In July 2025, the Eighth Circuit Court of Appeals vacated the Federal Trade Commission's "Click-to-Cancel" rule just days before its July 14 enforcement date. For a brief moment, subscription founders, SaaS executives, gym operators, and meal-kit shippers exhaled. Then came the second wave: a $2.5 billion settlement against Amazon over Prime enrollment. A $17 million settlement against Cleo AI. A 200,000-customer cancellation case against Chegg. An ongoing FTC and 21-state-AG complaint against Uber. And on January 30, 2026, the FTC submitted a fresh Advance Notice of Proposed Rulemaking, restarting the clock on a new federal rule.
The headline matters less than the lesson: the vacatur did not change what subscription businesses owe their customers. It changed which legal instrument the FTC uses to enforce it. If you run a recurring-charge business in 2026, your enrollment funnel, consent capture, and cancellation flow are still under regulatory scrutiny—and the financial reserves on your balance sheet still need to reflect that risk.
What Actually Happened to the Click-to-Cancel Rule
The FTC adopted the Negative Option Rule (16 CFR Part 425) in October 2024, intending to apply uniform federal standards to subscription marketing and cancellation across all media. Industry groups challenged it. On July 8, 2025, the Eighth Circuit ruled that the FTC had skipped a required step: a preliminary regulatory analysis of the rule's costs and benefits because the projected economic impact crossed the $100 million threshold under Section 22 of the FTC Act.
The court did not say the rule's substance was wrong. It said the FTC procedurally cut a corner. The agency is now redoing the process. The ANPRM published in early 2026 invites public comment through April 13, 2026, after which the FTC will draft a Notice of Proposed Rulemaking, run a comment period, and—assuming nothing else derails it—issue a final rule, possibly with effective dates pushed into 2027 or 2028.
In the interim, three legal regimes still bind your business:
- The Restore Online Shoppers' Confidence Act (ROSCA) — federal law since 2010, still fully in force.
- Section 5 of the FTC Act — the FTC's catch-all unfair-and-deceptive-practices authority.
- State automatic renewal laws — California, New York, Colorado, Illinois, Oregon, and a growing list of others, several of which already encode click-to-cancel-style requirements.
Operating as if the vacatur created a compliance holiday is the most expensive mistake a subscription operator can make right now.
The ROSCA Trinity: Disclosure, Consent, Cancellation
ROSCA prohibits any online seller from charging a consumer for goods or services through a negative option feature unless the seller meets three requirements. Treat these as the floor.
1. Clearly and Conspicuously Disclose Material Terms Before Billing Information
Material terms are not buried in a terms-of-service link. They are the things a reasonable consumer would consider material to the decision to subscribe: total price, billing frequency, length of the commitment, what happens at renewal, and how to cancel.
The disclosure must appear before the consumer enters payment information, not after, and not behind a tooltip. FTC enforcement complaints consistently fault businesses for placing material price and frequency information in light gray micro-copy, in a collapsed accordion, or below the fold on mobile devices.
A practical test: take a screenshot of the moment a customer enters credit card details. If price, cadence, and cancellation method are not visible in that screenshot, you have a problem.
2. Obtain Express Informed Consent Specifically for the Negative Option
Consent must be express—the customer affirmatively agrees to the recurring charge as a separate, identifiable act. Pre-ticked boxes do not work. Bundled consent ("I agree to terms and conditions") does not work. The consent must isolate the negative-option feature.
For one-page checkout flows, this typically means an unchecked checkbox immediately adjacent to the price and frequency disclosure, with text like "I authorize you to charge my card $29 every month until I cancel." Logging the checkbox state, IP address, timestamp, and the exact disclosure text shown at the moment of consent is what wins disputes.
3. Provide a Simple Mechanism to Stop Recurring Charges
This is the click-to-cancel principle in its original ROSCA form. "Simple" has been interpreted by courts and the FTC to mean roughly as easy as enrolling. If a customer signed up online in three clicks, requiring a phone call during business hours that routes through a retention queue is not simple. Hiding the cancel button behind a survey, a video, or a chat agent is not simple.
Recent settlements highlight the patterns regulators target: forced phone calls for online enrollments, multi-step cancellation flows that exceed sign-up steps, requiring customers to re-authenticate with information they may not have, and "are you sure?" interstitials that loop back to the dashboard rather than completing the cancellation.
State Laws Are Filling the Federal Gap
While the federal rule sits in rulemaking purgatory, state legislatures have moved aggressively.
California (BPC § 17602)
Amended by AB 2863 with most provisions effective July 1, 2025, California requires:
- Express affirmative consent for the auto-renewal terms, captured separately from other contractual consent.
- A clear and conspicuous notice in proximity to the request for consent, summarizing the renewal terms, the recurring price, and how to cancel.
- An online cancellation method that is at least as easy as enrollment, including a direct click-to-cancel link or button visible inside the account when a customer initiates cancellation.
- Price-change notices to consumers between 7 and 30 days before any fee change takes effect, with cancellation instructions included.
- Annual renewal reminders for free trials converting to paid subscriptions and for subscriptions longer than six months.
New York (General Business Law § 527-a)
New York requires conspicuous disclosure of auto-renewal terms, affirmative consent, and—critically—the ability to cancel through the same medium used to enroll, with cancellation effective immediately upon request.
Other States Worth Watching
Colorado, Illinois, Tennessee, Oregon, Vermont, and Virginia have all enacted automatic renewal statutes with their own variations on notice, consent, and cancellation. If your customer base spans multiple states, your compliance baseline is the union of all applicable state laws, not the lowest common denominator.
Building a Compliant Subscription Flow
The structural fix is to design one flow that satisfies the strictest applicable regime—usually California—and apply it nationally. Trying to geo-fence different consent experiences per state creates fragile code paths and an audit trail no regulator will accept.
Enrollment Page Checklist
- Price, billing cadence, and renewal trigger displayed adjacent to the payment field, in body-text size and standard contrast.
- A standalone, unchecked auto-renewal consent checkbox with explicit language tying it to the recurring charge.
- A summary block above the submit button restating the total first charge, the next charge date, and the cancellation method.
- For free trials, the auto-conversion date and amount prominently shown.
- A confirmation email sent within minutes of enrollment that restates all material terms and provides a direct cancellation link.
Cancellation Path Checklist
- A "Cancel subscription" link visible in the account dashboard within two clicks of login.
- Cancellation completable in the same medium as enrollment—if the customer signed up on the web, they can cancel on the web.
- No mandatory phone calls, chat sessions, or survey completions before the cancellation processes.
- An immediate confirmation screen showing the effective cancellation date and the final charge, if any.
- A cancellation confirmation email sent the same day.
Save-Offer Boundaries
Save offers are not banned, but they cannot block cancellation. A compliant pattern: after the customer clicks "Cancel," show one optional save offer screen with a clearly labeled "No thanks, cancel anyway" button of equal visual weight. Do not require interaction with the save offer to complete cancellation.
The Bookkeeping Side of Subscription Compliance
Compliance failures create real liabilities. Those liabilities have to show up on the balance sheet long before the FTC files a complaint. Operating a subscription business under ASC 606 means tracking several distinct accounting concepts that compliance risk amplifies.
Deferred Revenue as a Contract Liability
When a customer prepays for an annual plan, the full amount lands in deferred revenue (a contract liability) and is recognized ratably as the service is delivered. Monthly plans recognize as they go. The fundamental rule under ASC 606: revenue is earned when the performance obligation is satisfied, not when cash arrives.
Plain-text accounting tools make this allocation transparent. A January 1 charge of $1,200 for an annual plan records as a debit to cash and a credit to deferred revenue, then twelve subsequent monthly entries move $100 each from deferred revenue to recognized revenue. Every line is auditable.
Refund Liability for Cancellation Rights
When customers retain a right to refund unused subscription time, that portion of revenue cannot be recognized—it sits as a refund liability separate from deferred revenue. The FTC's enforcement posture means more customers will assert refund claims, sometimes years after the original charge. Quantifying expected refunds based on historical cancellation rates and policy language, and accruing for them, is no longer optional for any subscription business at scale.
Chargeback Reserves
Card-not-present subscription transactions historically run higher chargeback rates than one-time purchases. Aggressive cancellation friction inflates that rate further—frustrated customers dispute charges with their issuing bank instead of fighting through cancellation flows. A chargeback reserve, sized to actual chargeback experience plus a buffer for enforcement-driven spikes, belongs on the balance sheet.
FTC and State Settlement Reserves
For businesses with material exposure—either by size or by past complaint volume—loss-contingency accruals under ASC 450 should reflect the probability and magnitude of regulatory settlement risk. The Amazon, Chegg, and Cleo AI numbers are not edge cases; they are signals of the magnitude regulators are now seeking.
Breakage on Prepaid Credits and Gift Subscriptions
Prepaid credits, gift subscriptions, and class packs follow ASC 606 breakage guidance: if you have historical evidence that a portion will go unredeemed, you can recognize that breakage proportionally to the pattern of redemption. State unclaimed-property laws may still claim some of that breakage later, requiring an offsetting escheat liability.
A plain-text accounting ledger that separates each of these concepts into named accounts—Liabilities:Deferred-Revenue, Liabilities:Refund-Reserve, Liabilities:Chargeback-Reserve, Liabilities:Contingency-Settlement—gives a controller, auditor, or acquirer instant visibility into what the company actually owes.
What to Do Before the Federal Rule Comes Back
The smartest subscription operators are not waiting for the FTC to finish its second attempt at rulemaking. They are running the work now, because state law already requires most of it and because customer trust compounds.
A concrete 90-day plan:
- Audit the funnel. Walk through enrollment as a customer using a clean device. Screenshot every screen. Document where price, frequency, and cancellation method appear—or do not.
- Audit the cancellation path. Count the clicks and minutes from "I want to cancel" to confirmed cancellation. Compare to clicks from landing page to first charge. If cancellation is longer, fix it.
- Rebuild consent capture. Add the standalone checkbox. Log the disclosure text shown, checkbox state, timestamp, and IP for every enrollment. Store the log for at least three years.
- Map state law obligations. List every state where you have paying customers. Pull the most stringent requirements—usually California's—and apply them universally.
- Reconcile reserves. Sit down with your accountant. Confirm that deferred revenue, refund liability, chargeback reserve, and contingency accruals reflect current cancellation rates and enforcement risk.
- Document the policies. Written subscription policies, cancellation procedures, and consent-capture standards belong in your compliance binder, ready to produce if a regulator asks.
The enforcement environment punishes businesses that have to build all of this under subpoena pressure. Businesses that build it as ordinary operating practice rarely end up in those headlines.
Keep Your Subscription Finances Transparent from the Start
Subscription compliance is not just a legal project—it is a finance project. Refund reserves, chargeback exposure, contingency accruals, and deferred revenue all need to live in a general ledger that an auditor, a regulator, or an acquirer can read without translation. Beancount.io provides plain-text accounting that gives you full transparency and control over every subscription-related account, with version-controlled history that survives audits and due diligence. Get started for free and see why subscription founders and finance teams are switching to plain-text accounting for the kind of records that hold up under scrutiny.