The German transposition act for Directive (EU) 2023/2673, having come into effect on February 5, 2026, brings new obligations for financial service providers: from June 19, 2026 onwards, online user interfaces must be adapted, new information and withdrawal processes implemented, and internal workflows aligned with the amended statutory requirements. This briefing provides a concise overview of the measures providers need to take in order to avoid risks, while also examining the extent to which the reform may bring relief to the sector.
The new obligations apply in principle to all distance contracts concluded with consumers via online interfaces – such as websites or apps. They therefore also potentially apply to banks, crypto-asset service providers, investment firms, and payment and financial services providers in their online business (subject to certain exemptions, see below). The "button solution" is structurally designed for all digital distance selling; financial service providers such as credit, insurance, investment products or crypto-assets face additional, more stringent requirements. The key hurdle lies in the correct legal classification of the respective offering and the underlying contracts – a task that can prove particularly complex for modern, technology-driven financial products.
From 19 June 2026 onwards, contracts concluded via an "online interface" (for example a website or an app) must be capable of being withdrawn from by means of a "withdrawal button". This requires the implementation of a multi-stage process: an initial, clearly labelled button ("withdraw from contract here") must be followed immediately by a confirmation page on which users can review their details before completing the withdrawal via a final button ("confirm withdrawal"). This function must be continuously available, prominently displayed and easily accessible throughout the entire withdrawal period; hiding it in nested menus will not suffice in this context.
Where the pre-contractual information is provided less than 24 hours before the time at which the consumer will be bound by the contract, the trader must separately remind the consumer of the right of withdrawal and the corresponding procedure between one and seven days after conclusion of the contract. For financial service providers this will foreseeably always be the case.
The procedural changes are complemented by the introduction of a pre-contractual duty to provide adequate explanations. Where online tools are used, the consumer is further entitled to human intervention for the purpose of explaining the contract. In addition, the information requirements are being amended: in particular, traders must now also inform consumers about the existence and placement of the new withdrawal function, supplemented by further new mandatory information items relating, for example, to personalised prices on the basis of automated decision-making and to environmental or social factors integrated into the investment strategy. Existing consumer information must therefore be updated as a matter of necessity.
Manipulative designs, so-called "dark patterns", which aim to impair the user's freedom of choice through visual influence or artificially burdensome processes, are now expressly prohibited. This concerns in particular giving more prominence to certain choices or disruptive pop-ups that question a decision already made. Anyone who attempts to prevent withdrawal or to one-sidedly emphasise certain options through design tricks now risks substantial sanctions.
Alongside the new obligations, the reform also brings a notable relief: the abolition of the so-called "perpetual right of withdrawal". To date, defective or incomplete provision of the mandatory consumer information in financial services contracts meant that the withdrawal period never began to run – and thus effectively remained open indefinitely. The absolute long-stop period of twelve months and 14 days applicable to other distance contracts was expressly inapplicable to financial services, with the result that providers were permanently exposed to the risk of having to unwind contracts even years after conclusion. The new rules close this gap: the maximum period now applies to financial services as well. This creates legal certainty and ends an era in which formal defects in consumer information gave rise to open-ended liability risks. However, in cases of information deficiencies, two practically relevant exceptions remain: where the withdrawal instructions are missing entirely or are substantively incomplete, the long-stop period does not apply and the right of withdrawal continues to run without limitation in such cases. At the same time, the model withdrawal notice (previously set out in Annex 3 to Article 246b Introductory Act to the German Civil Code (EGBGB)) will be abolished without replacement. As a result, financial service providers will be required to draft their own withdrawal notices and ensure their accuracy and completeness.
Implementing the new requirements presents companies with new design challenges.
For ongoing contractual relationships that are both terminable and subject to withdrawal, two separate button solutions are now required. Financial service providers face the challenge of integrating both exit options in a way that preserves procedural symmetry with the conclusion of the contract, without overloading the interface or manipulatively emphasising one of the options.
Particularly where financial services are offered on platforms, the contractual landscape is often complex. In addition to a framework user contract, supplementary agreements and individual contracts on specific trades or investments are concluded. Here, precise design based on a thorough legal analysis is decisive:
For which contracts does a right of withdrawal exist at all? For which is it excluded (and under what conditions, e.g. Section 312g(2) no. 8 of the German Civil Code (BGB))? Consumer information and button solutions must transparently show which contracts can in fact be withdrawn from and which cannot.
For supplementary agreements on individual services (e.g. staking as an add-on to crypto trading), consumers must be able to select straightforwardly whether the entire contract or only specific ancillary services are to be withdrawn from.
Where the platform operator and the contracting party for the relevant financial service are not the same person, the relevant contracting party remains responsible for providing the withdrawal function. The withdrawal function must nevertheless also be directly accessible to the consumer on the platform itself. In practice, this requires the technical interlinking of both systems, for example via direct deeplinks to the withdrawal function. This also compels non-regulated platform operators to provide for corresponding design solutions and contractual assurances.
In addition to the design aspects outlined above, providers must also have a regard to the following:
For certain services (such as trading in crypto-assets), there continues to be uncertainty as to whether they constitute "financial services" and whether the right of withdrawal is already excluded under Section 312g(2) no. 8 BGB. Companies must conduct a risk assessment and, where appropriate, fall back on alternative options for extinguishing rights of withdrawal.
The withdrawal regime does not apply to gratuitous contracts – such as framework contracts for the use of platforms. Classifying a contract as gratuitous can, however, be difficult in individual cases.
Where the framework contract and individual contracts (e.g. on individual trades) are concluded at different points in time, consumer information and withdrawal instructions may need to be provided at different times.
Financial service providers that subject their contracts to the law of another EU Member State but actively target their services at German customers must also comply with German consumer protection requirements where the directive has been transposed differently.
Following an effective withdrawal, the services received must in principle be returned. Where providers depend on customer cooperation in this regard – for example for transfers of crypto-assets – they should set clear specifications and deadlines. Where compensation is to be claimed for services already rendered, customers must be informed of this prior to the conclusion of the contract and their express consent to the immediate commencement of performance must be obtained, Section 357b(2) sentence 1 BGB.
The timely adaptation of digital processes is of major importance for companies. Breaches of the button-solution requirements or of the new duty to explain can give rise not only to cease-and-desist warnings under unfair competition law but also to administrative fines imposed by the authorities. Not least, in certain constellations withdrawal rights may continue to run indefinitely. To pre-empt these risks, companies should act promptly:
Legal classification of the contractual situation: Providers should assess to which of their contracts the withdrawal regime applies and which exceptions, if any, exist.
Implementation of the button solution: Online user interfaces must be technically supplemented by the two-stage withdrawal function.
Updating of withdrawal instructions: Withdrawal instructions and consumer information must be updated, in particular to refer to the new electronic withdrawal option.
Introduction of new explanations and reminders: Processes for the required "human intervention" and the reminder about the right of withdrawal must be implemented.
Dark-pattern review: When designing user interfaces, providers must ensure that there are no visual or procedural hurdles that could be regarded as impermissible manipulative practices.
For providers of digital financial services, the reform entails concrete obligations: withdrawal functions must be technically implemented, consumer information must be updated, and business processes must be aligned with the new requirements. The legally robust classification of complex products – in particular in the area of crypto-assets – proves to be a demanding exercise in practice. On the other hand, the abolition of the perpetual right of withdrawal creates genuine legal certainty for providers of financial services for the first time. Given the multitude of implementation questions and the sanctions threatened in the event of breaches, early legal support is advisable. YPOG would be pleased to assist with the legally robust design of digital business processes and with the integration of the new requirements into existing infrastructure.