Skip to main content
Back to Blog

UK CMA Review Compliance: An Ecommerce Guide

25 February 2026·PageDiag·7 min read

Since the Digital Markets, Competition and Consumers Act 2024 came into force, the Competition and Markets Authority (CMA) has direct powers to fine businesses that use fake or misleading reviews. We're not talking about a slap on the wrist - fines can reach up to 10% of global annual turnover.

If you sell online in the UK and display customer reviews, you need to understand these rules. Many stores are unknowingly breaking them.

What Changed: The DMCC Act 2024

Before the DMCC Act, the CMA had to go through the courts to enforce action against fake reviews. That process was slow, expensive, and rarely used. Now, the CMA can impose fines directly - no court order needed.

The Act makes it explicitly illegal to:

  • Commission or incentivise fake reviews - paying for reviews, offering free products in exchange for positive reviews, or using review farms
  • Host fake reviews without reasonable steps to prevent them - if your site displays third-party reviews, you must take steps to detect and remove fakes
  • Suppress negative reviews - selectively publishing only positive reviews (known as "review gating")
  • Publish misleading review information - displaying a star rating that doesn't accurately reflect the reviews you've received

These aren't vague guidelines. They're specific legal obligations with teeth.

Common Violations (Many Stores Do These)

Based on our analysis of UK ecommerce stores scanned through PageDiag, these are the most frequent compliance issues we find.

1. Review Gating

Review gating is when you ask customers for feedback, and then only invite those who respond positively to leave a public review. The negative responders get directed to a private feedback form instead.

This is explicitly banned under the DMCC Act. It creates a misleadingly positive review profile that doesn't reflect genuine customer experience.

How it typically works:

  1. Post-purchase email asks: "How was your experience?" with a 1-5 star rating
  2. Customers who click 4-5 stars get sent to your review platform
  3. Customers who click 1-3 stars get sent to a customer service form

If you're doing this - stop immediately. Your review invitation process must direct all customers to the same public review platform, regardless of their initial sentiment.

2. Selective Review Display

Some stores use review apps that let you "approve" reviews before they're published. In practice, negative reviews sit in the moderation queue indefinitely while positive reviews get approved instantly.

The result: your product shows 4.8 stars with 200 reviews, but there are 50 suppressed 1-2 star reviews hidden in the backend.

What the law says: You can moderate reviews for spam, irrelevant content, or abusive language. You cannot suppress reviews simply because they're negative.

3. Incentivised Reviews Without Disclosure

Offering a discount code, free product, or competition entry in exchange for a review isn't automatically illegal - but the review must clearly disclose the incentive. A review that says "Great product, five stars!" without mentioning it was written in exchange for a 20% discount is misleading.

Best practice: If you incentivise reviews, ensure your review platform automatically labels them as "Incentivised review" or similar. Many platforms (Trustpilot, Judge.me) support this. If yours doesn't, you're at risk.

4. Fake Review Detection Gaps

If your site displays reviews, you have a responsibility to take "reasonable steps" to identify and remove fake reviews. This applies whether you collect reviews directly or import them from third parties.

What counts as "reasonable steps"?

  • Verifying that reviewers actually purchased the product
  • Monitoring for patterns (multiple reviews from the same IP, suspiciously similar language)
  • Having a process for customers to report fake reviews
  • Periodically auditing reviews for authenticity

If you're importing reviews from AliExpress or another marketplace and displaying them as your own customer reviews, that's a clear violation.

5. Misleading Aggregate Ratings

Your product shows "4.5 stars" in Google search results via structured data. But that rating is based on cherry-picked reviews, excludes returns and complaints, or is calculated across all products rather than per-product.

Aggregate ratings in your schema markup must accurately represent the reviews for that specific product. Inflating ratings - whether by excluding negative reviews, combining ratings across products, or using a non-standard calculation - is misleading and non-compliant.

Real Enforcement: It's Happening

The CMA isn't just creating rules and hoping for compliance. They're actively investigating.

In 2024, the CMA concluded investigations into several major platforms over fake review practices. Amazon and Google both made commitments to improve fake review detection. The CMA has signalled that smaller businesses aren't exempt - they've published guidance specifically for SMEs.

Under the DMCC Act, the CMA can:

  • Fine businesses up to 10% of global turnover for the most serious breaches
  • Issue compliance orders requiring specific changes
  • Accept undertakings - binding commitments from businesses to change practices
  • Name and publicise offenders - reputational damage on top of fines

The £10K-per-month Shopify store probably won't get a headline fine, but a compliance order requiring you to overhaul your review practices - and the legal costs involved - can be devastating for a small business.

How to Check Your Compliance

Manual Audit Checklist

Run through these questions honestly:

Review collection:

  • [ ] Do all customers get the same invitation to review, regardless of satisfaction?
  • [ ] Is there any filtering or gating between the feedback request and the public review?
  • [ ] If you incentivise reviews, are they clearly labelled?

Review display:

  • [ ] Are all genuine reviews published, including negative ones?
  • [ ] Is there a moderation queue? If so, what criteria are used?
  • [ ] How long do reviews sit in moderation before publication?
  • [ ] Are imported reviews clearly identified as such?

Aggregate ratings:

  • [ ] Does your displayed star rating accurately reflect all reviews?
  • [ ] Is your schema markup aggregateRating consistent with what's on the page?
  • [ ] Are ratings calculated per-product (not sitewide)?

Fake review prevention:

  • [ ] Do you verify that reviewers are genuine purchasers?
  • [ ] Is there a process for reporting suspicious reviews?
  • [ ] When did you last audit your reviews for fakes?

Automated Check with PageDiag

PageDiag includes a review compliance checker that analyses your store's review practices. It checks:

  • Whether your structured data ratings match your displayed ratings
  • If your review markup follows Schema.org best practices
  • Whether review counts and ratings are consistent across pages
  • Schema completeness for AggregateRating and Review types
  • Presence of review source attribution

It won't catch every compliance issue (some require manual assessment of your internal processes), but it identifies the technical and structural problems that are most visible - and most likely to attract regulatory attention.

What to Do If You're Non-Compliant

Step 1: Stop the Bleeding

If you're actively gating reviews, stop immediately. Reconfigure your review collection flow to send all customers to the same review platform.

If you have suppressed reviews in a moderation queue, publish them (assuming they're genuine and not spam/abusive).

Step 2: Audit Your Review App

Check your review platform's settings. Many apps have features that technically enable non-compliant behaviour:

  • Auto-publish threshold - only auto-publishing 4-5 star reviews while holding lower ones for moderation
  • Review request triggers - only sending review requests to customers who haven't opened a support ticket
  • Import tools - pulling reviews from external sources without attribution

Disable any feature that selectively filters based on sentiment.

Step 3: Fix Your Structured Data

Ensure your aggregateRating in schema markup accurately reflects your reviews:

{
  "@type": "AggregateRating",
  "ratingValue": "4.2",
  "reviewCount": "347",
  "bestRating": "5",
  "worstRating": "1"
}

The ratingValue must be the genuine average of all reviews. The reviewCount must include all published reviews, not just positive ones.

Step 4: Document Your Processes

The CMA's "reasonable steps" test means you need to demonstrate what you're doing to maintain review integrity. Document your:

  • Review moderation criteria
  • Fake review detection methods
  • Process for handling review complaints
  • Staff training on review compliance

If the CMA comes knocking, having documented processes is your best defence.

Compliance Isn't Just Legal Protection

Beyond avoiding fines, genuine reviews build trust. Stores with a mix of positive and negative reviews (3.5-4.5 star average) actually convert better than stores with suspiciously perfect 5-star ratings. Consumers are savvy - they know that no product satisfies everyone.

Negative reviews also provide valuable product feedback and, when responded to well, demonstrate customer service quality. A store that responds thoughtfully to a 2-star review builds more trust than one with 500 identical 5-star reviews.

Check Your Store for Free

Run your store through PageDiag to get an instant review compliance check alongside your performance and SEO analysis. The scan identifies technical compliance issues in your review markup and structured data - the first layer of ensuring your store meets CMA requirements.

Review compliance isn't optional in the UK anymore. It's the law. Better to fix issues now than to fix them after a CMA letter lands in your inbox.

Related Reading