SaaS Contracts · Memo

Auto-Renewal Enforcement Under California Bus. & Prof. Code Section 17602

A peer-to-peer note on what the 2024 amendments changed, the UCL exposure for non-compliant enrollment flows, and the defensible checkout that I now treat as the floor for any consumer SaaS sold into California.

I have been working through a stack of SaaS subscription audits since the September 2024 amendments to California Business and Professions Code section 17602 took effect, and the pattern that keeps surfacing is worth a short memo. Counsel on the platform side often still treats auto-renewal compliance as a checkout-page cosmetic. It is not. After the latest amendments, it is a statutory cause of action with its own remedy regime, and it stacks neatly onto a UCL claim under Business and Professions Code section 17200. For a national subscription business with even a thin California user base, the litigation exposure is now the kind of thing a senior partner should be checking the day a new subscription flow is shipped.

What section 17602 actually requires

The statute, as amended, requires a regulated business to do four things in connection with any automatic renewal or continuous service offer made to a California consumer. First, the auto-renewal terms must be presented in a clear and conspicuous manner in visual proximity to the request for consent to the offer. Second, the consumer's affirmative consent to the agreement containing the auto-renewal terms must be obtained before charging the consumer's payment method. Third, the business must provide an acknowledgment that includes the auto-renewal terms, cancellation policy, and information regarding how to cancel in a manner that is capable of being retained by the consumer. Fourth, and this is the piece the 2024 amendments tightened, the business must provide a prominent online mechanism for cancellation that the consumer can use without speaking to a live agent.

The 2024 amendments added two operational requirements that matter for litigation posture. The first is the renewal-notice cadence: businesses must provide a clear and conspicuous renewal notice between fifteen and forty-five days before the auto-renewal date for any subscription longer than one year, and similar notices before any material change to the terms. The second is the symmetry rule: cancellation cannot be materially more difficult than enrollment. If sign-up takes two clicks, cancellation cannot take six clicks plus a phone call. The statute uses softer language than I am paraphrasing here, but that is how the plaintiffs' bar is reading it and that is how the courts have been reading it.

The UCL stacking problem

Section 17602 violations have always supported an Unfair Competition Law claim under Business and Professions Code section 17200. The damages calculus is what makes the stacking unpleasant. A pure 17602 claim entitles the consumer to restitution of all charges collected in violation of the statute. That is already meaningful on a $20-per-month subscription with a few hundred thousand California users. The UCL stack pulls in section 17200's restitution-and-injunction remedy plus the section 17204 standing rule, which after Kwikset Corp. v. Superior Ct., 51 Cal. 4th 310 (2011), is satisfied by any economic injury attributable to the unlawful business practice. In a putative class context that means the plaintiff does not need to allege that the auto-renewal itself was unwanted; just that the consent process was non-compliant.

This is why the post-amendment class wave is real. I have reviewed roughly two dozen complaints filed in California state court between October 2024 and early 2026 that allege some combination of inconspicuous enrollment language, missing pre-renewal notices, and asymmetric cancellation paths. The complaints follow a template. The pleading on the cancellation-symmetry point is the part I would expect to harden through 2026, because the underlying flow is the easiest to fix and the easiest to plead with a screenshot.

Defensible enrollment flow

This is what I now treat as the floor for a California-facing consumer SaaS enrollment page. None of it is novel. All of it is conceded by the better-defended platforms in the matters I have reviewed.

1. Auto-renewal disclosure in the same visual unit as the call-to-action button. Not below the fold. Not in a tooltip. Not in linked-out terms. The disclosure includes (a) the recurring charge amount, (b) the renewal cadence, (c) the cancellation right, and (d) the location of the cancellation mechanism. Twelve to sixteen point type. Same contrast as the surrounding text.
2. An affirmative consent checkbox that the user must click. Pre-checked boxes do not satisfy the statute. The Restoring Online Shoppers' Confidence Act, 15 U.S.C. section 8403, is even more pointed on this for federal-claim purposes and the FTC's 2024 negative-option rule guidance follows the same logic. Belt and suspenders: build to the stricter of the two.
3. Post-enrollment acknowledgment delivered to a retainable channel (email, in-app PDF, account dashboard archive). Reciting the auto-renewal terms, the cancellation policy, and the cancellation URL. Time-stamped. Logged in a way that can be retrieved on a discovery request without engineering escalation.
4. Pre-renewal notice between fifteen and forty-five days before any renewal of an offer with an initial term of one year or longer. Same retainable channel. Same logging.
5. One-click in-account cancellation, no agent call required. The link surface must be at least as prominent as the upgrade or upsell controls. I would not nest it more than two levels deep in account settings.

The piece counsel commonly miss is the logging requirement, which is implicit rather than express in section 17602. If the statute is litigated as a class claim, the defense burden of showing per-user compliance falls on the platform. Logs of consent timestamp, disclosure version served, acknowledgment delivery, and pre-renewal notice delivery are the predicate for any individualized affirmative defense. Without them, the plaintiff's class definition runs unopposed.

Choice-of-law and arbitration interplay

Two procedural moves worth flagging. Choice-of-law clauses pointing to Delaware or New York do not displace section 17602 for California residents. The statute is treated as a state consumer-protection enactment that California courts apply on a public-policy basis, and the analysis under Nedlloyd Lines B.V. v. Superior Ct., 3 Cal. 4th 459 (1992), almost always lands on California law for a California plaintiff. I would not draft around it.

Arbitration clauses are a different story. Properly drafted, an individual-arbitration clause with a class waiver can move the dispute out of court for any plaintiff who is bound by it. The McGill rule under McGill v. Citibank, N.A., 2 Cal. 5th 945 (2017), still bars waiver of the right to seek public-injunctive relief, and a recent line of cases continues to police clauses that try to strip that remedy. Drafting tip: keep the public-injunctive-relief carve-out explicit. A boilerplate AAA clause that purports to waive all class and representative actions, read literally, runs into McGill and the rest of the agreement may fall with it depending on severability language.

How I would triage exposure on a portfolio

If counsel is inheriting a subscription book that has been live in California for more than a year, I would run a three-part audit. Step one: pull the current enrollment page and compare against the section 17602 checklist above. Most non-compliance is at this layer and fixable in a sprint. Step two: pull the email and in-app notice logs for the last twelve months and confirm that the pre-renewal cadence has been met for the longer-term plans. This is where I usually find gaps. Step three: walk the cancellation flow end-to-end as a logged-in user, with stopwatch in hand, and compare clicks-to-enroll against clicks-to-cancel. If cancellation requires more affirmative user action than enrollment, treat that as a priority remediation.

I am not saying that any of this is a guaranteed defense. Discovery is meaningful, the statute is read broadly, and a determined plaintiff will probe for the gaps. But the matters I have worked tend to settle in a range that correlates closely with how complete the logging is. Strong logs, clean disclosure, and symmetric cancellation paths lower the settlement curve by a meaningful multiple. Weak logs and asymmetric cancellation paths invite the class.

Sergei Tokmakov, Esq., CA Bar #279869. This memo is attorney commentary on legal questions and is not legal advice. Reading it does not create an attorney-client relationship. Past matter outcomes depend on facts and the responding party; nothing here is a prediction of result.