News & Insights

Auto-renewal of anti-virus software contracts for consumers

The CMA issues new guidance on the auto-renewal of contracts for anti-virus software which suppliers of other consumer products should also be aware of.

The CMA has recently released new compliance principles to address concerns with subscription contracts used by anti-virus software businesses. This has been an area of concern for some while and this guidance now builds on previous principles developed by the CMA. Earlier this year the CMA took enforcement action against McAfee and Norton, obliging them to make changes to their auto-renewals processes. The latest guidance follows the CMA’s interpretation of consumer law under the terms of the Consumer Protection from Unfair Trading Regulations 2008 (CPRs) and the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013. It targets auto-renewals of a year or more, but the principles also apply to shorter subscription periods.

What is auto-renewal of a contract?

This occurs at the end of a subscription period, when a customer continues to be charged for and to receive anti-virus software based on an automated renewal of their subscription. This renewal process could run indefinitely until the consumer takes action to end the contract. Whilst a convenient option, it assumes the product has continuing relevance to the customer. The guidance therefore seeks to prevent situations of anti-virus software customers being locked into contracts they no longer want or need, where they can be charged unexpected, or higher fees for renewal.

The principles

The guidance consists of nine principles based on the customer journey from the purchase of anti-virus software through to the cancellation of a subscription. It provides practical advice about how to work within consumer protection law to avoid enforcement action. It reflects the need to demonstrate ‘professional diligence’ in customer dealings, a standard required by the CPRs. This means the auto-renewals process should be fair and transparent, providing a smooth customer experience with no misleading claims, or unnecessary hurdles making it difficult for customers to cancel. Businesses should actively engage with customers about the renewal process, rather than place the onus on them to monitor the product they purchased. The guidance also addresses a specific concern over misleading price claims, stating that if the standard price charged on sign-up is lower than that charged at renewal, it should not be marketed as a discount.  In brief the principles say:

When the customer first signs up:1. Ensure customers can make fully informed choices about auto-renewal.

2. Ensure any price claims are accurate and not misleading.

3. Give customers confirmation of the key points of the auto-renewing contract.
During the contract:4. Ensure auto-renewal can be easily turned off by customers.

5. Remind customers in good time before auto-renewal occurs.

6. Once off, auto-renewal stays off.
Once contract has auto-renewed:7. Give customers a chance to change their minds i.e. a cooling off period of at least 2-weeks.

8. Make it easy for customers to get a refund if they want one.

9. Engage with customers who are not using their renewed product. It may be inappropriate to continue taking payments if there is neither product use nor a customer response.


The CMA urges antivirus software suppliers to review their current practices and make any necessary changes in the light of the guidance. Although this is not itself legally binding, it is designed to ensure businesses work within consumer protection law. Non-compliance with consumer protection law might lead to a business facing enforcement action via the courts, which could result in having to change practices, pay money back to customers or even fines or imprisonment.

These principles are useful as ‘best practice’ advice for other B2C businesses that use auto-renewal processes. They also indicate that stronger UK regulation of subscription contracts for consumers may be implemented across other markets, especially given the recent conclusion of a government consultation on this matter. Businesses should therefore get prepared now by reviewing their processes with this latest guidance and, where appropriate, making changes.  If you would like further advice about this issue, please contact our Commercial & Technology team.