Compliance

Website Compliance Checklist for UK Small Businesses in 2026

·1 min read ·Updated April 2, 2026

Running a website in the UK carries legal obligations most business owners do not know about. Here is every compliance requirement that applies to small business websites in 2026.

Must have: Privacy Policy

Required under UK GDPR if you collect any personal data. This includes contact forms, analytics, email signups, and cookies. ICO fines up to 17.5 million pounds.

Required under PECR. You need explicit consent before setting non-essential cookies. ICO fines up to 500,000 pounds. CookieYes and Complianz are free WordPress plugins that handle this.

Must have: HTTPS

While not explicitly mandated by a single law, the ICO considers unencrypted data transmission a failure to implement appropriate security measures under UK GDPR.

Should have: Terms of Service

Not legally required but strongly recommended. Protects you in disputes and sets clear expectations.

Must have if using AI: Disclosure

The Online Safety Act now covers AI chatbots. If your chatbot generates responses, you must disclose this to users. Ofcom can fine up to 10% of global turnover.

Should have: ICO Registration

If you process personal data, register with the ICO. Costs 40 pounds per year for most small businesses.

Scan your website free now — get your health score in 30 seconds →

Share this