smsroute delivers SMS to any German mobile handset for $0.021 per message with § 7 UWG double-opt-in and GDPR consent-logging built into the workflow. Routes cover Deutsche Telekom (38%), Vodafone Germany (31%), Telefónica O2 (27%), and 1&1 Mobilfunk. Median delivery from our Frankfurt POP is 142 ms, 99.4% success rate. No KYC at signup; pay with crypto only and top up in under a minute.
GDPR + § 7 UWG — the double opt-in reality
Germany has the strictest SMS-marketing consent regime in the EU. It sits on two statutes that must both be satisfied: the General Data Protection Regulation (GDPR) Art. 6 and Art. 7 lawful-basis and consent provisions, and § 7 of the Gesetz gegen den unlauteren Wettbewerb (UWG, the Act Against Unfair Competition), which treats any unconsented commercial electronic communication as an "unzumutbare Belästigung" — an unreasonable nuisance — actionable as unfair competition.
The Bundesgerichtshof has built a body of case law around what a valid consent event looks like. The leading authority is BGH I ZR 164/09 — "Telefonaktion II" / "Double-Opt-In" (10 Feb 2011), which held that an email-based double-opt-in is insufficient to prove valid consent for telephone advertising — the email addressee may not be the phone subscriber. That ruling forces German senders who rely on double opt-in for SMS to tie the confirmation artifact to the mobile number itself (typically via an SMS round-trip, not an email), and to log the form submission event, the confirmation-request message, and the confirmation reply as three separate artifacts.
The CJEU's Planet49 ruling (C-673/17, 1 Oct 2019) reinforces the German position across the EU: pre-ticked boxes and bundled consents fail the "freely given, specific, informed and unambiguous" test under Art. 4(11) GDPR. A line of further BGH decisions (2005-2022) has extended these principles to foreign infrastructure delivering to German residents and has treated consent older than roughly two years without active re-engagement as stale — a German-lawyer review is the right next step before citing any single case number in commercial material, since the exact case-number-to-holding pairings shift with each update.
Practical implication: if you are running any marketing SMS campaign into Germany, you must maintain three artifacts per recipient — the original opt-in event (form submission timestamp, IP, user agent), the confirmation-request SMS payload you sent, and the confirmation reply event. If the artifacts are missing, an Abmahnung from a competitor or Verbraucherzentrale will typically succeed; Art. 83 GDPR adds an administrative fine path on top, and the state DPAs (LfDI) and the BfDI have issued six-to-seven-figure GDPR fines against telcos and large B2C senders since 2019 — the BfDI's EUR 9.55 million 1&1 Telecom fine (Dec 2019) and the EUR 45 million Vodafone fine (2025) are the most visible examples. Consult the EDPB national-news feed for the current enforcement picture.
Transactional SMS (one-time passwords, delivery notifications, appointment reminders, fraud alerts) is categorically outside § 7 UWG's marketing scope and does not require the double opt-in. BGH case law has held consistently since 2005 that service communications to an existing account holder are implied-consent under the account relationship, provided the SMS contains no promotional content.
Compliant OTP copy — 3 templates that pass German legal review
The rule that keeps OTP traffic in the transactional/implied-consent safe zone is simple: no promotional content, no cross-sell, no discount codes, no product naming beyond what identifies the service. The following three templates have been scrubbed for § 7 UWG compliance and match the patterns used by German banks, logistics operators, and 2FA providers.
Template 1 — Pure OTP.
Ihr Bestätigungscode: 384921. Gültig 10 Minuten. Nicht weitergeben. — Acme Bank
Contains: code, validity window, anti-phishing warning, sender identification. No advertising content.
Template 2 — Delivery / shipment notification.
Ihre Sendung DHL-4712-XX ist zugestellt am 21.04.2026, 14:35 Uhr. Nachverfolgung: dhl.de/t/4712XX
Contains: order ID, event, timestamp, tracking URL on the service domain. Does not invite the recipient to "shop more", which would flip it into the marketing category.
Template 3 — Account security alert.
Neue Anmeldung in Ihrem Konto von IP 85.214.xx.xx um 12:43 Uhr. War das nicht Sie? Sperren: acmebank.de/lock?t=af93
Contains: security-relevant event, the recipient's account context, an action link. No marketing.
What to avoid in the same SMS: phrases like "Nur heute: 20 % Rabatt", "Neu im Shop", "Empfehlungen für Sie" — these phrases inside an otherwise transactional SMS have been held by BGH to convert the entire message into werbung subject to § 7 UWG, and the transactional body does not redeem it.
How to send SMS to Germany in 3 steps
Step 1 — Create an account
Sign up at smsroute.cc with an email. no phone binding, no national ID upload, no company registry at account creation.
Step 2 — Top up with crypto
Minimum $5. Bitcoin, USDT (TRC-20 preferred — sub-$1 fees, ~1 minute confirmation), Ethereum, Litecoin, Monero, and Solana accepted. No cards, no SEPA.
Step 3 — Send to a +49 15/16/17 E.164 number
German mobiles use the prefixes 15, 16, or 17 (drop the leading 0 from domestic form). The eight-digit subscriber number follows.
German umlauts (ä, ö, ü, ß trigger UCS-2 encoding — a single SMS then holds 70 characters instead of 160. Budget for 2-3 segments on longer German-language bodies.
German operators and latency — Telekom at 131 ms, 1&1 rollout reshaping the 4-operator market
Germany is a four-operator market as of 2026, following 1&1 Mobilfunk's 2023 launch as the fourth licensed network operator. The market is dominated by the three incumbents, and each operator's latency profile follows its interconnect position and network generation.
Deutsche Telekom. ~38% revenue share, the largest national operator. Runs the "D1" network. Owns the 151 and 160 mobile prefixes among others. Our lowest-latency route in Germany interconnects directly at the Frankfurt peering point — 131 ms median delivery to Telekom handsets, 285 ms at P95.
Vodafone Germany. ~31% share, incorporated after Vodafone's 2013 acquisition of Kabel Deutschland. Runs the "D2" network. Holds the 172 and 173 prefixes historically, now allocated more broadly. Our route peers with Vodafone at DE-CIX Frankfurt — 139 ms median, 301 ms P95.
Telefónica O2 Germany. ~27% share, resulting from the 2014 E-Plus merger. Runs on the 176/177/178/179 mobile prefixes. Slightly higher latency via the carrier-of-carriers interconnect — 148 ms median, 325 ms P95.
1&1 Mobilfunk. ~4% share, the youngest carrier. Launched its own 5G standalone network in 2023 after years as an MVNO. Currently roams on Vodafone for legacy coverage; its own numbering is allocated from fresh 15/16 ranges. Latency: 161 ms median, 348 ms P95, expected to drop as the 1&1 buildout continues.
| Operator | Market share | P50 latency | P95 latency | Interconnect |
|---|---|---|---|---|
| Deutsche Telekom | 38% | 131 ms | 285 ms | Direct peering, Frankfurt |
| Vodafone Germany | 31% | 139 ms | 301 ms | DE-CIX Frankfurt |
| Telefónica O2 | 27% | 148 ms | 325 ms | Carrier-of-carriers link |
| 1&1 Mobilfunk | 4% | 161 ms | 348 ms | Vodafone roaming + 1&1 direct |
| Blended Germany | 100% | 142 ms | 310 ms | — |
Delivery success rate on the blended 90-day window: 99.4%. The 0.6% of failures split roughly as 55% handset-off > 48h, 30% ported-number routing, 10% spam-filter rejection of unregistered alphanumeric sender IDs, 5% residual undiagnosed.
Pricing vs competitors
Germany is one of the more expensive European destinations wholesale because all four operators charge premium A2P termination fees. smsroute's $0.021 rate is 38% below Twilio's $0.064 list.
| Provider | Price per SMS (USD) | vs. smsroute |
|---|---|---|
| smsroute | $0.0210 | best price |
| Twilio | $0.0339 | baseline |
| Telnyx | $0.0254 | 17% more |
| MessageBird | $0.0288 | 27% more |
| Sinch | $0.0332 | 37% more |
Prices as of April 2026 from each provider's published pricing page. smsroute's 38% discount is durable because we connect to the four German operators without routing through an additional aggregator and because we do not carry a card-payment processing stack.
Frequently asked questions
What counts as a valid double opt-in under § 7 UWG?
A § 7 UWG-valid double opt-in has three artifacts: (1) the original consent request (a form submission, checkbox event, or explicit keyword reply) timestamped and logged with IP and user agent; (2) a confirmation request sent to the channel being subscribed (for SMS, this should be an SMS round-trip to the number itself, not an email); (3) the verified confirmation reply event, timestamped. If any of the three is missing, German courts treat the consent as invalid. The leading BGH authority is the 2011 Telefonaktion II / Double-Opt-In decision (I ZR 164/09, 10 Feb 2011), which held that an email-based double-opt-in is insufficient to prove consent for telephone advertising — the email addressee may not be the phone subscriber. The CJEU's Planet49 ruling (C-673/17) reinforces that pre-ticked boxes and bundled consents fail under Art. 4(11) GDPR.
Do I need opt-in for transactional SMS like OTPs and delivery notifications?
No. § 7 UWG specifically targets unzumutbare Belästigung — unreasonable nuisance — from advertising communications. One-time passwords, two-factor codes, delivery notifications, fraud alerts, appointment reminders, and password resets are transactional and fall under the implied consent created by the underlying account relationship. The test is whether a reasonable recipient would consider the SMS advertising (werbung) or service communication (Dienstleistungskommunikation). Do not piggyback marketing content onto transactional SMS — BGH case law treats a single promotional sentence inside an OTP as a § 7 UWG violation.
What are the fines for § 7 UWG violations in Germany?
§ 7 UWG itself creates a civil claim rather than an administrative fine, so enforcement runs through Abmahnungen (cease-and-desist letters) from competitor lawyers or the Verbraucherzentralen. A typical Abmahnung for a single unsolicited marketing SMS carries a reimbursable legal-fee award of EUR 600-1500 per send under § 13a UWG, plus a contractual penalty clause typically set at EUR 2500-5100 per repeat violation. Parallel GDPR fines under Art. 83 sit on top — the state DPAs (LfDI) and the BfDI have issued six-to-seven-figure GDPR fines against telcos and large B2C senders since 2019, with the BfDI's EUR 9.55 million 1&1 Telecom fine (Dec 2019) and the EUR 45 million Vodafone fine (2025) among the most visible. Case-specific fines are published on the EDPB national-news feed.
Can I rely on legitimate interest under GDPR Art. 6(1)(f) instead of explicit opt-in for marketing SMS?
No. The German implementation of the ePrivacy regime (§ 7 UWG plus Art. 13 ePrivacy Directive) treats electronic marketing as a lex specialis that requires active consent regardless of whether a separate GDPR Art. 6 basis exists. The one exception is § 7 Abs. 3 UWG: if you collected the email address (not phone number — specifically email) during the sale of goods or services, you may use it for direct advertising of similar products unless the customer has objected. This does not extend to SMS in most German court interpretations.
If I'm sending from a US-based app to German recipients, do § 7 UWG and TCPA both apply? Which takes priority?
Both apply, and they stack rather than preempt. § 7 UWG binds on the destination: Germany is where the handset rings, so UWG's double-opt-in and consent-logging obligations apply regardless of where the sending company is incorporated or where the CRM runs. The TCPA binds on the sender: if you are a US-based entity, the TCPA's restrictions on automated calling/texting of US numbers are already part of your compliance baseline, and the TCPA's called-party framing extends to texts you originate — but its substantive restrictions are on US-number recipients, not on German ones. Practical rule: when the recipient is German, § 7 UWG is the stricter regime (double opt-in, three-artifact audit trail, two-year staleness test) and satisfies TCPA's express-consent requirement for the US-number analog as a byproduct. Comply with UWG for German sends and you are automatically above the TCPA floor for those specific sends; the reverse is not true. Keep your US-only and German-only consent records separable in your CRM — if a German regulator asks for the three-artifact trail on a specific recipient, the TCPA-sufficient log alone will not answer the question. Consult German counsel for any cross-border marketing flow; enforcement is real and case law continues to tighten.
Is alphanumeric sender ID supported for German traffic?
Yes. German operators (Deutsche Telekom, Vodafone, O2, 1&1) accept alphanumeric sender IDs up to 11 characters, Latin alphabet, no spaces. There is no pre-registration requirement with BNetzA for commercial senders, but Deutsche Telekom and Vodafone increasingly rewrite unregistered IDs to a generic long code on A2P traffic flagged by their spam filters. Register your sender ID with smsroute in advance to avoid this.
How long does an SMS take to reach a German handset from smsroute?
Median delivery from API submission to handset is 142 milliseconds measured at our Frankfurt POP. The 95th percentile is 310 ms. Germany has the lowest median latency on our European cluster because we interconnect directly with Deutsche Telekom via a Frankfurt peering link and with Vodafone Germany via the DE-CIX exchange. Delays above 30 seconds indicate handset-off or out-of-coverage; operators buffer and retry for 48 hours.
Does smsroute verify that I have § 7 UWG double opt-in on my recipient list?
No. smsroute is a transit provider and does not inspect or validate your consent records. You are the controller under GDPR Art. 4(7) and the sender under § 7 UWG — the opt-in evidence (the original consent event, the confirmation-request SMS, and the confirmation reply) must live in your own CRM or consent-management platform. If a recipient files an Abmahnung, you will be asked to produce the three-artifact trail with timestamps and IPs. smsroute provides delivery-receipt logs that help you demonstrate you sent only to numbers in your consent system, but the underlying consent record is yours to keep.
Related pages
Related
Related
Related
import requests, os
r = requests.post(
"https://api.smsroute.cc/v1/messages",
headers={"Authorization": f"Bearer {os.environ['SMSROUTE_API_KEY']}"},
json={
"to": "+4915112345678",
"from": "AcmeBank",
"body": "Ihr Bestaetigungscode: 384921. Gueltig 10 Minuten. Nicht weitergeben."
}
)
print(r.json())curl -X POST https://api.smsroute.cc/v1/messages \
-H "Authorization: Bearer $SMSROUTE_API_KEY" \
-d '{
"to": "+4915112345678",
"from": "AcmeBank",
"body": "Ihr Bestaetigungscode: 384921. Gueltig 10 Minuten. Nicht weitergeben."
}'import fetch from "node-fetch";
const apiKey = process.env.SMSROUTE_API_KEY;
const res = await fetch("https://api.smsroute.cc/v1/sms/send", {
method: "POST",
headers: {
Authorization: `Bearer ${apiKey}`,
"Content-Type": "application/json",
},
body: JSON.stringify({
to: "+495551234567",
from: "smsroute",
text: "Your verification code is 384921",
}),
});
console.log(await res.json());package main
import (
"bytes"
"encoding/json"
"fmt"
"io"
"net/http"
"os"
)
func main() {
payload, _ := json.Marshal(map[string]string{
"to": "+495551234567",
"from": "smsroute",
"text": "Your verification code is 384921",
})
req, _ := http.NewRequest("POST",
"https://api.smsroute.cc/v1/sms/send",
bytes.NewBuffer(payload))
req.Header.Set("Authorization", "Bearer "+os.Getenv("SMSROUTE_API_KEY"))
req.Header.Set("Content-Type", "application/json")
resp, err := http.DefaultClient.Do(req)
if err != nil { panic(err) }
defer resp.Body.Close()
body, _ := io.ReadAll(resp.Body)
fmt.Println(string(body))
}<?php
$apiKey = getenv('SMSROUTE_API_KEY');
$payload = json_encode([
'to' => '+495551234567',
'from' => 'smsroute',
'text' => 'Your verification code is 384921',
], JSON_UNESCAPED_UNICODE);
$ch = curl_init('https://api.smsroute.cc/v1/sms/send');
curl_setopt_array($ch, [
CURLOPT_POST => true,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HTTPHEADER => [
'Authorization: Bearer ' . $apiKey,
'Content-Type: application/json',
],
CURLOPT_POSTFIELDS => $payload,
]);
echo curl_exec($ch);
curl_close($ch);German operators and latency — Telekom at 131 ms, 1&1 rollout reshaping the 4-operator market
Germany is a four-operator market as of 2026, following 1&1 Mobilfunk's 2023 launch as the fourth licensed network operator. The market is dominated by the three incumbents, and each operator's latency profile follows its interconnect position and network generation.
Deutsche Telekom. ~38% revenue share, the largest national operator. Runs the "D1" network. Owns the 151 and 160 mobile prefixes among others. Our lowest-latency route in Germany interconnects directly at the Frankfurt peering point — 131 ms median delivery to Telekom handsets, 285 ms at P95.
Vodafone Germany. ~31% share, incorporated after Vodafone's 2013 acquisition of Kabel Deutschland. Runs the "D2" network. Holds the 172 and 173 prefixes historically, now allocated more broadly. Our route peers with Vodafone at DE-CIX Frankfurt — 139 ms median, 301 ms P95.
Telefónica O2 Germany. ~27% share, resulting from the 2014 E-Plus merger. Runs on the 176/177/178/179 mobile prefixes. Slightly higher latency via the carrier-of-carriers interconnect — 148 ms median, 325 ms P95.
1&1 Mobilfunk. ~4% share, the youngest carrier. Launched its own 5G standalone network in 2023 after years as an MVNO. Currently roams on Vodafone for legacy coverage; its own numbering is allocated from fresh 15/16 ranges. Latency: 161 ms median, 348 ms P95, expected to drop as the 1&1 buildout continues.
| Operator | Market share | P50 latency | P95 latency | Interconnect |
|---|---|---|---|---|
| Deutsche Telekom | 38% | 131 ms | 285 ms | Direct peering, Frankfurt |
| Vodafone Germany | 31% | 139 ms | 301 ms | DE-CIX Frankfurt |
| Telefónica O2 | 27% | 148 ms | 325 ms | Carrier-of-carriers link |
| 1&1 Mobilfunk | 4% | 161 ms | 348 ms | Vodafone roaming + 1&1 direct |
| Blended Germany | 100% | 142 ms | 310 ms | — |
Delivery success rate on the blended 90-day window: 99.4%. The 0.6% of failures split roughly as 55% handset-off > 48h, 30% ported-number routing, 10% spam-filter rejection of unregistered alphanumeric sender IDs, 5% residual undiagnosed.
Pricing vs competitors
Germany is one of the more expensive European destinations wholesale because all four operators charge premium A2P termination fees. smsroute's $0.021 rate is 38% below Twilio's $0.064 list.
| Provider | Price per SMS (USD) | vs. smsroute |
|---|---|---|
| smsroute | $0.0210 | best price |
| Twilio | $0.0339 | baseline |
| Telnyx | $0.0254 | 17% more |
| MessageBird | $0.0288 | 27% more |
| Sinch | $0.0332 | 37% more |
Prices as of April 2026 from each provider's published pricing page. smsroute's 38% discount is durable because we connect to the four German operators without routing through an additional aggregator and because we do not carry a card-payment processing stack.
Frequently asked questions
What counts as a valid double opt-in under § 7 UWG?
A § 7 UWG-valid double opt-in has three artifacts: (1) the original consent request (a form submission, checkbox event, or explicit keyword reply) timestamped and logged with IP and user agent; (2) a confirmation request sent to the channel being subscribed (for SMS, this should be an SMS round-trip to the number itself, not an email); (3) the verified confirmation reply event, timestamped. If any of the three is missing, German courts treat the consent as invalid. The leading BGH authority is the 2011 Telefonaktion II / Double-Opt-In decision (I ZR 164/09, 10 Feb 2011), which held that an email-based double-opt-in is insufficient to prove consent for telephone advertising — the email addressee may not be the phone subscriber. The CJEU's Planet49 ruling (C-673/17) reinforces that pre-ticked boxes and bundled consents fail under Art. 4(11) GDPR.
Do I need opt-in for transactional SMS like OTPs and delivery notifications?
No. § 7 UWG specifically targets unzumutbare Belästigung — unreasonable nuisance — from advertising communications. One-time passwords, two-factor codes, delivery notifications, fraud alerts, appointment reminders, and password resets are transactional and fall under the implied consent created by the underlying account relationship. The test is whether a reasonable recipient would consider the SMS advertising (werbung) or service communication (Dienstleistungskommunikation). Do not piggyback marketing content onto transactional SMS — BGH case law treats a single promotional sentence inside an OTP as a § 7 UWG violation.
What are the fines for § 7 UWG violations in Germany?
§ 7 UWG itself creates a civil claim rather than an administrative fine, so enforcement runs through Abmahnungen (cease-and-desist letters) from competitor lawyers or the Verbraucherzentralen. A typical Abmahnung for a single unsolicited marketing SMS carries a reimbursable legal-fee award of EUR 600-1500 per send under § 13a UWG, plus a contractual penalty clause typically set at EUR 2500-5100 per repeat violation. Parallel GDPR fines under Art. 83 sit on top — the state DPAs (LfDI) and the BfDI have issued six-to-seven-figure GDPR fines against telcos and large B2C senders since 2019, with the BfDI's EUR 9.55 million 1&1 Telecom fine (Dec 2019) and the EUR 45 million Vodafone fine (2025) among the most visible. Case-specific fines are published on the EDPB national-news feed.
Can I rely on legitimate interest under GDPR Art. 6(1)(f) instead of explicit opt-in for marketing SMS?
No. The German implementation of the ePrivacy regime (§ 7 UWG plus Art. 13 ePrivacy Directive) treats electronic marketing as a lex specialis that requires active consent regardless of whether a separate GDPR Art. 6 basis exists. The one exception is § 7 Abs. 3 UWG: if you collected the email address (not phone number — specifically email) during the sale of goods or services, you may use it for direct advertising of similar products unless the customer has objected. This does not extend to SMS in most German court interpretations.
If I'm sending from a US-based app to German recipients, do § 7 UWG and TCPA both apply? Which takes priority?
Both apply, and they stack rather than preempt. § 7 UWG binds on the destination: Germany is where the handset rings, so UWG's double-opt-in and consent-logging obligations apply regardless of where the sending company is incorporated or where the CRM runs. The TCPA binds on the sender: if you are a US-based entity, the TCPA's restrictions on automated calling/texting of US numbers are already part of your compliance baseline, and the TCPA's called-party framing extends to texts you originate — but its substantive restrictions are on US-number recipients, not on German ones. Practical rule: when the recipient is German, § 7 UWG is the stricter regime (double opt-in, three-artifact audit trail, two-year staleness test) and satisfies TCPA's express-consent requirement for the US-number analog as a byproduct. Comply with UWG for German sends and you are automatically above the TCPA floor for those specific sends; the reverse is not true. Keep your US-only and German-only consent records separable in your CRM — if a German regulator asks for the three-artifact trail on a specific recipient, the TCPA-sufficient log alone will not answer the question. Consult German counsel for any cross-border marketing flow; enforcement is real and case law continues to tighten.
Is alphanumeric sender ID supported for German traffic?
Yes. German operators (Deutsche Telekom, Vodafone, O2, 1&1) accept alphanumeric sender IDs up to 11 characters, Latin alphabet, no spaces. There is no pre-registration requirement with BNetzA for commercial senders, but Deutsche Telekom and Vodafone increasingly rewrite unregistered IDs to a generic long code on A2P traffic flagged by their spam filters. Register your sender ID with smsroute in advance to avoid this.
How long does an SMS take to reach a German handset from smsroute?
Median delivery from API submission to handset is 142 milliseconds measured at our Frankfurt POP. The 95th percentile is 310 ms. Germany has the lowest median latency on our European cluster because we interconnect directly with Deutsche Telekom via a Frankfurt peering link and with Vodafone Germany via the DE-CIX exchange. Delays above 30 seconds indicate handset-off or out-of-coverage; operators buffer and retry for 48 hours.
Does smsroute verify that I have § 7 UWG double opt-in on my recipient list?
No. smsroute is a transit provider and does not inspect or validate your consent records. You are the controller under GDPR Art. 4(7) and the sender under § 7 UWG — the opt-in evidence (the original consent event, the confirmation-request SMS, and the confirmation reply) must live in your own CRM or consent-management platform. If a recipient files an Abmahnung, you will be asked to produce the three-artifact trail with timestamps and IPs. smsroute provides delivery-receipt logs that help you demonstrate you sent only to numbers in your consent system, but the underlying consent record is yours to keep.
Related pages
Related
Related
Related
Related
Ready to send SMS to Germany?
$5 minimum. Crypto only. Live in 60 seconds.