After months of “in force, but please proceed with caution,” the wait is over. On 27 April 2026, the Information Commissioner’s Office (ICO) published its final guidance on the new charitable purposes soft opt-in, the rule that lets your charity send marketing emails and texts to supporters without first collecting their explicit consent.
This is a meaningful moment. The provision came into force on 5 February 2026 as part of the Data (Use and Access) Act 2025, but most charities (sensibly) held off using it while the regulators finalised the detail. Now we have clarity, and there’s a real opportunity here, both to strengthen relationships with supporters and to unlock new fundraising income.
If you’re a fundraising lead, comms manager, or trustee, this is your cue to move. Here’s what changed, what it means in practice, and the practical steps to take on your website and in your data systems.
In a nutshell:
“Instead of asking supporters to opt-in to hear from you, you can now contact them by default, so long as you’re transparent and give them a clear, easy way to opt out.”
Donation forms
The most common collection point, and the one where the soft opt-in genuinely shines.
Newsletter sign-ups
This one’s interesting because someone signing up to a newsletter is already consenting to be emailed, by definition. But the soft opt-in is useful for the additional fundraising messages you might want to send beyond the newsletter itself.
What is the charitable purposes soft opt-in?
The “soft opt-in” isn’t a new concept. Commercial businesses have been using it under the Privacy and Electronic Communications Regulations (PECR) for years. It lets a company email past customers about similar products without needing fresh consent each time, as long as people were given a clear chance to opt out at the point of sign-up.
Until now, charities couldn’t use it for fundraising. That changed in February.
Under the new rules, your charity can send direct marketing by email, text, or social media direct message to someone without prior consent, provided you can tick all of these boxes:
- You’re a registered charity in England, Scotland, or Northern Ireland
- The sole purpose of the message is to further one or more of your charitable purposes (think fundraising appeals, campaign updates, volunteer requests, event invites)
- You collected the contact details directly from the person, while they were either expressing an interest in your work or offering support
- You gave them a simple, free way to opt out at the point of collection, and you continue to offer that opt-out in every message you send
The big caveat: this does not apply retrospectively, and the rules around switching are stricter than people often realise. You can’t use the soft opt-in for people whose details were on your database before 5 February 2026, because they were never given the required opt-out at the point of collection. The same applies to anyone whose details you’ve collected since 5 February 2026 but before you updated your forms with a soft-opt-in-compliant opt-out – they’re locked in to whatever lawful basis you were using at the time.
You also can’t move existing consent-based supporters across to the soft opt-in for the sake of tidiness. In practice: consent supporters stay on consent, new supporters (collected from properly updated forms onwards) can go on soft opt-in if you choose, and the two groups should be kept clearly separated in your CRM.
Why this matters: the £290m question
This is being framed as a meaningful boost for the sector, and not without reason. The Data & Marketing Association, drawing on analysis by Wood for Trees, estimated that extending the soft opt-in to charities could increase annual donations by around £290 million.
That’s a sector-wide number, of course, and your share of it depends on how well you’re set up to take advantage. But the principle is sound: lots of well-intentioned supporters never tick the consent box at the point of giving, and charities have historically lost contact with them as a result. The new rules close that gap.
Emily Keaney, Deputy Commissioner for Regulatory Policy at the ICO, framed it like this: “This is a positive step for a sector that does so much for this country, giving them more opportunities to connect with their supporters, build meaningful relationships and promote their work.”
The Fundraising Regulator has welcomed the guidance too. Its Chief Executive, Gerald Oppenheim, noted that the new guidance provides valuable clarity for charities about how they may legally use the new soft opt-in provision, where it would be appropriate for them, their supporters and their cause.
What “furthering your charitable purposes” actually means
The ICO has taken a usefully broad view here. According to the guidance, activities that count as furthering your charitable purposes include:
- Requesting donations, including financial contributions and donations of goods like clothes or food
- Recruiting volunteers
- Inviting people to fundraising events
- Sharing updates on your campaigns and the impact of your work
- Promoting petitions or campaigning activity
Equally helpfully, “expressing an interest” is interpreted generously. Someone who signs up to your newsletter, registers on your website, or even just requests information about your cause is likely to qualify, not only people who’ve donated.
Someone doesn’t have to be a supporter in the traditional sense. People who access your services – clients of an advice line, families using a hospice, beneficiaries of a food bank – can also fall within “expressing an interest” in your charitable purposes, depending on the context. For service-delivery charities where the line between supporters and service users isn’t always clean, this is worth thinking through carefully (and is exactly the sort of situation where the harm test in the previous section becomes relevant).
What you can’t do
This is where it gets a little more nuanced, and where charities will need to tread carefully.
- You can’t use it to sell products or services. Even if every penny goes back to the charity, merchandise, raffle tickets, and trading activity sit under the commercial soft opt-in (or require explicit consent). Your gift shop newsletter and your fundraising appeal are now formally separate beasts.
- You can’t mix the two in a single email. A fundraising appeal sent under the charitable purposes soft opt-in cannot also include a “and don’t forget our Christmas cards are on sale” promo. They need to go out as separate communications.
- You can’t promote other organisations. That includes partner charities and your own trading subsidiary. Each entity needs its own lawful basis.
- You can’t rely on details collected by someone else. The contact details have to be collected directly by your charity, in the course of the person engaging with your charitable purposes. Details collected by a trading subsidiary, or harvested from a third-party platform, don’t qualify. There’s also genuine uncertainty in the sector about details collected by a professional fundraiser acting on a charity’s behalf, and the ICO has been clear that “there is no such thing as a third-party marketing list that is soft opt-in compliant.” If you use external donation platforms, this is worth a careful look.
- You can’t use it for sensitive contexts. If someone gave you their email while accessing a crisis service, sending them a fundraising ask later could cause harm, and the ICO is clear that you shouldn’t. More broadly, you should review your Vulnerable Persons policy alongside this work, to make sure people aren’t being over-marketed or pressured.
- You still have to comply with the Code of Fundraising Practice. The Fundraising Regulator has flagged Rule 8.4.4 in particular, which requires charities to balance the need to communicate with not bombarding people. Just because you can email someone doesn’t mean you should email them weekly.
Your practical to-do list
Here’s what we’d recommend doing in the next few weeks. Some of this is genuinely straightforward, and some of it will need a proper sit-down with your data and dev team.
1. Update your privacy notice
This is non-negotiable. Your privacy notice needs to clearly explain that you may use people’s contact details for direct marketing under the charitable purposes soft opt-in, and that they can opt out at any time. If your privacy policy hasn’t been touched in a couple of years, this is the moment.
2. Carry out a Legitimate Interests Assessment
The soft opt-in is a PECR exemption from consent, but it doesn’t replace the need for a UK GDPR lawful basis for processing the underlying personal data. In practice that’s almost always going to be legitimate interests, which means documenting a Legitimate Interests Assessment (LIA). An LIA is a written record of three things: the legitimate interest you’re pursuing (e.g. raising funds to deliver your charitable purposes), why the processing is necessary to achieve it, and how you’ve balanced that interest against the rights and reasonable expectations of your supporters.
It doesn’t need to be a 20-page policy. It does need to exist, and it needs to be reviewed periodically. If the ICO ever asks how you decided the soft opt-in was appropriate for your charity, the LIA is your answer.
3. Audit every form on your website
Every donation form, every newsletter sign-up, every event registration, every volunteer enquiry, every petition. Each one needs:
- A clear opt-out option presented at the point of collection (not buried)
- Plain-English wording explaining what you’ll send and why
- A genuine, easy way to unsubscribe
If you’re using forGood for donations, you’ve got the consent and opt-out fields built in. For other forms, this is a good moment to take stock.
4. Restructure your contact lists
Your CRM or email platform now needs to handle (at least) three separate audiences:
- People who’ve given explicit consent for marketing
- People you’ll contact under the charitable purposes soft opt-in (collected after 5 February 2026)
- People you contact under the commercial soft opt-in, for trading or merchandise
These need to be properly tagged and segmented so you don’t accidentally send a fundraising appeal to someone who only ever bought a card from your shop.
5. Review your supporter journey copy
The point at which you collect someone’s email is the point at which the opt-out has to appear. That means rewriting confirmation pages, thank-you emails, and welcome series to set expectations clearly. “We’ll keep you updated about our work and how you can support us. You can unsubscribe at any time” is the kind of plain, confident wording that works.
6. Train your team
Anyone who handles supporter queries needs to know what’s changed. The ICO specifically recommends training staff on how to respond to questions and complaints about marketing communications.
7. Don’t forget the June deadline
A separate but related point: by 19 June 2026, all organisations (charities included) must have a documented process for handling data protection complaints. If you don’t have one yet, now is a good time to write it.
What it doesn’t change
Your existing database is still your existing database. If you’ve been relying on consent for years, those records remain valid, and you can keep emailing those supporters under that lawful basis. The soft opt-in is an additional tool for new contacts going forward, not a replacement for what you’ve already built – and it’s generally cleaner to leave consent-based supporters on consent, rather than trying to migrate them. Mixing lawful bases on the same record is a recipe for database pain and potential compliance gaps.
It also doesn’t override the Code of Fundraising Practice, the Fundraising Preference Service, or anyone’s right to object. If a supporter unsubscribes, they’re unsubscribed, regardless of which lawful basis you were relying on.
Our view
We’ve been waiting for this guidance for a long time, and on the whole it’s a sensible, charity-friendly framework. The £290m figure is a reminder of how much fundraising potential has been left on the table by overly cautious consent practices, and the new rules give well-run charities a clear route to recover some of that ground.
The work, though, is mostly in the unglamorous detail: privacy notices, form configurations, list segmentation, and supporter-journey copy. Get those right and the soft opt-in does the rest. Get them wrong and you’re risking ICO action and, more importantly, the trust of your supporters.
If you’d like a hand reviewing your forms, updating your privacy notice, or getting your CRM set up for the new world, this is exactly the kind of thing we help charities with every day. Get in touch and we’ll have a look at what you’ve got.
Frequently Asked Questions
What is the “soft opt-in” for charities?
The soft opt-in allows charities to send marketing emails and SMS messages to supporters without explicit consent, as long as the person gave their details directly, was informed at the time, and had a clear opportunity to opt out.
Does this apply to email only?
No, this applies to email and SMS (text messages), as well as similar electronic messages. These channels are covered by the same rules.
Does it apply to postal marketing?
No. Postal marketing isn’t covered by the soft opt-in. Charities can already send marketing by post under legitimate interests, provided they’re transparent and respect opt-outs.
Can we pre-tick marketing consent boxes now?
No. Pre-ticked boxes are still not allowed under UK GDPR.
The shift is away from consent entirely, you’re now offering an opt-out, not relying on opt-in.
Can we use this for our existing database?
No. The soft opt-in only applies to contact details collected on or after 5 February 2026. Your existing contacts must still be managed under their original lawful basis (e.g. consent).
What counts as “expressing an interest”?
This is interpreted broadly. It can include:
– Making a donation
– Signing up for updates
– Registering for an event
– Requesting information
They don’t need to have donated early engagement still counts.
What can we send under the soft opt-in?
You can send messages that further your charitable purposes, such as:
– Fundraising appeals
– Campaign updates
– Volunteer opportunities
– Event invitations
What can’t we send?
You can’t use the charitable soft opt-in to:
– Promote products or merchandise
– Mix fundraising with commercial promotions in the same message
– Promote other organisations (including partners or trading subsidiaries)
Do we still need to include an unsubscribe option?
Yes, every message must include a clear and simple way to opt out, and it must be free and easy to use.
Do people need to be told at the point of sign-up?
Yes. You must clearly explain:
– What you’ll send
– Why you’re contacting them
– That they can opt out at any time
This needs to be shown when you collect their details, not hidden away.
Does this replace consent entirely?
No. Consent is still valid and useful.
The soft opt-in is an additional option for new contacts, it doesn’t replace your existing consent-based marketing.
Is SMS treated the same as email?
Legally, yes, but in practice, you should be more cautious. SMS is more immediate and can feel more intrusive, so expectations and frequency matter more.
Can someone opt out at any time?
Yes. And if they do, you must stop marketing to them, regardless of whether you were relying on consent or soft opt-in.
What should we do next?
At a minimum:
– Update your privacy notice
– Review and update all data capture forms
– Add clear opt-out options
– Segment your CRM properly
– Train your team on the new rules
Further reading