From 12 January 2026, the FCA moved to digital-by-default for relevant MiFID-derived retail-client disclosures.
For advisers, platforms, and providers, that changes the assumptions behind how regulated information is delivered, tracked, and evidenced.
This guide sets out what the durable-medium reform means in practice, why it matters, and the steps organisations can consider when reviewing their delivery controls.
Under the FCA’s definition, a durable medium must allow the client to receive information personally addressed to them.
It must allow them to store that information for future reference.
It must allow them to reproduce the information unchanged.
FCA guidance recognises that electronic formats, including email, can meet this standard when they are implemented with appropriate controls.
Of course, paper does not disappear.
Firms still have to tell retail clients upfront that paper is available on request, but digital becomes the starting point for the disclosures in scope.
Why The Change Matters For Financial Services
It Confirms Secure Digital Delivery As The Starting Point
For years, many firms treated paper or portals as the “safe” choice for durable-medium delivery and used email mainly for reminders or marketing.
The updated approach makes clear that secure digital channels can carry in-scope disclosures, as long as they keep information intact, under the client’s control, and available to them over time.
"Moving durable-medium expectations towards digital-by-default changes how advisers, platforms, and providers can think about client journeys end to end.
Done well, it means faster, clearer, and more secure communication for everyone involved."
It Matches How Clients Already Manage Their Lives Online
Most clients do not wake up wanting another portal to log in to.
Research into portal engagement suggests that only a small minority of customers prefer portals, and fewer than one in five log in during a typical month.
Email, by contrast, is where people already watch for important updates from banks, insurers, and advisers.
Sending durable-medium disclosures to a secure inbox reduces the number of steps a client has to take between “we sent it” and “they actually saw it.”
It Supports Consumer Duty Expectations On Outcomes And Engagement
The Consumer Duty asks firms to show that customers receive, engage with, and understand key information.
That is difficult to evidence if documents disappear into a postal system or sit unread behind a portal login.
Secure email platforms can give a clearer picture, with delivery status, access logs, and timing data that help firms monitor patterns and act where engagement is low.
"When durable-medium delivery moves digital-by-default, supervisors will look for proof that clients received disclosures they can store and reproduce unchanged, not just that something left the building."
Paul Holland, Founder and CEO, Beyond Encryption (Mailock)
Firms that rely on portals alone may find it harder to show that customers engaged with the information that mattered most.
Operational And Compliance Impacts
1. Secure Email Becomes A Primary Route For Key Disclosures
The formal change applies to MiFID-derived retail disclosures, but durable medium appears elsewhere in the Handbook too.
Wherever the durable-medium test applies, email can be a realistic delivery option if the setup meets the FCA criteria. The PS25/13 default applies only to the relevant MiFID-derived retail-client disclosures.
In practice, that means a secure email solution that encrypts messages, verifies recipient identity where needed, and keeps content intact in a way that clients can access and store.
2. Firms Can Reduce Print, Post, And Portal Overheads
Print, pack, and post costs have been rising steadily, taking their toll on the operational cost of scaled communications.
On top of this, digital portals have brought ongoing costs for development, security, and customer support.
Securing Client Communications In Financial Services?
Learn how Mailock supports regulated financial firms that need to protect client information while keeping email practical for everyday use.
Shifting suitable documents to secure email gives firms a direct way to cut these overheads while speeding up delivery.
For many organisations, it is one of the simplest ways to improve both cost and experience without changing the underlying products.
3. Evidence For Regulators And Auditors Becomes Easier To Produce
Regulators expect firms to be able to show what was sent, when, and to whom, not just that something was printed at some point.
Secure email platforms can keep time-stamped logs, record delivery attempts, and show when a client accessed a message.
Those records sit alongside encrypted copies of the original content, which helps with investigations, complaints handling, and internal oversight.
What Firms Should Be Doing Now
1. Choose A Secure Email Platform That Supports Durable-Medium Use Cases
If email is going to carry regulated disclosures, unencrypted, consumer-grade email is not enough.
Regulated brands should look for end-to-end encryption, strong recipient authentication, clear audit trails, automated secure delivery for high-volume workloads, and integration with existing systems.
Those capabilities can help firms evidence how communications meet the durable-medium test if challenged.
2. Move Communication Preferences To Digital-By-Default With A Clear Paper Option
The FCA changes allow firms to treat digital as the default for in-scope disclosures, but the conversation with clients still matters.
Onboarding journeys, terms and conditions, and preference capture journeys should set expectations that disclosures will arrive digitally.
They should also explain how clients can ask for paper if needed.
3. Improve Email Data Quality And Monitoring Routines
Digital-by-default only works if messages reach the right inbox.
That means keeping up-to-date email addresses, handling bounce-backs properly, and reviewing engagement data to monitor effectiveness.
Where important messages are not being opened, firms should have a plan to follow up, switch channel, or revisit the contact details they hold.
4. Connect Secure Email To Archiving And Record-Keeping Systems
Secure emails that carry durable-medium disclosures should be treated as part of the firm’s official record.
Most platforms can export or mirror messages into an archive in a tamper-resistant format.
Some are designed to retain audit trails that can support FCA-related record-keeping needs.
Connecting those dots early avoids gaps between client communication systems and compliance tools later.
5. Preparing People And Clients For The Shift
Front-line agents or advisers will often be the ones explaining the change to customers, so they need simple, confident answers.
They should know which communications are moving to digital, what a customer will see when they receive them, and how to help if the process goes wrong.
A clear campaign that sets out why secure email is being adopted can reduce confusion and build trust.
FAQs
Can Advisers Use Secure Email for All Client Documents Now?
Advisers can already use secure email for many client communications, provided the platform supports encryption, access control, and record-keeping in line with the rules that apply.
For relevant MiFID-derived retail-client disclosures, the durable-medium change makes secure digital delivery a default route rather than the exception.
Does a Client Need to Opt in to Digital Delivery?
No. Digital-by-default is permitted for the disclosures in scope, but firms still have to tell clients that paper is available and honour requests for non-digital formats.
Will This Replace Client Portals Entirely?
Unlikely. Portals still have a role for document storage, self-service, and transactional journeys.
The difference is that secure email can take the lead in sending time-sensitive or high-importance documents that require prompt action.
What About Vulnerable Customers and Those Who Struggle with Digital Channels?
Digital-by-default does not remove firms’ responsibilities towards vulnerable customers.
Paper and alternative formats remain important, and firms should be ready to adapt the channel or provide extra support where digital delivery is not appropriate.