Consumer protection law is set to feature prominently on the regulatory agenda this year. In the UK, elements of the new subscription contracts regime introduced by the Digital Markets, Competition and Consumers Act 2024 (DMCCA) are expected to come into force. At the same time, the Competition and Markets Authority (CMA) is likely to begin testing its expanded enforcement powers under the Act, particularly in relation to unfair commercial practices.
At the EU level, the European Commission’s recently published 2030 Consumer Agenda is expected to shape policy priorities in the years ahead, including the potential release of a legislative proposal for a Digital Fairness Act.
For most SMEs, consumer compliance is woven into everyday decisions: how prices are displayed on a website; how easy it is to cancel; and what happens when a customer asks for a refund.
The theme I am focusing on with clients this year, is trust. Customers want clarity about what they are paying for, what happens if they change their mind, and whether what they see online is genuine. The law is now catching up with how people actually buy: through checkout funnels, reviews, memberships and subscriptions. At the same time, regulators have been equipped with far stronger tools to ensure these rules are followed, raising the bar for transparency and fairness across digital commerce.
The reassuring point is that most of the risk here is not about doing anything deliberately wrong. It is about journeys that have evolved organically and now need tightening.
Two things are true at the same time:
If your business sells to consumers (online or offline), 2026 is the year to review your entire customer journey, from advertising and pricing through checkout, cancellation and complaints-handling.
If you remember one consumer law principle for 2026, make it this: you cannot hide unavoidable costs until later in the buying process.
Businesses are now required to display the total price of a product or service upfront, inclusive of all mandatory fees, taxes, and charges as far as these can be calculated at the time of purchase. For example, when booking event tickets, any unavoidable processing, booking or administration fees must be included in the advertised price. The practice of introducing additional mandatory charges later in the purchasing journey, commonly referred to as “drip pricing” is now prohibited. This requirement, however, does not extend to genuinely optional fees, upgrades or add-ons, such as priority entry to an event.
The CMA’s guidance is unequivocal on the consequences of non-compliance, which may include significant penalties such as fines of up to 10% of global turnover, reputational harm, and orders requiring businesses to compensate affected customers.
This obligation does not only apply at checkout. The CMA explains that the rules apply to any “invitation to purchase”, which can include:
In other words, anywhere you present a product alongside a price.
You can still market discounts, but you need to be very careful about which price is shown when the customer decides to buy.
Reviews sell. But the law now treats them like any other marketing claim: they must be genuine, transparent and not misleading. Businesses are required to take reasonable and proportionate steps to prevent and remove fake reviews, and to ensure that any incentives associated with reviews are clearly and prominently disclosed. This includes endorsements by influencers, as well as reviews or promotions involving free products, discounts or other benefits.
CMA guidance explains that banned or deceptive review practices include:
The point that often surprises SMEs is this: if you publish reviews, you are responsible for them, even where they are collected through a third-party platform.
The CMA’s short guide states that each trader who publishes reviews must take reasonable and proportionate steps to prevent and remove banned content.
What is “reasonable” depends on your size, volume and risk profile, but having no system at all is no longer defensible.
This is an area that often catches businesses by surprise because it doesn't feel like consumer law until something goes wrong.
If your business operates a consumer savings scheme, for example, a Christmas savings club, savings stamps, or “save now, spend later” store credit, new legal duties apply from 1 January 2026.
Understanding what constitutes a consumer savings scheme contract is important for both businesses that operate these schemes and consumers who participate in them. To fall within scope, an arrangement must meet the following criteria:
The consumer agrees to make payments to a trader in advance of receiving goods or services. This establishes the underlying financial relationship between the parties.
The payments are credited to an account held by the trader on behalf of the consumer. This may take the form of an individual named account, but can also include alternative structures such as pooled accounts or voucher-based arrangements (for example, savings stamp schemes).
The funds credited to the account must be redeemable by the consumer for goods, services or digital content in accordance with the contract terms. In addition, for a scheme to fall within scope, it must display at least one of the following features: restrictions on when funds can be redeemed, incentives that influence the timing of redemption, or marketing that encourages funds to be used at particular times. Taken together, these characteristics are intended to capture schemes that operate as seasonal or goal-based saving arrangements, where consumer behaviour and the timing of redemption are shaped by the scheme’s structure or promotion.
A limited small business exclusion applies to contracts entered into between consumers and traders where the trader’s annual turnover is below £1 million, and the consumer saving scheme does not involve a consumer’s account being credited with more than £120 at any time. For businesses in their first year of trading, the key test is whether the £120 per-customer credit limit is exceeded.
One effective way to meet the insolvency protection requirement is by maintaining appropriate insurance arrangements. Traders must ensure that any insurance policy is provided by an insurer authorised to operate in the UK, the Channel Islands, or the Isle of Man. As an alternative to insurance, traders may protect consumer payments through a trust arrangement, provided they also give consumers the prescribed information about that protection.
Key points from the guidance include:
Enforcement is primarily carried out by Trading Standards in Great Britain and the Department for the Economy in Northern Ireland.
If your business uses memberships, auto-renewals or “free trial to paid plan” journeys, tak note of the following for your 2026 roadmap.
The new regime governing paid business-to-consumer subscription contracts under the Digital Markets, Competition and Consumers Act 2024 (DMCCA) is expected to come into force in autumn 2026. It introduces enhanced obligations for businesses, including requirements to provide specific pre-contract information, issue renewal reminders, and makes it easier for consumers to cancel subscription contracts. Further detail on the scope and operation of these measures is anticipated through secondary legislation and accompanying guidance.
EU Directive (2023/2673) introduces a mandatory “Cancel Contract” button for online consumer contracts, strengthening consumer protection and reshaping compliance obligations for e-commerce platforms and digital service providers.
From June 2026, businesses selling to EU consumers will need to include a clear and prominent cancellation option on the same interface where the contract is made. The function must be labelled “withdraw from contract here” or similar wording and displayed clearly and legibly so consumers can easily cancel.
Businesses must also provide consumers with immediate confirmation of their cancellation, including key details such as the date and time the withdrawal was submitted. While certain exclusions apply and the directive is currently limited to the EU, UK businesses should take note of these developments and assess their potential implications for future cross-border trading. Non-compliance may give rise to cross-border enforcement action, and it is anticipated that similar regulatory measures could be considered in the UK at the right time.
Commentary from the Department for Business and Trade indicates that these rules will not take effect before Autumn 2026.
When consumer law changes, it is easy to see it as a cost. I encourage SMEs to see it differently:
And because the CMA can now take direct enforcement action, the risk profile has changed. Fines and customer redress are no longer theoretical.