The FTC click-to-cancel rule requires subscription services to make cancellation as easy as signup. Finalized in October 2024 and vacated by the Eighth Circuit in July 2025, the underlying standard still applies through ROSCA and state auto-renewal laws. For any SaaS product with recurring billing, compliance with these consumer protection frameworks is not optional.
The rule’s legal journey has been turbulent, but the enforcement environment it created has not gone away. ROSCA carries the same core requirements: clear disclosures, informed consent, and simple cancellation. State laws in California, New York, and others add jurisdiction-specific requirements on top. And the FTC signaled its intent to revive the regulation with a new rulemaking proposal in January 2026. For SaaS owners, the practical question remains the same: can your users cancel as easily as they signed up?
What is the FTC Click-to-Cancel Rule?
The FTC’s click-to-cancel rule is part of its updated Negative Option Rule, finalized in October 2024. It gives subscription services a clear directive: make cancellation as easy as signup. For anyone running a SaaS platform or digital service with recurring billing, the core principle is straightforward: no hidden cancel buttons, no guilt-trip messaging, no obstacle-course exit flows.
The rule is the latest action in a longer campaign against “dark patterns”: deceptive UX tactics that lock customers in through hidden cancel buttons, repeated confirmation dialogs, or cancellation flows that require a phone call. With penalties for violators potentially reaching $50,120 per violation under ROSCA, this is not a compliance footnote. It is a product design requirement with direct financial consequences.
Current Status: What Changed in 2025?
On July 8, 2025, the U.S. Court of Appeals for the Eighth Circuit vacated the FTC’s click-to-cancel rule on procedural grounds, finding the agency had failed to conduct a required preliminary analysis of the rule’s costs and benefits. The rule is not currently in effect as a federal mandate.
However, the practical compliance picture for SaaS companies has not changed significantly. The same obligations apply through several other channels:
- ROSCA (Restore Online Shoppers’ Confidence Act): Carries the same core requirements for clear disclosures, express informed consent, and simple cancellation mechanisms for negative option programs.
- Section 5 of the FTC Act: The FTC continues targeted enforcement against unfair or deceptive subscription practices under existing authority, independent of the vacated rule.
- State auto-renewal laws: California, New York, and a growing number of states have enacted legislation with disclosure, cancellation, and notice requirements, some of which are stricter than the federal rule would have been.
- Payment network standards: Visa and Mastercard’s subscription rules impose cancellation requirements independent of any regulatory framework.
On January 30, 2026, the FTC submitted a draft Advanced Notice of Proposed Rulemaking on negative option plans to the Office of Management and Budget, signaling its intent to return with a revised version of the regulation. The direction of travel is clear: easy cancellation is becoming the expected standard regardless of which specific rule is in force.
Common Violations to Avoid
Before diving into best practices, it helps to know what not to do. The FTC’s intent is consistent across both the vacated rule and its current enforcement activity: make things simple. Here is where companies typically go wrong:
- Hiding the Cancel Option: Burying the cancel button under layers of settings or obscure pages is a red flag under any regulatory framework.
- Adding Friction Through Extra Steps: Requiring users to repeatedly confirm their identity or submit lengthy feedback before a cancellation is processed adds unlawful friction.
- Making People Call to Cancel: Requiring a phone call to customer support to cancel a digital subscription is not acceptable. A self-service digital cancellation option is required.
- Using Dark Patterns to Discourage Cancellation: Guilt-trip messaging (“We’ll be lost without you!”) or repeated “Are you sure?” confirmations designed to wear users down fall into deceptive practice territory under Section 5 of the FTC Act.
Compliance Best Practices for SaaS Products
Meeting the standard set by ROSCA, state auto-renewal laws, and the FTC’s broader enforcement posture comes down to four practical areas. These apply whether or not the click-to-cancel rule is federally in force.
1. Be Transparent from Day One
Customers want to feel in control. This starts with clear, honest communication about service terms, renewal cycles, and cancellation policies. Skip the legal jargon and speak plainly. When subscription renewal dates or price changes are coming up, give users advance notice via email or in-app notifications. Being transparent not only satisfies the compliance requirement, it builds the trust that keeps customers engaged for the long haul.
2. Rethink Your UI/UX with the User in Mind
Put a clear “Cancel Subscription” option in the account dashboard and keep it visible. If your product has an “Account Settings” section, cancellation should be front and center, not buried three levels deep. Use straightforward wording with no tricky phrasing and minimize the number of steps in the cancel flow. Mobile users need the same clean experience as desktop users. Every point in the process should feel logical and fair. A user who cancels with a positive experience is far more likely to come back.
3. Surface Your Value at the Point of Cancellation
When someone initiates a cancellation, there is a brief window to show them what they will lose. Surface premium features they have not yet tried, exclusive content, or the time and cost savings your product provides. Keep it informative, not pushy: a brief, relevant reminder of your product’s value is acceptable; aggressive sales pressure is not. The goal is to help users make an informed decision, not to obstruct them from making one.
4. Add Real Value to the Exit Process
If you want to retain someone at the cancellation point, make the offer about genuine value rather than just price. Consider offering an extended trial of a premium feature they have not yet used, or access to educational content that helps them get more out of the product. Use their usage data to make the offer relevant. A personalized offer at the right moment signals that you understand their needs, not just their billing cycle.
Why Compliance Strengthens Your SaaS Brand
The data on retention is consistent: it costs far less to keep a customer than to acquire a new one. Building a reputation for fair, transparent subscription practices does not just satisfy regulators; it reinforces the trust and credibility that are the most durable competitive advantages in any SaaS market.
The FTC’s click-to-cancel rule may be in legal limbo, but it has already shifted user expectations. Consumers now notice when cancellation is difficult, and they talk about it. A product that handles the exit gracefully signals confidence in its own value. That is a stronger retention strategy than any dark pattern ever produced. By combining transparent practices, user-friendly design, and genuine added value, SaaS companies can turn a compliance requirement into a real brand asset.
Frequently Asked Questions
Is the FTC click-to-cancel rule still in effect?
As of 2026, the FTC’s click-to-cancel rule is not in effect as a federal mandate. The Eighth Circuit Court of Appeals vacated it in July 2025 on procedural grounds. However, ROSCA, Section 5 of the FTC Act, and state auto-renewal laws impose substantially similar requirements, and the FTC submitted a new rulemaking proposal in January 2026 signaling intent to return with a revised version.
Does the click-to-cancel standard apply to B2B SaaS?
Yes. The original FTC rule applied to both B2C and B2B entities, including SaaS companies. ROSCA and FTC enforcement under Section 5 also cover B2B subscription models. Any recurring billing relationship, whether the customer is a consumer or a business, should meet clear disclosure and cancellation standards.
What are the penalties for non-compliance with subscription cancellation laws?
Under ROSCA, penalties can reach $50,120 per violation. State auto-renewal laws carry their own penalty structures, and violations can trigger class action liability as well. Beyond financial penalties, the reputational damage from enforcement actions or negative coverage of dark-pattern cancellation flows can exceed the fines themselves.
What does a compliant cancellation flow look like in practice?
A compliant cancellation flow is accessible from the user’s account dashboard in no more than two clicks, uses plain language (“Cancel subscription,” not “Pause your journey”), requires no phone call or live chat to complete, and processes the cancellation immediately or at the end of the current billing period as disclosed at signup. One optional retention offer (a discount or feature trial) is generally acceptable; multiple confirmation dialogs or guilt-trip prompts are not.
Sources
- WilmerHale: “Eighth Circuit Vacates the FTC’s Click to Cancel Rule” — wilmerhale.com
- Sidley Austin: “U.S. FTC Click-to-Cancel Rule Struck Down” — sidley.com
- Crowell & Moring: “FTC Moves to Revive Click-to-Cancel Rule Following Eighth Circuit Vacatur” — crowell.com
- Latham & Watkins: “FTC Delays Enforcement of Click-to-Cancel Rule” — lw.com
- Greenberg Traurig: “FTC Announces Final Click-to-Cancel Rule” — gtlaw.com
Looking for help redesigning your subscription flow to meet cancellation standards? Contact our product engineering team.