EU cookie law coming to UK on 25 May
Websites will have to give users a choice when it comes to cookies from the end of May, as the UK Government gives the plans the go-ahead.


New European Union (EU) rules ensuring websites give visitors a choice around cookies will come into force in the UK from 25 May.
The Government held its own review into the EU Electronic Communications Framework, which will see websites having to ask permission before recording surfer's activities online, as well as making sure targeted advertising is clearly pointed out as such.
It decided to implement the regulations in the exact way the EU outlined them, rather than adding anything extra, in an attempt to allow companies in the UK to "compete equally with the rest of Europe."
"The changes to the EU Electronic Communications Framework bring our regulatory framework up to date," said Ed Vaizey, the Government's communications minister.
"They will help ensure there is a level playing field across Europe."
However, the Government will be working with browser companies to ensure business websites aren't damaged by the new rules. It has also asked the Information Commissioner's Officer (ICO) to set out extra guidance for the targeted advertising rules, to give businesses other options.
"We recognise that work on the technical solutions for cookie use will not be complete by the implementation deadline. It will take time for meaningful solutions to be developed, evaluated and rolled out," added Vaizey.
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"Therefore we do not expect the ICO to take enforcement action in the short term against businesses and organisations as they work out how to address their use of cookies."
This will be set out in front of Parliament in the near future to ensure the Government achieves the 25 May implementation goal made by the EU.
The ICO had already warned businesses to be prepared for the "challenge" the regulations would bring.
"Businesses and organisations running websites in the UK must wake up to the fact that this is happening," said Information Commissioner Christopher Graham.
Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.
Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.
-
Using DeepSeek at work is like ‘printing out and handing over your confidential information’
News Thinking of using DeepSeek at work? Think again. Cybersecurity experts have warned you're putting your enterprise at huge risk.
-
Can cyber group takedowns last?
ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
The second enforcement deadline for the EU AI Act is approaching – here’s what businesses need to know about the General-Purpose AI Code of Practice
News General-purpose AI model providers will face heightened scrutiny
-
Meta isn’t playing ball with the EU on the AI Act
News Europe is 'heading down the wrong path on AI', according to Meta, with the company accusing the EU of overreach
-
‘Confusing for developers and bad for users’: Apple launches appeal over ‘unprecedented’ EU fine
News Apple is pushing back against new app store rules imposed by the European Commission, suggesting a €500m fine is a step too far.
-
Apple, Meta hit back at EU after landmark DMA fines
News The European Commission has issued its first penalties under the EU Digital Markets Act (DMA), fining Apple €500 million and Meta €200m.
-
‘Europe could do it, but it's chosen not to do it’: Eric Schmidt thinks EU regulation will stifle AI innovation – but Britain has a huge opportunity
News Former Google CEO Eric Schmidt believes EU AI regulation is hampering innovation in the region and placing enterprises at a disadvantage.
-
The EU just shelved its AI liability directive
News The European Commission has scrapped plans to introduce the AI Liability Directive aimed at protecting consumers from harmful AI systems.
-
A big enforcement deadline for the EU AI Act just passed – here's what you need to know
News The first set of compliance deadlines for the EU AI Act passed on the 2nd of February, and enterprises are urged to ramp up preparations for future deadlines.
-
EU agrees amendments to Cyber Solidarity Act in bid to create ‘cyber shield’ for member states
News The EU’s Cyber Solidarity Act will provide new mechanisms for authorities to bolster union-wide security practices