An exceptional customer journey extends far beyond the initial point of sale. And nowhere is this truer than for subscription-based businesses, whose continued success is based on delivering consistently seamless, high-quality experiences throughout each customer's time as a subscriber - from the initial sign-up through to the point where they decide to terminate their subscription for whatever reason.
Indeed, these new models have transformed the way many businesses interact with their customers, applying lessons learned from established subscription-based services, such as gyms and streaming services. From both traditional retailers and ecommerce specialists offering scheduled deliveries of household essentials, groceries, and entertainment products, to the now-ubiquitous software-as-a-service model and premium subscriber options on popular social media platforms, there are numerous channels for forward-thinking businesses to establish 'sticky' streams of income, with more still to reveal themselves.
However, the rules around offering and managing subscriptions and memberships of any sort are about to change, particularly with regards to cancellations…
Throughout 2026, the Competition and Markets Authority (CMA)'s regulations around buyer protection and autorenewals are going to evolve, as part of the existing Digital Markets, Competition and Consumers Act 2024 (DMCC Act), in order to help consumers avoid getting trapped in unwanted subscriptions. Organisations found to be in violation of these new regulations can expect to face fines of as much as 10% of their annual revenue.
As a result, any retailer that offers subscriptions or memberships of any kind must be aware of how these changes will impact them in the months ahead and, adapt their systems and processes to ensure they remain fully compliant with all applicable regulations, and - most importantly - ensure that they are still able to offer a world-class experience for their subscribers.
So, what's about to change and how can we best prepare?
- Specific pre-contract information must be provided. The DMCC Act distinguishes between key pre-contract information and full pre-contract information. Both must be provided in full at the initiation of the contract, or the customer will not be bound by the stated terms. Compulsory elements include:
- Full details of payments, include frequency and amounts.
- Minimum total liability.
- Schedule of reminder notices.
- Full cancellation rights.
- Reminder notices will be compulsory. It is no longer enough to assume a customer will automatically want to renew their subscription. Reminder notices must be sent in advance of the renewal date.
- Cooling-off periods will also be compulsory. This applies to both new subscriptions and renewals. Customers must have 14-day window to cancel their subscriptions without penalty.
- Cancellations must be as simple as possible. Cancellation instructions must be provided, and the process must not include any unnecessary steps. This also applies to online subscriptions. Confirmation must be provided within 24 hours.
There's certainly a lot to consider here, but rather than treating these changes as onerous compliance obligations, why don't we treat them as an opportunity to reconsider the overall subscriber journey, and look for new opportunities to enhance it?
Traditionally, when a customer wishes to cancel a subscription or membership, they've done so by speaking to an agent, who will then have the opportunity to discuss their reasons for cancelling and potentially offer some perks to change their mind. In light of the changes mandated by the new DMCC, this is unlikely to be practical in the majority of cases, when customers are able to unsubscribe with a single click. This has the potential to create a serious loss leader for subscription-based businesses whose customer engagement strategy is based on an initial discount or free gift (e.g. the first month's delivery is free, after which the subscriber pays the usual rate), as there is nothing to stop customers hitting 'unsubscribe' right before their first payment is due.
However, with agentic AI and intelligent automation currently transforming both the contact centre environment and the wider customer journey, numerous opportunities have presented themselves to ensure full compliance can seamlessly co-exist with personalised experiences that maximise long-term retention and build brand loyalty.
For example, if someone is looking to cancel via a page on your website and you have already implemented a chatbot function that they use to request a cancellation, the bot can automatically engage a real customer service agent, who can discuss the reasons for their cancellation, provide any hands-on support they need, and (ideally!) offer any perks or resolutions that will entice them to stay.
If your contact centre environment and chatbot functions have been intelligently integrated (as they should be!), these interactions can then be utilised to drive further optimisations, such as ensuring cancellation requests are routed to agents who have the best records of retaining customers, or ensuring agents don't invest their time and effort on accounts that have no realistic chance to renewing their subscriptions. For example, AI-based analytics can identify trends in customer data, such as individual addresses that have signed up for multiple trials but never made a purchase, which will allow agents to focus their attention where it will prove most effective.
And of course, the best approach to minimising cancellations is ensuring customers never want to cancel to begin with! All the data gather through customer interactions - whether it's with an agent or chatbot - can help build up more accurate, comprehensive customer personas that support highly personalised offers, helping to maximise the number of subscription renewals.
Above all, while regulations evolve and customer expectations naturally shift, the value of a personalised experience, delivered by an attentive, knowledgeable professional is a constant for the Retail sector. If we keep this in mind while making full use of the possibilities AI-powered automation offers us, the opportunities will be tremendous.
If you'd like to take a deep dive into your own customer journey and identify where the intelligent application of new technologies could make that all-important difference, just get in touch.
Exponential-e & Retail
Our Retail brochure offers a comprehensive overview of how we draw on a deep understanding of the sector's singular challenges, an evolving technology ecosystem, and a highly consultative approach to offer bespoke solutions that help staff deliver their best for every customer - both online and in person.
525 Hits
The question every leader should ask this week:
"If my Cloud provider went down tomorrow, would my business stay online and remain trading?"
If the answer isn't a confident "yes," it's time to reconsider your business continuity strategy...
Recent outages from AWS (20-10-25) and Azure (30-10-25) left global organisations offline for hours. Critical applications went dark, disrupting entire operations, along with the associated revenue streams and the cost of a workforce unable to work!
2027 Hits
In today's interconnected society, our data is a fundamental part of our personal and professional lives, informing everything from the way we communicate and collaborate with our colleagues to the way we do our weekly shop. Seamless, secure flows of data have transformed the way we access many critical services and helped bring a rich vein of new innovations to market, but as with any period of intensive technological evolution, these benefits have come at a price…
In a highly unpredictable geopolitical landscape, the growing volumes of data created, stored, and transferred by public sector and enterprise organisations present an extremely attractive target for bad actors, as does corporations' intellectual property and citizens' personal data. It's unsurprising that organisations across the public and private sectors are treating the continued integrity of their data as a critical priority – not only to avoid the financial and reputational consequences of a breach, but also to provide customers and prospects with assurance that their critical data will always be protected, both at rest and in transit.
Data sovereignty is a key part of this journey, by which we mean – in the broadest sense – guarantees over the geographical locations in which data may be stored. Most technology providers will already have such guarantees in place, typically involving the location of their hosting environments. However, with the now near-ubiquity of Cloud platforms and the growing complexity of security and compliance, the nature of true data sovereignty is no longer so clear.
With this in mind, consider the following questions when evaluating Cloud providers…
Is your Cloud provider fully incorporated in your desired location? While they may maintain hosting environments there, can they say the same for the Cloud platforms you will be utilising, particularly if they are operating as part of a larger umbrella company? If not, you cannot guarantee that your data will remain within the country when in transit, which may lead to compliance and security issues
Will they maintain full jurisdictional control of all data? Related to the above point, with several governments having now implemented regulations that grant them access to data stored in Cloud platforms (e.g. the US Cloud Act), providers must be able to guarantee that customer data will never be subject to such overreach. This is especially critical for any sort of public sector data, particularly Government and defence.
Can they specify which personnel have access to their Cloud platforms? Again, all engineers who will be maintaining the Cloud platform and acting on behalf of customers must be based in their sovereign nation, with the appropriate clearances and certifications in place.
Does their data sovereignty extend to their disaster recovery and business continuity practices? The sovereignty of data centres must extend to back-up environments, which must also be located in the designated geographical region, with air gapping, data encryption, and zero-trust security measures utilised as appropriate, and all of this subject to annual audit.
Will they maintain full jurisdictional control of all data? Related to the above point, with several governments having now implemented regulations that grant them access to data stored in Cloud platforms (e.g. the US Cloud Act), providers must be able to guarantee that customer data will never be subject to such overreach. This is especially critical for any sort of public sector data, particularly Government and defence.
Can they specify which personnel have access to their Cloud platforms? Again, all engineers who will be maintaining the Cloud platform and acting on behalf of customers must be based in their sovereign nation, with the appropriate clearances and certifications in place.
Does their data sovereignty extend to their disaster recovery and business continuity practices? The sovereignty of data centres must extend to back-up environments, which must also be located in the designated geographical region, with air gapping, data encryption, and zero-trust security measures utilised as appropriate, and all of this subject to annual audit.
This is why Exponential-e has continued to develop our ability to guarantee true data sovereignty, in direct response to the evolving digital and geopolitical landscapes. To this end, we were recently certified as a VMware Sovereign Partner, reflecting our ability to provide complete assurance around the sovereignty and control of digital assets. The are multiple dimensions to this, including our hosting facilities, support, management, regional jurisdictions, security clearances, and ability to deliver complementary services, such as Bring Your own Key (BYoK) and both shared and dedicated Cloud environments. As a proudly UK-based company for more than twenty years, our full range of solutions is designed with true sovereignty inherent in the design – something we continue to develop in response to the latest regulations, geopolitical shifts, and security challenges.
If you are in any way concerned about the sovereignty of your data and your key platforms, do not hesitate to reach out to our team, who will guide you through these challenges, ensuring you can continue your Cloud journey with complete peace of mind.
678 Hits
A new approach to managing and hosting critical data in support of the UK's Defence and national security
In a comparatively short space of time, the integrity of the UK's data has become a top priority for our Defence sector, with bad actors mounting an increasingly sophisticated range of attacks to disrupt critical services, potentially putting lives at risk and compromising our national security.
1047 Hits
In a heightened cyber threat landscape - where ransomware attacks are increasing in frequency and sophistication - and having weathered the challenges of COVID-19 and the resulting move to hybrid working, the Finance sector is still continually challenged to demonstrate to its customers that critical services will remain available no matter what, and that sensitive financial data will remain fully secure at all times.
3420 Hits
The Finance sector has always been one of the most dynamic, rapidly evolving industries, and this shows no signs of changing any time soon. But while shifts in the landscape may well open new opportunities, they will also come with new challenges, and it is the organisations who are ready and able to face these head-on who will continue to thrive in the years ahead.
3098 Hits
On Monday 13th October, Vodafone customers experienced a blackout of internet and mobile services, with more than 130,000 reports flagged to web outage monitors. In many cases, business users reported they had been left unable to trade, or even communicate with colleagues or customers, throughout the outage, leading to a demonstrable loss of profits. This included other telecoms providers utilising Vodafone's network, who were similarly affected.
1465 Hits
In light of numerous dramatic shifts in the geopolitical landscape in recent months, this blog has reiterated the need for organisations across all sectors to strengthen and - if necessary - reconsider their cyber security postures, in order to prepare for the anticipated attacks by global bad actors. The legal sector is no exception, particularly as these attacks are anticipated to specifically target the most high-value data.
4037 Hits
Retailers - be they small local shops, online sellers, or top global brands - generate, transfer, and store more data than ever before, ranging from customer data (both online and in-store, as we have considered in previous articles), to supply chain and asset tracking data. Whether it's shopping online or utilising in-store apps to access the latest savings and special offers, the way customers shop has fundamentally changed forever, with the data they generate online and in person allowing retailers to build up unique personas that drive truly bespoke experiences.
3785 Hits
In October 2023, the British Library suffered "one of the worst cyber incidents in British history," as described by Ciaran Martin, ex-CEO of the National Cyber Security Centre (NCSC).
The notorious Rhysida ransomware gang broke into one of the world's greatest research libraries, encrypting or destroying much of its data, and exfiltrating 600 GB of files, including personal information of British Library staff and users.
78976 Hits
Although the sector as a whole has traditionally been comparatively wary of the ever-increasing pace of technology, legal services are increasingly data driven, with an abundance of AI-related discussion emerging within legal technology circles. The core Document Management Systems (DMS) and Practice Management Systems (PMS) remain the centre of focus for how and where to deploy a variety of rapidly maturing SaaS platforms, or dedicated, highly customised suites.
2317 Hits
We make payments, large and small, every day of our lives. From paying our bills and making payments to friends online, to the large-scale bank transfers that help business flow. Money changes hands through a wider range of channels and platforms than ever before, to the extent the days of cash-in-hand being the default payment model are a fading memory for many of us. The convenience and flexibility can't be disputed, but as with any emerging technology, the new flows of data must be given careful consideration, ensuring businesses and customers alike can rest assured that their money will remain secure throughout every stage of every transaction.
1807 Hits
When it comes to insurance and financial services, the ability to offer clients peace of mind is the key to ensuring the sector's continued longevity. Cyberattacks are evolving in frequency and sophistication, with criminals selecting progressively more ambitious targets, and even minor IT outages, whether they're caused by human error or 'acts of God', will have a serious effect on firms' operations, negatively affecting both profitability and brand reputation. With this in mind, firms must reconsider the way they approach operational resilience, particularly regarding the way access rights for critical systems and data are managed.
2278 Hits
The way organisations design, deploy, manage, and scale their IT infrastructure has changed in ways that would have been inconceivable just ten years ago.
2418 Hits
A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia's state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia's invasion of Ukraine, crippled the company's operations and cost millions of euros in damages.
3182 Hits
What's happened?
Recorded Future has reports that the British Government is proposing sweeping change in its approach to ransomware attacks.
119889 Hits
For some years now, Cloud adoption has been steadily on the rise across the UK's Finance sector, with organisations including banks, insurers, and investment firms phasing out increasingly cumbersome legacy systems in favour of more scalable, agile, and cost-effective infrastructure. Indeed, more than 48% of UK banking services are now built on Cloud infrastructure.
3002 Hits
Having returned from the BSA Conference 2025, it was clear that building societies are navigating a critical juncture - balancing their relationship-led service models while addressing the urgent need to modernise outdated systems and improve operational efficiency. Given the current geopolitical climate, and the increasing pace of innovation, developing a strategy that not only solves immediate challenges, but offers sufficient scope to tackle future issues, can often seem like a moving target.
1635 Hits
© 2026 Exponential-e Ltd. Reg. No. 04499567, Reg. Address:100 Leman Street, London E1 8EU