What the new “soft opt‑in” means for your charity’s marketing

If your organisation relies on email or text marketing to keep supporters engaged, you now have a helpful new option. The Data (Use and Access) Act 2025 (DUAA) has extended the well‑known “soft opt‑in” rule to charities—opening up new, lawful ways to communicate with people who’ve shown an interest in your work.

These changes came into force on 5 February 2026, when the Data (Use and Access) Act 2025 (Commencement No. 6 and Transitional and Saving Provisions) Regulations 2026 took effect. For more background on everything that commenced on that date, you can read our overview.

This article focuses on what the new soft opt‑in means for charities, why it matters, and what you should do now that the rules are live.

A quick recap: what is the soft opt‑in?

You might already be familiar with the soft opt‑in from the business world. It lets an organisation send marketing emails or texts to people who’ve bought something from them, as long as:

• They collected the person’s contact details during the sale,
• The marketing relates to similar products or services, and
• The individual had a clear chance to opt out.

Until now, this only applied to commercial organisations and only where there had been a purchase. The DUAA changes that.

What has changed for charities?

Section 114 of the DUAA amends Regulation 22 of the Privacy and Electronic Communications Regulations (PECR). This creates a new soft opt‑in route specifically for charities.

Under this new rule, your charity can now send direct marketing emails or texts to an individual subscriber if:

• Your message is solely aimed at furthering your charitable purposes. This includes fundraising appeals, updates on your work, event invitations and other ways for supporters to get involved.
• You collected their contact details while they were engaging with your charitable purposes. That means the person either: expressed an interest in your charity’s work, or offered or provided support—financial or otherwise. Crucially, this does not require a purchase.
• You gave them a simple, free way to opt out when you collected their details—and you continue to offer that opt‑out in every message you send.

An important caveat from the Information Commissioner's Office (ICO)

The ICO has clarified that you must not use the charitable‑purpose soft opt‑in to contact people whose details you collected before the new rule commenced. If you want to rely on this new route for people who engaged before 5 February 2026, you will need to collect their details again, ensuring you meet the new requirements.

The ICO also expects charities to keep separate lists for:

• Supporters who receive electronic marketing based on consent, and
• Supporters who receive electronic marketing under the charitable‑purpose soft opt‑

Is guidance from the Information Commissioner's Office and the Fundraising Regulator available to support charities to get this right?

Although the new charitable‑purpose soft opt‑in is already in force, the ICO has not yet published its final guidance on how charities should apply it in practice. The ICO launched a consultation on the charitable purpose soft opt‑in rules in October 2025, seeking views from charities and the third sector on its draft guidance. As part of that consultation the ICO provided advice on what organisations can do to prepare.

The Fundraising Regulator has also stated that it intends to publish guidance on the use of charitable soft opt-in for fundraising in early 2026, once the ICO has published its own guidance.

In the meantime, charities:

• Should continue to apply the Code of Fundraising Practice when carrying out fundraising, ensuring that fundraising is open, honest, and respectful and balances the need to communicate with avoiding bombarding people with fundraising communications, and
• Can rely on the new rule as set out in PECR, but you should take a cautious, well‑documented approach until the guidance is published.

Why this matters for your organisation

Collecting explicit consent has long been a challenge for charities. Supporters engage in lots of ways—events, volunteering, information sessions, one‑off donations—and not all of those touchpoints are designed with perfect consent capture.

The expanded soft opt‑in gives you a practical and proportionate way to stay in touch with people who clearly care about your cause.

In practice, this means you can now:

• Follow up with someone who expressed interest at an event,
• Contact people who registered for one of your information sessions, and
• Contact volunteers or people who signed up to learn more.

You still need to provide an opt‑out at every opportunity, but you don’t need explicit consent. For many charities, this means healthier supporter lists, more consistent engagement, and fewer barriers to communication.

How this differs from the previous position

Before DUAA, a charity could rely on the commercial soft opt‑in only under narrow circumstances—where it sold goods or services. That meant many important supporter interactions fell outside the rule.

Now, the focus has shifted from commercial transactions to charitable purposes.

If someone has taken steps to engage with your mission, the law now acknowledges that it’s reasonable for you to stay in touch—subject to opt‑outs.

What hasn’t changed

The new rule doesn’t override existing safeguards. Your organisation must still:

• Be transparent at the point of data collection
• Maintain a robust suppression list
• Include opt‑out information in every message
• Ensure communications genuinely further your charitable purposes
• Identify your charity clearly in each communication.

And PECR works alongside the UK GDPR, meaning you still need a lawful basis for processing supporter data.

What counts as “expressing an interest” or “offering support”?

The legislation is intentionally broad. Actions that could fall within this include:

• Signing up for information about your programmes
• Registering for a webinar or event
• Making a one‑off donation
• Volunteering or signing up to volunteer
• Asking how to get involved
• Taking part in a charity‑related survey
• Engaging with your charity at a stall or outreach session.

These interactions show the person already has a connection with your charitable purposes. The soft opt‑in lets you build on that connection—while still offering opt‑outs. The explanatory notes to the DUAA have more information on this topic.

Can you use this to send fundraising appeals?

Yes, the explanatory notes to the DUAA clarify that the soft opt-in allows charities to send communications regarding their campaigning or fundraising activities.

What you can’t do is send marketing that isn’t connected to your charity’s purposes. For example, emails promoting unrelated commercial products would not be covered.

What your charity should do now

The extension of the soft opt‑in is a welcome and supporter‑friendly update for the charity sector. It recognises that people often want to hear more from causes they’ve engaged with—and that rigid consent mechanisms don’t always align with how charities work in practice.

But we don’t yet have the final ICO guidance, and so charities may wish to be cautious and start preparing by taking the following steps:

• Review all your data collection mechanisms: Ensure web forms, event sign‑ups, donation platforms and volunteer processes include a clear opt‑out statement.
• Update your privacy information: Explain that you may contact individuals based on their interest in your charitable purposes, and highlight their right to opt out.
• Update email templates: Make sure your opt‑out language is prominent, clear and repeated in every message, including text messages.
• Document your decision‑making: As part of your UK GDPR compliance, keep records of: how individuals expressed interest or offered support, when and how you provided the opt‑out and your legitimate interests assessment.
• Provide staff training: make sure your staff know how to respond to queries and complaints from individuals receiving electronic mail marketing.
• Manage your suppression lists: Make sure your organisation rigorously maintains and updates suppression lists so that opt‑out requests are actioned promptly and consistently.
• Other DUAA changes: Consider what other policies, training, DPIAs or governance structures may need revision in light of DUAA. Our articles on DUAA changes and the Commencement No. 6 Regulations can help with this.

Do you want to know more about the soft opt-in rule for charities and how it might impact on your organisation? Or want support with updates to your privacy programme and DUAA implementation?

Simply reach out to Sheilah Mackie or Tess Dupont.