If you sell an auto-renewing subscription, your SaaS subscription agreement (and the cancellation flow that goes with it) is under more legal pressure now than it was a year ago, even though the FTC’s federal “click-to-cancel” rule was struck down in 2025. Enforcement didn’t stop. It just shifted to older federal statutes, a $35 million settlement, and the first city-level cancellation rule in the country.
I represent lots, literally 100s and 100s, of SaaS companies, and “negative option” billing (the auto-renew model almost every subscription runs on) is one of those spots where the law is moving faster than most vendors’ order forms. So here’s where things actually stand, and what to check in your own contract.
What a “negative option” actually is.
A negative option is any deal where your customer’s silence or inaction counts as agreement to keep paying: the classic auto-renewing subscription. Your customer signs up, and the plan renews and charges again unless they affirmatively cancel. It’s a perfectly legal model (it’s how most of the SaaS world bills). The legal risk isn’t the auto-renew itself. It’s whether you disclosed it clearly, got real consent to it, and made canceling easy. Here is the practical tip: those three duties are exactly what your auto-renewal clause, or even better your checkout screen, is supposed to handle. I think the checkout screen (the order) is a much better place for them than the underlying agreement.
The federal click-to-cancel rule got vacated, but don’t relax.
In October 2024 the Federal Trade Commission finalized its “Click-to-Cancel” Rule, which would have imposed detailed nationwide disclosure, consent, and easy-cancellation requirements on negative-option sellers. The Eighth Circuit vacated that rule in its entirety in July 2025, holding the FTC skipped a required preliminary regulatory analysis under its Magnuson-Moss rulemaking authority. (Translation: the rule died on procedure: the court did not bless subscription traps.) The FTC reopened the process in March 2026 with a fresh advance notice of proposed rulemaking, so a narrower federal rule is likely coming back. The takeaway for vendors: the federal standard is paused, not gone, and waiting for the rerun is the wrong way to plan.
The FTC is still enforcing. Just ask Shutterstock.
Here’s the part vendors miss: losing the rule did not disarm the FTC. It still enforces negative-option practices under Section 5 of the FTC Act and the Restore Online Shoppers’ Confidence Act (ROSCA). In May 2026 the FTC announced a $35 million settlement with Shutterstock over exactly this. The FTC alleged Shutterstock buried its auto-renewal terms and early-termination fees, converted “free trials” into paid annual plans without clear notice, and made cancellation a slog. The order now requires Shutterstock to clearly disclose material terms, get express informed consent to the charge, and offer a simple way to cancel. That’s the FTC’s enforcement playbook with or without a rule on the books, and it applies to a SaaS vendor the same way it applied to a stock-image platform.
New York City just went first.
While the federal rule sorts itself out, states and cities are filling the gap. In April 2026 New York City’s Department of Consumer and Worker Protection proposed the first municipal “click-to-cancel” rule in the country. If adopted, it would require clear pre-enrollment disclosure (price, billing frequency, cancellation deadline and method), a cancellation mechanism at least as easy as sign-up and through the same channel, and renewal reminders 15 to 45 days out, with penalties starting at $525 per violation. It largely tracks existing New York State law (General Business Law § 527-a) and stacks on top of California’s Automatic Renewal Law and similar state statutes. The practical upshot: even with no federal rule, a SaaS vendor selling nationwide now faces a patchwork of state, and now city, cancellation requirements, and you generally have to design to the strictest one.
What your SaaS subscription agreement should say.
For most vendors, the fix is “a small update, not a rewrite.” The state and FTC standards all point the same direction, so a compliant SaaS subscription agreement and sign-up flow should do four things:
- Disclose before the charge. Put price, billing cadence, renewal date, and how to cancel in front of the customer before they pay, not buried in the terms. This is where your online consent flow earns its keep.
- Capture real consent. Use a separate, affirmative checkbox or click for the auto-renew term. Don’t let it ride on the general “I agree to the terms.” And remember a click only binds if the flow is built right. That is what clickwrap enforceability comes down to.
- Make canceling as easy as signing up. If they joined online in two clicks, they should be able to cancel online in about two clicks. No phone-only cancellation, no retention maze.
- Send renewal reminders. A reminder before each renewal (and before a free trial converts to paid) is now a baseline expectation, not a courtesy.
None of this is hard to fix. It’s just easy to overlook until a demand letter or a chargeback wave shows up. If you want a second set of eyes on your renewal and cancellation language, that’s exactly the kind of cleanup a SaaS agreement attorney handles in an afternoon. Trust me on this one: tighten it now, while it’s a 30-minute fix and not a $35 million problem.
I hope this helps and reach out if you have any questions!
Click-to-Cancel Compliance: Common Questions.
Is the FTC click-to-cancel rule still in effect? No. The Eighth Circuit vacated the FTC’s Click-to-Cancel Rule in July 2025 on procedural grounds. But the FTC still enforces auto-renewal practices under Section 5 and ROSCA, and reopened a fresh rulemaking in 2026, so the federal standard is paused, not gone.
What does a compliant SaaS auto-renewal clause need? Clear disclosure of price, billing cadence, and renewal date before the charge, separate affirmative consent to the auto-renew, a cancellation path as easy as sign-up, and renewal reminders before each charge.
Do state auto-renewal laws apply to my SaaS company? If you sell nationwide, yes. California’s Automatic Renewal Law, New York’s General Business Law, and now New York City’s proposed rule each add requirements, and you generally have to design to the strictest one.
Resources:
- SaaS Contracts & Agreements for Software Vendors
- 3 Nuggets Every SaaS Company Needs to Remember
- What is Up with Signing Contracts Online?
- SaaS Agreement vs. Software EULA: Which Template Do I Need?
Disclaimer:
This post is for informational and educational purposes only, and is not legal advice. You should hire an attorney if you need legal advice, which should be provided only after review of all relevant facts and applicable law.
Discover more from Aber Law Firm
Subscribe to get the latest posts sent to your email.