Fundraising Rules and Regulation
How fundraising is regulated in the UK charity sector, what the rules require, and where the boundaries lie.
TL;DR Fundraising in the UK charity sector is mostly self-regulated, overseen by the Fundraising Regulator under a system with statutory backing but no direct statutory enforcement powers over most charities. The Fundraising Code of Practice (current version effective 1 November 2025) sets the standards. The rules require honesty, transparency, respect for donor wishes, and proper data handling. Most compliance issues come down to pressure tactics, poor data practices, and not being straight with donors about how their money will be used.
Why this matters
Fundraising is how most charities survive. It is also where charities are most visible to the public and most likely to cause harm if they get it wrong. High-profile scandals — aggressive street fundraising, intrusive telephone campaigns, the misuse of donor data — have done lasting damage to public trust in the sector.
Understanding the regulatory framework matters because it shapes what charities can and cannot do when asking for money. It also matters because the rules are not always intuitive: the system is a patchwork of self-regulation, data protection law, and specific statutory provisions, and many smaller charities do not fully understand their obligations.
The 5 things to know
1. The Fundraising Regulator oversees fundraising standards
The Fundraising Regulator is the independent regulator of charitable fundraising in the UK. It was established in 2016 following the Etherington Review, which was itself prompted by public outrage over aggressive fundraising practices — most notably after the death of Olive Cooke, a poppy seller who received thousands of charity mailings.
The Regulator is not a statutory body in the way the Charity Commission is. It operates through a system of self-regulation with statutory backing under the Charities Act. It oversees fundraising by charitable institutions and third-party fundraisers, sets standards through the Fundraising Code of Practice, investigates complaints, and can issue sanctions including requiring charities to change their practices. However, it cannot impose fines directly.
Registration with the Fundraising Regulator is voluntary for most charities, though organisations that spend more than £100,000 a year on fundraising are expected to register and pay a levy.
2. The Fundraising Code of Practice sets the rules
The Fundraising Code of Practice is the main document governing how fundraising should be conducted. The current version took effect on 1 November 2025 and applies to all fundraising carried out by or on behalf of charitable institutions in the UK.
The Code covers all forms of fundraising: face-to-face, telephone, direct mail, digital, events, legacies, major donors, corporate partnerships, and more. Its core principles are:
- Honesty and openness: Donors must be told the truth about the charity, how their money will be used, and any costs associated with the fundraising.
- Respect: Fundraising must not be unreasonably persistent, intrusive, or put pressure on people to donate.
- Fairness: Fundraisers must take account of the needs of people who may be in vulnerable circumstances.
- Accountability: Charities must be able to demonstrate compliance and handle complaints properly.
The Code also includes detailed rules on specific fundraising methods — for example, when fundraisers can and cannot visit people at home, what disclosures must be made in telephone fundraising, and how online giving pages should be presented.
3. The Fundraising Preference Service gives donors control
The Fundraising Preference Service (FPS) allows members of the public to stop direct marketing communications from specific charities. If someone registers a request through the FPS, the named charities must stop contacting them within 28 days.
The FPS was introduced as part of the post-2015 reforms and gives donors a simple mechanism to opt out of unwanted approaches. Charities registered with the Fundraising Regulator are required to comply with FPS requests.
In practice, the FPS handles a relatively small number of requests each year, but its existence is symbolically important — it signals that donor wishes take precedence over fundraising targets.
4. Fundraising regulation intersects heavily with data protection law
The relationship between fundraising regulation and the UK GDPR (and the Data Protection Act 2018) is one of the most practically important areas for charities to understand.
Charities that use personal data for fundraising — which is virtually all of them — must have a lawful basis for processing that data. For direct marketing, this usually means either consent or legitimate interests. The rules on electronic communications (emails, texts, automated calls) are stricter under the Privacy and Electronic Communications Regulations (PECR): in most cases, prior consent is required.
The Information Commissioner's Office (ICO) can and does take enforcement action against charities that breach data protection rules in their fundraising. Notable cases have included charities sharing donor data with other organisations without consent and using wealth screening services without adequate transparency.
The key takeaway: compliance with the Fundraising Code does not automatically mean compliance with data protection law, and vice versa. Charities need to get both right.
5. The Charities Act includes specific rules on professional fundraisers
The Charities Act contains provisions that apply when charities use professional fundraisers or commercial participators. A professional fundraiser is someone who carries on a fundraising business or is paid to solicit money on behalf of a charity. A commercial participator is a business that promotes its products or services on the basis that a contribution will go to charity.
Both must have a written agreement with the charity, and both must make specific disclosures to donors — including the fact that they are being paid and how much of the donation will reach the charity. These are statutory requirements, not just best practice, and breach can result in legal action.
This matters because many charities use external agencies for telephone fundraising, face-to-face fundraising, or direct mail campaigns. The charity remains responsible for ensuring these third parties comply with both the law and the Fundraising Code.
Common misunderstandings
"The Fundraising Regulator can fine charities." It cannot impose financial penalties directly. It can investigate, name charities publicly, and require changes to practice. For data protection breaches, it is the ICO that has fining powers.
"If we only fundraise online, the rules don't really apply to us." The Fundraising Code covers all fundraising methods, including digital. Online giving pages, social media appeals, crowdfunding, and email campaigns all fall within its scope.
"Consent is always required for fundraising communications." Not necessarily. Postal mail and telephone calls to non-TPS-registered numbers can in some circumstances be sent on a legitimate interests basis under UK GDPR. But electronic communications (email, text, automated calls) almost always require prior consent under PECR.
"Small charities don't need to worry about fundraising regulation." The Fundraising Code applies to all charitable institutions regardless of size. The expectations may be proportionate, but the core principles — honesty, respect, fairness — apply universally.
How it works in practice
A well-run fundraising operation starts with a clear policy that covers all the charity's fundraising methods, how donor data is collected, stored, and used, and how complaints are handled. Fundraising staff and volunteers are trained on both the Fundraising Code and data protection requirements.
When using external fundraising agencies, the charity has a written agreement that specifies standards, monitoring arrangements, and the disclosures the agency must make. The charity audits the agency's performance — including mystery shopping and reviewing complaint data — rather than simply trusting that standards are being met.
Donor communications are honest about costs, impact, and how gifts will be used. The charity respects opt-out requests promptly and does not use emotional manipulation or pressure tactics that exploit vulnerability. When things go wrong — a complaint, a data breach, an overly aggressive approach — the charity investigates properly and reports to the relevant regulator where required.
What people disagree about
Whether current fundraising regulation strikes the right balance is genuinely contested. Some argue that post-2015 reforms went too far, making it harder for charities to reach potential supporters and raising the cost of fundraising. Others believe the rules are still too weak and that self-regulation lacks teeth. See Aggressive Fundraising Tactics for more on this.
Commission-based fundraising — where fundraisers are paid based on the amount they raise — is another area of active debate. The Fundraising Code does not prohibit it outright but requires that it does not lead to undue pressure on donors. Critics argue that commission structures inevitably create perverse incentives; defenders say they make fundraising accessible to organisations that cannot afford large upfront costs. See Commission-Based Fundraising.
What to read next
- Reporting, Annual Returns, and Impact — understanding the financial reporting that underpins fundraising accountability.
- Governance and Trustee Duties — trustees are ultimately responsible for fundraising compliance.
- Safeguarding Basics for the Charity Sector — safeguarding considerations in fundraising contexts.
FAQs
Do all charities need to register with the Fundraising Regulator?
Registration is voluntary, but charities spending more than £100,000 a year on fundraising are expected to register and pay an annual levy. The Regulator encourages all fundraising charities to register as a signal of good practice.
Can a charity be shut down for bad fundraising practices?
Not by the Fundraising Regulator directly — it does not have that power. However, persistent or serious breaches can lead to Charity Commission involvement, ICO enforcement action for data protection breaches, or reputational damage that effectively ends a charity's ability to fundraise.
What should a charity do if it receives a complaint about its fundraising?
Investigate promptly, respond to the complainant, and record the outcome. If the complaint reveals a systemic issue, the charity should review and change its practices. Complaints that indicate serious harm or regulatory breach should be reported to the Fundraising Regulator and, where relevant, the ICO.
Is it legal to pay fundraisers on commission?
Yes, it is legal, but the Fundraising Code requires that payment structures do not lead to undue pressure on donors. Charities using commission-based models must ensure fundraisers are properly trained and supervised, and that donor welfare is not compromised by financial incentives.