UK Analytics Exemption Is Now Live: Our PECR Self-Assessment
February 5, 2026 was a significant date for UK website operators. The Data Use and Access Act 2025 came into effect, and with it, a new analytics exemption under PECR (Privacy and Electronic Communications Regulations).
Previously, UK law required consent for virtually all cookies, with narrow exceptions for strictly necessary functionality. Analytics did not qualify. That meant every UK website needed a consent banner to run analytics — and every rejection meant lost data.
What the DUAA 2025 changes
The new exemption allows analytics without consent, provided four conditions are met:
1. Sole purpose is generating aggregate statistics
2. Users receive clear information about the analytics
3. A simple, free opt-out mechanism exists
4. Data is not used for advertising purposes
This aligns the UK approach with the French CNIL guidelines and the proposed EU-level regulations under the Digital Omnibus.
Our self-assessment
Rather than simply claiming compliance, we published a comprehensive self-assessment covering how SealMetrics addresses each requirement:
— Architecture ensuring aggregate-only output
— Privacy policy language templates for website operators
— User opt-out mechanisms
— Why advertising use is architecturally impossible
The penalties for getting this wrong are significant: up to £17.5 million or 4% of worldwide turnover.
What UK website operators should do
If you use SealMetrics with the standard configuration, you can operate without consent requests for analytics. Four practical steps:
1. Operate without consent for analytics (standard configuration)
2. Update your privacy policy to mention SealMetrics
3. Enable user blocking via browser settings or opt-out links
4. Do not combine SealMetrics data with advertising data
Cookie banners remain necessary if you use other tools that require consent (GA4, advertising pixels, etc.). But for analytics alone, the exemption is clear. Learn more about how cookieless analytics works.