Online subscription laws for 2026: DMCC Act explained

The government recently confirmed that the legal changes brought on by the Digital Markets, Competition and Consumers (DMCC) Act for the subscription contracts regime are now expected to come into force in spring 2027. For ecommerce business owners, this means you are required to provide 14-day cooling-off reminders and easy cancellations, or face a 10% turnover fine. This is what your business needs to know in 2026. 

DMCC Act 2026: Subscription compliance checklist

Use the below checklist to ensure you’re hitting all the key points under the new legislation:

What legislation applies to online subscription businesses?

To operate an online subscription business in the UK, you need to adhere to a comprehensive legal framework. Here is every act that should be on your radar, and some key provisions you can take with each one to stay on the right side of the law.

Digital Markets, Competition and Consumers Act 2024 (DMCC Act)

The government rolled out the Digital Markets, Competition and Consumers Act 2024 (DMCC Act) in an attempt to modernise UK law for the digital age. The set of regulations aims to provide stronger protections for consumers, specifically when it comes to cracking down on subscription traps.

Here are some new actions that online subscription businesses will need to take to adhere to the DMCC:

• Issue clear terms – Businesses are required to provide consumers with clear information before they enter a contract. This includes details about the current price, potential pricing changes, auto-renewals, and cancellation methods.
• Send regular reminders – Businesses must send consumers multiple reminder notifications at key points, including when a free trial is coming to an end and at regular intervals within the contract. 
• The 14-day cooling-off period – In addition to the 14-day cancellation right at the beginning of the contract, consumers are also entitled to a 14-day cooling-off period, where they can cancel without penalty after a free trial ends or after a contract of 12 months or more auto-renews.
• Consumer rights contract cancellation – Businesses must make their subscriptions “as easy to exit as to join”, to avoid consumers getting trapped in unwanted contracts. The cancellation process must also be available online if the subscription was purchased online. 

Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013

The Consumer Contracts Regulations provide a general set of rules for distance selling and serve as a foundation for the new, updated DMCC Act.

There is a lot of overlap between these two acts, specifically when it comes to pre-contract information and cooling-off periods. However, there are also some unique requirements in the 2013 Regulations that businesses must still follow:

• No pre-ticked boxes for extra payments – It’s illegal for businesses to use pre-ticked boxes to charge for optional extras. Consumers must actively opt in to any additional costs.
• Apply basic rates for helpline services – Businesses must not charge more than the basic rates for customer service telephone lines once a contract has been made. 
• Deliver goods within 30 days – Businesses must deliver goods purchased online within 30 days, and bear full responsibility for the goods until they are in the consumer’s possession. 

Consumer Rights Act (CRA) 2015

The Consumer Rights Act establishes a comprehensive framework for customer rights when buying goods, services, or digital content from businesses.

Unlike the DMCC Act, which focuses on modern issues like subscription traps, the CRA 2015 outlines core principles for almost all business-to-consumer transactions. 

To comply with the CRA, online subscription businesses must:

• Provide goods or content of a satisfactory quality – The appearance, durability, safety and utility of any physical goods or digital content must be of a satisfactory quality and match the description offered. 
• Ensure your offering is fit for purpose – Goods and services provided by businesses must fit the specific purpose they are commonly supplied for. 
• Businesses are liable for damage – If a product or piece of digital content causes damage to a customer or their device, the business is legally responsible for fixing the damage or compensating the customer. 

UK GDPR and the Data Protection Act 2018

Collecting and storing data is a critical part of any online subscription business. To ensure you’re doing this safely and ethically, you need to comply with data protection legislation like the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018. 

• Issue a clear privacy policy – Under the GDPR, businesses handling personal data must have a comprehensive privacy policy, which clearly explains what data they collect, why, for how long, and whom they share it with. 
• Keep consumer data secure – Both the GDPR and the Data Protection Act require businesses to protect consumer data using secure servers, encryption, and limiting access to sensitive information only to those who need it.
• Keep data collection to a minimum – Businesses should only request data that is truly essential, like a name, email address and payment details for a subscription service, for example. 

Learn more about the steps you need to take to protect consumer information in our guide to the Data Protection Act 2018.

Consumer Protection from Unfair Trading Regulations 2008

On 6 April 2025, the Unfair Trading Regulations 2008 were repealed and replaced by the DMCC Act, which actually strengthened the rules:

• Avoid misleading actions – Businesses mustn’t provide false or deceptive information to a consumer. This includes false claims about features or benefits, fake reviews, or misleading pricing. Be especially mindful of AI-generated marketing copy that might be hallucinating features. Under the DMCC Act, fake reviews and concealed incentivised reviews have now been banned.
• Avoid misleading omissions – Businesses are required to disclose key information that a consumer needs to make an informed decision. 
• Don’t take part in aggressive commercial practices – Businesses must avoid using harassment, coercion, or undue influence to pressure consumers into making a sale. This means avoiding certain sales tactics like fake countdown timers as well as complex cancellation processes.

How to adhere to online subscription laws

Staying on top of the regulatory framework might seem like a lot of work, especially with new laws like the DMCC Act coming into force.

However, many pieces of legislation share similar guidelines, allowing online subscription businesses to achieve compliance with fewer actions. 

To help you get the ball rolling, we’ve rounded up some key actions you can take today. 

Describe your service and its costs clearly

To adhere to the DMCC Act, you must make information about the subscription as clear and accessible as possible, and leave no stone unturned when it comes to including details. You should clearly address what the subscription will include, how much it will cost, how long it will last, and whether and when it will be automatically renewed. 

Following through, you must always make sure your offering is as advertised and up to a satisfactory quality, in line with the Consumer Rights Act 2015.

Gain active consent for additional costs

Aside from listing total costs clearly, don’t dupe consumers into paying more than they want to. To remain compliant with the Consumer Contracts Regulations 2013, don’t use pre-ticked boxes to charge customers for optional extras. Don’t charge customers more than the basic rates to make customer service calls either. 

Make cancellation as simple as possible

Sending subscribers down a wild goose chase to cancel a service isn’t just annoying for the consumer; it’s illegal. The DMCC Act 2024 has made it mandatory for online services to be “as easy to exit as to join”.

For online subscription services, this means providing customers with a straightforward cancellation process and avoiding making them make a phone call or send an email for approval. 

Send out timely reminder notifications

To remain compliant with the DMCC Act 2024, you are legally required to send customers reminders at key points in their subscription journey. You must give notice before any free or discounted trial ends and at regular intervals for long-term contracts.

This notification must state the upcoming date for auto-renewal, the amount that’s due to be charged, and how users can cancel. 

Process consumer data securely and transparently

Online subscription businesses are legally responsible for processing customer data securely and confidentially. Specifically, to comply with UK GDPR and the Data Protection Act 2018, businesses must protect data from misuse by using secure end-to-end encryption and ensuring that access to sensitive, personal data is limited to authorised staff. 

You should also clearly display a privacy policy on your business website, so consumers have a crystal clear understanding of how you’re using their information. 

Avoid misleading or aggressive marketing

To avoid breaching the rules outlined in the Consumer Protection from Unfair Trading Regulations 2008, you must advertise your online subscription in a fair and honest manner. This means only making accurate claims about your product, avoiding high-pressure tactics to make a sale, or omitting crucial information. 

What are the penalties for breaking the laws?

As of 6 April 2025, the Competition and Markets Authority (CMA) has the power to impose significant financial penalties without going through a lengthy court process, making it easier for them to issue penalties and fines directly. 

Specifically, for infringements, the CMA can charge businesses up to 10% of their global annual turnover, or up to £300,000. The CMA also has the authority to impose additional fines for continued non-compliance, to prevent companies from ignoring orders to change their practices.

Beyond the financial penalties, failing to keep up with regulations can also result in reputational damage. For instance, when a business is under investigation for breaching online subscription laws, the authority has to publicise its activities in a public statement or press release. This can immediately bring attention to a business for the wrong reasons, regardless of the final outcome.  

Moreover, when a business is found guilty of using “subscription traps”, such as making cancellation deliberately difficult or hiding fees, it can result in customers feeling deceived. They could subsequently share their negative experiences on customer review sites or social media platforms, making it harder for you to attract new customers.  

Compliance doesn’t need to be a headache

The regulatory landscape may seem daunting, but taking a practical approach to compliance can save you from a lot of hassle. Hit the ground running by assessing your business’s current practices before developing a detailed remediation plan that rectifies any potential regulatory breaches. 

For new businesses, we recommend taking it one step at a time. Many of the regulations overlap, so by focusing on a few core principles when you’re getting started, such as transparency, ethical marketing, and simple cancellation, you can avoid getting overwhelmed. 

Ultimately, the legal framework is designed to protect customers before anything else. By embracing new regulations like the DMCC Act, alongside long-established laws, you can avoid fines and build trust with consumers.