What is “legal obligation” as a basis for transactional email?

Legal obligation (GDPR Article 6(1)(c)) allows processing when necessary to comply with a legal requirement to which you're subject. For email communications, this basis applies when law or regulation requires you to send certain information to customers. Examples include regulatory disclosures, privacy policy update notifications, legally required notices about changes to terms of service, and communications mandated by financial regulations or consumer protection laws.

The key is that the legal obligation must be specific and documented. You must be able to identify the law, regulation, or binding legal authority that requires the communication. Vague claims of "best practice" or industry standards don't qualify-there must be an actual legal requirement. The communication must be limited to what's necessary to satisfy the obligation; you can't use legal obligation as a pretext to add promotional content to legally required notices.

In practice, legal obligation is a narrow basis for email communication. Most transactional emails fall under contractual necessity (order confirmations, account notifications) rather than legal obligation. Legal obligation applies specifically when a law mandates the communication. For email marketers, this basis is rarely the primary justification for communications but may cover certain compliance notices or regulatory disclosures. Document which specific legal requirement applies to each communication claiming this basis. Legal obligation means the law requires you to communicate something-not that the law permits it, but that it mandates it.