Charitable purpose soft opt-in: from consultation to clarity

The introduction of the charitable purpose soft opt-in in the Data (Use and Access) Act 2025 last summer marked a significant change for UK charities, offering greater flexibility to use email and text fundraising without relying solely on explicit consent. While widely welcomed in principle, the details of how the new rules would work in practice prompted caution across the sector, particularly during the Information Commissioner’s Office (ICO) consultation period.

What counts as interest or support

A key issue, expressed by the Chartered Institute of Fundraising (CIOF) and others was uncertainty over what it means for an individual to express interest in, or offer support for, a charity’s purposes. Fundraisers were concerned that without clear interpretation, they would be left making risky judgement calls about whether everyday interactions were sufficient to rely on the soft opt-in.

Safeguarding

The ICO’s guidance, published on 28 April 2026, does not remove the need for judgement, but it does introduce an important safeguard. Charities must have a reasonable basis for concluding that a person was expressing interest in or offering support, and this assessment must be based on context rather than assumption. This provides a clearer regulatory standard that charities can document and defend.

Another important point for fundraisers is the ICO’s position on data collected via third parties, including professional fundraisers and partners The ICO has made it clear that the charitable soft opt-in will not apply if you did not collect the data directly from the individual.

Applying good governance

How to categorise transactional activities such as charity shop purchases or ticketed events is also a major concern for fundraisers. The ICO has directly addressed this, confirming that not all transactions demonstrate support for charitable purposes and that purely transactional relationships cannot be used to justify reliance on the charitable soft opt-in. Its guidance does however state that the new rules mean that charities can use the products and services soft opt-in, which can cover more transactional interactions.

However, in this case, the charity’s communication must be about the same or similar products and services and not about its charitable purposes in general. Where both soft opt‑ins might apply, charities must offer two distinct opt‑outs, clearly explaining what each one covers. From a fundraising perspective, clarity is vital to avoid confusion and complaints.

A further practical concern raised by the CIOF was whether charities would need to send separate communications where both the charitable soft opt-in and the products and services soft opt-in applied. The ICO has confirmed this is not necessary. Fundraising and commercial messages can be combined within a single communication, providing both soft opt-ins are valid for the data subjects.

Despite the added flexibility, strong internal data governance remains essential. Supporter records must be clearly flagged to reflect the lawful basis being relied upon. In practice, this means maintaining separate indicators for explicit consent, charitable purposes soft opt-in, and products and services soft opt-in, ensuring opt-outs are respected accurately.

Conclusion

Overall, the ICO’s final guidance responds to many of the concerns raised during its consultation. While the charitable soft opt-in offers valuable new opportunities, charities will still need to apply care, transparency and sound judgement to use it in a way that supports fundraising while protecting public trust. With that in mind, the ICO has also reminded charities of its 19 June 2026 deadline for charities to have in place a process for handling data protection complaints – something fundraising teams should factor into their planning.

Our Risk Advisory team has prepared a quick guide to support you in navigating the charitable soft opt‑in:

Quick guide to the charitable purpose soft opt-in

For tailored advice on developing fundraising policies and data protection practices, please contact Moore Kingston Smith’s Nonprofit Advisory and Risk Advisory teams.