What the UK PECR soft opt-in is (and what it isn’t)
The UK PECR “soft opt-in” is a specific permission route that can let you send certain marketing emails or texts to existing customers without asking for a separate tick-box consent every time. It applies when you collected someone’s contact details during a sale or negotiations to sell, and you want to market your own similar products or services. In practice, it’s designed for businesses that want to follow up with customers about related offers, upgrades, renewals, or complementary items—without treating every message as a cold marketing contact.
It isn’t a free pass to email anyone you’ve ever met. The soft opt-in doesn’t cover bought lists, scraped emails, directory harvesting, or “we met at an event” contacts unless their details were collected in the context of a sale or genuine pre-sale discussions. It also doesn’t allow marketing on behalf of other organisations, including partners, affiliates, or “selected third parties.” If the promotion isn’t for your own business, the soft opt-in won’t help.
It also isn’t unlimited in scope: the marketing must be for “similar” products or services, and you must give a clear, simple opt-out at the point you collect the details and in every subsequent message (for example, an unsubscribe link in emails). If someone opts out, you need to stop marketing them through that channel. The soft opt-in is about making relevant customer marketing easier, not bypassing choice or sending unrelated promotions.
Soft opt-in eligibility checklist: the 3 conditions you must meet
Use this checklist to confirm whether you can rely on the UK PECR “soft opt-in” to send marketing emails or texts to existing customers. You need to meet all three conditions below—if any one is missing, you should treat it as a “no” and use a different lawful route (typically consent).
1) You got the customer’s contact details during a sale (or sale negotiations)
- You collected the email address or mobile number as part of selling a product or service, or while actively discussing a purchase (for example, a checkout, quote request, or basket/booking flow).
- It should be clear the person is the customer/contact, not scraped, bought-in, or taken from a directory.
- Keep a simple record of where and when the details were captured (order ID, enquiry form, date/time).
2) Your marketing is only for your own similar products or services
- The messages promote products/services that are genuinely similar to what the customer bought or asked about.
- Stay within reasonable customer expectations (e.g., accessories for a purchased item, renewals, upgrades, related services).
- Don’t use soft opt-in to market third-party offers or unrelated categories.
3) You offered a clear opt-out at collection and in every message
- At the point you collected the details, you gave a clear, free, simple way to refuse marketing (e.g., an unticked opt-out box or “tick to opt out” statement).
- Every email/text includes an easy unsubscribe/STOP option that works immediately.
- You action opt-outs promptly and don’t send further marketing to that contact.
How to implement soft opt-in in your CRM: capture, wording, suppression, and audit trail
Capture: Configure your CRM so “soft opt-in” is only available when you can link the contact to a genuine sale or negotiation for a sale. Store the source event (checkout, quote request, renewal, abandoned basket) and the channel captured (email/SMS). Add fields for: product/service category, capture date/time, capture page or POS location, and whether an opt-out was offered at the point of collection.
Wording: Use clear, plain language at data collection. Example: “We’ll email you about updates and offers for [your products/services]. You can unsubscribe at any time.” If you market multiple lines, include a category selector (e.g., “home insurance” vs “car insurance”) so messages stay aligned with what the customer would reasonably expect.
Suppression: Build a single “do not contact” status that overrides all campaigns, plus channel-level flags (do not email / do not SMS). Make unsubscribes immediate and automatic, and ensure preference-centre changes sync back to the CRM. Keep a suppression list for former customers too; soft opt-in doesn’t override an opt-out. Add rules to exclude role accounts (info@) if your policy requires extra caution.
Audit trail: Log every consent/soft opt-in decision and every opt-out with timestamp, method (link, reply STOP, call), campaign ID, and user/system actor. Retain the exact wording shown at capture (versioned), and keep evidence of the “simple means to refuse” provided on each message (unsubscribe link or STOP instructions).
What counts as “similar products and services” in B2B SaaS and eCommerce
For the UK PECR soft opt-in, “similar products and services” is about what a reasonable recipient would expect to hear about after buying (or negotiating to buy) something from you. In B2B SaaS and eCommerce, similarity is usually strongest when the new message relates to the same core use case, the same product family, or an obvious add-on that supports what they already purchased.
B2B SaaS examples that are typically “similar”: upgrades (Basic to Pro), extra seats or usage bundles, add-on modules that extend the same workflow (e.g., reporting, integrations, security), training or onboarding tied to the platform, and renewals. If a customer bought an email automation tool, promoting deliverability monitoring or additional automation templates is more likely to be “similar” than promoting an unrelated HR platform.
eCommerce examples that are typically “similar”: accessories, consumables, replacements, compatible parts, and products in the same category that meet the same need. If someone buys a laptop, a case, charger, or extended warranty is closer to “similar” than kitchen appliances.
Where it gets borderline: cross-selling into a different product line, marketing partner offers, or promoting a separate brand in your group. A practical test is: would the recipient be surprised to receive this email based on their purchase? If yes, it’s less likely to be “similar”. Keeping segmentation tight (by product type, use case, and buyer role) helps your “similarity” argument align with customer expectations.
Soft opt-in vs explicit consent vs legitimate interests: which basis fits which campaign?
Soft opt-in (PECR) is the go-to basis for many UK email marketing campaigns where you already have a customer relationship. It can fit post-purchase promotions, renewal reminders, product updates, and cross-sells that are genuinely similar to what the person bought or negotiated to buy. It typically works best for B2C email and sole traders. Key practical markers: you collected the email “in the context of a sale” (or negotiations), you market your own similar products/services, and you offered a clear opt-out at sign-up and in every message.
Explicit consent is usually the safest fit when your campaign is broader, less “similar,” or more sensitive. Use it for newsletter sign-ups without a purchase, third-party marketing, prospecting lists, competition entries that feed marketing, and SMS marketing (where consent is commonly expected). It’s also a better match when you want to email non-customers or you can’t confidently meet the soft opt-in conditions.
Legitimate interests (UK GDPR) is sometimes used for the data processing side (e.g., storing and segmenting customer data, suppression lists, basic analytics), but it doesn’t override PECR’s rules on sending marketing emails/SMS. It can be a fit for some B2B email to corporate subscribers (where PECR consent is not always required), provided you still give a simple opt-out and your messaging is expected and proportionate.
B2B vs B2C under PECR: corporate subscribers, individual subscribers, and role-based emails
Under the UK Privacy and Electronic Communications Regulations (PECR), the biggest practical difference is whether you’re emailing a corporate subscriber (most limited companies, LLPs, public bodies) or an individual subscriber (sole traders, many partnerships, and consumers). The “soft opt-in” is a B2C-style exception that can also matter in B2B where the recipient is treated as an individual subscriber.
Corporate subscribers (typical B2B): You can generally send marketing emails without prior consent, but you must still provide a clear identity and a simple unsubscribe option in every message. In practice, you should also consider UK GDPR lawful basis and fairness, but PECR’s consent rule is less strict for corporate addresses.
Individual subscribers (B2C and some B2B): Consent is usually required unless you can rely on the soft opt-in. Soft opt-in applies where: (1) you obtained the email during a sale or negotiations to sell to that person, (2) you’re marketing your own similar products/services, and (3) you gave a clear opt-out at collection and in every email.
Role-based emails (e.g., sales@, info@, accounts@): These are often linked to corporate subscribers, so PECR consent is typically not required. However, if a role address is used by a sole trader or otherwise identifies an individual, treat it cautiously and consider whether soft opt-in (or explicit consent) is needed. Regardless, keep targeting relevant, document how you collected the address, and make opting out frictionless.
Common pitfalls that trigger complaints: purchased lists, enrichment, referrals, and re-permissioning
The UK PECR “soft opt-in” is often misunderstood as a shortcut. Complaints usually arise when marketers stretch it beyond its narrow conditions: the contact details were collected during a sale or negotiations for a sale, marketing is for similar products/services, and people were given a clear chance to opt out at collection and in every message.
Purchased lists are a frequent trigger. Even if a broker claims “GDPR compliant,” soft opt-in generally won’t apply because you didn’t collect the details directly in a sale/negotiation with the individual. Using them can lead to “I never gave you my email” complaints and higher spam reports.
Enrichment/appending (adding emails or mobile numbers from third parties to your customer records) can also backfire. If the person didn’t give you that channel, they may see your message as unexpected. Treat enriched data with caution and ensure you can explain the source and the lawful basis for using it.
Referrals and “tell-a-friend” campaigns often generate complaints because the referred person hasn’t dealt with you. Soft opt-in doesn’t automatically transfer via a friend’s recommendation. If you contact them, keep it minimal and transparent about who provided the details, and avoid ongoing marketing unless they opt in.
Re-permissioning emails (“confirm you still want to hear from us”) can be marketing in disguise. If you don’t already have a valid route to contact them, sending a re-consent request may itself breach PECR. If you do contact existing customers, make the opt-out prominent and don’t bundle consent with other actions.
Soft opt-in FAQ (unsubscribe wording, time limits, existing customers, and cold outreach)
What unsubscribe wording should we use?
Keep it clear, prominent, and free. Typical wording: “You can unsubscribe at any time” plus a one-click link in every email. For SMS, include “Reply STOP to opt out” (and make sure it works). Avoid making people log in, pay, or explain why they’re leaving.
Is there a time limit on soft opt-in?
PECR doesn’t set a fixed number of months. In practice, the longer it’s been since the customer interaction, the harder it is to justify that your marketing is still “in the context of” that sale or negotiation. Many teams set an internal cut-off (for example, 12–24 months) and suppress older contacts unless they re-engage.
Who counts as an “existing customer”?
Soft opt-in can apply where you obtained the person’s details during a sale or negotiations for a sale, you’re marketing your own similar products/services, and you gave a clear opt-out at the point of collection and in every message. It’s usually easier to rely on soft opt-in for individual subscribers than for role-based or generic addresses.
Can we use soft opt-in for cold outreach?
Generally, no. If you bought a list, scraped emails, or contacted people who haven’t bought from you or entered genuine purchase discussions, soft opt-in won’t apply. Cold B2B outreach can have different rules depending on the channel and recipient type, but you should not assume soft opt-in covers it.