monkeyman.agency
industry

Shopify and the June 19 EU Cancellation Button: A Subscription Compliance Setup Guide for 2026

The June 19 EU rule says any subscription a buyer started online must be cancellable in one click. Here is how we wire that into Shopify in 14 days.

May 25, 2026 10 min read

Linnea runs a Berlin-based skincare subscription brand on Shopify Plus. About 2.4 million euros ARR, 18,000 active subscribers across DE, AT, NL and FR. Last Thursday at 3 PM her DPO sent a one-line email with a screenshot of the German implementation guidance attached. The translation was clear enough: starting June 19, every subscription you sell into the EU needs a permanent cancellation button, and the cancel has to be just as easy to perform as the signup was. Her current cancel asked the buyer to log in, click through three menus, then email support. Six steps. She had 25 days to get to one.

That is the call we have been getting all week. So we wrote down what we are actually shipping on Shopify stores between now and June 19, and where the platform’s defaults will get you in trouble.

What the June 19 rule actually requires (and what regulators will be checking)

Article 11a of the EU Consumer Rights Directive, enforceable from June 19, 2026, says any contract a consumer concluded online has to be terminable through a “cancellation function” that is permanently visible, clearly labelled, and reachable from the website without the buyer having to log in to a maze of menus.

Three pieces matter for how you build it. The button has to be present on the same surface where the contract was entered into, which for most subscription stores means the storefront, not just inside an account portal. The label has to be unambiguous: “cancel contracts” is the example the directive itself uses, and several regulators have rejected vaguer wording like “manage subscription”. And the cancel has to take effect with a single confirmation step, not a retention dance.

Regulators will check three buckets: visibility (is the button on the relevant pages, is the label compliant), frictionlessness (does it work without login if the contract was concluded without login), and the audit log (can you produce evidence of every cancellation started and either completed or abandoned, with timestamps). That last one is the part most merchants forget. We will come back to it.

Why subscription checkouts on Shopify are the most exposed surface

Most stores selling into the EU already comply on one-time orders. Subscriptions are where it falls apart, and the reason is structural.

Shopify checkout does not natively render a customer-facing cancel route for active subscriptions. The contract is held inside whichever app you are using (Recharge, Skio, Stay AI, Bold, Loop or native Shopify Subscriptions), and the cancel UI is rendered by that app’s customer portal. Most of those portals were built for an American “click to cancel, talk to retention” pattern that takes three to five steps and assumes the buyer is logged in.

That is the gap. A buyer in Germany who took a subscription from your store on May 12 should be able to land on your homepage on June 25, hit a “cancel contracts” link in the footer, identify themselves (email plus order number is enough), and have it processed in a single confirmation. The default Shopify plus subscription-app stack gets to step three of that flow and stops.

The other half is your checkout. The directive does not require a cancel button on the checkout itself, but it does require clear cancellation information at the moment of sign-up. That goes in the checkout terms link and the order confirmation email. Where it bites is on Shop Pay, Apple Pay and Google Pay, where the buyer never sees your custom T&Cs page. Push the cancel-rights summary into the order confirmation flow for those cohorts.

The compliance pattern that works on Shopify

After eight client engagements in the last six weeks, the pattern we keep landing on has three parts. A storefront cancel route. A customer account cancel route. And a single endpoint behind both that talks to your subscription app and writes the audit log.

The storefront route is a public page at /pages/cancel-contracts (label it “Cancel contracts” in nav and footer, the directive’s exact wording). The page renders a short form: email, order number or subscription ID, optional reason, confirm. On submit it calls a server-side route (a Shopify Theme App Extension backed by a serverless function works) that authenticates via order lookup and calls the subscription app’s cancel API.

The customer account route is the same form inside the logged-in portal so authenticated subscribers do not have to retype anything. Critically: it uses the same backend endpoint as the public route. Two front doors, one cancel handler, one audit log. This is the part that gets botched most often, because most agency builds end up with two parallel cancel implementations and the audit data lives in two places.

The endpoint has to do three things on every cancel. Call the subscription app’s cancel API (Recharge /subscriptions/{id}/cancel, Skio subscriptionCancel, native Shopify subscriptionContractCancel). Write a record to your audit store. And trigger the confirmation email through the same transactional pipeline you use for orders, so the timestamp is consistent. Most stores can ship the whole thing in 10 to 12 days if dev starts the week of May 26.

Recharge, Skio and Stay AI: where each one already ships compliant, where they don’t

The three subscription apps we see most often have meaningfully different compliance gaps. Knowing which one you are on changes the dev plan.

Recharge ships a customer portal cancel reachable from a tokenized link in transactional emails, which is good. But the public storefront route does not exist, and the default flow runs the buyer through Recharge’s “retention offers” (pause, discount, switch) before the cancel button is exposed. The compliant approach: leave retention on inside the logged-in portal, ship a separate /pages/cancel-contracts route that skips retention entirely. The directive’s “as easy to cancel as to sign up” rule does not allow the retention dance on the compliant path.

Skio is the closest to compliant out of the box. Their portal cancel is one click after auth, no forced retention, and they expose a subscriptionCancel mutation that takes email plus subscription ID for storefront integration. Gap is the same as Recharge: no public storefront page, you have to build it.

Stay AI sits in between. Default portal has retention offers, but they expose a “frictionless cancel” mode in merchant settings that disables retention for any cancel originating from a specific page slug. Set the slug to /pages/cancel-contracts, build that page, and you are mostly there.

Native Shopify Subscriptions: what is missing in the default cancel flow

Shopify’s native Subscriptions API (the subscriptionContractCancel GraphQL mutation) is the cleanest of the four, but the customer-facing UI is the thinnest. The default flow puts the cancel inside the new customer accounts experience, two clicks deep from the account landing page. Fine for an authenticated buyer, does not solve the public storefront route at all. Shopify’s response when we asked the partner team in early May was, in essence, “ship a theme page that calls the mutation”. So that is what we are doing.

One subtle gotcha. The mutation requires a cancellationReason field with a fixed enum (CUSTOMER_INITIATED, INVENTORY_DECLINE, etc.). If you want the buyer’s free-text reason captured (and you should, for retention analytics), store it in a metafield on the subscription contract at the same time you call the mutation.

The other thing to know. Native Shopify Subscriptions does not currently send a cancellation confirmation email by default. Wire one yourself through Shopify Flow or your transactional tool (Klaviyo, Sendgrid). The confirmation email is one of the things regulators will check for.

The audit trail no one talks about

Here is the part most teams forget until the first regulator email lands. The directive requires you to demonstrate, on request, that your cancellation function is working. That means an auditable record of every cancel initiated through the public route, with enough detail to reconstruct the timeline.

What we write to the audit log on every cancel: subscriber email (hashed if you are paranoid), subscription ID, originating page (storefront vs customer account vs admin), timestamp at request, timestamp at confirmation, the confirmation email message ID, and a flag for whether retention offers were shown before the cancel completed (always false for storefront-initiated cancels). We also write a record on every abandoned cancel (buyer hit the form, did not confirm) because some regulators specifically asked for that data in early enforcement actions.

Where to store it. Postgres if you already have a backend, or Shopify customer metafields plus a daily export to CSV. Metafields are cheaper and work fine under 5,000 cancels a month. Keep the log for at least three years; the underlying contract records are subject to consumer-protection retention rules, and three years is the comfortable floor across DE, FR, NL and IT.

The 14-day pre-June 19 launch checklist we are running for every EU client

We have done this with eight stores in the last six weeks. The path that fits inside two weeks looks like this.

Days 1 and 2. Audit. Map every customer-facing cancel surface that exists today. Pull the subscription app of record. Sketch the future-state architecture (public route, account route, shared endpoint). Confirm which EU member states you ship into; DE and FR are the ones to verify first.

Days 3 to 7. Build. Ship the /pages/cancel-contracts theme page. Build the shared endpoint with a switch for Recharge, Skio, Stay AI or native Shopify. Wire the customer account route to the same endpoint. Disable retention on the storefront cancel path.

Days 8 to 10. Audit log and confirmation email. Stand up the audit store. Wire the confirmation email (Flow for native Shopify, Klaviyo for the others). Run end-to-end test orders for each variant and verify the log writes correctly.

Days 11 and 12. Copy and discovery. Update the checkout terms link with the cancellation-rights summary. Update the order confirmation email for Shop Pay and accelerated checkouts. Add “Cancel contracts” to the storefront footer and the customer account nav. Brief support so the inbound tickets do not surprise the team.

Days 13 and 14. Soft launch. Run live cancels with the support team’s test accounts. Pull the first audit log export and verify it is queryable. Document the architecture in a one-pager you can hand to your DPO. Ship it.

Linnea’s team shipped on May 20. Two cancels through the new public route in the first three days, both logged cleanly, both confirmed by email inside 90 seconds. The retention flow is still alive inside the account portal for buyers who want it, but the compliant path is genuinely one click and that is the bar.

What we keep telling clients

The temptation on this one is to wait. June 19 feels far away on May 25, the directive language is fiddly, the subscription app vendors will probably “ship a feature for it”, and meanwhile you have a quarter to land. We have heard that exact reasoning from three founders this week and we are pushing back every time. The enforcement risk is real (the early German guidance specifically flagged subscription stores as a priority audit target), and the cost of a regulator finding is not the fine, it is the 30 days of remediation work under their oversight.

The other thing we keep saying. This is not a one-week build. Two weeks of focused work, with one engineer and a designer pair, is the realistic floor on Recharge or Stay AI. Stores on native Shopify or Skio can compress to 10 days. Anything shorter and you are skipping the audit log, and the audit log is the part the regulator actually asks for.

Linnea’s team shipped on day 25. They had buffer. Most of the stores asking us this week have buffer too. Use it. Start the build the week of May 26. Hand the DPO a compliance one-pager on June 16. Sleep on June 18.

Questions we get every week

Does this rule apply to my Shopify store if I am based outside the EU but ship to EU buyers?

Yes. The directive applies to any B2C contract concluded with an EU consumer, regardless of where the merchant is incorporated. US-based brands shipping into Germany and France are the biggest cluster of stores we are doing this work for right now.

Can I keep the retention offers (pause, discount, switch product) inside the cancel flow?

Yes, but not on the public storefront cancel route. Retention can live inside the logged-in customer account portal, and that is fine. The storefront route at /pages/cancel-contracts has to be a one-step confirmation with no retention friction.

What happens if I just leave my customer account cancel as-is and skip the storefront page?

You are exposed. The directive requires the cancel function to be reachable from the surface where the contract was entered into, and most subscription sign-ups happen on the storefront, not from inside the customer account. A regulator audit that finds buyers had to log in to cancel a contract they took without logging in lands in the “not compliant” bucket.

Is there an off-the-shelf app that just does this?

Not yet. A couple of partial solutions exist (one Recharge integration, one early Skio plugin) and neither covers the audit log properly. Building in-house in 10 to 12 days is the right call. We expect a couple of decent apps to ship in Q3, but Q3 is too late for June 19.

Want help shipping the cancel button, the audit log and the confirmation email before June 19? Talk to us about a 14-day EU subscription compliance sprint and we will walk you through the architecture we are running on Recharge, Skio, Stay AI and native Shopify subscription stores.

Need help with this?

Send us your store. We'll send back an audit.

Send us your store URL. We'll send back a free audit within 48 hours.

Phone (optional)