Email Signature Compliance for UK Businesses: What the Law Actually Requires (2026)

TL;DR: UK law requires limited companies, PLCs, and LLPs to include four specific pieces of information on every external business email: registered company name, company registration number, place of registration, and registered office address. Failure to comply risks a £1,000 fine. Financial services firms face additional FCA disclosure requirements on top of this. General email disclaimers — the confidentiality notices most organisations include — are not legally required, but there are good practical reasons to include them. This article covers what the law actually says, what sector-specific rules apply, and the difference between what’s legally required and what’s just convention.

What the law requires: the Companies Act 2006

The starting point for UK email signature compliance is the Companies Act 2006, as amended by the Companies (Trading Disclosures) Regulations 2008 which came into force on 1 October 2008.

The requirement is clear and applies to all external business correspondence, including email. If your organisation is a private limited company (Ltd), public limited company (PLC), or limited liability partnership (LLP), every external business email must include the following information in legible characters:

1. Your registered company name The full registered name as it appears at Companies House — not a trading name, brand name, or abbreviation unless the full registered name is also present. If your company is registered as “Acme Digital Solutions Limited” but trades as “Acme Digital”, the registered name must appear in the email footer.

2. Your company registration number The number assigned by Companies House on incorporation. For English and Welsh companies this is typically an 8-digit number. Scottish companies are prefixed SC, Northern Irish companies NI.

3. Your place of registration The jurisdiction in which the company is registered — England & Wales, Scotland, or Northern Ireland. This is distinct from your trading address or registered office address.

4. Your registered office address The address currently registered at Companies House. This may be different from the address you trade from — many companies use their accountant’s or solicitor’s address as their registered office. The registered office address in your email footer must match what’s on the Companies House register. If you move registered offices and forget to update your email template, you’re non-compliant.

These four elements are mandatory. There is no minimum font size specified in the legislation, but the requirement is that the information be in “legible characters” — unusually small grey text that’s technically readable but practically invisible is unlikely to satisfy that standard.

The requirement applies to all employees who send external email on behalf of the company, not just directors or senior staff. An intern sending an email to a client is subject to the same requirement as the CEO.

It applies to external email only. Internal emails between colleagues are outside the scope of the requirement. However, in practice most organisations apply the footer universally to avoid the complexity of routing rules that distinguish internal from external.

The penalty for non-compliance is a fine of up to £1,000. In practice, prosecutions are rare and typically arise in the context of disputes where a counterparty challenges the validity of a communication, rather than from routine enforcement. That said, the reputational risk of a client or counterparty noticing a non-compliant footer is arguably more significant than the fine itself.

Who the requirement applies to — and who it doesn’t

The Companies Act requirement applies specifically to:

  • Private limited companies (Ltd)
  • Public limited companies (PLC)
  • Limited liability partnerships (LLP)

It does not apply to:

  • Sole traders
  • General partnerships (though these may have other disclosure requirements)
  • Charities that are not incorporated as companies or LLPs (though sector-specific rules may apply)
  • Community interest companies are incorporated as limited companies and therefore are subject to the requirement

If you are unsure of your company structure, your incorporation documents or the Companies House register will confirm it.

Sector-specific requirements: financial services

For firms regulated by the Financial Conduct Authority, the Companies Act requirements are a floor, not a ceiling. The FCA’s General Provisions Handbook (GEN) imposes additional statutory status disclosure requirements on all electronic communications from authorised firms.

Under GEN 4.3 and GEN 4 Annex 1, FCA-authorised firms that are not PRA-authorised must include the following disclosure:

“Authorised and regulated by the Financial Conduct Authority”

For appointed representatives (ARs), the required disclosure is:

“[Name of appointed representative] is an appointed representative of [name of principal firm] which is Authorised and regulated by the Financial Conduct Authority”

The FCA also requires firms to include their Firm Reference Number (FRN) on electronic communications, including email, as a result of the interaction between GEN and the E-Commerce regulations. The FRN is the unique identifier assigned to your firm on the FCA Financial Services Register.

Firms that are dual-regulated — authorised by both the FCA and the Prudential Regulation Authority (PRA), typically banks and insurers — have additional disclosure requirements. The relevant disclosure language differs from that used by solo-regulated firms; check the FCA Handbook GEN 4 Annex 1 directly for the required wording.

In practice, FCA-regulated firms’ email footers typically contain:

  • The four Companies Act elements (company name, registration number, place of registration, registered office)
  • The statutory status disclosure and FRN
  • Often, a brief disclaimer noting the regulatory scope of the communication

Financial services firms that manage email signatures through a central tool should ensure the regulatory disclosure language is locked and cannot be edited by individual employees. An employee editing their personal details but inadvertently removing the regulatory disclosure creates a compliance gap on every email they send.

Solicitors and law firms are regulated by the Solicitors Regulation Authority (SRA). The SRA’s Code of Conduct requires transparency about the firm’s status and regulatory information. Limited companies operating as law firms are subject to the Companies Act requirements. The SRA also requires that firms make clients aware of their right to complain and of the Legal Ombudsman — whether this information belongs in the email footer or elsewhere is a matter of firm policy, but it is commonly included.

Healthcare organisations operating as limited companies are subject to the Companies Act requirements. NHS organisations have their own governance requirements distinct from the Companies Act framework. Private healthcare providers registered as limited companies must comply with the standard Companies Act disclosure requirements.

Charities incorporated as companies limited by guarantee are subject to the Companies Act requirements. Unincorporated charities are not, though Charity Commission registration details are often included by convention. Charitable incorporated organisations (CIOs) have their own disclosure requirements under charity law.

E-commerce and consumer-facing businesses have additional disclosure requirements under the E-Commerce (EC Directive) Regulations 2002, which require certain information to be accessible to customers — though these obligations typically apply to websites and order confirmations rather than individual email correspondence.

If your organisation operates in a regulated sector not covered above, check with your regulator’s communications or conduct rules directly.

Disclaimers: what’s legally required vs what’s convention

Most UK business emails include a footer disclaimer of some kind — confidentiality notices, misdirected email instructions, virus disclaimers. It’s worth being clear about what is and isn’t legally required.

General confidentiality disclaimers are not required by law. There is no UK statute that requires a confidentiality notice on business emails. They are used widely because they are thought to offer some protection, but UK courts have generally been sceptical about their enforceability. A disclaimer that says “this email is confidential and intended only for the addressee” has limited legal weight if the email is disclosed in litigation — the inclusion of a disclaimer does not transform an email into a legally protected document.

Virus disclaimers are similarly not legally required and similarly of limited practical value. The statement “we have checked this email for viruses but cannot accept responsibility” does not meaningfully alter liability.

GDPR-related disclaimers are not required by UK GDPR either, though some organisations include them as part of their transparency obligations. A brief statement noting that the organisation processes personal data in accordance with its privacy notice, with a link to that notice, is useful rather than legally mandated.

The one area where a disclaimer has genuine legal significance is in preventing unintended contract formation. UK courts have found, in a small number of cases, that an email exchange can constitute a binding contract if it contains the essential elements of offer and acceptance — including through an email signature or sign-off. Including a clear disclaimer that email communications do not constitute a legally binding commitment without a formal written contract is a reasonable precaution for organisations where this is a realistic risk (commercial property, high-value transactions, legal services). The Pinsent Masons guidance on email notices notes the practical significance of this in the context of a UK High Court case where an email signature contributed to a finding of contract formation in a land sale.

The conclusion: include the four Companies Act elements because the law requires them. Include any sector-specific regulatory disclosures because your regulator requires them. Consider a contract formation disclaimer if your business involves high-value commitments made by email. Treat general confidentiality notices as useful convention rather than legal protection.

The practical challenge: keeping it consistent

The legal requirement is not particularly onerous in content — four lines of text. The challenge is operational: ensuring those four lines appear correctly on every external email sent by every employee, and that they remain accurate when company details change.

The most common failure modes are:

Outdated registered office address. Companies that move registered offices — or that change their registered agent — sometimes update Companies House without updating their email template. The result is a footer that contradicts the public record.

Trading name vs registered name. Companies that rebrand or that trade under a name different from their registered name sometimes omit the full registered name from the footer, including only the trading name.

Employee-controlled signatures. If employees set their own email signatures, some will have the correct footer and some won’t. In organisations without centralised management, the junior staff member who set up their signature by copying a colleague’s three years ago may be missing elements the colleague has since added.

New starters. Onboarding processes that rely on employees setting their own signatures from a template document — rather than deploying a managed template — create a gap between joining and first sending a compliant email.

Centralised email signature management solves all of these operationally: the compliant footer is built into the template, deployed to all users, and updated centrally when company details change. No reliance on individual employees to maintain their own footers correctly.

For a comparison of the different approaches to centralised signature management in Microsoft 365, see Centralised Email Signatures in Microsoft 365: The Complete Guide. For the GDPR considerations that apply when deploying a third-party signature management tool, see Email Signature Tools and GDPR: What Your DPO Needs to Know.

Quick reference: what to include

For a standard UK limited company, your email footer should include at minimum:

[Trading name, if different from registered name]
[Registered company name] | Registered in England & Wales
Company registration number: XXXXXXXX
Registered office: [Full registered office address]

For FCA-regulated firms, add:

Authorised and regulated by the Financial Conduct Authority
FRN: XXXXXXX

For appointed representatives, replace the above with:

[Firm name] is an appointed representative of [Principal firm name],
which is authorised and regulated by the Financial Conduct Authority.
FRN: XXXXXXX [Principal firm's FRN]

These elements should be present in the footer of every external email sent by every employee. Font size should be legible — small print is acceptable, invisible is not.

Frequently asked questions

Does this apply to emails sent from a personal Gmail or Hotmail account on behalf of the company?

Yes. The requirement applies to emails sent as business correspondence on behalf of the company, regardless of the email platform used. An employee sending a business email from a personal account is subject to the same requirement. In practice, enforcing this is difficult — which is one of the reasons centralised email management tools that operate at the Exchange/Microsoft 365 level are preferable to approaches that rely on individual clients.

Do we need to include the registered office address if it’s just our accountant’s address?

Yes. The registered office address is whatever is currently registered at Companies House, regardless of whether it’s your trading address, your accountant’s address, or a registered agent’s address. It must match the Companies House record.

We’re a sole trader — does any of this apply to us?

The Companies Act requirement does not apply to sole traders. However, if you trade under a business name that is different from your own name, the Business Names Act 1985 (now consolidated into the Companies Act 2006) requires you to disclose your name and an address for service on business correspondence, including email.

Our company is registered in Scotland. Does anything change?

The core Companies Act requirement is the same across Great Britain. Your “place of registration” would be “Scotland” rather than “England & Wales”. Companies registered in Northern Ireland are registered under the Companies Act (Northern Ireland) 2006 and have equivalent requirements.

We changed our registered office six months ago. Do we need to go back and check old emails?

You cannot retroactively change sent emails, but you should update your email footer to reflect the current registered address as soon as possible. If your registered office has changed, update Companies House first (if you haven’t already), then update your email template to match.

This article is for general informational purposes and does not constitute legal advice. Requirements vary by organisation type and sector. If you are uncertain about your specific compliance obligations, seek advice from a qualified solicitor or your relevant regulator. Information correct as of May 2026 — verify current requirements against legislation.gov.uk and your regulator’s published guidance.

#email-signature-compliance#companies-act-2006#uk-law#fca#legal-requirements#email-disclaimer#it-admin#compliance

Email signatures in M365 are broken. We're fixing that.

We're not ready to share the details yet — but if you manage email, IT, or communications for a mid-sized Microsoft 365 organisation, this is for you.