Email Disclaimers – What Are They? Do We Need Them?


Updated email disclaimer laws here 

Email disclaimers have become commonplace in business communications around the world, but do you really need them? Google this question and you will see answers ranging from “Email disclaimers are annoying and pointless” to “The use of disclaimers is always recommended”

DISCLAIMER – I am not a lawyer and the following information should not be taken as legal advice. I have simply pulled together information from various sources.

What is an email disclaimer”?

Wikipedia defines an email disclaimer as “a disclaimer, notice or warning which is added to an outgoing email and forms a distinct section which is separate from the main message”. An email disclaimer can also be called an email disclosure, footer, sign-off or confidentiality notice. Generally, an email disclaimer is an automatic addition to an organisation’s emails that is designed to try and cover breaches of confidentiality, propagation of viruses, contractual claims and employee liability.

Why do I need one?

For the common business email user, it’s very likely that you need a disclaimer simply because you’ve been told that you need one. It could be that your boss or your legal department has enforced the requirement of an email disclaimer on all emails leaving the organisation. But why does your organisation need them? Most often it will be because the law requires your organisation to have specific disclaimers. Emails may contain professional advice or representations relating to business transactions. If the advice turns out to be bad or the representations false, the recipient could sue the sender for negligent misrepresentations. That’s why companies sometimes include disclaimers saying that the content of the email is not to be relied upon. Email disclaimers are definitely not a clear-cut method of liability protection when it comes to the contents of an email. Nevertheless, they may come into play within the court system and will, in many cases, deter others from trying to sue your company over an email. The court will look at all the facts and circumstances when determining whether or not an attorney-client relationship exists. In certain situations, a disclaimer can make a big difference.

Are email disclaimers required?

Not always, but they’re highly recommended in most situations. However, new and existing regulations are forcing companies and organizations to protect their client’s privacy. It’s imperative for your company to comply with the appropriate regulations. Several key regulations are as follows:

USA regulations

In the United States, the Health Insurance Portability and Accountability Act (HIPAA) requires health care institutions to keep a record of their email communications and secure confidentiality of information. The U.S. Securities and Exchange Commission (SEC) and Gramm-Leach-Bliley Act (GLBA) impose similar duties on financial institutions. Steep penalties can apply to those organizations that do not comply with their industry’s regulations. Therefore, in these industries, organizations are actually required to add disclaimers to their emails in order to protect the integrity of their patients or clients and to avoid any confidentiality breaches.

In the new Internal Revenue Service (IRS) regulation Circular 230, the IRS requires tax advisors to add an email disclaimer to any emails including tax advice, expressly stating that the opinion cannot be relied upon for penalty purposes. The disclaimer must be near the top of an opinion in a typeface the same size or larger than the typeface of the tax advice.

EU regulations

In 2007 the European Union introduced a directive called “EU Directive 2003/58/EC”, which concerned emails sent by companies as part of their business operations. In accordance with previous legislation, the regulations that applied to written correspondence by letter or fax were extended to business emails and other electronic communication. The directive requires that all business emails must include: the company’s registration number; the place of registration; and the registered office address. Each Member State was required to bring these laws into force before 31 December 2006. Several key countries’ adoptions of the directive are:

UK regulations

If your business is a private or public limited company or a Limited Liability Partnership, the Companies Act 1985 requires all of your business emails (and your letterhead and order forms) to clearly include the following details: the company’s registered name (e.g. XYZ Ltd); the company’s registration number; place of registration (e.g. Scotland or England & Wales); and its registered office address. This information should also appear on your company’s website.

Enforcement of the mandatory information required is the responsibility of Trading Standards. The maximum fine for non-compliance is currently £1,000. An additional daily fine of up to £300 per day can be imposed for any continuing breach. And no, you can’t just provide a link to this information on your email disclaimer.

If the disclosure of the content of an email becomes the subject of a dispute, it can be argued before a court that the recipient should have known to not disclose the information. However, there is no legal authority for this and the ruling will depend on the court. What you attempt to disclaim will depend on the nature of your business, if your disclaimer is too wide it won’t stand up in court.

Ireland regulations

The Minister for Enterprise, Trade & Employment has implemented the EU directive into legislation with effect from 1 April 2007. The particulars which must be displayed by a company on its electronic communications include the name of the company; place of registration; registered number; registered office; the fact that the company is limited if it is exempt from the obligation to include this word in its name; the fact that it is being wound up if that is the case; any reference to share capital of the company must be to paid-up share capital. Failure to display the requisite information will constitute a criminal offence subject to a maximum fine of Є2,000.

Germany regulations

Germany has implemented the EU directive as of 1 January 2007. The required particulars a company must provide for all electronic communications include the company’s registered name; its office location; court register; registration number; and the name of the managing director and the board of directors. Failure to include these details will subject the company to a maximum fine of Є5,000. Privacy statements intended to act unilaterally, confidentiality disclaimers, and liability disclaimers have no legal standing under German law.

France regulations

As of 9 May 2007, all companies registered in France must state, in all electronic communication, the following: Company name; registration number; registry location; registered office; whether the company is the object of insolvency proceedings; if the body corporate is a commercial company having its registered office overseas, its name, legal form, address of its registered office, its registration number in the relevant country and, if appropriate, whether it is subject to insolvency proceedings; and, if appropriate, the fact that the company is run by a lease manager or an authorized management agent. Any infringement of the above-mentioned duties is subject to a fine of Є750 per infringement.

Italy regulations

Italian law dictates companies must include the following in all electronic business communications: Company registered name; company registration number; place of registration; registered office address; and, if applicable, must clearly indicate if the company is being wound up and going into liquidation.

Denmark regulations

As of 4 May 2006, all companies are required to include their name, location and Central Business Register (CVR) number. This law applies to all companies and private limited companies.


With every country enforcing different laws and every court having a different opinion; email disclaimers can only truly be viewed on a case-by-case basis. The best practice in any situation is to have your own legal representatives create a disclaimer specific to your case and then strictly enforce it across your organisation. With email disclaimer legality such a grey area, it’s necessary to cover all your bases.


About Author