In April 2025, UK consumer legislation underwent a significant evolution via the implementation of the Digital Markets, Competition and Consumers Act 2024 – commonly referred to as the DMCCA.  As we have now reached the first anniversary of that landmark, James Peel, Partner in our Commercial team, has taken a moment to take stock of its first 12 months and look back at how it has been enforced so far by its regulator (the UK Competeition and Markets Authority, or “the CMA”).

What is the DMCCA?

When the DMCCA was first announced, a significant focus of the related commentary was its target of ensuring that consumers are treated fairly in relation to subscription contracts.  For example, by ensuring that consumers are given certain key information up front, together with regular reminders regarding upcoming renewal payments.

However those rules on ‘subscription traps’ are not actually in force yet and are not expected to apply until Spring 2027.  And the title of the DMCCA itself – opening with the word “Digital” – could have led some businesses to not realise the extremely broad scope of the DMCCA and its application to businesses that do not have a particular ‘digital focus’.

That would be far from ideal, as the DMCCA introduced changes with a broader application than just digital services and subscriptions.  For example, another key development was that the DMCCA replaced and updated the existing Consumer Protection from Unfair Trading Regulations 2008 (which apply to a much wider range of businesses).

CMA powers to fine businesses under the DMCCA

It is therefore essential for all businesses to be aware of the DMCCA and the risks associated with non-compliance.  This is particularly because the CMA has the power to fine businesses for related breaches, and those fining powers are potentially significantly higher than the more widely known fining powers of the Information Commissioner’s Office (“ICO”) for data protection breaches under UK GDPR.

By way of comparison, it is relatively common knowledge for businesses these days that the ICO can issue fines for data protection breaches of between 2% and 4% of annual global turnover depending on the severity of the breach.  Under the DMCCA meanwhile, the CMA can potentially fine non-compliant businesses as much as 10% of annual global turnover (or up to £300,000 for those businesses with less than £3m annual turnover).

The first CMA fine under the DMCCA:  £473,000

Whilst the CMA’s fining powers under the DMCCA are still in their infancy, their first reported DMCCA fine is an indication that the CMA may be looking to take a harder line on financial penalties than the ICO has historically done in the exercise of its own fining powers so far.

The case in question saw Euro Car Parks – a car park management company – fined £473,000 by the CMA.  It is a particularly significant decision because the fine itself did not concern any alleged infringement of consumer protection law by Euro Car Parks.  Rather, the fine was specifically because the company initially failed to respond to a legally binding request for information from the CMA following several attempts.

CMA enforcement under the DMCCA moving forward

The Euro Car Parks case gives rise to an important question – namely, if they were fined £473,000 just for not responding to a CMA information notice on time – then what level of fine could a business receive if the CMA finds that they have actually infringed consumer protection law?

Other stated areas of enforcement priority for the CMA include fake and misleading reviews, early cancellation fees and online pricing practices.  Another stated CMA priority – and one which potentially has a broader scope – is the use by consumer-facing businesses of “contract terms that are clearly imbalanced and unfair”.

Another important point to note is that the DMCCA also granted the CMA the ability to pursue criminal prosecution and apply for an order to disqualify directors of companies that seriously infringe consumer law.

Potential implications for businesses

The CMA’s stated focus on contractual terms is particularly notable because it would potentially only require one part of a trading business’ consumer terms to be held to be “imbalanced and unfair” in order for that business to be at risk of enforcement action.

Not all traders have historically distinguished between their standard terms and conditions for business customers and consumers, meaning that their consumer customers are required to accept contract terms that are more favorable to the trader than consumer law would expect (as in several respects business-to-business terms can be more robust from the trader’s perspective compared to consumer terms).

In other cases, traders may have included less reasonable clauses in their consumer terms and conditions – e.g. indemnities from consumers to the trader for their breach of contract – as a ‘deterrent’ on the basis that the trader did not expect the clause to be enforceable in court if tested but that its inclusion could nonetheless make consumers ‘think again’ before breaching their contract.

The introduction and subsequent roll-out of the CMA’s fining powers under the DMCCA puts the aforementioned two approaches under the spotlight – i.e. will a business that has taken either such approach be at risk of receiving a fine should the CMA ever have reason to investigate their activities?

Businesses should therefore be considering whether – as Spring sets in – now is an appropriate time to review their consumer contracting arrangements and ensure that their terms are compliant with current consumer laws in light of the heightened enforcement risks.

If you are looking for tailored advice or assistance on this or any other matter,  please contact James Peel, Partner in our Commercial team on (01482) 325242 or email James.peel@andrewjackson.co.uk