Buy Now Pay Later was once the darling of checkout-page innovation — frictionless, interest-free, and largely invisible to regulators. That era is over. The global BNPL market is on track to reach $911.8 billion by 2030, growing at a 10.2% CAGR from a 2025 base already exceeding $560 billion. And now, three major jurisdictions — the United Kingdom, the European Union, and Australia — have moved simultaneously to reclassify BNPL as regulated consumer credit, with hard compliance deadlines converging between mid-2025 and late 2026.
The implications extend well beyond Klarna, Afterpay, and Affirm. Any enterprise offering instalment payments at checkout, any fintech embedding deferred credit in its stack, and any bank partnering with BNPL providers faces a compliance transformation that touches affordability checks, disclosure standards, credit bureau reporting, and customer support obligations. This article maps the regulatory landscape and translates it into concrete action.
Why regulators moved — and why now
BNPL grew from a niche convenience into a systemic consumer credit channel with almost no oversight. In the UK alone, deferred payment credit lending jumped from £0.06 billion in 2017 to over £13 billion by 2024. Globally, roughly 380 million users adopted the product by 2024, with the US expected to reach 96 million BNPL users in 2026 alone.
The problem regulators identified was not growth itself but structural asymmetry. Unlike regulated credit cards or personal loans, most BNPL products operated without mandatory affordability checks, credit bureau reporting, or formal complaints pathways. Consumers could stack multiple BNPL commitments across providers with no lender seeing the full picture. Late fees accumulated silently. Vulnerable users — particularly younger borrowers and lower-income shoppers — disproportionately carried the burden.
Three regulators concluded that BNPL had functionally become consumer credit and should be governed as such. Their frameworks differ in scope and timing, but share a common core: mandatory creditworthiness assessments, standardized disclosures, and access to formal dispute resolution.
The three regulatory frameworks in detail
1. UK FCA: The July 15, 2026 deadline
The Financial Conduct Authority’s Policy Statement PS26/1, published in early 2026, establishes the most precisely dated milestone in the global BNPL regulatory calendar. From 15 July 2026, all third-party BNPL lenders offering deferred payment credit (DPC) — defined as interest-free credit repayable in 12 or fewer instalments within 12 months — must hold FCA authorisation or operate within the Temporary Permissions Regime (TPR).
The TPR registration window opened on 15 May 2026 and closes two weeks before Regulation Day. Firms registered under TPR have six months post-implementation to submit a full authorisation application or face automatic removal.
The substantive obligations are significant. Lenders must conduct creditworthiness assessments for each individual transaction, including successive advances to existing customers. The FCA explicitly requires consideration of both credit risk and “affordability risk,” with documented policies approved at senior management level. Automated systems must incorporate vulnerability signals and financial difficulty indicators.
On disclosure, the FCA mandates that “key product information” — interest rates, credit amounts, repayment terms, complaint rights — must be immediately visible without requiring the consumer to click through. Post-agreement, firms must deliver copies in a durable medium. When repayments are missed, firms must communicate promptly with tailored information about consequences and available support.
Consumers gain two new rights: access to the Financial Ombudsman Service for complaint escalation, and protections equivalent to those already in place for regulated credit. Notably, merchants offering their own direct DPC (in-house buy-now-pay-later without a third-party lender) remain outside the regulatory perimeter — a distinction that matters for large retailers considering bringing BNPL in-house.
2. EU Consumer Credit Directive II: November 20, 2026
The EU’s revised Consumer Credit Directive (CCD II) extends the regulatory perimeter even further. Where the original CCD excluded credit below €200 and interest-free products, CCD II explicitly captures both — meaning BNPL and instalment-at-checkout products that were previously exempt now fall squarely within scope.
The directive’s full application date is 20 November 2026. Member States were required to transpose it into national law by November 2025, meaning national implementing legislation is already live in most EU countries, with the full compliance regime activating at year-end.
CCD II requires BNPL providers operating in the EU to conduct adequate creditworthiness assessments before each credit decision, even for small, short-term, interest-free transactions. Providers must use reliable data sources — including credit reference agencies — and cannot rely solely on consumer self-declaration.
Consumers receive standardized information via a European Standardised Information Sheet (ESIS), a right of withdrawal within 14 days of agreement, and explicit protections against aggressive marketing. Retailers embedding third-party BNPL at checkout must ensure their BNPL partners carry the full compliance burden — or face secondary liability.
The practical effect for cross-border e-commerce platforms is significant: a single BNPL checkout option must now satisfy multiple national transpositions of CCD II, each with potentially different disclosure templates and assessment thresholds.
3. Australia: The June 2025 licensing requirement
Australia moved earliest. From 10 June 2025, the Treasury Laws Amendment (Responsible Buy Now Pay Later and Other Measures) Act 2024 amended the National Consumer Credit Protection Act to bring BNPL under full credit regulation, creating a new product category: Low-Cost Credit Contracts (LCCCs).
All BNPL providers in Australia now require an Australian Credit Licence (ACL) and must be members of the Australian Financial Complaints Authority (AFCA). Responsible lending obligations apply — providers must assess whether credit is “not unsuitable” for each consumer based on their objectives, financial situation, and needs.
The Australian Securities and Investments Commission (ASIC) published Regulatory Guide 281 in May 2025 to provide implementation guidance, with the industry code of practice migrating to the broader AFIA Finance Industry Code of Practice through early 2026.
Australia’s framework is notable for the speed of its implementation: less than 18 months from legislation to full effect, with minimal transition grace periods for larger established providers.
Advertisement
What enterprise finance teams should do
The simultaneity of these three frameworks creates a narrow window for action. Enterprises with any BNPL exposure — whether as providers, white-label partners, or e-commerce merchants embedding third-party solutions — cannot treat these as sequential compliance projects.
1. Map your BNPL exposure and jurisdiction coverage immediately
Before designing compliance controls, audit every BNPL or instalment payment touchpoint in your product and partnership stack. Identify which jurisdictions each product serves, whether you operate as the lender (triggering FCA/CCD II authorisation requirements) or as a merchant embedding a third-party solution (triggering due diligence obligations), and which legacy agreements were signed before the regulatory cutoffs.
Enterprise legal and compliance teams should produce a jurisdiction-by-jurisdiction exposure matrix covering the UK, all EU Member States where you process transactions, and Australia. This matrix becomes the input to your authorisation roadmap and your vendor management review.
2. Retrofit affordability infrastructure into checkout flows
The most operationally complex requirement across all three frameworks is the per-transaction creditworthiness assessment. For high-volume checkout environments — where BNPL decisions are made in under two seconds — embedding a real affordability signal without creating checkout friction is a genuine engineering challenge.
Best-practice implementations are using open banking data (with consumer consent) to supplement credit bureau queries, deploying thin-file models for consumers without extensive credit histories, and building decision-logging infrastructure that satisfies the FCA’s senior-management-documented-policy requirement. AI-based underwriting systems are explicitly endorsed by the FCA, provided they can demonstrate responsible lending outcomes and are not opaque black boxes.
Start by reviewing your current checkout API integration with your BNPL partner. If the partner is handling affordability on their side, obtain written confirmation of their compliance posture for each jurisdiction. If you are a lender, your technology timeline to Regulation Day is shorter than it may appear.
3. Upgrade disclosure design and consumer support pathways
All three frameworks impose disclosure requirements that go beyond adding a disclaimer. The FCA requires that key product information be visible without a click — meaning redesigning checkout UI elements where BNPL is presented. CCD II requires the standardized European information sheet to be pre-contractually accessible in each EU country’s official language.
Post-sale, firms must build financial difficulty escalation pathways: proactive outreach when repayments are missed, tailored messaging (not generic dunning letters), and referral paths to financial guidance services. This requires coordination between product, customer service, and compliance teams that often do not currently share ownership of BNPL-related consumer journeys.
Map the full consumer lifecycle — from checkout to final repayment or missed payment event — and identify every disclosure gap and support pathway shortfall. Remediation should be treated as a product sprint, not a legal amendment.
What changes for BNPL providers specifically
For pure-play BNPL lenders operating across multiple markets, these three frameworks create a convergent compliance architecture that, while burdensome in the short term, is likely to consolidate into competitive advantage for well-capitalized, compliant players.
Klarna’s UK IPO ambitions, Affirm’s international expansion, and Afterpay’s European strategy all now carry regulatory compliance as a core go-to-market condition. Smaller BNPL providers that cannot absorb the authorisation costs and technology investment required by the FCA, CCD II, and ASIC frameworks will face existential pressure to sell, white-label, or exit.
The US remains the largest BNPL market without a unified federal framework. The Consumer Financial Protection Bureau deprioritized BNPL enforcement in 2025, leaving a state-by-state patchwork. Providers building compliance infrastructure for the UK and EU should design it as a modular system: the affordability assessment engine, disclosure framework, and complaints pathway built for FCA compliance can be adapted for any future US federal standard with relatively low incremental cost.
The road ahead: global harmonization or regulatory fragmentation?
The three frameworks share a common philosophy — BNPL is credit, and credit carries obligations — but differ enough in scope, timing, and threshold definitions to create meaningful compliance complexity for global operators.
The most likely medium-term trajectory is soft harmonization: G20 financial stability bodies and IOSCO are monitoring BNPL developments, and the CCD II framework is already being referenced by non-EU regulators as a model. Enterprises investing in CCD II compliance infrastructure are likely building against the most comprehensive global standard available, which reduces the marginal cost of adapting to future frameworks in other markets.
The $912 billion market projection for 2030 will only be reached if consumer trust is maintained and credit performance remains manageable. Regulation, counterintuitively, may accelerate BNPL’s long-term growth by legitimizing it as a financial product — expanding its addressable market into consumer segments that previously avoided it due to opacity concerns.
Frequently Asked Questions
What exactly does the UK FCA BNPL regulation require from July 2026?
From 15 July 2026, all third-party BNPL lenders in the UK must hold FCA authorisation or operate within the Temporary Permissions Regime. They must conduct per-transaction creditworthiness assessments, present key product information without requiring consumers to click through, provide post-agreement documentation in a durable medium, and offer Financial Ombudsman Service access for complaint escalation. Merchants offering direct BNPL without a third-party lender are currently excluded from the perimeter.
Does EU CCD II apply to all BNPL products, including free instalment plans?
Yes. CCD II explicitly removes the previous exemptions for credit below €200 and for interest-free products. This means zero-interest instalment plans at checkout — the core BNPL model — now fall within scope. Providers must conduct creditworthiness assessments, provide the European Standardised Information Sheet, and offer consumers a 14-day right of withdrawal, regardless of the loan amount or interest rate.
How should a non-EU, non-UK enterprise approach BNPL compliance if they operate globally?
Build modular compliance infrastructure rather than jurisdiction-specific silos. The FCA and CCD II frameworks share a common architecture: per-transaction affordability assessment, standardized disclosure, and formal complaints pathways. Designing these as configurable modules — with jurisdiction-specific parameter sets for thresholds, disclosure templates, and language requirements — reduces the marginal cost of extending compliance to new markets. Australia’s LCCC framework and any future US federal standard can then be accommodated by adjusting parameters rather than rebuilding from scratch.
Sources & Further Reading
🔗 Related Intelligence
UK BNPL Regulation: FCA Brings £13B Market Under Full Oversight from July 2026
BNPL Regulation: Buy Now Pay Later Faces Its Global Reckoning
Embedded Finance B2B: Open Banking Deadline Passes — 54% of Platforms Report Revenue Gains
