US Digital Advertising Laws: A Practical Guide for UK and Irish SMEs
Table of Contents
If your business runs ads on Meta, Google, or TikTok, you are already operating inside the US digital advertising system, whether you have a single American customer or ten thousand. The platforms are global; the laws are not. US digital advertising laws apply to any advertiser whose campaigns reach US consumers, regardless of where that advertiser is based. For SMEs in Belfast, Dublin, and London, that is a more immediate compliance issue than most marketing teams realise.
This guide explains the core US digital advertising laws in plain terms, sets out what they require from non-US advertisers, and shows how the right web design, content strategy, and campaign structure help you meet those requirements without slowing down your marketing.
Why US Advertising Laws Matter to Businesses in Belfast, Dublin, and London
The Federal Trade Commission’s jurisdiction follows the consumer, not the advertiser. If a UK or Irish business places a Meta ad that reaches US users, runs an influencer campaign on YouTube with American viewers, or sells through a US-facing Shopify store, the FTC’s rules on truth in advertising, disclosure, and data collection apply. This is not a technicality; the FTC has pursued enforcement actions against non-US companies through international cooperation agreements and by targeting US-based payment processors and platform accounts.
The practical implication for SMEs is straightforward. Before launching any campaign on a platform serving US audiences, you need to understand the US digital advertising laws that apply to your ad copy, disclosures, website design, and data handling.
Northern Irish businesses face a particular version of this challenge. Running ads that hit audiences in both the Republic of Ireland (EU law) and the United States (FTC, CCPA) simultaneously means operating under two separate regulatory frameworks at once. Getting the campaign structure and website right from the start is considerably cheaper than unpicking a compliance problem after a platform audit or regulatory complaint.
As Ciaran Connolly, founder of ProfileTree, notes: “Compliance is often treated as a cost businesses absorb after something goes wrong. For SMEs advertising into the US market, the smarter approach is building it into your campaign structure and your website from the outset. The technical decisions, consent flows, disclosure copy, and ad creative all carry legal weight.
The FTC Act: Truth in Advertising for Non-US Brands
The Federal Trade Commission Act, Section 5, prohibits unfair or deceptive advertising practices. This is the foundational piece of US digital advertising law, and it applies to any ad that reaches a US consumer. The FTC’s standard is the “net impression” test: what overall impression does the ad create in the mind of a reasonable consumer? If that impression is false or misleading, the ad violates the Act, regardless of whether any individual claim is technically accurate.
For UK and Irish advertisers, the most common areas of FTC exposure are:
Substantiation of claims. Any objective claim in an ad, from “best-in-class results” to a specific performance statistic, must be supported by evidence held before the ad runs. The FTC requires that advertisers have a reasonable basis for every claim. Vague superlatives are problematic; specific claims without data behind them are worse.
Clear and conspicuous disclosures. The FTC applies a four-part test to disclosures: placement, proximity, prominence, and absence of distraction. A disclosure buried in a footer, written in grey text on a white background, or placed after a call to action does not meet the standard. This has direct implications for landing page design and ad creative.
Influencer and affiliate disclosures. Any material connection between an advertiser and someone promoting their product must be clearly disclosed. For UK brands using influencer campaigns that reach US audiences, the ASA’s “#ad” requirement and the FTC’s endorsement guidelines apply simultaneously. The disclosure must be conspicuous on the platform where the content appears, not just in a bio or comment.
ProfileTree’s content marketing team works with SME clients to build disclosure-compliant content strategies that satisfy both UK ASA requirements and FTC guidelines without making the copy feel defensive or cluttered.
Data Privacy: CCPA, CPRA, and US State Laws from a UK Perspective
The California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), is the most significant piece of US state-level digital advertising law for businesses with any US web traffic. It applies to businesses that meet any one of three thresholds: annual gross revenue above $25 million; buying, selling, or sharing the personal information of 100,000 or more California consumers or households annually; or deriving 50% or more of annual revenue from selling personal information.
Most SMEs will not cross these thresholds. But the CCPA’s influence extends beyond its direct enforcement scope in two ways. First, it has shaped platform-level data-handling rules across Meta, Google, and other ad networks, meaning advertisers anywhere in the world are subject to its downstream effects through their campaign settings. Second, several other US states have passed comparable privacy laws, and the cumulative picture is moving towards a de facto national standard.
GDPR vs CCPA: Key Differences for Your Website
| UK GDPR | CCPA/CPRA | |
|---|---|---|
| Consent model | Opt-in required | Opt-out required (with some opt-in exceptions) |
| Right to delete | Yes | Yes |
| Right to know what data is held | Yes | Yes |
| Right to opt out of data sale | Not applicable in the same form | Core right |
| Applies to | Any organisation processing EU/UK personal data | Businesses meeting revenue or volume thresholds |
| Penalty ceiling | Up to 4% of global annual turnover | Up to $7,500 per intentional violation |
The key operational difference for SMEs is that UK GDPR requires opt-in consent before data collection, while CCPA requires opt-out capability after collection. A website designed to meet UK GDPR will generally exceed CCPA’s minimum requirements, but the opt-out mechanism and privacy notice language must be explicitly CCPA-compliant if your site receives California traffic.
Dark Patterns and the FTC’s UX Guidance
The FTC’s 2022 report on dark patterns has made web design a compliance matter in its own right. Dark patterns are interface design choices that manipulate users into actions they did not intend, including pre-ticked consent boxes, confusing unsubscribe flows, and subscription sign-ups that obscure cancellation terms. The FTC has made clear that dark patterns in advertising and purchase flows constitute unfair or deceptive acts under Section 5.
For UK and Irish SMEs with US-facing websites, this means that cookie consent flows, email sign-up forms, and checkout processes all carry regulatory weight. ProfileTree’s web design and development team builds consent and data flows that satisfy both UK ICO expectations and FTC dark pattern guidance, reducing legal exposure without adding friction to the user journey.
COPPA: Advertising to Under-13s
The Children’s Online Privacy Protection Act applies to any website or online service directed at children under 13, or any general-audience site that has actual knowledge it is collecting data from under-13 users. It requires verifiable parental consent before collecting personal information from children, prohibits behavioural advertising to this age group, and places strict limits on what data can be retained.
For most B2B or general consumer SMEs, COPPA is not a primary compliance concern. It becomes relevant if your product could appeal to children, if your advertising runs on platforms or channels with significant under-13 audiences, or if your website collects data through forms or cookies without robust age-screening. The FTC has fined major platforms significant sums for COPPA violations; smaller advertisers who knowingly place behavioural ads targeting children face equivalent scrutiny.
The practical compliance step for most SMEs is an honest audit of where their ads appear and what data their website collects. Age-gating on relevant landing pages and explicit exclusions of under-13 audiences in platform campaign settings are both technical decisions that web development and campaign management teams handle as standard.
Platform-Specific Rules: Meta, Google, and TikTok as Enforcers
Beyond the direct regulatory framework, the major ad platforms have incorporated US digital advertising laws into their own policies and enforcement systems. Meta’s advertising policies, Google’s Ad Policy Centre, and TikTok’s advertising guidelines each layer additional requirements on top of FTC and CCPA standards.
Platform enforcement is often faster and more immediately damaging to a business than a regulatory investigation. Account suspensions for policy violations can happen within hours; reinstatement takes days or weeks. For SMEs that rely on paid social or search advertising as a primary acquisition channel, a suspended account during a key campaign period is a serious operational risk.
The most common platform-level compliance issues for UK and Irish advertisers include:
Targeting restrictions. Meta and Google both restrict advertiser data use for sensitive categories, including health, finance, and political content. These restrictions apply regardless of where the advertiser is based.
Advertiser verification. Google now requires advertiser identity verification for certain ad types and regions. UK businesses running US-targeted campaigns may need to complete additional verification steps.
AI-generated content disclosure. TikTok, Meta, and YouTube have introduced mandatory labelling requirements for AI-generated content in ads. This is an emerging area where platform policy is running ahead of formal regulation, but non-compliance carries immediate enforcement risk.
ProfileTree’s digital marketing strategy service includes platform compliance reviews as part of campaign setup, identifying policy risks before they trigger account-level action.
Strategic Compliance: Turning Advertising Law into Competitive Advantage
Most SMEs treat digital advertising laws as a constraint on what they can say and do. A better framing is that compliance is a signal of brand trustworthiness. In markets where consumers are increasingly aware of data rights and advertising transparency, a business that handles consent clearly, discloses paid relationships honestly, and avoids manipulative UX patterns builds a stronger long-term relationship with its audience than one that treats compliance as a minimum to clear.
There are three areas where getting compliance right actively improves marketing performance.
Disclosure copy that converts. FTC-compliant disclosure language does not have to read like a legal notice. ProfileTree’s content marketing team writes disclosure statements and sponsored content labels that satisfy FTC and ASA requirements while maintaining the tone of the surrounding creative. Clear, honest disclosure copy consistently outperforms attempts to obscure paid relationships, particularly with audiences who have grown sceptical of undisclosed promotion.
Consent flows that reduce bounce. A poorly designed cookie consent banner or data collection form increases bounce rates and reduces conversion. Building consent flows that are clear, non-manipulative, and quick to complete satisfy regulatory requirements and improve the on-site experience. This is one of the areas where web design and legal compliance overlap most directly.
AI tools and regulatory exposure. Businesses using AI-generated ad creative, AI-driven audience targeting, or automated content personalisation face a growing body of FTC guidance on disclosure and deceptive practices in AI advertising. ProfileTree’s AI implementation service helps SMEs identify which AI marketing tools carry regulatory risk under current FTC and platform guidelines, and how to use them within compliant frameworks.
SME Compliance Checklist: US-Facing Digital Advertising
Before launching any campaign that will reach US audiences, work through these checks:
| Area | Check |
|---|---|
| Ad claims | Every objective claim has supporting evidence held before the ad runs |
| Disclosures | All material connections (paid, gifted, affiliated) are clearly disclosed on the platform where the content appears |
| Influencer campaigns | Disclosure language meets both ASA and FTC standards |
| Website consent flows | Cookie consent, email sign-up, and data collection forms meet CCPA opt-out requirements |
| Dark patterns | No pre-ticked boxes, hidden unsubscribe options, or confusing cancellation flows |
| COPPA | Under-13 audiences excluded from behavioural ad targeting where relevant |
| Platform compliance | Campaign settings reviewed against current Meta, Google, and TikTok ad policies |
| AI-generated content | Labelled in accordance with platform requirements |
| Privacy notice | US-specific language included if site receives California traffic above CCPA thresholds |
| Data breach plan | Process in place to notify affected individuals if a breach occurs involving US consumer data |
The Current Regulatory Landscape
US digital advertising laws are not static. The FTC published updated endorsement guidelines in 2023, strengthening disclosure requirements for influencers and affiliates and extending them explicitly to AI-generated content. Several states have passed new privacy laws beyond California, including Virginia, Colorado, Connecticut, and Utah, creating a patchwork of state-level requirements that is gradually pushing towards a de facto national standard.
At the federal level, the American Privacy Rights Act has been under discussion in Congress as a potential national framework to replace the state-by-state approach, though as of the time of writing, it has not been enacted. Advertisers should monitor its progress, as a federal standard would simplify compliance significantly but may introduce new requirements that differ from existing state laws.
The EU’s Digital Markets Act and Digital Services Act, though not US legislation, are reshaping the operating practices of the major US platforms in ways that affect advertisers worldwide. Platform-level changes driven by DMA compliance, particularly around data use for targeting, directly affect how UK and Irish businesses run campaigns on those platforms, regardless of whether they advertise into EU markets.
For a fuller picture of UK and Irish compliance obligations alongside these US frameworks, see our guide to the ethics and legalities of digital marketing.
Frequently Asked Questions
Does a UK company have to follow US digital advertising laws?
Yes, if its campaigns target or reach US consumers. The FTC’s jurisdiction follows the consumer, not the advertiser’s location. UK and Irish businesses running ads on platforms that serve US audiences are subject to FTC rules on truth in advertising, disclosure, and data handling. Non-compliance is enforceable through international cooperation agreements and through actions against US-based platform accounts and payment processors.
What is a “clear and conspicuous” disclosure under FTC rules?
The FTC applies four criteria: placement (visible without scrolling on the device where the ad appears), proximity (near the claim it qualifies), prominence (readable size and contrast), and absence of distraction (not surrounded by competing visual elements). A disclosure that fails any of these tests does not meet the standard, regardless of whether the information is technically present somewhere on the page.
Can the FTC fine a company based in Ireland or the UK?
Yes. The FTC has pursued non-US companies through international enforcement cooperation and by targeting their US-based digital assets, payment processors, and platform accounts. The Irish Data Protection Commission and UK ICO also cooperate with US regulators on cross-border cases involving EU and UK consumer data.
Does GDPR compliance cover US advertising requirements?
Not fully. UK GDPR’s opt-in consent model generally exceeds CCPA’s minimum requirements, but the two frameworks are distinct. CCPA requires a specific “Do Not Sell or Share My Personal Information” opt-out mechanism that GDPR does not, and the two laws differ on what counts as a “sale” of personal data. Businesses need to address both frameworks separately.
What are the rules for UK influencers whose content reaches US audiences?
UK influencers must meet both ASA and FTC disclosure standards simultaneously. The ASA requires “#ad” or equivalent labelling for paid partnerships. The FTC requires that the disclosure is clear, conspicuous, and placed where viewers will see it before engaging with the content. A disclosure buried below a long caption or in a bio does not satisfy FTC requirements even if it meets ASA minimums.
What US digital advertising laws apply specifically to children?
COPPA applies to websites and online services directed at under-13s, or general-audience sites with actual knowledge they are collecting data from that age group. It prohibits behavioural advertising to children, requires verifiable parental consent for data collection, and places strict limits on data retention. Advertisers should exclude under-13 audiences from behavioural targeting settings on all US-facing campaigns where there is any possibility of reaching that age group.