Online subscription laws for 2025: DMCC Act explained

As more customers opt for the convenience of home delivery, it’s never been a better time to set up an online subscription business. However, as the market continues to grow, so do the regulations surrounding subscription practices. 

The Digital Markets, Competition and Consumers Act 2024 (DMCC Act), in particular, has brought significant changes to the way online subscription services operate, making it even more crucial for ecommerce businesses to understand the shifting regulatory landscape to avoid penalties. 

Startups.co.uk has been decoding complex legal jargon and helping entrepreneurs navigate red tape for 25 years. Building on these decades of experience, this guide lays out all the regulations your online subscription business should be following in 2025. We also explain how you can remain compliant in simple, actionable steps to help you stay on the right side of the law and avoid hefty fines.

What legislation applies to online subscription businesses?

To operate an online subscription business in the UK, you need to adhere to a comprehensive legal framework. Here is every act that should be on your radar, and some key provisions you can take with each one to stay on the right side of the law.

Digital Markets, Competition and Consumers Act 2024 (DMCC Act)

The government rolled out the Digital Markets, Competition and Consumers Act 2024 (DMCC Act) in an attempt to modernise UK law for the digital age. The set of regulations aims to provide stronger protections for consumers, specifically when it comes to cracking down on subscription traps.

Here are some new actions online subscription businesses will need to take to adhere to the DMCC:

• Issue clear terms – Businesses are required to provide consumers with clear information before they enter a contract. This includes details about the current price, potential pricing changes, auto-renewals, and cancellation methods.
• Send regular reminders – Businesses must send consumers multiple reminder notifications at key points, including when a free trial is coming to an end and at regular intervals within the contract. 
• Allow cooling-off periods – In addition to the 14-day cancellation right at the beginning of the contract, consumers are also entitled to a 14-day cooling-off period, where they can cancel without penalty after a free trial ends or after a contract of 12 months or more auto-renews.
• Enable straightforward cancellations – Businesses must make their subscriptions “as easy to exit as to join”, to avoid consumers getting trapped in unwanted contracts. The cancellation process must also be available online if the subscription was purchased online. 

Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013

The Consumer Contracts Regulations provide a general set of rules for distance selling and serve as a foundation for the new, updated DMCC Act.

There is a lot of overlap between these two acts, specifically when it comes to pre-contract information and cooling-off periods. However, there are also some unique requirements in the 2013 Regulations that businesses must still follow:

• No pre-ticked boxes for extra payments – It’s illegal for businesses to use pre-ticked boxes to charge for optional extras. Consumers must actively opt in to any additional costs.
• Apply basic rates for helpline services – Businesses must not charge more than the basic rates for customer service telephone lines once a contract has been made. 
• Deliver goods within 30 days – Businesses must deliver goods purchased online within 30 days, and bear full responsibility for the goods until they are in the consumer’s possession. 

Consumer Rights Act (CRA) 2015

The Consumer Rights Act establishes a comprehensive framework for customer rights when buying goods, services, or digital content from businesses.

Unlike the DMCC Act, which focuses on modern issues like subscription traps, the CRA 2015 outlines core principles for almost all business-to-consumer transactions. 

To comply with the CRA, online subscription businesses must:

• Provide goods or content of a satisfactory quality – The appearance, durability, safety and utility of any physical goods or digital content must be of a satisfactory quality and match the description offered. 
• Ensure your offering is fit for purpose – Goods and services provided by businesses must fit the specific purpose they are commonly supplied for. 
• Businesses are liable for damage – If a product or piece of digital content causes damage to a customer or their device, the business is legally responsible for fixing the damage or compensating the customer. 

UK GDPR and the Data Protection Act 2018

Collecting and storing data is a critical part of any online subscription business. To ensure you’re doing this safely and ethically, you need to comply with data protection legislation like the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. 

• Issue a clear privacy policy – Under the GDPR, Businesses handling personal data must have a comprehensive privacy policy, which clearly explains what data they collect, why, for how long, and whom they share it with. 
• Keep consumer data secure – Both the GDPR and the Data Protection Act require businesses to protect consumer data using secure servers, encryption, and limiting access to sensitive information to those who need it only.
• Keep data collection to a minimum – Businesses should only request data that is truly essential, like a name, email address and payment details for a subscription service, for example. 

Learn more about the steps you need to take to protect consumer information in our guide to the Data Protection Act 2018.

Consumer Protection from Unfair Trading Regulations 2008

There are also rules around how online subscription businesses market and sell services to customers. Here are some key guidelines you need to follow to adhere to the Consumer Protection from Unfair Trading Regulations 2008.

• Avoid misleading actions – Businesses mustn’t provide false or deceptive information to a consumer. This includes false claims about features or benefits, fake reviews, or misleading pricing. 
• Avoid misleading omissions – Businesses are required to disclose key information a consumer needs to make an informed decision. This includes details about auto-renewals, total costs including fees, and the cancellation process. 
• Don’t take part in aggressive commercial practices – Businesses must avoid using harassment, coercion, or undue influence to pressure consumers into making a sale. This means avoiding certain sales tactics like countdown timers as well as complex cancellation processes.

How to adhere to online subscription laws

Staying on top of the regulatory framework might seem like a lot of work, especially with new laws like the DMCC Act coming into force.

However, many pieces of legislation share similar guidelines, allowing online subscription businesses to achieve compliance with fewer actions. 

To help you get the ball rolling, we’ve rounded up some key actions you can take today. 

Describe your service and its costs clearly

To adhere to the DMCC Act, you must make information about the subscription as clear and accessible as possible, and leave no stone unturned when it comes to including details. You should clearly address what the subscription will include, how much it will cost, how long it will last, and whether and when it will be automatically renewed. 

Following through, you must always make sure your offering is as advertised and up to a satisfactory quality, in line with the Consumer Rights Act 2015.

Gain active consent for additional costs

Aside from listing total costs clearly, don’t dupe consumers into paying more than they want to. To remain compliant with the Consumer Contracts Regulations 2013, don’t use pre-ticked boxes to charge customers for optional extras. Don’t charge customers more than the basic rates to make customer service calls, either. 

Make cancellation as simple as possible

Sending subscribers down a wild goose chase to cancel a service isn’t just annoying for the consumer; it’s illegal. The DMCC Act 2024 has made it mandatory for online services to be “as easy to exit as to join”.

For online subscription services, this means providing customers with a straightforward cancellation process and avoiding making them make a phone call or send an email for approval. 

Send out timely reminder notifications

To remain compliant with the DMCC Act 2024, you are legally required to send customers reminders at key points in their subscription journey. You must give notice before any free or discounted trial ends and at regular intervals for long-term contracts.

This notification must state the upcoming date for autorenewal, the amount that’s due to be charged, and how users can cancel. 

Process consumer data securely and transparently

Online subscription businesses are legally responsible for processing customer data securely and confidentially. Specifically, to comply with UK GDPR and the Data Protection Act 2018, businesses must protect data from misuse by using secure end-to-end encryption and ensuring access to sensitive, personal data is limited to authorised staff. 

You should also clearly display a privacy policy on your business website, so consumers have a crystal clear understanding of how you’re using their information. 

Avoid misleading or aggressive marketing

To avoid breaching the rules outlined in the Consumer Protection from Unfair Trading Regulations 2008, you must advertise your online subscription in a fair and honest manner. This means only making accurate claims about your product, avoiding high-pressure tactics to make a sale, or omitting crucial information. 

What are the penalties for breaking the laws?

Online subscription laws are designed to protect consumers, and failing to comply with them can result in severe penalties. 

One of the biggest blows could be to your bottom line. As of 6 April 2025, the Competition and Markets Authority (CMA) has the power to impose significant financial penalties without going through a lengthy court process, making it easier for them to issue penalties and fines directly. 

Specifically, for large-scale breaches, the CMA can charge businesses up to 10% of their global annual turnover, while smaller businesses that have been found guilty of non-compliance could face a fixed penalty of up to £300,000. The CMA also has the authority to impose additional fines for continued non-compliance, to prevent companies from ignoring orders to change their practices.

Violating regulations doesn’t just hit you in the wallet. Failing to keep up with regulations can also result in reputational damage, which has the potential to be more long-lasting than the financial penalties themselves.

For instance, when a business is under investigation for breaching online subscription laws, the authority has to publicise its activities in a public statement or press release. This can immediately bring attention to a business for the wrong reasons, regardless of the final outcome.  

Moreover, when a business is found guilty of using “subscription traps”, such as making cancellation deliberately difficult or hiding fees, it can result in customers feeling deceived. They could subsequently share their negative experiences on customer review sites or social media platforms, making it harder for you to attract new customers.  

Compliance doesn’t need to be a headache

The regulatory landscape may seem daunting, but taking a practical approach to compliance can save you from a lot of hassle. Hit the ground running by assessing your business’s current practices before developing a detailed remediation plan that rectifies any potential regulatory breaches. 

For new businesses, we recommend taking it one step at a time. Many of the regulations overlap, so by focusing on a few core principles when you’re getting started, such as transparency, ethical marketing, and simple cancellation, you can avoid getting overwhelmed. 

Ultimately, the legal framework is designed to protect customers before anything else. By embracing new regulations like the DMCC Act, alongside long-established laws, you can avoid fines and build trust with consumers.