Fundraising Compliance in 2026: What Every UK Health Charity Must Get Right

The Regulatory Ground Has Shifted Under Your Feet

If you are a fundraiser at a UK health charity and you have not reviewed your compliance framework since October 2025, you are operating on outdated assumptions. The new Code of Fundraising Practice came into force on 1 November 2025, replacing the previous version after more than two years of consultation. It represents the most significant change to fundraising regulation in the UK since the Code was first introduced.

At GAIGNetwork, compliance is not something we treat as a box-ticking exercise. It is foundational to ethical fundraising — and ethical fundraising is the only kind we believe in. This article breaks down what has changed, what it means for health charities specifically, and what you need to do about it.

The New Code of Fundraising Practice: Five Critical Changes

1. A Principles-Based Approach Replaces Prescriptive Rules

The most fundamental change in the new Code is the shift from detailed, prescriptive rules to a principles-based approach. The new Code is 45% shorter than its predecessor (though it still runs to 93 pages) and replaces lengthy scenario-specific guidance with broader principles that charities must interpret and apply to their own circumstances.

This sounds like it should make life easier. In practice, it creates a new challenge: your charity must now demonstrate that it has actively considered how the principles apply to its specific fundraising activities and documented its reasoning.

The Fundraising Regulator has published a support guide on best practice in documenting fundraising decisions, covering meeting minutes, conflicts of interest, and risk assessments. If you have not read it, do so this week.

What this means for health charities: You can no longer rely on following a checklist of specific rules. Instead, you need a culture of thoughtful decision-making, documented at every stage. This is particularly important for health charities that use emotive messaging — the principles around vulnerability, dignity, and informed consent now require you to demonstrate your reasoning, not just follow a formula.

2. New Obligations to Protect Fundraisers

For the first time, the Code includes a specific requirement to protect fundraisers from harm and harassment whilst fundraising (Code section 2.1.2). This reflects growing recognition that fundraisers — particularly those working face-to-face or door-to-door — can face abuse, intimidation, and unsafe situations.

Charities must now have processes for fundraisers to report issues (whether to line managers or through formal whistleblowing channels) and must take reasonable steps to address any concerns raised.

What this means for health charities: If your charity uses face-to-face fundraising, community fundraising, or any form of direct public engagement, you need clear policies and reporting mechanisms. This is not just about compliance — it is about looking after the people who raise money for your cause. Review your current arrangements and update your fundraiser welfare policies.

3. Convenience Giving and Unstaffed Collections

The new Code introduces dedicated sections on convenience giving and unstaffed collections (sections 7.5.1 and 7.5.2). These cover static collection points, tap-to-donate terminals, "top-up" payment options at supermarket tills, and other automated giving methods that have proliferated in recent years.

The key requirement is transparency: donors must have access to clear and accurate information about who the money goes to, the charity numbers of benefitting organisations, and details of any processing fees or payments to third-party fundraisers.

What this means for health charities: If you use any form of contactless or automated donation technology, audit your current setup against the new requirements. Ensure that every donation point clearly displays who benefits and what fees are deducted. Donors increasingly expect this transparency, and the Code now mandates it.

4. Data Protection Rules Removed — But Not the Obligations

In a significant structural change, the new Code has stripped out its data protection provisions entirely. This does not mean data protection no longer matters — far from it. The Fundraising Regulator has recognised that the Information Commissioner's Office (ICO) is the lead authority on data protection and has chosen to signpost to ICO guidance rather than duplicate it.

Specific rules on direct marketing are now set out in section 8 of the Code, alongside a new standalone section on fundraising platforms. Notably, the Data (Use and Access) Act may extend the "soft opt-in" exemption to charities, which could significantly change how health charities approach email and digital marketing. The full implications of this are still being clarified.

What this means for health charities: Do not interpret the removal of data protection provisions from the Code as a relaxation of requirements. You must still comply fully with UK GDPR and the Privacy and Electronic Communications Regulations (PECR). If anything, the shift means you need to engage more directly with ICO guidance rather than relying on the Code as a proxy. Review your data processing agreements, consent mechanisms, and privacy notices.

5. Mandatory Cooperation With the Fundraising Regulator

The new Code introduces an explicit obligation to cooperate fully and constructively with any investigation by the Fundraising Regulator (section 2.1.3). While the Code is not legally binding, the Fundraising Regulator has a powerful set of enforcement tools:

• Referring matters to the Charity Commission or the ICO
• Highlighting non-compliance on its public Fundraising Directory
• Suspending a charity's use of the Fundraising Badge
• Publicising failures to comply on its website

The reputational consequences of non-cooperation can be severe, particularly for health charities that depend on public trust.

What this means for health charities: Ensure your senior leadership and trustees understand that cooperation with the Fundraising Regulator is now a Code requirement, not a courtesy. Have a clear internal process for responding to regulatory enquiries promptly and transparently.

Beyond the Code: The Wider Compliance Framework

The Code of Fundraising Practice is the most visible part of the compliance landscape, but it is not the only part. Health charities must also navigate:

Charity Commission Guidance (CC20)

The Charity Commission's guidance on fundraising, CC20, was updated in February 2026. It sets out trustees' duties in relation to fundraising, including the requirement to:

• Comply with the law and follow the Code of Fundraising Practice
• Plan fundraising effectively and manage risks
• Conduct due diligence on professional fundraisers and commercial participators
• Ensure solicitation statements are accurate and legally compliant
• Report suspicious activity or donations
• Produce annual reports that explain fundraising approaches and costs

CC20 makes clear that trustees bear ultimate responsibility for their charity's fundraising, even when activities are delegated to staff or third parties.

The Charities Act 2022

The Charities Act 2022 introduced several provisions relevant to fundraising, including greater flexibility for charities when fundraising appeals raise too much or too little for their intended purpose. The Act also simplified rules around charity mergers and the transfer of gifts between merged organisations.

GDPR and PECR

UK GDPR and the Privacy and Electronic Communications Regulations continue to govern how charities collect, store, and use donor data. Key requirements include:

• Lawful basis for processing: Ensure you have a clear lawful basis (consent, legitimate interest, or contractual necessity) for every category of donor data you process
• Consent for electronic marketing: Under PECR, you generally need consent before sending marketing emails or texts to individuals, unless the soft opt-in exemption applies
• Data subject rights: Donors have the right to access, rectify, and erase their personal data. Ensure your processes can handle these requests within the statutory timeframes
• Data Protection Impact Assessments: For high-risk processing activities (such as profiling donors or processing health data), conduct and document DPIAs

The Compliance Gap: Where Health Charities Fall Short

Research published by the Fundraising Regulator in January 2026 found that 56% of charities now fully comply with rules on fundraising reporting — a significant improvement from 33% in 2022, but still leaving nearly half of charities falling short.

From our experience working with GAIGNetwork members, the most common compliance gaps for health charities are:

1. Inadequate Documentation

Many charities make good fundraising decisions but fail to document them. Under the new principles-based Code, documentation is no longer optional — it is the primary evidence of compliance.

2. Outdated Privacy Notices

Privacy notices that were written when GDPR first came into force in 2018 are often no longer fit for purpose. If your charity has added new fundraising channels, data processors, or donor engagement methods since then, your privacy notice needs updating.

3. Weak Third-Party Oversight

Charities that use professional fundraisers, commercial participators, or fundraising platforms often lack adequate oversight of these relationships. The new Code requires charities to ensure that their fundraising partners also cooperate with the Fundraising Regulator — a requirement that should be reflected in your contracts.

4. Insufficient Trustee Engagement

Too many boards treat fundraising compliance as an operational matter rather than a governance priority. CC20 is clear: trustees are ultimately responsible. Ensure fundraising compliance is a standing agenda item at board meetings.

Your Compliance Checklist: Ten Actions for This Quarter

Here is a practical checklist that every UK health charity should work through before the end of this quarter:

1. Read the new Code of Fundraising Practice — The full text is available at fundraisingregulator.org.uk. Do not rely on summaries alone.

2. Review the Fundraising Regulator's table of changes — This document highlights every difference between the old and new Codes, making it easy to identify what has changed for your charity.

3. Audit your documentation practices — Can you demonstrate, with written evidence, how and why your charity makes fundraising decisions? If not, start documenting now.

4. Update your fundraiser welfare policies — Ensure you have clear processes for fundraisers to report harm, harassment, or concerns, and that these are communicated to all fundraising staff and volunteers.

5. Review your convenience giving and collection points — Check that every donation point displays the required information about benefitting charities, charity numbers, and processing fees.

6. Update your privacy notice — Ensure it reflects your current data processing activities, lawful bases, and data sharing arrangements.

7. Check your third-party contracts — Ensure contracts with professional fundraisers, commercial participators, and fundraising platforms include cooperation obligations with the Fundraising Regulator.

8. Brief your trustees — Schedule a board agenda item on the new Code and CC20. Ensure trustees understand their responsibilities and the charity's current compliance position.

9. Register with the Fundraising Regulator — If your charity is not yet registered, do so. Registration demonstrates your commitment to fundraising standards and gives donors confidence.

10. Create a compliance calendar — Map out key regulatory dates, review periods, and reporting deadlines for the year ahead. Proactive compliance is always less costly than reactive remediation.

Your Strategic Homework

Pick one item from the checklist above and complete it this week. Then schedule the remaining nine across the next quarter. Compliance is not a one-off project — it is an ongoing discipline. But it starts with a single step.

This article draws on the Code of Fundraising Practice (November 2025), Charity Commission guidance CC20 (February 2026), analysis from Bates Wells and Blake Morgan, and compliance data from the Fundraising Regulator. GAIGNetwork members have access to our Compliance Toolkit, including policy templates and trustee briefing packs. Apply for membership [blocked] or explore compliance support through Gaign Strategic.