Every Contract a Subscription Business Needs in the UK (2025)
Last updated: February 2025
Legal Requirements for a Subscription Business
UK subscription businesses face significant new regulation under the Digital Markets, Competition and Consumers Act 2024, which introduces mandatory pre-renewal reminders, easy cancellation rights, and prohibitions on dark patterns. The Consumer Contracts Regulations 2013 provide a 14-day cooling-off period for new subscriptions. The Consumer Rights Act 2015 applies to digital content and services. PECR and UK GDPR govern marketing communications and data processing. The Payment Card Industry Data Security Standard (PCI DSS) applies if processing card payments.
Essential Contracts
Core terms covering billing cycles, auto-renewal, price changes, cancellation rights, and the mandatory pre-renewal notice requirements under the DMCC Act 2024
Must cover recurring payment data, usage data, marketing preferences, and the legal bases for ongoing processing throughout the subscription lifecycle
Must comply with the Consumer Contracts Regulations 2013 cooling-off period and the DMCC Act 2024 easy cancellation requirements
Contract with your payment processor covering recurring billing, failed payment handling, chargeback procedures, and PCI DSS compliance
Recommended Contracts
Separate terms for gift subscriptions addressing the relationship between purchaser, recipient, and auto-renewal at gift period end
Documents referral incentives, eligibility criteria, and anti-gaming provisions for subscriber referral schemes
Tailored terms for B2B subscriptions with volume discounts, invoicing instead of card payments, and different cancellation terms
Common Legal Risks for a Subscription Business
- Non-compliance with DMCC Act 2024 subscription trap provisions resulting in CMA enforcement
- Chargebacks from customers who did not realise they were on auto-renewal
- Class action risk from unclear price increase notification procedures
- Failed payment cascades causing revenue loss without proper dunning procedures documented
- Consumer complaints to the CMA about cancellation difficulty
Industry-Specific Notes
The DMCC Act 2024 is the most significant change to UK subscription law in decades. Subscription businesses must send reminders before each renewal, cannot make cancellation harder than sign-up, and must not use cooling-off period waivers in a misleading way. Businesses should audit their entire subscription journey — from sign-up through renewal to cancellation — for compliance. Consider offering a pause option as an alternative to cancellation.
FAQ
What are the new DMCC Act 2024 requirements for subscription businesses?
The Digital Markets, Competition and Consumers Act 2024 requires subscription businesses to: send a reminder notice before each renewal period stating the renewal date and price; provide a straightforward mechanism for cancellation that is not harder than signing up; offer a cooling-off period for new subscriptions and renewals after price increases; and stop using dark patterns or other practices that make cancellation unreasonably difficult. The CMA will have enhanced enforcement powers including direct fines.
Can a subscription business increase prices mid-contract?
It depends on what the terms say. If the contract allows price increases with reasonable notice, this is generally permissible under UK law. However, the increase must be communicated clearly and the customer must have the right to cancel before the increase takes effect. Under the DMCC Act 2024, price increases on auto-renewing subscriptions trigger additional notification requirements. Significant or frequent price increases could be challenged as unfair terms under the Consumer Rights Act 2015.
How long must a subscription business retain customer data after cancellation?
Under UK GDPR, you may only retain personal data for as long as necessary for the purpose it was collected. After a subscription is cancelled, you may need to retain some data for legal obligations (e.g., 6 years for HMRC tax records, or to defend potential legal claims within the limitation period). Marketing data should be deleted or anonymised unless the customer has given separate consent. Your privacy policy must clearly state your retention periods for different data categories.
Related Business Types
All the contracts a subscription business needs
AccountsOS generates UK-compliant contracts tailored to your business. From £10/month.
Get Started FreeThis is guidance, not legal advice. Consult a solicitor for complex matters.
View all business types