Your Cancel Button Is the Next FTC Lawsuit: Subscription Compliance After Click-to-Cancel
The FTC's Click-to-Cancel rule got vacated — and enforcement got worse, not better. Match, Chegg and Amazon are mid-fight. Here is the cancellation-flow audit that protects your 2026 revenue.
FTC's Click-to-Cancel rule was vacated but ROSCA (Restore Online Shoppers' Confidence Act) remains in force and authorises FTC action against deceptive subscription disclosures or cancellation flows. The FTC continues bringing ROSCA actions against Match, Chegg, and Amazon — cancellation flow audit is required regardless of the vacated rule.
Why Vacatur Made Things Worse, Not Better
Most subscription brands read the July 2025 vacatur of the FTC's Click-to-Cancel rule and concluded the pressure was off. That read is wrong, and the consequence shows up in the litigation calendar rather than the rulemaking calendar. The rule is paused; the underlying enforcement authority is not. The FTC kept the Restore Online Shoppers' Confidence Act (ROSCA), the FTC Act, and every state automatic renewal law — and used them through late 2025 and into 2026 to sue subscription brands directly, without the rule, on the same theory the rule would have codified.
Then in January 2026 the FTC filed an Advanced Notice of Proposed Rulemaking with OMB to rebuild the rule. The signal to operators is the inverse of the relief most assumed: the agency is not retreating from cancel-flow enforcement; it is widening it. ROSCA litigation, state attorneys general, and the eventual replacement rule will all converge on the same standard — that cancellation must be as easy as signup, and that the disclosures at the point of subscription must be plain and unburied.
The practical takeaway is that the rule may be paused but the underlying standard is not: the expectation that cancellation be as simple as the sign-up that started it can still be enforced through ROSCA and the FTC Act while rulemaking continues (characterisation of the FTC's enforcement posture, not a verbatim agency statement).
This guide covers the three active fronts subscription brands need to manage right now — federal enforcement via ROSCA, state Automatic Renewal Laws (ARLs), and the rebuilt rule on the horizon — and gives the cancel-flow audit and ad-creative cleanup that protect revenue across all three. Pre-flight your subscription ad creative with the AI compliance audit and validate every disclosure with the disclosure checker before the next campaign goes live, and map cross-state ARL obligations with the legal compliance scan.
Who Got Sued: Match, Chegg, Amazon
The three cases every subscription brand should read in 2026 are not theoretical. They are live ROSCA and state actions filed against brands whose cancellation flows the FTC or state attorneys general decided were deceptive. The table summarizes the operative facts and the gap that triggered each action.
| Brand | Forum | Cited gap | Lesson |
|---|---|---|---|
| Match.com | FTC, ongoing | Auto-renewal disclosure not clear and conspicuous at point of sale; cancellation routed through customer service rather than a one-click path | Disclosure burying plus friction in the cancel path together is a deceptive-experience theory regardless of whether the rule is in force |
| Chegg | FTC, settlement track | Mismatched signup ease and cancellation difficulty; trial-to-paid conversion without affirmative consent at the renewal step | Signup-cancellation asymmetry is now an enforcement theory, not a policy preference |
| Amazon (Prime) | FTC, public litigation | Multi-screen "Iliad" cancellation flow allegedly engineered to deter completion of cancel | Dark-pattern friction in cancellation flows is treated as a per se ROSCA problem |
The pattern across the three is not novel terminology — it is the practical gap between how the signup flow is designed (frictionless, optimized) and how the cancellation flow is designed (multi-screen, customer-service-routed, confusion-inducing). Where the gap is wide enough to read as a designed friction, the enforcement theory does not need a specific rule to attach. ROSCA and state ARLs are sufficient.
The defensible posture is to assume any asymmetry between signup ease and cancellation ease can be the start of an enforcement narrative. For SaaS-specific cancellation flow design, the SaaS and tech advertising compliance guide covers the trial-to-paid and renewal-consent layer, and for DTC subscription brands the ecommerce and DTC compliance guide covers the order-page disclosure layer.
The State ARL Floor Already Active
The Click-to-Cancel vacatur removed the federal ceiling. It did not remove the state floor. State Automatic Renewal Laws have been on the books for years, several were tightened in 2025 and 2026, and they impose obligations subscription brands operating nationally must meet regardless of the federal rule's status. The state layer is the most consequential active front for the next 12 months.
The states that matter most operationally
- California: the 2024 amendments to the California Automatic Renewal Law strengthened the disclosure and consent requirements at the point of sale, required clear notice before renewal at specified intervals, and clarified that cancellation must be available through the same medium used to enroll. Penalties scale with violations.
- New York: the 2025 ARL amendments require electronic cancellation for any subscription entered electronically and clarified the disclosure standard at sign-up. Online brands cannot route cancellation through phone-only paths.
- Colorado: the 2025 amendments require renewal reminders before annual auto-renewals and clarified that consumers must be able to cancel without speaking to a customer service representative.
- Vermont, Illinois, Minnesota: moved in 2025–2026 to tighten the ARL framework with prominent disclosure and click-to-cancel standards in line with the FTC's proposed approach, regardless of the federal rule's status.
The operating implication is that a nationwide subscription brand is already governed by a click-to-cancel standard via the state floor, even with the federal rule paused. The cleanest compliance posture is to design the cancel flow to the most prescriptive state's standard and apply that nationally — the marginal cost of doing so is small, and the protection against forum-shopping enforcement is large. For the cross-state mapping the United States compliance reference sets out the per-state framework, and ongoing changes to ARL enforcement and the federal rule's progress should be tracked through the policy tracker.
The 7-Step Cancel-Flow Audit
The cancellation flow is the operative artifact in every enforcement action. Audit it against the seven gates below before the next billing cycle. Each gate maps to a specific theory of liability used in current ROSCA and ARL actions.
- 1. One-click parity: the user can initiate cancellation in the same number of clicks they used to sign up. A signup that took three clicks but a cancellation that takes seven is an asymmetry an enforcer will read as designed friction.
- 2. Same-medium termination: a subscription entered online can be cancelled online without phone, email, or customer service routing. Forcing a call to cancel an online signup is the single most-cited ARL violation.
- 3. No retention-flow gating: a retention offer (discount, pause) can be offered, but it cannot block the cancel path. The cancel button must remain accessible while the offer is displayed, and accepting the offer must be the affirmative choice rather than the default.
- 4. Disclosure at point of sale, plain and unburied: the auto-renewal terms, the price after any trial, the billing cadence, and the cancellation method must be clear and conspicuous on the same screen as the subscribe button — not on a linked page, not in a footer, not in a checkbox legend.
- 5. Affirmative consent at renewal transition: if a trial converts to paid, the conversion must follow affirmative consent, not silent rollover. A renewal notice with a one-click confirm or a pre-renewal reminder satisfies this; passive rollover after a trial does not under several state ARLs.
- 6. Receipt and confirmation at cancellation: upon cancellation the user receives a confirmation in the same channel as enrollment (typically email) with the date of last access, the end of billing, and any pro-rata refund terms.
- 7. No dark-pattern micro-friction: no confirm-shaming language ("Are you sure? You'll lose…"), no fake countdown timers, no required survey to complete cancel, no multi-screen confirmation that exceeds the signup screen count.
For the disclosure layer specifically (gates 4 and 6), validate the language and placement with the disclosure checker, and for the broader cross-jurisdiction obligations confirm the flow against the legal compliance scan so the highest-prescriptive state's standard is met nationally.
Subscription Ad Creative Cleanup
The cancellation flow is the second front. The first front is the ad creative that drives the subscription. ROSCA and state ARLs both attach the disclosure obligation to the offer presentation, and that includes the paid social and search ad that fed the signup, not only the landing page. Ads must clearly disclose the auto-renewal and the post-trial price, must not bury the recurring-billing nature behind a free-trial headline, and must lead to a landing page whose disclosure language matches the ad's framing.
The four ad-creative changes to ship before the next campaign
- Lead with recurring-billing framing where applicable: if the offer is a subscription, the ad should say so. "Free 7-day trial — then $19.99/month, cancel anytime" is defensible. "Start your free trial today" without the recurring-billing context is not.
- Match ad copy and landing-page copy: the price, the billing cadence, and the cancel-anytime language in the ad should appear identically on the landing page. Drift between the two is a creative-to-landing mismatch trigger in Meta's 2026 ad review and a deception theory in ROSCA actions.
- Avoid time-pressure micro-copy that obscures the subscription: "Only 3 spots left" or "Today only" on a subscription offer reads as pressure tactics in ARL frameworks and increases enforcement exposure.
- Pre-clear the cancel-anytime claim: if the ad says "cancel anytime," the cancellation flow must actually be one-click, same-medium, and friction-free. A "cancel anytime" claim with a multi-screen retention flow is the textbook ROSCA mismatch.
Run the subscription ad creative through the keyword risk checker for time-pressure micro-copy and the AI compliance audit for the landing-page alignment before launch, and confirm cross-platform disclosure consistency on Meta, Google, and TikTok via the platform comparison reference.
Subscription Compliance Checklist
- [ ] Cancel flow audited against all 7 gates and brought up to the most prescriptive state standard
- [ ] One-click parity verified — signup and cancel click counts match
- [ ] Same-medium termination available — online signup, online cancel
- [ ] Retention flow does not gate the cancel button
- [ ] Auto-renewal and post-trial price disclosed on the same screen as subscribe
- [ ] Affirmative consent at trial-to-paid transition, not silent rollover
- [ ] Cancellation receipt sent in the same channel as enrollment
- [ ] No confirm-shaming language, fake countdowns, or required surveys at cancel
- [ ] Ad creative leads with recurring-billing framing where applicable
- [ ] Ad copy and landing-page copy match on price, cadence, and cancel terms
- [ ] "Cancel anytime" claim only used if the cancel flow is genuinely one-click
- [ ] State ARL exposure mapped for California, New York, Colorado at minimum
Don't miss the next policy change.
Create a free account — track every policy change across 8 platforms, get instant alerts, and access every free compliance tool. Or try our Meta Rejection Predictor first.
Report Keywords — Run AI Compliance Audit
Related Posts
UK DMCC Act in 2026: The Fake Reviews Ban, Drip Pricing Rules and CMA Direct Enforcement
The UK's DMCC Act gave the CMA power to fine businesses up to 10% of global turnover without going to court — and the first targets are fake reviews and drip pricing.
EU Political Advertising Regulation (TTPA) in 2026: Transparency Notices, Targeting Limits and the Platform Exit
The EU's Political Advertising Regulation now governs every political and issue ad in the bloc — with strict transparency, a near-total bar on profiled targeting, and a third-country sponsor ban that pushed Meta and Google out.
South Korea's Fair Labeling and Advertising Act in 2026: False Claims, Disclosure and AI-Generated Content
South Korea's Fair Labeling and Advertising Act bans false, deceptive, unfairly comparative and slanderous ads. Here is how it applies to claims, disclosure and AI content.