The Voluntary Code of Good Practice for Prize Draw Operators is not just a legal document.

It is a system requirement.

If you run a UK prize draw or competition website with both paid entry and a free entry route, the Code changes what your platform needs to do. It is no longer enough to have terms and conditions, a prize page, a checkout, and a postal entry line hidden somewhere in the footer.

The platform itself must show that it protects players, explains how draws work, handles complaints, manages spending controls, supports account suspension, displays free entry routes clearly, and keeps compliance visible.

The Department for Culture, Media and Sport says signatories are expected to implement the Code fully no later than 20 May 2026, and operators signing after that date must comply from the outset.

This guide explains what operators actually need to build.

Not clause by clause in legal language.

But system by system.

Who This Guide Is For

This guide is for UK competition and prize draw operators who run platforms where customers can pay to enter, while also having a free entry route.

It is also useful for:

• founders launching a new prize draw website
• existing operators reviewing compliance
• agencies building competition platforms
• developers handling checkout, account, or draw functionality
• business owners preparing payment gateway or advertising approval

It is not a substitute for legal advice. A solicitor should review your final competition model, terms, and compliance position before launch.

But from a platform perspective, the question is simple:

What must your website and backend actually do?

The Three Compliance Layers

The Code is built around three main areas:

• Player protection
• Transparency
• Accountability

The mistake many operators make is treating these as policy headings.

They are not.

They translate directly into platform features.

Player protection affects registration, age checks, spending limits, credit card rules, harm monitoring, and account suspension.

Transparency affects product pages, free entry routes, draw mechanics, prize delivery, winner publication, odds, and charity claims.

Accountability affects admin processes, internal reviews, third-party marketing, public compliance pages, and documentation.

In simple terms:

Your compliance has to live inside the system.

1. What Needs to Be Built Into the Website

The public website is the first place compliance must be visible.

A competition website should not make users hunt for key information. Important rules, risks, and routes should be visible before the customer enters.

At minimum, the website should include:

• clear “18+ only” messaging
• visible free entry route details where applicable
• clear draw dates
• clear closing dates
• clear prize details
• how winners are selected
• winner publication process
• complaints page
• responsible play page
• privacy policy
• terms and conditions
• player protection / Code measures page

This matters because customers, payment providers, advertising platforms, and potentially regulators all look at the public structure.

If the structure is vague, trust drops.

If the structure is clear, the platform feels serious.

2. What Needs to Be Built Into Registration

Age verification is one of the first practical changes operators need to consider.

A simple checkbox saying “I am over 18” is weak.

A stronger system captures a date of birth, validates it, and prevents under-18 users from entering.

The platform should be able to:

• collect date of birth at registration or before first entry
• validate age server-side
• block under-18 accounts
• store the age verification status
• prevent checkout if verification is missing
• display clear messaging where an entry is blocked

This should not feel clumsy. If the process is badly designed, it creates friction and cart abandonment.

The key is to build age checks into the user journey cleanly.

3. What Needs to Be Built Into the Customer Account

The customer account area becomes much more important under the Code.

It should not only show orders and entries.

It should give customers control.

A strong account area should include:

• entry history
• payment history
• current monthly spend
• spend limits
• account pause option
• account suspension option
• permanent closure option
• marketing preference controls
• support links
• responsible play information

This is where a competition website starts behaving like a proper platform.

The customer should be able to manage participation without needing to email support for every basic action.

That protects the user.

It also protects the operator.

4. What Needs to Be Connected to Payments

Payments are not separate from compliance.

They are part of it.

The platform needs to understand who paid, how much they paid, what they entered, which product type they entered, and whether any spend restriction applies.

For example, if a credit card limit applies, the website must be able to identify and manage credit card spending. If instant win products require different payment restrictions, the checkout must recognise that product type and apply the correct rules.

The payment system should connect to:

• customer account
• ticket selection
• product type
• spend tracking
• checkout rules
• payment method restrictions
• order history
• refund handling
• reporting

A payment gateway alone cannot solve this.

The website, payment provider, and backend need to work together.

5. What Needs to Be Built Into Spend Controls

Spending controls are one of the biggest system requirements.

A platform should be able to track how much a customer spends across all draws during a defined period.

A basic implementation might track monthly spend per account.

A stronger implementation may include:

• fixed monthly limit
• customer-set lower limit
• ability to set limit to £0
• automatic block when the limit is reached
• immediate decreases
• delayed increases
• account messaging when the user approaches the limit
• admin view of customer spend status

This is not just a compliance feature.

It is also a trust feature.

A platform that gives customers control feels more responsible and more mature.

6. What Needs to Be Built for Account Suspension and Closure

Customers should be able to pause, suspend, or close their account.

This needs to work properly behind the scenes.

When an account is suspended, the platform should:

• block paid entries
• block free entries
• stop marketing messages
• prevent checkout
• show clear status messaging
• store the suspension date
• store the reactivation date where relevant

If the customer permanently closes the account, the platform needs a clear process that balances closure with legal, financial, and data-retention obligations.

Do not treat this as a simple button.

It needs workflow logic.

7. What Needs to Be Tracked in the Backend

The backend is where the operator proves that the system is being managed properly.

A serious platform should log:

• account registrations
• age verification status
• entries
• payments
• refunds
• failed payments
• spend limit triggers
• account suspensions
• account closures
• complaints
• support interactions
• draw results
• winner confirmation
• prize delivery evidence

This creates an audit trail.

And an audit trail is what separates a serious operator from a risky one.

If something is challenged later, the operator should not be relying on memory, screenshots, or scattered emails.

The system should show what happened.

8. What Needs to Be Built Into Draw Transparency

Customers need to understand how each draw works before they enter.

Each product page should explain:

• what the prize is
• when the draw closes
• when the winner is selected
• how the winner is selected
• whether entries are capped
• whether free and paid entries enter the same pool
• how the customer receives confirmation
• where winners are published

This should be written in plain English.

Not buried inside long legal terms.

A useful section title is:

How This Draw Works

That simple block can build more trust than a full page of legal wording hidden elsewhere.

9. What Needs to Be Built for Free Entry Routes

The free entry route must be visible.

Not hidden.

Not buried.

Not made difficult.

A good platform should display the free entry route:

• on each relevant competition page
• before checkout
• in the terms and conditions
• in the responsible play or compliance page
• in plain English

It should explain:

• how to enter for free
• what details must be included
• where the entry must be sent
• the deadline
• how the entry is added to the draw
• whether the free entry has the same chance as paid entries

This is a major trust point.

If the free route looks hidden, the whole platform looks weaker.

10. What Needs to Change in Marketing

Marketing cannot suggest that entering prize draws is a solution to financial difficulty.

That means operators should be careful with language such as:

• “change your life”
• “escape your job”
• “solve your money problems”
• “win your way out”
• “financial freedom”
• “last chance to fix everything”

This type of messaging may create serious advertising and social responsibility problems.

Instead, marketing should focus on:

• the prize
• the experience
• transparency
• fairness
• entertainment
• community
• clear entry rules

The Code sits alongside advertising rules, not instead of them. The Advertising Standards Authority regulates advertising across media using the CAP Codes, so competition operators must make sure their advertising is clear and socially responsible.

Your marketing process should include a basic compliance review before ads go live.

11. What Needs to Be Documented Internally

A compliant platform is not only what customers see.

It is also what the business can prove internally.

Operators should maintain:

• compliance checklist
• complaints process
• responsible play policy
• marketing approval process
• draw process documentation
• prize delivery process
• free entry handling process
• data retention policy
• third-party marketing rules
• internal review schedule

This does not need to be complicated.

But it does need to exist.

If something goes wrong, the question becomes:

What process did you have in place?

12. What Needs to Be Published Publicly

One of the most powerful trust assets is a public compliance page.

This page should explain the measures the operator has in place.

A strong page might include:

• age restriction
• spend controls
• account suspension options
• complaints process
• support signposting
• draw transparency
• free entry route
• prize delivery standards
• marketing responsibility
• internal compliance review

Do not make this page sound like marketing fluff.

Make it calm, clear, and practical.

A good title could be:

Our Player Protection and Transparency Measures

This is where compliance becomes brand trust.

13. Common Compliance Gaps

Most operators do not fail because they ignore everything.

They fail because they miss small but important details.

Common gaps include:

• free entry route only shown in terms
• no proper date of birth capture
• no spend limit logic
• no account suspension tool
• no complaints process
• unclear draw mechanism
• no winner publication process
• weak marketing controls
• no internal compliance checklist
• no audit trail in the backend
• payment setup disconnected from platform rules

These gaps are fixable.

But they are easier to fix before launch than after the platform is live.

14. Practical Implementation Checklist

Before the deadline, review your platform against this checklist.

Website:

• 18+ messaging visible
• terms and conditions updated
• free entry route visible
• responsible play page live
• complaints page live
• privacy policy updated
• draw explanation visible on product pages
• winner publication process visible
• compliance measures page published

Customer account:

• date of birth captured
• under-18 users blocked
• spend limits available
• account pause or suspension available
• permanent closure process available
• marketing suppression connected to suspension

Payments:

• payment method rules checked
• credit card restrictions considered
• instant win restrictions considered
• payment provider aligned with competition model
• checkout connected to product type and customer limits

Backend:

• entries logged
• payments logged
• free entries logged
• complaints logged
• suspensions logged
• draw results logged
• prize fulfilment recorded
• compliance review schedule created

Marketing:

• under-18 targeting excluded
• risky financial claims removed
• affiliate content reviewed
• paid ad approval process created
• winner content checked for responsible wording

15. Why This Is Really About Infrastructure

This is where Zylaris views the Code differently.

The Code is not just a compliance problem.

It is a digital infrastructure problem.

A prize draw platform needs:

Digital Presence: clear public pages, trust signals, draw information, and visible player protection.

Digital Systems: customer accounts, spend tracking, complaints workflows, CRM, automation, and reporting.

Digital Infrastructure: payment integration, hosting, security, data protection, audit logs, and performance.

If these layers are disconnected, compliance becomes manual and fragile.

If they are connected, compliance becomes part of the operating system.

That is the difference between a website and a platform.

Frequently Asked Questions

Does the Voluntary Code apply to every competition website?

No. It is aimed at prize draw operators using both paid and free entry routes. Skill-based competitions may sit differently depending on structure, so operators should get legal advice on whether the Code applies directly to their model.

Is the Code law?

No. It is voluntary. However, DCMS has made clear that signatories are expected to implement the measures fully, and poor adoption could lead to stronger regulation in future.

What is the deadline?

The implementation deadline for signatories is 20 May 2026. Operators signing after that date are expected to comply from the outset.

Do I need to rebuild my website?

Not always. Some platforms can be updated. But if your website lacks customer account logic, spend controls, free entry visibility, complaints workflows, or backend logs, you may need deeper development work.

What is the most important thing to fix first?

Start with the user-facing compliance structure: age checks, free entry route visibility, draw transparency, complaints page, and responsible play page. Then move into customer account controls and backend logging.

Can Zylaris help review an existing platform?

Yes. Zylaris can review the current structure, identify system gaps, and map what needs to be built or improved.

Final Thoughts

The Voluntary Code raises the standard for UK prize draw operators.

But the real message is simple:

You cannot run a serious competition platform with disconnected tools, hidden rules, weak checkout logic, and manual backend processes.

The platform must be built to protect players, explain draws clearly, track activity, support complaints, connect payments, and document what happens.

That is not just compliance.

That is infrastructure.

Zylaris builds Competition Platform Systems for serious UK operators who want structure, control, and long-term trust from day one.