The True Risks of Soft Opt-in for Fundraising: Why ‘Legal’ Doesn’t Mean ‘Right’
The 5th of February 2026 marked a watershed moment for the UK charity sector. With the implementation of the Data (Use and Access) Act 2025 (DUAA), the long-standing barrier preventing charities from using the ‘soft opt-in’ for email and SMS fundraising has finally fallen.
On paper, it looks like a victory. The Data & Marketing Association (DMA) predicts a £290 million boost in annual donations. Fundraisers are celebrating the ‘level playing field’ with commercial retailers. But be warned.
Just because you can spam your supporters, doesn’t mean you should.
While the legal gate has opened, the reputational and ethical floodgates have opened with it. This article explores the true risks of soft opt-in for fundraising and why the smartest charities are choosing to stick with Consent.
The ‘Corporate Spammer’ Trap
Imagine this scenario: A donor buys a charity Christmas card online. Under the new DUAA rules, you can now legally add them to your fundraising email list without their explicit ‘tick in the box’, provided you gave them a chance to opt-out.
It sounds efficient. It’s what ASOS and Amazon do. But here is the problem: You are not Amazon.
The psychological contract between a donor and a charity is fundamentally different from that of a consumer and a retailer. Commercial soft opt-in is tolerated because the transaction is transactional. Charity support is emotional. When you treat a donor like a customer to be retargeted, you commoditise their goodwill. You risk shifting your charity perception from ‘trusted cause’ to ‘corporate spammer’.
Charity support is emotional. When you treat a donor like a customer to be retargeted, you commoditise their goodwill. You risk shifting your charity perception from ‘trusted cause’ to ‘corporate spammer’.
Understanding the New Landscape (DUAA 2025)
Before we dive deeper into the risks, let’s clarify what has actually changed as of February 2026
The Data (Use and Access) Act 2025 amended the Privacy and Electronic Communications Regulations (PECR) to extend the soft opt-in to non-commercial organisations. To use it, you must meet three strict criteria:
- The Source: You obtained contact details while the person was expressing an interest in, or offering support to, your charity.
- The Opportunity: You gave them a clear chance to opt-out at the time of collection.
- The Exit: You provide an unsubscribe option in every single subsequent message.
Crucially, as highlighted by ICO guidance, this change is not retrospective. You cannot suddenly email the 50,000 ‘suppressed’ contacts sitting in your database from 2024. This brings us to our first major risk.
Risk 1: The ‘Two-Tier’ Database Nightmare
Adopting soft opt-in now creates a significant data governance headache. You will effectively be running two parallel compliance regimes:
Legacy Data (Pre-Feb 2026): Requires stricter GDPR-standard Consent.
New Data (Post-Feb 2026): Operates on Soft Opt-in (Legitimate Interests).
Pro-Tip: If your CRM isn’t sophisticated enough to segregate these audiences with 100% accuracy, do not attempt soft opt-in. Sending a soft opt-in email to a pre-2026 contact who hasn’t given consent is a direct breach of PECR, liable to heavy fines.
Risk 2: The Vulnerability Paradox
This is the ethical minefield that keeps compliance officers awake at night. The new rules allow soft opt-in when an individual “expresses an interest” in the charity’s purposes.
But what if that “interest” is a cry for help?
Consider a mental health charity. If someone downloads a guide on “Coping with Depression”, they have technically expressed an interest. Legally, under DUAA 2025, you might argue you can add them to your fundraising newsletter. Ethically, this is disastrous.
Soliciting donations from service users—especially those in vulnerable states—destroys trust. While you can build suppression lists, automation fails. The risk of accidentally fundraising from a beneficiary is significantly higher with an opt-out model than a consent-based one.
| Feature | Consent Model (Gold Standard) | Soft Opt-in Model (High Risk) |
|---|---|---|
| Donor Intent | Explicit (“Yes, I want to hear from you”) | Passive (“I didn’t say no”) |
| Open Rates | Typically higher (Engaged audience) | Likely lower (Volume over quality) |
| Spam Risk | Low | High (Unsolicited feeling) |
| Trust Level | Reinforces respect for data | Risks looking data-hungry |
| Regulatory Basis | Unambiguous GDPR Consent | PECR Exemption + Legitimate Interest |
Risk 3: The ‘Guidance Black Hole’
Even though the Act is live, the regulatory landscape remains murky. As noted in recent industry updates, the ICO’s detailed sector-specific guidance was still in draft form as late as December 2025.
Charities rushing to implement soft opt-in are effectively testing the waters without a life jacket. Ambiguities remain around what constitutes a valid “opportunity to opt-out” in complex digital journeys. If you get it wrong, you aren’t just annoying donors; you are inviting regulatory scrutiny during a period where the ICO is looking to set precedents.
Risk 4: Deliverability and Domain Reputation
Email service providers (Gmail, Outlook) monitor engagement metrics ruthlessly. They look for high open rates and low unsubscribe rates to determine if your emails should land in the Inbox or the Spam folder.
Soft opt-in inevitably leads to lists populated by people who are mildly interested, not highly engaged. This dilutes your engagement metrics.
The Consequence: If your spam complaints rise because people feel they didn’t “sign up” for your newsletter, your sender reputation tanks.
The Impact: Your urgent appeals to your committed donors might start ending up in Junk folders because of your soft opt-in strategy.
Strategic Recommendations: The ‘Helpful Content’ Approach
Instead of viewing the Data (Use and Access) Act 2025 as a licence to spam (which over excited fundraisers will!), view it as an opportunity to refine your ethical fundraising practices.
- Prioritise Quality Over Quantity
A list of 5,000 donors who explicitly said “Yes” is worth infinitely more than a list of 50,000 people who just didn’t say “No”. Focus your resources on building donor trust through transparent value exchanges.
- Use Soft Opt-in Only for ‘Hard’ Transactions
If you must use it, restrict it to clear financial transactions (e.g., ticket sales for a gala). Do not apply it to ‘soft’ interactions like petition signatures or information downloads, where the user’s intent to donate is ambiguous.
- Double Down on Transparency
If you implement soft opt-in, make the opt-out mechanism blindingly obvious. Do not bury it in small print. Check our Data Compliance Checklist to ensure your privacy notices are up to the new 2026 standards.
The risks of soft opt-in for fundraising outweigh the benefits for most relationship-based charities. While the law has changed to allow it, donor psychology hasn’t. In 2026, the most radical thing you can do is respect your donor’s inbox enough to ask for permission, not just forgiveness.
Cited Sources
- Data (Use and Access) Act 2025 (Legislation.gov.uk)
- ICO Guidance on Direct Marketing (2026 Update)
- DMA Insights on Charitable Soft Opt-in
- Fundraising Regulator Code of Fundraising Practice
Model: Google Gemini (Gemini 3 Pro) | Try Gemini
![The Science of Giving: Bridging the Intention-Act [infographic]](https://digitalforcharities.co.uk/wp-content/uploads/2025/12/Gemini_Generated_Image_ewxkj4ewxkj4ewxk.png)
![Psychology of Giving: The Identifiable Victim Effect [infographic]](https://digitalforcharities.co.uk/wp-content/uploads/2025/12/Gemini_Generated_Image_1w85zh1w85zh1w85.png)