Compliance
Written by Joanne Hughes, Policy & Compliance SpecialistLast reviewed

DMCC Act Consumer Protection - 2026 Compliance Guide for Businesses

The Digital Markets, Competition and Consumers Act 2024 is the biggest change to UK consumer law in a generation, and it shifts the balance of enforcement sharply towards the regulator. Since April 2025, the Competition and Markets Authority has been able to decide that a business has broken consumer law and impose fines directly, without first going to court.

Those fines can reach 10% of global annual turnover. For any business that sells to consumers, the practical message is that consumer protection has moved from a low-enforcement area to one with real and immediate financial consequences.

This guide explains what is already in force, what is still to come, and the steps businesses should take now.

What the DMCC Act Changed

Before the Act, enforcing consumer law usually meant the CMA taking a business to court, a slow process that rarely resulted in penalties. The DMCC Act introduced a direct enforcement regime, so the CMA can investigate, decide that the law has been broken, order changes and impose fines itself.

The unfair commercial practices provisions in the Act replaced the Consumer Protection from Unfair Trading Regulations 2008 from April 2025. They prohibit misleading and aggressive practices and set out a list of practices that are always considered unfair. The CMA's guidance for businesses is published at GOV.UK: unfair commercial practices (CMA207).

The CMA has described the first year of the new powers as a step change in how consumer law is enforced, and it has set out its priorities in its consumer protection guidance for businesses. The direction is clear: more investigations, faster outcomes and the prospect of significant fines.

Why the Penalties Change the Calculation

The headline figure of 10% of global turnover is what makes the DMCC regime different. Under the old system, a business that broke consumer law faced reputational damage and, at worst, a court order to stop. The financial downside was usually limited.

Now the CMA can impose turnover-based fines directly, and it can also fine businesses up to 5% of global turnover for failing to comply with its information requests or orders, with daily penalties on top. For a business of any size, a penalty linked to total turnover rather than to the profit from a particular practice is a fundamentally different level of exposure. The economics of cutting corners on consumer protection have changed.

Fake Reviews Are Already Banned

One of the most significant changes is already in force. Since April 2025, the Act makes several review practices automatically unfair and therefore unlawful:

  • Writing, commissioning or submitting fake reviews, or facilitating them.
  • Publishing incentivised reviews without clearly disclosing the incentive.
  • Concealing or removing genuine negative reviews to present a misleading picture.

Businesses are expected to take reasonable and proportionate steps to prevent fake and misleading reviews appearing on their platforms or being used in their marketing. In March 2026 the CMA opened five investigations into fake and misleading reviews across the funerals, food delivery and car sales sectors, signalling that this is an active enforcement priority rather than a theoretical risk.

Drip Pricing and Hidden Fees

The Act also targets drip pricing, where mandatory fees are added late in a purchase rather than shown in the headline price. The rule is that any fee a consumer must unavoidably pay should be included in the price presented up front, rather than revealed at checkout.

This affects any business that advertises a price and then adds compulsory charges. Booking fees, service charges and similar unavoidable costs need to be part of the displayed price, and businesses should review their pricing journeys to make sure the headline figure reflects what the consumer actually has to pay.

Common Misconceptions

Several myths cause businesses to underestimate the regime. It is worth correcting them directly.

  • "The CMA still has to go to court." Not since April 2025. It can decide a breach has occurred and fine directly.
  • "Fines are based on the profit from the practice." They are based on global turnover, up to 10%, not on the gain from the specific conduct.
  • "Reviews are the platform's problem, not ours." Businesses must take reasonable steps to prevent fake and misleading reviews connected to their products, including incentivised reviews they commission.
  • "The subscription rules are years away." They are expected in early 2027, and the systems changes they require take months to build and test.

Subscription Rules Are Coming in 2027

The Act's new regime for subscription contracts is the change most often misunderstood, because its timing has shifted. Originally expected in spring 2026, the subscription rules were pushed back, and the Department for Business and Trade's consultation response now indicates they will apply from early 2027.

When they take effect, the subscription rules will require businesses to do the following:

  • Give clear pre-contract information so consumers understand what they are signing up to, including the price and renewal terms.
  • Provide cooling-off rights, allowing consumers to cancel within 14 days of entering the contract, and again within 14 days of becoming liable for a renewal payment, such as after a free trial or at the start of a new annual term.
  • Send reminder notices before a contract renews or a trial converts to a paid subscription.
  • Make cancellation straightforward, without unreasonable steps, and online where the contract was entered into online.

The delay does not mean businesses can wait until 2027 to act. Redesigning sign-up flows, cancellation journeys and renewal communications takes time, and the businesses most exposed are those relying on hard-to-cancel subscriptions, which are exactly the practices the regime is designed to end.

Who This Affects

The consumer protection rules apply to any business that sells goods, services or digital content to consumers, regardless of size. A small online retailer, a gym, a software provider with a consumer plan and a local service business all fall within scope.

The fake review and drip pricing rules are most relevant to businesses that market online or operate subscription or membership models. The subscription rules will hit any business that auto-renews consumer contracts. Pure business-to-business sales are largely outside the consumer regime, but many businesses sell to both and need to separate the two.

A Worked Example

A subscription business offers a 30-day free trial that converts automatically to a £40 monthly plan. Cancellation is only possible by phoning during office hours, and the business does not send a reminder before the trial ends. It also posts selected five-star reviews on its site and quietly removes one-star ones.

Under the rules already in force, the selective handling of reviews is unlawful, because concealing genuine negative reviews is automatically unfair. When the subscription rules apply from 2027, the missing trial-end reminder and the phone-only cancellation will breach the new requirements for reminder notices and straightforward cancellation. Each strand is separately enforceable, and the combination is exactly the pattern the CMA has said it will pursue.

A compliant version of the same business discloses the trial terms up front, sends a reminder before the trial converts, lets customers cancel online in a few clicks, and publishes reviews without filtering out the negative ones. The product is the same; the difference is process and documentation.

How It Overlaps With Your Other Compliance

Consumer protection does not sit in isolation. Misleading practices and hidden charges can also raise issues under data protection law, where consent and transparency matter, and under the corporate fraud framework where deception is involved. Our guide to the failure to prevent fraud rules covers the related corporate offence.

The practical point is that the same control environment, namely clear information, honest marketing and documented processes, serves several regimes at once. Treating consumer compliance as part of an integrated approach, rather than a standalone project, is both cheaper and more effective.

What Businesses Should Do Now

The combination of direct fines and active enforcement means consumer compliance now deserves the same attention as data protection or financial crime. The following steps reduce exposure.

  1. Audit your reviews. Make sure you are not publishing fake or incentivised reviews without disclosure, and that you are not suppressing genuine negative ones. Put a written process in place for handling reviews.
  2. Check your pricing. Ensure mandatory fees are included in the headline price across every sales channel.
  3. Map your subscription journeys. Identify where auto-renewal applies and start planning the pre-contract information, reminders and easy cancellation the 2027 rules will require.
  4. Review marketing claims. Check that promotional claims, urgency messaging and comparisons are accurate and not misleading.
  5. Document your compliance. Keep a written record of the steps taken, which is the evidence the CMA will expect to see.

How Policy Pros Can Help

Consumer compliance is now a documentation and process exercise as much as a legal one. The businesses that fare best are those that can show a clear, written approach to reviews, pricing and cancellation.

Policy Pros writes the compliance policies and procedures that document how a business meets its consumer protection obligations, from review handling to pricing transparency and subscription management. These sit within the wider suite of policies and procedures for all business types.

For a review of your current exposure to the DMCC regime and the documentation to evidence compliance, our legal consultation services can identify the gaps before the CMA does.

Share:
Get a QuoteBrowse All Articles
Trustpilot Reviews - 5 Stars