Legally Compliant Cold Calling in the DACH Region
The requirements vary by country and communication channel (phone, email, SMS). Below are the key legal bases and regulatory guidelines.Germany (DE)
- UWG §7 – Unfair Harassment (Telephone/Email Advertising): Defines unauthorized advertising without consent; very strict for B2C, allowed for B2B only with “presumed interest.”
- GDPR: Legal bases (Art. 6), consent (Art. 7), information obligations (Art. 13/14), proof requirements, data minimization.
- Regulatory Guidelines: Proof/documentation obligations for telemarketing, complaint procedures.
Austria (AT)
- § 107 TKG 2021: Unsolicited messages and marketing calls generally only permitted with prior consent; strict requirements, including for B2B.
- DSG (national Data Protection Act): Implementation/supplement to the GDPR.
- Source: RIS – Data Protection Act (DSG)
Switzerland (CH)
- nDSG (SR 235.1): Independent data protection law (since 09/01/2023), transparency/information duties, data security, rights of data subjects.
- Telemarketing / Star Registration (“Robinson List”): Marketing calls to numbers registered with a star entry are prohibited; sector-specific rules apply.
EU Transparency Obligation for AI Calls (AI Act)
As of August 2, 2026, the EU requires that individuals be informed when they are interacting with AI (e.g., voice bots in outbound/inbound calls), unless this is obvious. A brief, clear announcement is sufficient, for example: “This conversation is conducted by artificial intelligence.”- Legal basis: EU AI Act – Transparency Obligations (Art. 50)
- Timeline: Most provisions apply 24 months after entry into force (08/01/2024 → 08/02/2026). Art. 50 is included.
- Sources: HÄRTING – Transparency Obligations in the AI Regulation (Art. 50), Wikipedia – EU AI Regulation: Dates of Application
Recommendation: Already mark all AI calls (inbound & outbound) with a brief announcement. This creates transparency and trust and prepares for 2026.
Legally Compliant Cold Calling – Practical Guide
1) Consent Management
- Obtain consents in writing/recorded form (double opt-in for email), document purpose limitation
- Provide an easily accessible revocation (opt-out), automatically respect blocklists (DE: Robinson list, CH: star registration)
2) Data Processing (GDPR/nDSG)
- Maintain a record of processing activities (Art. 30 GDPR)
- Implement TOMs (technical and organizational measures): access controls, encryption, logging
- Data minimization, storage limitation, deletion policies
3) Documentation & Proof
- Document consent, reasons for contact, contact times, opt-outs
- Provide current privacy policy and information per Art. 13/14 GDPR
- Conduct regular compliance checks and training
For more information: /provisioning/compliance
Cross-Border Special Features (Brief Overview)
- DE: B2C telephone marketing only with consent; B2B only with “presumed interest.” Strict enforcement by BNetzA.
- AT: Very strict consent requirements (§ 107 TKG 2021) – also for B2B.
- CH: Independent legal framework (nDSG). Telemarketing prohibited for star-registered numbers; opt-out must be respected.
Famulor Features to Support Compliance
- Consent management: Record and document opt-ins and opt-outs
- Blocklists & star registration compliance: Campaigns respect opt-out lists
- Data security: Encryption in transit and at rest, role-based access
- Retention periods: Configurable storage durations
- Audit trails: Traceability of changes and accesses
Best practice: Check legal basis before campaign launch, verify consent proof, activate transparency announcements for AI calls, and document all processes.
Sources & References
- BMJ – UWG §7 Unfair Harassment (DE)
- Federal Network Agency – Unauthorized Telephone Advertising (DE)
- EUR‑Lex – Full text GDPR (EU)
- RIS – § 107 TKG 2021 (AT)
- RIS – Data Protection Act DSG (AT)
- admin.ch – nDSG SR 235.1 (CH)
- SECO – Unwanted Telephone Advertising (CH)
- HÄRTING – Transparency Obligations (Art. 50)
- Wikipedia – EU AI Regulation