Affiliate disclosure in 2026: the legal exposure most link-in-bio tools ignore
Affiliate disclosure looks like a formality — a line of small print at the bottom of a page. It isn’t. It’s a legal obligation enforced on three continents, the single most common compliance failure in the creator economy, and a liability your link-in-bio tool almost certainly leaves entirely to you. This is a deep dive into what the rules actually require, what you’re exposed to when they’re missed, how badly the industry does it — and the specific way Passive Loop builds compliance in so you can’t accidentally get it wrong.
Not legal advice. This is an engineering-and-research-led summary, written to be accurate and current, not to substitute for counsel. Penalty ceilings cited are statutory maximums, not typical outcomes. For anything high-stakes, consult a qualified professional in your jurisdiction.
What the rules actually require (the technical specifics)
Every regime — US, UK, EU — converges on the same principle: a reader must know you may be paid before they act on your recommendation. The detail is in what “clear and conspicuous” technically means.
In the US, the FTC’s Endorsement Guides (16 CFR Part 255), revised in 2023, define a compliant disclosure as one that is “difficult to miss (i.e., easily noticeable) and easily understandable by ordinary consumers.” In practice that means:
- Unavoidable and up front — near the recommendation and before the link, not in a footer, not behind a “more” link, not below the fold.
- Plain language — “I earn a commission if you buy through this link.” The FTC has said ambiguous tags like
#sp,#ambassador, or a bare#affare not sufficient on their own. - Same medium as the claim — a visual recommendation needs a visual disclosure; spoken needs spoken; a short needs it on-screen. A disclosure in the medium the audience won’t see doesn’t count.
- Per-recommendation, not just site-wide — a single disclosure page is necessary but not sufficient. The per-page, above-the-content disclosure is the one regulators actually care about.
The UK’s Advertising Standards Authority treats any content containing affiliate links as advertising that must be obviously identifiable — labelled Ad, prominently, before engagement. The ASA has specifically warned that “Aff” on its own is inadequate because ordinary consumers don’t recognise it as denoting an ad. The EU reaches the same result through the Unfair Commercial Practices Directive: any content with a commercial purpose — presumed whenever the creator receives any consideration — must be identified as such.
The exposure publishers actually carry
Here’s the part the small print hides. Missing or deceptive disclosure exposes you to a stack of consequences, not one:
- Civil penalties. In the US, FTC violations carry penalties indexed to inflation annually — $53,088 per violation as of the 2025 adjustment (FTC). The FTC’s 2024 Rule on Consumer Reviews and Testimonials (effective 21 October 2024) made many deceptive-endorsement practices a binding rule — so violations can trigger those penalties directly, including for AI-generated reviews and testimonials.
- Direct regulator fines abroad. Since 6 April 2025, the UK’s CMA can find a consumer-law breach and fine directly — up to 10% of global annual turnover — under the Digital Markets, Competition and Consumers Act 2024 (Cooley). The EU’s Omnibus Directive allows fines up to 4% of turnover (or €2m) for cross-border infringements.
- Losing your income overnight. This is the consequence most likely to hit an individual creator. The Amazon Associates Operating Agreement contractually requires the disclosure “As an Amazon Associate I earn from qualifying purchases” — non-compliance is grounds for termination and withheld commissions. Most networks reserve the same right.
- Platform de-ranking and removal. Under the EU’s Digital Services Act (in force since February 2024) and platform ad policies, undisclosed commercial content can be down-ranked or pulled.
- Joint and secondary liability. Disclosure isn’t only the creator’s problem. The 2023 FTC Guides extended exposure to platforms and intermediaries, and 2024 ASA rulings on affiliate links (via Shop LTK, rStyle.me and Amazon Storefronts) held the brand and the influencer jointly responsible — even where the brand had no editorial control or knowledge of the arrangement.
An honest read of enforcement history: large monetary penalties have mostly landed on brands and tool-makers, not solo creators. But the consequences that reliably reach creators — account termination, clawed-back commissions, de-ranking, and lost audience trust — are exactly the ones that end an affiliate business.
What’s changed lately (2025–2026)
- The FTC’s fake-review rule is live and explicitly covers AI-generated endorsements — a meaningful expansion of what “deceptive” means.
- A lighter touch on AI tools. In December 2025 the FTC reopened and set aside its Rytr order (an AI review-generator case), signalling reduced appetite to hold AI tooling liable. Note the nuance: this softens liability for the tools, not the underlying duty to disclose your own material connections.
- The UK’s CMA got teeth. Direct fining powers (no court needed) have been live since April 2025 — a structural change in enforcement risk for anyone targeting UK audiences.
- The EU is tightening, not loosening. A Digital Fairness Act aimed partly at influencer marketing is in development (pending, not yet law).
How badly the industry does this
The gap between the rules and reality is enormous — which is precisely why it’s a risk and an opportunity:
- A large 2026 analysis of around two million YouTube videos found that fewer than half carried any disclosure, and only about 12% met the FTC’s standard — roughly one compliant disclosure in eight (study).
- The ASA’s own 2024 monitoring found roughly a third of UK influencer posts didn’t disclose they were ads at all.
- A 2024 EU sweep of 576 influencers found only ~20% systematically disclosed their commercial content (European Commission).
And here’s the structural problem: the tools creators use don’t help. Mainstream link-in-bio products — Linktree, Stan, Beacons — leave disclosure entirely to the user. There’s no built-in, correctly-placed, plain-language disclosure; you’re expected to remember it, word it right, and put it in the right place on every page, forever. Most people don’t, and the numbers above are the result.
The cases that actually matter
Compliant disclosure isn’t one rule — it’s a set of cases that have to be handled correctly and automatically, because manual diligence is exactly what fails at scale:
- An affiliate link → must carry a clear, plain-language disclosure, placed before the link, plus a per-link label. ✅
- A creator’s own product or store → this is not an affiliate relationship, so labelling it “affiliate” is both unnecessary and inaccurate. It should carry no affiliate disclosure. ✅
- A mixed page (some affiliate offers, some own products, some plain links) → the disclosure must appear because affiliate links are present, but only the affiliate links should be labelled. ✅
- A page with no affiliate links at all → no affiliate disclosure should appear, because claiming one would itself be misleading. ✅
Getting these right by hand, on every store, every edit, is unrealistic. Getting them wrong in either direction — under-disclosing an affiliate link, or mislabelling your own product — is a problem. So we made it the platform’s job, not the creator’s.
How Passive Loop is different
Passive Loop builds compliant disclosure into every store by default, and treats it as part of the product rather than the creator’s paperwork:
- A prominent, plain-language disclosure renders above the links — clear, conspicuous, and before the first click — on every published store and in the builder preview, so what you see is what your audience sees.
- Each affiliate link is labelled with a visible
Adtag, in line with ASA/FTC guidance to identify individual links. - It’s per-item aware. Mark a link as your own product and it gets no affiliate label and isn’t counted toward the disclosure — so we never assert a connection that doesn’t exist. A store of purely your own products shows no affiliate notice at all.
- It can’t be silently omitted. Disclosure isn’t a setting a creator has to find and enable; it’s on by default and tied to the presence of affiliate links. We don’t provide a way to render a store that’s affiliate-laden but undisclosed.
- We verify it like code. The disclosure behaviour — banner placement above the links, the per-link tag, and the own-product “no disclosure” case — is covered by automated tests that run on every change, so a future edit can’t quietly break compliance.
That’s the broader Passive Loop thesis in miniature: the value isn’t a prettier link page, it’s the tooling around affiliate promotion — and disclosure is the most universal, most-neglected piece of it. (See why a purpose-built affiliate store beats a generic link-in-bio and what an affiliate link-in-bio store should do.)
The bottom line
Disclosure is the rare case where the compliant move is also the profitable one: transparency is what makes a recommendation trustworthy, and trust is what converts. Get it wrong and you risk your network accounts, your reach, and your audience’s confidence. The mistake the industry makes is treating it as the creator’s chore. We treat it as the platform’s responsibility.
If you want the hands-on version — where to put disclosures, copy-paste templates, and a compliance checklist — read our practical FTC/ASA disclosure guide.
Passive Loop is rolling out early access: the store and curated offers are live, with more of the affiliate toolkit on the way. If you’d like compliant-by-default disclosure built into your store — rather than a chore you have to remember on every page — request early access and we’ll let you know the moment you’re in.