buy a list of "UK businesses" and email the lot, you're probably hitting individual subscribers without consent. The ICO's enforcement history includes multiple fines for organisations that used third-party data without verifying the consent chain.

Ignoring opt-out requests from corporate subscribers. PECR doesn't technically require you to honour a corporate subscriber's opt-out for electronic mail. But UK GDPR does — anyone can object to direct marketing, and you must stop. Treat every opt-out as binding regardless of subscriber type.

Practical takeaway

The corporate subscriber exemption is useful if you're marketing to other companies. It means you can send cold outreach emails to limited companies and LLPs without PECR consent, provided you have a legitimate interest under UK GDPR and include an unsubscribe option.

But the exemption is narrower than most B2B marketers assume. Sole traders, non-LLP partnerships, and unincorporated businesses are not covered. If your list includes these — and most B2B lists do — you need consent or soft opt-in for those contacts.

The safest approach:

1. Verify subscriber type before adding contacts to marketing lists (Companies House lookup takes seconds)
2. Segment your list by subscriber type so you can apply the correct rules to each segment
3. Document your legitimate interest assessment for the PECR-exempt segment
4. Maintain full consent records for any individual subscribers on your list — the same standard you'd apply to consumer email marketing
5. Always include an unsubscribe and action opt-outs promptly, regardless of subscriber type

If you're building a product that sends marketing emails to UK businesses and you need a system to track consent status by subscriber type, that's exactly the kind of audit trail ConsentTrail is being built to provide. Join the waitlist to get notified at launch.