From the Trenches is a Blastra series featuring practitioners solving real problems at work - one shot at a time.
"Reviews are a consumer thing - retailers, restaurants, Amazon sellers. They've got nothing to do with B2B software."
I hear a version of that whenever the subject comes up with marketing and growth leaders at software companies. What strikes me is how rarely it comes up at all. In my experience few teams realise that fake and misleading reviews are now regulated, in the markets they already sell into, by named regulators with the power to fine them. The few who have heard something assume, like the speaker above, that it is someone else's problem. Not knowing and waving it away land in the same place, and that place is getting more expensive by the quarter.
I run marketing at TruthEngine, which authenticates and structures review data so that platforms, search engines, AI models and regulators can trust it. Reviews and the rules around them are what I look at all day, which is the only reason I caught this shift early. If none of it is on your radar yet, you are in the large majority. Here is what changed.
There is now real regulation around online reviews, and it is recent
For most of the internet's life, the rules on reviews were vague and rarely enforced. That has changed over the last few years, across three of the markets a typical SaaS company sells into.
The UK. The Digital Markets, Competition and Consumers Act 2024 made fake and misleading reviews a "banned practice" from 6 April 2025. Banned means automatically unfair, so the regulator does not have to prove any individual buyer was misled. The Competition and Markets Authority (CMA), the UK's consumer regulator, can now fine up to 10% of global turnover (annual revenue) without going through the courts, and in 2026 it opened its first review investigations, across sectors from car sales to funerals. An investigation is not a finding of wrongdoing. The signal to everyone else was clear enough.
The US. The Federal Trade Commission's Rule on the Use of Consumer Reviews and Testimonials took effect on 21 October 2024. It bans buying or selling fake reviews, undisclosed insider reviews, suppression of genuine negative ones, and incentives tied to a particular sentiment, and it reaches AI-generated reviews. Unlike the FTC's older guidance, it carries civil penalties of a little over $50,000 per violation.
The EU. Since 28 May 2022 the Omnibus Directive has required any business displaying reviews to disclose whether and how it checks they come from real purchasers. Claim your reviews are verified and you have to be able to show it. Penalties run to 4% of turnover.
Three regimes, one direction of travel: reviews have moved out of marketing's blind spot and into consumer protection law, with named regulators and real fines.
Why "we're B2B" is not the exemption you think
The reasoning sounds airtight: these are consumer protection laws, you sell to businesses, so they are not about you. It leaks in two places.
The first is who your buyers are. Plenty of SaaS companies picture a procurement team at a mid-sized enterprise, but the customer base often includes sole traders, freelancers, consultants and micro-businesses. In UK law a "consumer" is an individual acting wholly or mainly outside their trade, and depending on what they buy and why, a freelancer or sole trader can fall on that side of the line. These laws also protect consumers wherever they are: a company run from California, Berlin or Singapore that markets to UK buyers or shows them reviews can land inside UK scope. Broadly similar cross-border reach applies under the EU and US regimes, though the precise triggers differ.
The second leak ignores the consumer-versus-business line entirely. Your reviews are public, and a journalist, competitor or investor doing diligence will not pause to work out whether a given buyer was technically a consumer before deciding whether your reviews look genuine.
It also helps to know what is in scope, because it goes well beyond inventing five-star reviews. Regulators care about any misleading impression of how customers feel: asking only your happy customers, undisclosed incentives, reviews that cannot be verified. The test they keep returning to: would a reasonable prospective customer be misled by what they are seeing? A lot of standard playbooks fail it.
What's your risk profile?
Not every SaaS company carries the same exposure. Two questions place you. One, do any of your buyers count as consumers, and do you market into the UK or EU? Two, do any of your review tactics create a misleading impression of sentiment? Your answers sort you into roughly three groups.
Lower exposure. You sell large-contract software to enterprises through procurement, your buyers are clearly businesses, and you ask every customer the same neutral question with no strings attached. Legally you are about as far from the firing line as a SaaS company gets. What remains is reputational: keep doing this, and be able to show that you do.
Exposed without knowing it. Where many product-led and SMB-focused companies sit. Your customers include freelancers and micro-businesses, you market across the UK and EU, and somewhere in your funnel a review request goes only to happy customers, or a gift card is attached to a review, or a template asks for "a five-star review." None of it feels like fraud from the inside. It is the exact pattern the new rules describe.
Case study waiting to happen. Your buyers are largely individuals, you market hard into the UK and EU, and reviews are treated as a channel to optimise: paid incentives for positive sentiment, agencies seeding posts, negative feedback quietly routed away from the public profile. If anyone pulls the thread, the story writes itself. Fix this one first.
Your exposure comes down to what your buyers are and how you collect reviews.
The email that creates most of the risk
Most of the risk lives somewhere ordinary: the email Customer Success sends after a good onboarding. Compare two versions.
The risky one:
"So glad you're happy with the platform. Would you leave us a five-star review on G2? We'll send a £50 Amazon voucher to say thanks."
It requests a specific rating, ties a reward to the review, never discloses that reward to future readers, and only ever goes to already-happy customers, so the picture is skewed before anyone writes a word.
The defensible one:
"We're always trying to improve. We'd value your honest feedback, good or bad. If you'd like to share it publicly, here's a link to our G2 profile."
Same message, same schedule, every customer. No rating requested, no reward tied to sentiment. It produces fewer glowing reviews and survives scrutiny.
What to do
Treat review collection as a governance question with a written policy and an audit trail, the same rigour you would give any compliance surface. A sensible starting point:
- write down your review policy, including how you handle incentives and negatives
- give every customer the same opportunity to leave feedback
- stop tying incentives to positive sentiment, and disclose any that remain
- audit what is happening in practice - the CS and lifecycle email templates, any agency review contracts, any incentive workflows - rather than assuming it matches the policy
- check what any agency or contractor does in your name
- train the sales and CS people who send these requests
The trust asset
Reviews shape software purchases every day, which makes them one of the most valuable trust assets a company owns, and that value now cuts both ways: collected the wrong way, the same reviews can be used against you. The upside is that the direction regulation is pushing, toward honest solicitation, real verification and no gaming of sentiment, is the same direction the AI systems now mediating software discovery are pushing. In my view, a review a system can trace to a real, verified customer will increasingly count for more than one it cannot. The companies that earn the most trust over the next decade will be the ones whose review practices can withstand a hard look, from customers, journalists, investors and regulators alike.
This piece is a practitioner's overview of how the regulatory landscape is shifting. It summarises public regulations as I read them at the time of writing, and it is not legal advice. Your own counsel writes your final rules.
Related Reading
- How to Collect B2B SaaS Reviews Without Getting in Trouble — where the compliance lines fall platform by platform across G2, Capterra, Gartner Peer Insights and TrustRadius
- SaaS Review Strategy: How to Stand Out Where Others Stay Silent — what you can and cannot do about a negative review without crossing these lines
- Who Owns Your Software Reviews? What the Fine Print Actually Says — what happens to your reviews when platforms change the rules

