149 countries · crypto-native · no KYC

SMS API in Germany 2026: Double Opt-In and the UWG

Germany treats a single unsolicited marketing text as a legal matter. Double opt-in is the effective standard, courts have said single opt-in isn't enough, and one message can trigger a €300,000 exposure. Here's how to comply.

$0.085/msg to Germany from 84ms median 99.2% delivered
SMS API in Germany 2026: Double Opt-In and the UWG — smsroute
$0.085
per SMS to Germany
3 direct
Deutsche Telekom · Vodafone · O2
84 ms
median submission
99.2%
delivered success
An SMS API in Germany faces one of Europe's strictest consent regimes. Three laws converge: the GDPR, the German Federal Data Protection Act (BDSG), and the Act Against Unfair Competition (UWG §7). They agree on one principle: you can only text someone who gave prior, explicit, freely-given, documented consent for that specific number. And in practice, that means double opt-in. The German Federal Supreme Court (BGH, 2019) has held that single opt-in is not sufficient to prove consent. So Germany isn't a market where a checkbox suffices. It's one where you confirm the consent and keep the proof, because a single unsolicited marketing SMS can trigger a cease-and-desist and fines up to €300,000 (UWG §7, 2021). For the authoritative reference, see the TCPA.

Germany's consent bar is the highest in Europe

An SMS API in Germany faces one of Europe's strictest consent regimes. Three laws converge: the GDPR, the German Federal Data Protection Act (BDSG), and the Act Against Unfair Competition (UWG §7). They agree on one principle: you can only text someone who gave prior, explicit, freely-given, documented consent for that specific number. And in practice, that means double opt-in. The German Federal Supreme Court (BGH, 2019) has held that single opt-in is not sufficient to prove consent. So Germany isn't a market where a checkbox suffices. It's one where you confirm the consent and keep the proof — because a single unsolicited marketing SMS can trigger a cease-and-desist and fines up to €300,000 (UWG §7, 2021). For the authoritative reference, see the TCPA. The BGH ruling (Urteil vom 12.09.2019, Az. I ZR 199/18) involved a company sending SMS ads after a user entered their number on a website without double opt-in verification.

SMSRoute's published route page for Germany lists direct-carrier delivery via Deutsche Telekom, Vodafone, O2 from $0.085/message, with 84ms median submission and 99.2% delivered success (smsroute.cc route pages, 2026).

Three laws, one high standard

Three laws, one high standard — comparison diagram
Layer What it governs Requirement
GDPR Personal data Explicit, documented consent
BDSG German data law National implementation of GDPR
UWG §7 Unfair competition / spam Prior consent for marketing; fines to €300,000
Double opt-in The evidence standard Courts: single opt-in insufficient

The distinctive rule is double opt-in. It's not written as a hard statutory requirement, but German courts have made it the effective standard: the Federal Supreme Court (BGH, 2019) ruled single opt-in is not sufficient to prove consent, and called double opt-in a more appropriate means. So a subscriber opts in, then confirms via a link, and that confirmation is your evidence. One catch the BGH specified: the confirmation message itself must be completely neutral — no promotional content in it, or it becomes marketing you didn't have consent to send. On the penalty side, UWG §7 allows fines up to €300,000 (UWG §7, 2021), and a single unsolicited SMS can bring an Abmahnung (cease-and-desist). UWG §7 paragraph 2 sets this fine range. It is the maximum penalty, not the typical amount.

Sending compliantly in Germany

  1. Use double opt-inSubscriber opts in, then confirms via a link. Keep the confirmation as evidence. It's the standard German courts expect, mirroring GDPR consent wording at its strictest.
  2. Keep the confirmation neutralThe confirmation message must contain no promotional content. The BGH (2019) was explicit: a confirmation with an offer in it becomes unconsented marketing.
  3. Document consent thoroughlyPrior, explicit, freely-given, for the specific number, with records. In a dispute the burden is on you, and German enforcement is real.
  4. Separate transactional from marketingOTPs and transactional messages rest on the relationship or contract. UWG §7's consent rules target marketing. The transactional carve-out applies.
curl -X POST https://api.smsroute.cc/sms/send \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"to": "+491234567890", "from": "SMSRoute", "message": "Your OTP is 123456"}'

The neutral-confirmation rule catches marketers off guard. It feels natural to put an offer in the 'please confirm' message, but the BGH (2019) ruled the confirmation must be completely neutral. Slip a promotion into it and you've sent marketing without valid consent, defeating the whole double-opt-in purpose. Keep it plain.

Sending to Germany in practice

SMSRoute is a no-KYC SMS API with crypto billing (BTC, ETH, USDT, XMR, LTC, and SOL) serving the international route to Germany, with live pricing on the send SMS to Germany page. Germany supports alphanumeric sender IDs and has no sender-ID registration barrier, so the friction here isn't technical: it's consent. For transactional and OTP traffic resting on the relationship, the route delivers to German users cleanly. SMSRoute's published route data shows direct-carrier delivery from $0.004/message, sub-100ms median submission, and ~98.6% delivered success on direct routes (smsroute.cc route pages, 2026).

The honest framing: the consent obligations (GDPR, BDSG, and UWG double opt-in with a neutral confirmation) are yours to run whatever provider you use. We deliver what your compliant process approves. Germany is technically easy to reach (alphanumeric senders, no registration) but legally demanding on consent. Get the double opt-in right, keep the confirmation neutral, document everything, and Germany delivers. Treat consent casually and a single message can bring a €300,000 exposure. So here, more than most markets, the compliance is

FAQ

Do I need double opt-in for SMS marketing in Germany?
Effectively yes. While not written as a hard statutory rule, German courts — including the Federal Supreme Court (BGH, 2019) — have held that single opt-in is not sufficient to prove consent, making double opt-in the effective standard. The subscriber opts in, then confirms via a link, and that confirmation is your evidence of valid consent for marketing SMS.
What laws govern SMS marketing in Germany?
Three converge: the GDPR (personal data), the German Federal Data Protection Act (BDSG), and the Act Against Unfair Competition (UWG §7, covering spam and marketing). They agree you can only text someone who gave prior, explicit, freely-given, documented consent for that specific number. UWG §7 allows fines up to €300,000 for violations.
Can I include an offer in a German double opt-in confirmation?
No. The German Federal Supreme Court (BGH, 2019) specified that the confirmation message must be completely neutral — no promotional content. Slipping an offer into the 'please confirm' message turns it into marketing you didn't have consent to send, defeating the purpose of double opt-in. Keep the confirmation plain and free of any promotion.
What's the penalty for unsolicited SMS in Germany?
A single unsolicited marketing SMS can trigger a cease-and-desist letter (Abmahnung) and fines up to €300,000 under UWG §7 (2021). German enforcement of marketing-consent rules is strict, which is why documented double opt-in with a neutral confirmation is the standard practice for compliant SMS marketing in Germany.

Send your first SMS in 5 minutes

No KYC. Pay with BTC, ETH, USDT, XMR, LTC, and SOL. Live routes to 149 countries.

Get an API key →