ICO charity soft opt-in guide
The charitable purposes soft opt-in lets UK charities email supporters without consent from Feb 2026, but only if specific conditions and opt-out requirements are met.
The ICO’s Charity Soft Opt-In: What UK Charities Need to Know
The fundraising sector has been waiting for this one. Since 5 February 2026, charities operating in the UK can now email supporters without prior consent under a new legal route called the charitable purposes soft opt-in. The ICO published its final practical guidance in April 2026, and the message is clear: the opportunity is real, but so are the operational requirements that come with it. If your charity is still relying entirely on consent-based email lists, or if you are wondering whether you can simply start contacting everyone who has ever donated, this article will give you the practical answers you need.
Key takeaways
- The charitable purposes soft opt-in came into force on 5 February 2026 under the Data (Use and Access) Act 2025.
- It allows charities to email supporters without prior consent, but only where specific conditions are met.
- Not every interaction qualifies as a purchase, and ticket sales may not be enough.
- You must provide a clear opt-out at the point of data collection and in every subsequent message.
- Third-party lists do not qualify. The ICO has been explicit: there is no such thing as a soft opt-in compliant third-party list for this purpose.
- Your CRM needs to record which legal basis applies to each contact before you send a single message under this route.
What is the charity soft opt-in?
The charitable purposes soft opt-in is a new provision under PECR (Privacy and Electronic Communications Regulations 2003), introduced via the Data (Use and Access) Act 2025. It came into force on 5 February 2026.
In plain terms: charities can now contact individuals by electronic mail (email, text, or other direct messaging) without asking for explicit consent first, provided the person has expressed an interest in, or offered to support, the charity's purposes, and provided the charity gives them an easy opportunity to opt out both when collecting their details and in every subsequent message.
This is modelled on the existing soft opt-in that commercial organisations have used for years, but adapted specifically for the charity sector.
Why the charity soft opt-in matters for UK charities
Before this change, PECR required charities to obtain explicit consent before sending most direct marketing by electronic mail. That meant anyone who had donated, volunteered, or engaged with your cause but had not ticked a specific marketing box was off-limits.
That is changing. The sector has predicted a meaningful uplift in fundraising, with charities able to use the new provision confidently and with the right infrastructure in place. More touchpoints with engaged supporters means more opportunities to fundraise, recruit volunteers, and advance your mission.
But the ICO's guidance is not a green light to email everyone. It comes with conditions, and those conditions require operational work to meet.
Key requirements in the ICO’s charity soft opt-in guidance
The ICO published more than 140 consultation responses before finalising this guidance. Here are the three things every charity needs to understand.
1. Not every interaction with your charity counts as support
This is where many charities will get caught out. The ICO is clear that a purely transactional interaction, such as buying a product from your shop or purchasing a ticket to an event, does not automatically qualify as an expression of support for your charitable purposes.
Strong signals that do count include donations (of money, goods, or time), volunteering, signing up for updates about the cause, and requesting information about the charity's work.
The practical takeaway: you need to make a documented judgment call about which types of interactions in your database genuinely reflect support for your charitable purposes, and you need to be able to explain that rationale internally.
2. Third-party lists are out
The ICO has been explicit. There is no such thing as a soft opt-in compliant third-party marketing list for charitable purposes. You cannot purchase or obtain a list from another organisation and use the soft opt-in to contact those people, even if that other organisation is part of your wider group.
Responsibility does not just sit with whoever sends the message, either. Under PECR, the charity that instigates the marketing can also be held responsible. If you use an agency or partner to send messages on your behalf, you need written contracts that clearly set out who is responsible for what, and you need to have done basic due diligence on their practices.
3. Opt-outs must be easy, consistent, and operational
Every communication sent under the charitable soft opt-in must include a clear, simple opportunity to opt out. That opportunity must also be present when you first collect someone's details.
This is not just a legal requirement. It is an operational one. Your CRM needs to:
Record which legal basis applies to each contact (soft opt-in vs explicit consent)
Log when someone opts out and action it promptly across all channels
Generate communications that consistently include unsubscribe or STOP options
Getting the technology right is as important as understanding the legal conditions.
What counts as support under the charity soft opt-in?
This is the question most charities will hit immediately after reading the ICO's guidance, and the honest answer is: it depends on context. The ICO has deliberately avoided a rigid list, because the same interaction can mean different things depending on how it happened and what the person reasonably expected at the time.
Here is how the ICO's guidance maps onto the most common supporter interactions.
Donations: A monetary donation is the clearest example of genuine support. Whether someone donates online, by post, or in person, they are directly furthering your charitable purposes. The soft opt-in applies here, provided the donation was made on or after 5 February 2026, and the contact details came directly from the donor.
Volunteering: Someone who has volunteered, or applied to volunteer, has actively offered their time and skills to advance your cause. This is a strong signal of support and one of the clearest qualifying interactions under the new provision. The same applies to someone who has expressed interest in volunteering, even if they have not yet done so.
Requests for information: If someone has proactively contacted your charity to learn more about your work, your programmes, or how they can get involved, that demonstrates genuine interest in your charitable purposes. This includes signing up to receive updates about your campaigns or mission-related activities.
Charity shop purchases: This is where it gets complicated. The ICO's position is that buying something from a charity shop does not automatically qualify. A retail transaction can be purely transactional, with no connection to the buyer's views on your cause. That said, context matters. If someone buys from your shop and also signs a gift aid declaration, or expresses interest in your work at the point of sale, that changes the picture. The safest approach is not to rely on retail purchases alone, and to document your reasoning if you do.
Event ticket purchases: Similar caution applies here. Buying a ticket to a gala dinner or a charity run does not, on its own, demonstrate support for your charitable purposes. However, if the event is mission-led, such as a fundraising walk or an awareness campaign tied directly to your cause, there is a stronger case. Again, document your rationale.
Other supporter interactions: Beyond the above, other interactions may qualify depending on the circumstances: responding to a campaign, signing a petition related to your charitable purposes, or participating in a community programme your charity runs. The key test the ICO applies is whether the person could reasonably be expected to understand they are engaging with your charitable purposes, not just conducting a transaction.
A useful internal rule of thumb: if you would comfortably explain to a regulator why a given interaction shows genuine engagement with your mission, you are probably on solid ground. If the connection requires a stretch, rely on consent instead.
What your charity needs before using the charity soft opt-in
Here is a practical checklist based on the ICO's guidance.
Requirement | What it means in practice |
|---|---|
Contact details collected from the individual directly | No third-party lists, no scraped data |
Details collected on or after 5 February 2026 | Pre-existing lists are not automatically eligible |
Clear opt-out at point of collection | Your sign-up forms and donation pages need updating |
Opt-out in every subsequent message | Every email and text template needs an unsubscribe mechanism |
Documented rationale for what counts as support | Internal record of which engagement types qualify |
CRM segmentation by legal basis | You must be able to separate soft opt-in contacts from consent-based contacts |
Written contracts with any third-party senders | Agencies or partners sending on your behalf |
None of these is especially complex in isolation. But together, they require your website, your CRM, your email platform, and your data governance processes to be properly connected and up to date.
Managing consent and opt-outs under the charity soft opt-in
Managing the operational side of the soft opt-in is fundamentally a consent and data management challenge. You need to collect preferences clearly, record them securely, and act on them consistently across every channel.
Clym's consent management platform is built to support exactly this kind of workflow. It helps you collect and document consent preferences on your website, manage opt-outs automatically, and maintain the kind of audit trail that demonstrates good practice to the ICO.
Beyond consent, Clym also supports data subject request management, so when supporters ask to access or delete their data, your team has a structured process to respond.
For charities and NGOs specifically, Clym for Good is a programme designed to support mission-driven organisations with compliance tools that work within the resource constraints of the sector.
There is also a deadline worth noting separately: by 19 June 2026, organisations must have a formal process in place for handling data protection complaints, a requirement the ICO flagged alongside the soft opt-in guidance.
The biggest risk charities face under the soft opt-in
The ICO has given charities more flexibility. But it has also signalled that it will be watching. In the announcement of the guidance, the ICO reminded charities that the rules around opt-outs and consent are well-established, and that the new provision does not change the fundamental principle: people have a right not to receive marketing they did not ask for.
If your database is messy, your opt-out mechanisms are inconsistent, or you cannot demonstrate which legal basis applies to each contact, you are exposed, not just to ICO scrutiny, but to supporter trust issues that can be harder to recover from than a regulatory fine.
The soft opt-in is an opportunity. Whether you can use it depends on whether your operations are ready.
Conclusion
The charitable purposes soft opt-in is the most significant change to charity email marketing rules in years. It removes a genuine barrier that was preventing charities from communicating with engaged supporters. But it comes with specific conditions that require real operational work: data collected directly, opt-outs built into every touchpoint, CRM segmentation by legal basis, and documented rationale for what counts as support.
The charities that will benefit most are those that invest now in getting their consent and data management infrastructure right. The opportunity is there. The question is whether your systems are set up to use it responsibly.
Frequently asked questions
The charitable purposes soft opt-in is a provision under PECR that came into force on 5 February 2026. It allows charities to send direct marketing by electronic mail to individuals who have expressed an interest in or offered to support the charity's purposes, without needing to obtain explicit consent first, provided opt-out mechanisms are in place.
Not necessarily. The ICO's guidance makes clear that a purely transactional purchase does not automatically qualify as an expression of support for charitable purposes. Charities need to assess each type of interaction individually and document their reasoning for which engagements qualify.
No. The ICO has stated explicitly that there is no such thing as a soft opt-in compliant third-party list for charitable purposes. The contact details must be collected directly from the individual.
Charities must provide a clear and simple opportunity to opt out at the point of data collection and in every subsequent communication sent under the soft opt-in. Opt-outs must be actioned promptly across all channels.
No. The soft opt-in can only be used for contact details collected on or after 5 February 2026.
A consent management platform can help charities collect preferences clearly on their website, maintain records of which legal basis applies to each contact, manage opt-outs automatically, and generate documentation for internal and regulatory purposes.
Adam is the Head of Digital Marketing at Clym, where he leverages his diverse expertise in marketing to support businesses with their compliance needs and drive awareness about data privacy and web accessibility. As one of the company’s original team members, Adam has been instrumental in shaping its journey from the very beginning. When he’s not diving into marketing strategies, Adam can be found cheering on his favorite sports teams or enjoying fishing.