The Competition and Markets Authority (CMA) published compliance principles on 19 October 2021 concerning auto-renewal for anti-virus software suppliers. The release of this guidance marks the latest step by the CMA in tackling its concerns relating to subscription contracts utilised by the anti-virus software sector; in December 2018, the CMA commenced an investigation into the fairness of business practices associated with automatic renewal and has been actively pursuing this issue across the past three years.

Combatting the CMA’s concern that consumers are locked into contracts they no longer require, paying fees they did not expect to pay, the guidance is primarily focused on products with long running renewal periods (i.e. periods of a year or longer), although the principles are also of relevance to those who offer renewals on a shorter basis (e.g. monthly renewals). The guidance largely focuses on the CMA’s interpretation of what is required for a business to be “professionally diligent”, as required under the Consumer Protection from Unfair Trading Regulations 2008 and is made up of nine principles, mapping the consumer journey from purchase of the software through to cancellation of the subscription.

What is present throughout the guidance is the notion of transparency and that a smooth consumer experience should be ensured; customers should be able to easily understand exactly what they are paying for and there should be no unnecessary or arduous hurdles for customers wishing to cancel their subscription. Additionally, software suppliers should ensure that claims surrounding price are not misleading and that if the initial price is lower than that charged upon renewal that this is not marketed as a discount. There is also the recommendation that suppliers should allow for the cancellation of the subscription during the renewal term without penalising the customer and that full or pro-rated refunds should be offered. To facilitate this, the CMA suggests that businesses need to take an active role in consumer monitoring, checking that consumers are aware of the upcoming renewals and notifying those who no longer appear to be using the product. It is clearly no longer sufficient for businesses to be passive and place responsibility on the consumer to monitor the products they have purchased.

The CMA has previously shown that it is willing to take action against suppliers in this area for failing to comply with consumer protection regulations; earlier this year formal undertakings were received from McAfee and Norton committing to update their practices surrounding automatically renewing contracts. A number of the principles in this new guidance are closely aligned with these undertakings. Despite the fact this guidance is non-binding, it is therefore clearly prudent for businesses to adhere to these principles if they want to avoid increased scrutiny from the CMA.

In addition to observing the new guidance, businesses operating these kinds of subscription contracts should also monitor developments in this area. For example, the Government recently completed its consultation on consumer policy, which includes considering modernising consumer rights with regards to subscription contracts.