Skip to content
Magist
AnalyzeRegulationsVendorsCounselUpdatesCompareAbout
← All Controls

Auto-renewal disclosure + click-to-cancel program

subscription-renewal-disclosureDomain: consumer-protectionType: process

Description

A working auto-renewal disclosure and click-to-cancel program runs the same shape across most modern consumer-protection regimes: pre-enrollment disclosure of renewal terms in a form the consumer is likely to read, affirmative consent to renewal that is separate from consent to the initial payment, written confirmation after enrollment, pre-renewal reminders for longer-term subscriptions, and a cancellation flow at least as easy as the signup flow. The components on the platform side are the pre-commitment disclosure surface (the screen, modal, or copy that names the renewal price, cadence, and the cancellation mechanism), the affirmative-consent capture stored against the subscription record, the confirmation email sent after enrollment, the pre-renewal reminder cron for annual or longer terms, and the cancellation flow that exposes a true click-to-cancel path without retention-offer interstitials that block the cancel button. The FTC's 2024 Click-to-Cancel rule, California's Automatic Renewal Law (Cal. Bus. & Prof. Code §17602), the federal ROSCA at 15 U.S.C. §§8401-8405, the EU Consumer Rights Directive as amended by the Omnibus Directive, the UK CMA's consumer-protection enforcement priorities, and Japan's Specified Commercial Transactions subscription disclosure rules form the active set; most other developed-market regimes track one of these or follow shortly. Operators commonly consolidate to the strictest set per market rather than running parallel disclosure templates. Free-trial-to-paid conversion is the operationally trickiest piece because it carries its own pre-conversion disclosure pass, with timing and prominence requirements that differ from the initial enrollment disclosure. A trial that converts silently on day eight without the day-seven reminder fails almost every regime that has touched this surface in the last five years. The recurring enforcement pattern targets the cancellation-flow asymmetry: signup is one click and a payment method, cancellation is a phone call during business hours or a multi-step form with retention offers. Regulators have been reading the asymmetry as the dark pattern itself, regardless of whether each individual step is technically permissible. Evidence formats that hold up include screenshots of the pre-commitment auto-renewal disclosure surface, the affirmative-consent capture log linked to the subscription record, the post-enrollment confirmation email template, the pre-renewal reminder template and send log for annual-or-longer terms, and a side-by-side click-count comparison of the cancellation flow against the signup flow.

Applicability

Applies when: customer segment is b2c or b2b2c.

How predicates are evaluated

Required by (7 regulations)

  • CA ARL

    Cal. Bus. & Prof. Code §17602: pre-commitment disclosure, affirmative consent, written confirmation, click-to-cancel, annual reminder for annual+ terms.

    Cal. Bus. & Prof. Code §§17600-17606

  • Minors Online Protection

    Regulations on the Protection of Minors in Cyberspace (promulgated by the State Council, Order No. 766, effective January 1, 2024)

  • EU CRD

    CRD as amended by Omnibus: cancellation must be as easy as signup (eu-crd-cancellation-ease).

    Directive 2011/83/EU of the European Parliament and of the Council

  • FTC Act

    15 U.S.C. §§41-58; 16 CFR Parts 255, 425

  • ASCT

    SCT subscription disclosure (japan-sct-subscription-disclosure): renewal terms + cancellation methods + total recurring cost.

    Act on Specified Commercial Transactions (Act No. 57 of 2000, as amended by Act No. 70 of 2021, effective June 1, 2022)

  • ROSCA

    Restore Online Shoppers' Confidence Act: negative-option disclosure, express informed consent, simple cancellation mechanism. Note: the FTC Click-to-Cancel Rule (16 CFR Part 425 amendments, effective 2024-10-16) was VACATED by the 8th Circuit in Custom Communications, Inc. v. FTC on 2025-07-08, days before its 2025-07-14 compliance deadline. ROSCA itself (15 U.S.C. § 8403) remains enforceable; the underlying negative-option transparency + simple-cancellation duty continues to apply via direct FTC + state-AG action under Section 5 of the FTC Act. FTC restarted negative-option rulemaking in March 2026.

    15 U.S.C. §§8401-8405

  • UCPD

    Directive 2005/29/EC of the European Parliament and of the Council

Fulfilled by (5)

  • stripe-billing · partial · low effort · $$
    Stripe Billing handles renewal scheduling + customer portal click-to-cancel; merchant supplies disclosure copy + affirmative-consent capture.
  • recurly · partial · low effort · $$
    Recurly's renewal-disclosure templates + dunning + cancel-by-link flows align with California ARL + FTC click-to-cancel.
  • chargebee · partial · low effort · $$
    Chargebee Subscription Management exposes regional renewal-notice templates + customer self-service cancellation.
  • zuora · partial · medium effort · $$$
    Zuora Subscription Management for enterprise SaaS; supports CARP / ARL workflows but heavier integration lift.
  • In-house build · medium effort
    In-house billing systems need explicit affirmative-consent storage + reminder cron + parity-of-cancellation UX.

Magist does not accept payment from vendors. Methodology.

Evidence formats

  • screenshots of pre-commitment auto-renewal disclosure surface
  • affirmative-consent capture log linked to subscription record
  • post-enrollment confirmation email template
  • pre-renewal reminder template + send log (annual+ subs)
  • cancellation flow click-count compared to signup flow

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Magist

Pre-launch regulatory analysis for product teams. Built by a lawyer, designed for PMs.

Tools

  • Analyze
  • Guided walkthrough
  • Vendors
  • Find counsel
  • Saved analyses

Reference

  • Scope by business model
  • Scope by jurisdiction
  • App ratings
  • Regulations
  • Compare regulations
  • Enforcement
  • Browse Controls
  • Vendor coverage
  • Radar
  • Pulse
  • Changelog
  • Guides
  • Regulatory updates
  • Open data
  • Corpus license
  • Ontology
  • State of Compliance

Solutions

  • For legal teams
  • For engineering
  • For executives
  • For law firms
  • For investors
  • For teams →

About

  • About Magist
  • Methodology
  • Editorial standards
  • Reviewers
  • Coverage status
  • Corrections
  • Trust
  • Coverage scope
  • How we handle data
  • Sub-processors
  • FAQ

Built by Neel Patel, a practicing in-house games attorney. Games touch more compliance domains at once than anything else in tech — Magist was designed around that.

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions. Operated by a Washington-licensed attorney. Not licensed in California or other US states. Magist provides legal information; consult a licensed attorney in your jurisdiction.

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone. No vendor, sponsorship, or referral fees, ever.

MethodologyLimitationsDisclosures

© 2026 Magist
TermsLicensePrivacySecurityLinkedIn