Becoming an expert in the laws surrounding a gym isn’t usually top of mind when you set up. But as any trainer knows, you are dealing with both people and machines, and each of these poses risks. Weights fall, human bodies get tested, and accidents and injuries happen.
It won’t surprise you to know that Injury-related claims make up the majority of legal cases in the fitness world, accounting for 67% of lawsuits filed against personal trainers and gyms in the USA.
But of course, this is only one category of lawsuits, and there are many others.
From sexual harassment or misconduct cases to contract and refund disputes. And of course, discrimination and accessibility concerns are now a growing area of litigation. All of these types of action can and do end in fines, compensation, and court costs.
The list is long and expanding.
For some of you, compliance will be good enough. But in compiling this guide, we want to go further. Because you want to be able to run your gym with confidence and optimism, not a sense that the next legal case is only around the corner, we have produced the ultimate guide.
It breaks down the categories of legal issues in the USA, but also takes in other dominions like the UK, Europe, including Malta, and Australia.
Gym compliance in the US: Legal framework in the US (What drives compliance in practice)
In the U.S., gym compliance operates on multiple legal layers: local (city/county), state, and federal. Often, the most urgent and impactful issues start at the local level, where zoning, building code, occupancy, and fire safety requirements determine whether your gym can open, operate, or expand. These aren’t fitness-specific laws; they’re general business, safety, and public use rules that all facilities must satisfy.
For example, one boutique gym in Texas faced weeks of enforced closure and costly renovation work because local inspectors discovered that showers and electrical upgrades were completed without permits. The gym had to undo and redo work at its own expense before reopening, a delay that shattered its launch momentum and strained cash flow.
At the federal level, workplace safety and consumer protection expectations create baseline obligations if you employ staff, process payments, store personal data, or use advertising that might be challenged under deceptive practice laws. The Occupational Safety and Health Administration (OSHA) doesn’t write “gym-specific rules.” Still, its standards on emergency action planning, hazard assessment, and employee training shape what a legally “safe workplace” looks like.
Part of the work of this guide is to translate some of those outside elements and show how they are relevant to running a gym.
Here’s another example of some federal rules that some gyms have fallen foul of in the last few years.
Signing them up, but not letting them go
Recent federal action was taken against a trio of major gym operators: LA Fitness, Esporta Fitness, City Sports Club, and Club Studio for “opaque and complicated methods” which made cancellation extremely difficult.
While there were numerous people to sign them up, to be able to cancel a subscription was made unduly difficult. There was only one member of the team sanctioned to do this, and they were often in at very sporadic hours. This would have been infuriating for anyone trying to cancel, and not surprising that the federal regulators took a dim view of it too.
This shows that regulators are watching fitness contracts and billing practices as well as physical safety.
Prioritization for a new gym
If you’re opening and have limited bandwidth, the areas most likely to cause an acute problem in year one are: employment misclassification, membership contract compliance, premises liability/AED requirements, and music licensing. The others, particularly biometric data and ADA website compliance, are real but more likely to surface later as you grow. Getting an attorney to review your membership agreement and employment structure before opening is probably the single highest-ROI legal spend a new gym can make.
1. Employment law
Of all the legal domains a gym owner must navigate, employment law generates the most frequent and costly disputes. Unlike a single-event liability claim or a one-time regulatory penalty, employment law problems tend to compound over time.
A. W2 or 1099r? Gyms routinely misclassify personal trainers as independent contractors when they function as employees. There are many reasons for this, and indeed, this area of law has come in for some significant revisions between the Biden and Trump eras. This chapter deals with how the IIRS and the Department of Labor scrutinize fitness industry contractor arrangements closely.
B. Hiring and termination practices, at-will employment has limits, and gyms with high staff turnover are exposed to wrongful termination claims.
C. The Fair Labor Standards Act sets overtime rules for front desk and floor staff.
D. Sexual harassment prevention (as discussed above) is mandatory in many states, regardless of employee count
2. Premises liability
Gyms are physically potentially dangerous environments, and this creates ongoing legal exposure.
A. Negligence claims from member injuries, wet floors and improperly maintained equipment
B. AED (Automated External Defibrillator) requirements. Many states legally mandate that gyms have AEDs on premises and staff trained to use them. Pennsylvania, New York, California, Illinois, and other states all have specific AED statutes for health clubs
C. Adequate supervision standards, some states have rules about instructor-to-participant ratios in certain class formats
3. Membership contract law
The membership contract governs the relationship with every paying member and how either party can exit the arrangement. As recent cases with the likes of LA Fitness and Esporta show, unethical practices will be punished. Here are some of the main areas to look at.
A. Mandatory cancellation rights and cooling-off periods
B. Restrictions on contract length and automatic renewal clauses
C. Refund obligations for closures or service disruptions
Many of these laws have per-violation penalty structures so that noncompliant contracts can generate outsized liability
4. Zoning, licensing & permits
Any gym exists within a web of local regulatory obligations that are entirely distinct from the state-level and federal legal frameworks governing employment, contracts, and consumer protection. These are some of the most important ones.
A. Certificate of Occupancy
B. Zoning compliance, gyms with loud music, heavy foot traffic, or early/late hours generate neighbor complaints that become zoning enforcement issues.
C. Business licenses, mercantile licenses, and, in some states, health club-specific registrations
D. Music licensing, see intellectual property.
5. ADA compliance (Disability Act)
Unlike employment law thresholds that kick in at 15 employees, or state health club registration requirements that vary by state, the ADA’s Title III public accommodation obligations apply to a gym with two members as readily as one with twenty thousand.
A. Physical accessibility: parking, entrances, locker rooms, equipment spacing
B. Equipment accessibility obligations are evolving
C. ADA complaints and DOJ enforcement actions against gyms have increased in recent years. Website accessibility (WCAG compliance) is increasingly being litigated; gyms with online booking systems are exposed here.
6. Intellectual property
Two areas of intellectual property often come up for gyms. The first is trademark law, which governs products like ‘Zumba’ or franchise branding. The second is what happens when a gym posts workout videos online with copyrighted music in the background. General licensing of music is covered in section 2 on premises.
A. Naming your new gym. Naming your gym so that you can ‘own’ some intellectual property as well as a gym is an effort worth making. You may not be planning to create a franchise, but it’s nice if things work out really well. Here are some things to watch out for.
B. Branded fitness programs, using names like “CrossFit,” “Zumba,” or “Pilates” (in some jurisdictions) without proper licensing or certification, can trigger trademark claims.
C. Social media content, using music in workout videos posted online, adds a separate layer of licensing exposure beyond in-gym performance rights.
D. Picture licensing.
7. Data privacy
The era when a gym can collect a huge volume of personal data, such as names, addresses, payment information, emergency contacts, health questionnaires, body composition metrics, etc., with minimal legal scrutiny is over.
A. Biometric data laws are the sharpest edge here. Illinois’ BIPA (Biometric Information Privacy Act) is the most aggressive in the country and applies to any gym using fingerprint or retinal scanners for check-in. BIPA has a private right of action with statutory damages of $1,000–$5,000 per violation, and class actions against gyms have already occurred.
B. California, with its Consumer Privacy Act (CCPA), Virginia, Colorado and other states have general consumer data privacy laws that apply if you’re collecting member data digitally.
C. If you use any health-related data (body composition tracking, health questionnaires), HIPAA may apply depending on how that data is handled.
8. Tax classification & structure
A. Not strictly “law” but closely related: Tax and business structure decisions do not carry the courtroom drama of a lawsuit, but they are decisions made on day one that shape a gym’s legal and financial exposure for as long as it operates.
B. Sales tax on memberships varies by state; some states tax gym memberships, others don’t, and getting this wrong creates back-tax liability.
C. Proper classification of trainers and instructors (employee vs. contractor) has both tax and employment law consequences, as noted above.
9. Food, supplement & product sales
A. The FDA regulations on supplement labeling and health claims apply
B. State food handler permits may be required
C. Product liability exposure if a supplement causes harm
10. Beyond the US, the outline differences in each country
While the US relies heavily on statute-by-statute, state-by-state layering, with federal minimums, the UK, EU, and Australia rely more on centralized frameworks. Here is an introduction to other jurisdictions.
A) United Kingdom
B) Europe and Malta
C) Australia
1. Employment law for US gyms
Of all the legal domains a gym owner must navigate, employment law generates the most frequent and costly disputes. Unlike a single-event liability claim or a one-time regulatory penalty, employment law problems tend to compound over time. Misclassification that began on day one can result in years of back pay liability.
A. Employee or contractor?
No single employment law issue costs gym owners more money than misclassifying personal trainers as independent contractors. It is pervasive in the fitness industry, and it is frequently wrong.
The legal distinction between an employee and an independent contractor turns on the economic reality of the working relationship, not on what the contract says or what title is used. The IRS applies a multi-factor test examining behavioral control. Here are the two types of categories:
1099: In a nutshell, the contractor invoices the gym, sets their own hours, often brings their own clients, and is responsible for their own taxes.
W-2: The gym withholds taxes, sets schedules, and the person is treated as a regular employee. However, these distinctions vary from state to state.
For a deeper dive into managing your staff payments correctly, see our comprehensive gym payroll guide.
California’s AB 5 impact
Under California’s AB 5, to classify a fitness trainer as an independent contractor, a gym must prove all three parts of the “ABC Test”: that the worker is free from the gym’s control, performs work outside the usual course of the gym’s business, and is customarily engaged in an independently established trade. Because most gyms fail part (B), training is obviously the core business of a gym; the law effectively requires most California gyms to treat trainers as employees.
The consequences of getting this wrong are severe. A misclassified trainer who is later deemed an employee is owed back pay, unpaid overtime for any hours over 40 per week, and the employer’s share of Social Security and Medicare taxes going back years. The gym may also face IRS penalties and interest. Class action lawsuits, in which multiple misclassified trainers join together to sue, are common in the fitness industry and can expose a gym to liability running into six or seven figures.
For a trainer to legitimately function as an independent contractor, they should: maintain their own liability insurance, set their own rates and schedules, bring their own clients, have the freedom to work at multiple facilities, and not be subject to the gym’s operational policies in how they conduct sessions. Many gyms structure “booth rental” arrangements, where the trainer pays the gym for space, as a cleaner approach to contractor status, but even these must be carefully structured to hold up to scrutiny.
The core problem is that many gyms treat trainers like employees while labeling them contractors to save money. The key red flags are: the studio establishing training programs, clients paying the studio rather than the trainer directly, the studio setting prices, and the studio dictating schedules. The Employer Report. If a gym answers “yes” to most of those questions, regulators will likely say the trainer is an employee, not a contractor.
Equivalent laws in other states
California is the strictest, but it’s far from alone. There are many states that use the ABC test to decide whether someone is an independent contractor, including Massachusetts, New Jersey, Oregon, Connecticut, Illinois, Washington, Vermont, and more than 20 others.
The key states to know, particularly for the fitness industry:
Massachusetts has used the ABC test even longer than California, and its version is considered equally or more stringent. The “B” prong (work must be outside the usual course of the hiring entity’s business) is very difficult for gyms to satisfy.
New Jersey: New Jersey Governor Phil Murphy signed five new misclassification bills in January 2020. These significantly increased punishments for misclassifying independent contractors include higher fines and the possibility of the government shutting down offending businesses. BFS Network New Jersey has also recently proposed codifying additional principles and factors for the ABC test, placing the full burden of proof on the company to establish that all three prongs are met. A&O Shearman
Washington, Oregon, Connecticut and Illinois all use the ABC test in some form, making personal trainer contractor arrangements risky in these states for the same “Prong B” reason.
States Using the common law/more lenient test: States including Florida, Texas, New York, Michigan, Minnesota, and several others use the Common Law test, which presumes a worker is an independent contractor unless specific standards prove otherwise: the revloyers with 15 or more employees.erse of the ABC test’s presumption. Gyms in these states have considerably more latitude to engage trainers as contractors, though they still face IRS scrutiny.
The federal picture
In May 2025, the Department of Labor announced it would no longer enforce the stricter 2024 independent contractor rule and reverted to a more traditional “economic realities” test, which is more lenient and flexible, potentially allowing more workers to be considered independent contractors. This offers some relief at the federal level, but state laws (like AB 5 and Massachusetts’ equivalent) still apply and are not overridden by the federal rollback.
The Equinox case: the biggest recent example
The most significant recent case was a class action against the luxury gym chain Equinox. A federal court approved a $12 million settlement in 2025, resolving claims that Equinox systematically failed to pay overtime to thousands of its New York-based personal trainers. The trainers alleged that Equinox’s flat rate of pay violated federal and state overtime laws. This is seen as a landmark outcome for wage and hour protections across the fitness industry.
Practical takeaways for gym owners and trainers
Regulators look closely at whether a trainer truly operates independently or functions like an employee in practice. If the gym dictates a trainer’s schedule, pricing, branding, and methods, authorities may rule that the trainer should have been classified as an employee. Misclassification penalties can include back taxes, fines, and legal fees. Cloud Gym Manager
A trainer is more likely to qualify as an independent contractor if they legitimately:
- Set their own rates and collect fees directly from clients
- Work across multiple studios or gyms
- Design their own programs without gym oversight
- Provide their own equipment
- Control their own schedule
B. Hiring, termination, and at-will employment
Gyms typically operate with high staff turnover, a reality of the industry, but high turnover means frequent hiring and termination decisions, each of which carries legal exposure. The at-will employment doctrine, which allows employers and employees in most US states to end the employment relationship at any time for any reason, is real but narrower than many gym owners assume.
On the hiring side, Title VII and its state equivalents prohibit discrimination based on race, sex, religion, national origin, disability, age (for workers 40 and older under the ADEA), and other protected characteristics. Interview questions probing into a candidate’s family plans, national origin, or medical history, even casually, create legal exposure. Many states and cities, including New York City and California, also prohibit salary history inquiries. Background check procedures must comply with the Fair Credit Reporting Act and, in many jurisdictions, “ban the box” laws that restrict when criminal history can be considered.
On the termination side, while at-will status gives broad latitude, several exceptions apply consistently. Employees cannot be terminated for a discriminatory reason, for exercising a protected right (such as filing a wage complaint or taking FMLA leave), or, in some states, in violation of an implied contract created by an employee handbook. That last point catches many gym operators by surprise: an employee handbook that describes a progressive discipline process, verbal warning, written warning, termination, can be interpreted as a contractual obligation to follow that process before firing someone. If the gym skips steps and terminates abruptly, a wrongful termination claim becomes more viable. Handbooks should include clear at-will disclaimers and avoid language that implies guaranteed procedures.
Documentation is the single most important protective practice in this area. Gym managers should document performance issues, disciplinary conversations, and the reasons for termination decisions in writing at the time they occur, not after a claim has been filed. Contemporaneous documentation is credible; documentation created in response to a lawsuit is less so.
Staff compliance: training, classification & legal exposure
Staff compliance is where many gym owners create risk without noticing. When an injury occurs, liability often hinges not just on what happened, but whether the staff was trained and competent.
Courts and liability analysts frequently rule against gyms that cannot prove consistent onboarding, training, or supervision standards. In fitness negligence lawsuits, failure to document staff training or competence can be decisive.
Additionally, misclassifying trainers as independent contractors when they function like employees can create tax exposure, insurance gaps, and wage disputes. The IRS uses specific criteria to determine employment status, and your contracts must match reality, not assumptions.
Certifications matter too. Even if a specific state law doesn’t mandate a credential, insurance carriers and courts often treat documented professional certification and CPR/first-aid credentials as baseline evidence of competence. Failing to maintain or verify these can weaken your defenses in injury claims.
C. Fair Labor Standards Act overtime rules for front desk and floor staff
The Fair Labor Standards Act requires employers to pay non-exempt employees time-and-a-half for any hours worked over 40 in a workweek. For gyms, this creates specific operational challenges that owners frequently underestimate.
Front desk staff, cleaning crews, and floor attendants are almost always non-exempt hourly workers to whom overtime rules apply without exception. The problem gyms run into is the nature of fitness center operations: early morning hours, late evening hours, weekends, and holiday coverage mean staff regularly approach or cross the 40-hour threshold. Managers who ask staff to “stick around a bit” after a shift, cover for absent colleagues, or attend mandatory all-hands meetings without recording those hours are creating unpaid wage claims. The FLSA’s statute of limitations runs two years for inadvertent violations and three years for willful ones, meaning a gym can face substantial back-pay claims long after the offending practices occurred.
Group fitness instructors present a particular gray area. Many gyms pay instructors a flat per-class rate, which can work, but only if total hours are tracked, and the effective hourly rate never falls below federal or state minimum wage, and overtime is paid when applicable. Several states, including California and New York, have minimum wage rates significantly above the federal $7.25 floor, and California applies overtime rules after 8 hours in a single day, not just 40 hours per week. Gym owners operating in multiple states need state-specific payroll practices, not a one-size-fits-all approach.
Best practice is a robust timekeeping system that captures all hours worked, a clear policy prohibiting off-the-clock work, and regular payroll audits. The cost of implementing proper timekeeping systems is trivial compared to the cost of a Department of Labor investigation or a collective action lawsuit.
D. Sexual harassment
Sexual harassment in fitness facilities is a serious safety, legal, and retention issue that gym owners must address proactively. Research shows that a large portion of women experience harassment, including unwelcome comments, staring, or encroachment of personal space, in gym and leisure settings, and many change their behavior or avoid certain areas because of it. A growing number of gyms have women-only sessions, and for a variety of reasons, many women like that sort of environment.
The legal definition of sexual harassment
Under US law (Title VII and applicable state laws), sexual harassment is unwanted conduct of a sexual nature that creates a hostile, intimidating, or offensive environment. In a gym, this applies to both staff-member and member-member interactions.
Common examples in a gym setting
Verbal
- Making comments about someone’s body, physique, or appearance in a sexual way (“you have a great ass”)
- Asking intrusive personal questions about someone’s body or sex life
- Making sexual jokes or innuendo directed at someone
- Repeatedly asking someone out after being told no
- Catcalling or making sounds/whistles
Physical
- Touching, grabbing, or brushing against someone without consent (e.g., unsolicited “spotting” that involves touching intimate areas)
- Blocking someone’s path or trapping them in a space
- Any unwanted physical contact of a sexual nature
Visual/non-verbal
- Staring or leering at someone’s body persistently and obviously
- Taking photos or videos of someone without consent (illegal in most US states)
- Sending unsolicited sexual images via gym apps or social platforms after meeting at the gym
- Making obscene gestures
Digital (increasingly relevant)
- Using information from the gym’s sign-in system or social boards to contact someone inappropriately
- Persistent unwanted messages after meeting at a gym
Key legal concepts
- “Unwelcome” is the critical word; the behavior doesn’t have to be intentional, just unwanted
- A single severe incident (like groping) can constitute harassment; it doesn’t have to be repeated.
- Quid pro quo harassment also applies, e.g., a trainer offering free sessions in exchange for sexual favors.
- Both staff and other members can be liable; the gym itself can be liable if it fails to act on a complaint.
What makes gyms particularly vulnerable to sexual harassment action?
- Minimal clothing is the norm, which some people misuse as an excuse
- Isolated areas (locker rooms, stretching areas, equipment rooms)
- Power dynamics between trainers and clients
- Repeated contact with the same people daily
If someone experiences this, they can report it to gym management, file a complaint with the EEOC (if it involves an employee), or pursue a civil claim. Many states also have broader protections covering public accommodations like gyms.
Modern gym policies, like those used by FitSpot Gym and PureGym, take a zero‑tolerance stance, applying to members, staff, contractors, and visitors alike, with clear definitions and procedures for reporting and investigation. In practice, effective harassment protocols include written anti‑harassment policies, anonymous reporting channels, visible staff presence, and swift corrective action when misconduct is substantiated.
Sexual harassment isn’t just uncomfortable; it can be a legal obligation to prevent and address it. Fitness facilities are expected to create environments where everyone can work out safely and respectfully; failing to do so can lead to membership loss, reputational harm, and in some jurisdictions, legal complaints under anti‑discrimination or consumer protection frameworks.
Implementing staff training, including how to recognize inappropriate behavior and support affected members, further enhances safety and retention, helping ensure that all gym users feel confident and respected while pursuing their fitness goals.
Title VII of the Civil Rights Act (1964)
This is the foundational federal law, but it only directly applies to the employment relationship. Title VII prohibits sexual harassment in the workplace and covers employers with 15 or more employees. So if a gym has 15+ employees, it has legal obligations to prevent sexual harassment among staff, including training, complaint procedures, investigation protocols, and so on. A gym that ignores harassment of a personal trainer by a manager, for instance, faces real federal liability.
Title IX: This one matters specifically for gyms attached to schools, universities, or that receive federal funding. Title IX prohibits sex-based discrimination, including sexual harassment, in any education program or activity receiving federal financial assistance. City of Bethlehem, so a college rec center, a YMCA that takes federal grants, or a gym operating within a school district is legally required to have anti-harassment policies and response procedures under Title IX, with far more prescriptive obligations than a private commercial gym.
State human rights laws
This is where it gets significantly broader. Most states have their own anti-discrimination and anti-harassment laws that extend beyond the federal 15-employee threshold and sometimes cover customers, not just employees.
- New York, for example, has some of the broadest protections. New York’s Human Rights Law covers employers with as few as one employee and explicitly extends harassment protections to customers and clients in places of public accommodation. Pennsylvania Code and Bulletin. A gym is almost certainly a place of public accommodation under NY law, meaning a member harassed by staff, or in some interpretations, by another member if the gym was aware and did nothing, could have a legal claim.
- California’s Unruh Civil Rights Act similarly covers public-facing businesses and creates obligations toward customers in commercial establishments.
- Many states have enacted or strengthened these laws significantly after 2017–2018.
Places of public accommodation
This is the most underappreciated legal exposure for gym owners specifically. Most gyms qualify as places of public accommodation under state civil rights laws, which means they can face liability not just for employee-to-employee harassment but for creating or tolerating a hostile environment for members. Bethlehem Township. If a gym is repeatedly notified that one member is harassing others and does nothing, that inaction itself can become a legal problem, independent of any employment relationship.
Where does it become a specific legal requirement?
The legal obligation to affirmatively prevent harassment, meaning actual policies, training, and procedures, kicks in most clearly in these situations:
- 15+ employees: Federal Title VII obligations apply
- Any employees in California: State law requires sexual harassment prevention training for all employees, including supervisors and non-supervisors, with specific hour minimums
- Any employees in New York: New York State, all employers, regardless of size, to provide annual sexual harassment prevention training and maintain a written policy. City of Bethlehem
- Illinois, Connecticut, Delaware, Maine, and several other states have similar mandatory training laws that apply to all employers regardless of size.
- Federal contractors: Additional obligations apply regardless of employee count.
The gray area: member-on-member harassment
This is the most practically relevant issue for gyms and the least settled legally. There’s no federal law that directly requires a gym to intervene when one member harasses another. But the liability exposure comes through negligence law; if a gym knows about a pattern of harassment and fails to act, and someone is subsequently harmed, the gym can face civil tort liability even without a specific statutory mandate. Many states’ public accommodation laws are being interpreted more broadly in this direction over time.
Bottom line
For a gym with any employees, some form of legal harassment prevention obligation almost certainly applies; the question is how prescriptive it is, and that depends on your state and employee count. New York and California are the most demanding. For member-on-member situations, there’s no universal federal mandate, but the negligence and public accommodation exposure is real and growing. Having a written harassment policy, a clear complaint procedure, and training for staff is both legally protective and increasingly an industry standard expectation.
Getting your employment structure right reduces one major category of legal exposure, but it does nothing to protect you from the physical risks your facility creates every day. That is where premises liability takes over.
2. Premises liability
A gym is, by its nature, a place where people push their bodies under physical stress, surrounded by heavy equipment, hard floors, and slippery surfaces. That environment creates a level of inherent risk that no waiver fully eliminates, and no insurance policy makes it comfortable to ignore. Premises liability is the area of law that holds property owners and operators responsible for injuries that occur on their premises due to unsafe conditions or inadequate care. For gym owners, it represents one of the most consistent and serious sources of legal exposure, not because gyms are uniquely reckless, but because the volume of daily physical activity means that when safety systems fail, the consequences are immediate and often severe.
Understanding your obligations under premises liability law is not optional. It is a foundational part of operating a gym legally and responsibly. The three areas below represent the most significant pressure points for independent gym owners.
A. Negligence claims from member injuries
To succeed in a negligence claim, an injured member generally needs to establish four things: that you owed them a duty of care, that you breached that duty, that the breach caused their injury, and that they suffered quantifiable harm as a result. As a gym owner, you owe a duty of care to everyone lawfully on your premises. The question courts examine is whether you took reasonable steps to keep the environment safe, and whether your failure to do so was the cause of the injury.
The most common sources of negligence claims in gym settings are wet floors, poorly maintained equipment, and inadequate supervision. Wet floors around pool areas, locker rooms, water fountains, and entrances on rainy days are a persistent risk. Courts have consistently found gym operators liable where a member slipped on a wet surface that staff knew about or should have known about, and no warning sign or remediation was in place. Routine cleaning logs and a policy of prompt hazard response are not just good practice; they are evidence of due care that can make or break your defense.
Equipment maintenance is equally critical. A cable machine with a fraying wire, a treadmill with a faulty emergency stop, or a bench press rack with a cracked upright are all foreseeable dangers that a reasonable gym operator should identify and address. You should maintain a written equipment inspection schedule, document every inspection, and take defective equipment out of service immediately rather than leaving it available while awaiting repair. If a member is injured on equipment you knew was defective, or that a routine inspection would have revealed as defective, liability is difficult to contest.
Inadequate supervision is a subtler but equally significant exposure. Free weight areas, where members lift heavy loads without a spotter, and group fitness classes, where poor technique can go uncorrected in a crowded room, are the two environments most frequently cited in supervision-related claims. The standard is not perfection; it is reasonableness. Was trained staff present? Were safety protocols visible and enforced? Was the space designed to allow adequate monitoring? These are the questions a plaintiff’s attorney will ask, and you should be able to answer all of them affirmatively.
B. AED requirements
Sudden cardiac arrest can affect gym members of any age and any fitness level. It is fast, unpredictable, and almost always fatal without immediate intervention. An Automated External Defibrillator (AED) is a portable device that can analyze heart rhythm and deliver a potentially life-saving electrical shock within minutes of cardiac arrest. The window for effective intervention is narrow; survival rates drop dramatically with every minute that passes before defibrillation.
Recognizing this, a significant number of US states have enacted statutes specifically requiring health clubs and fitness facilities to have AEDs on-site and to maintain staff trained in their use. Pennsylvania, New York, California, Illinois, New Jersey, and Massachusetts are among the states with specific AED mandates for fitness facilities. However, the precise requirements, number of devices, placement, staff training intervals, and inspection obligations vary by state and sometimes by facility size or membership count. Some statutes also require that AED locations be clearly posted and that an emergency response plan be documented and rehearsed.
The legal consequences of non-compliance cut in two directions. First, operating without a legally required AED exposes you to regulatory penalties. Second, and more seriously, if a member suffers cardiac arrest and dies or sustains injury in a facility that was required by law to have an AED and did not, that statutory violation becomes powerful evidence of negligence in any subsequent civil lawsuit. You should verify the AED requirements in your specific state, treat compliance as non-negotiable, and review your obligations whenever state law changes. This is an area where a one-time consultation with a local attorney is a sound investment.
C. Adequate supervision standards
Beyond the general duty to supervise reasonably, some states impose specific standards on instructor-to-participant ratios in certain fitness class formats. These requirements are most common in classes involving significant physical risk, cycling, aquatic fitness, youth programming, and high-intensity group training, which are formats that have attracted regulatory attention in various jurisdictions. Where ratio requirements exist, violating them transforms a general negligence inquiry into a more straightforward case of statutory breach.
Even in states without specific ratio mandates, supervision standards matter enormously in litigation. A class of forty participants being led by a single instructor with no assistant creates a credible argument that meaningful supervision was impossible. Courts will look at industry standards, including guidance from bodies like the American College of Sports Medicine and the National Strength and Conditioning Association, as a benchmark for what “reasonable” supervision looks like, even when no specific regulation exists.
Practical risk reduction in this area means keeping class sizes within defensible limits, ensuring instructors are properly certified for the formats they lead, documenting staff credentials, and training staff to identify and intervene when a participant appears to be in distress. These are steps that simultaneously reduce the likelihood of an injury occurring and strengthen your legal position if one does.
Health, safety & risk management
Safety becomes legally relevant when you can show that you ran predictable and documented controls. A gym that can demonstrate daily hazard checks, incident reporting, and corrective follow-up appears responsible; one that relies on memory and informal habits looks like a risk.
Incident reporting should be consistent and factual, capturing what happened, where it happened, who witnessed it, and what corrective actions were taken. Do not write blame statements; write observable facts. Then track follow-up to closure with dates and names.
Negligence cases often involve failure to maintain equipment or respond to known hazards. In one well-reported outcome, a local gym in Pennsylvania was held liable after a member collapsed and died because the facility lacked an automated external defibrillator (AED), and the court allowed a wrongful death claim despite an existing liability waiver.
Training for staff on emergency recognition and referral guidance, including simple pre-exercise screening, reduces risk and strengthens your legal position.
Equipment & facility standards
Equipment risk is rarely about brand. It’s about inspection discipline, maintenance documentation, and how quickly you take unsafe items out of service.
Maintenance logs should clearly show:
- What was checked,
- What condition it was in,
- What action was taken, and
- When it was returned to service.
If you can’t answer “When was it last inspected?” in hard documents, your legal exposure rises sharply. Courts often look closely at these logs in negligence claims, especially if someone is injured using a machine that had known issues but wasn’t taken offline or repaired.
Facility layout also matters: clear walkways, safe spacing, visible rules, and consistent housekeeping reduce predictable injuries and lower the risk of premises-liability claims.
Emergency preparedness & incident response
Emergencies are where “policy” becomes real. OSHA’s emergency action plan standard (29 CFR 1910.38) lists what readiness looks like, including procedures for reporting emergencies and evacuation.
Your plan should be short enough to use under stress and specific enough to assign roles: who calls 911, who retrieves first-aid supplies, who meets responders, and who documents the event. Training logs often matter as much as the plan itself.
Insurers and investigators evaluate not just the existence of your plans but whether staff know their roles. Documented drills, AED location plans, and first-aid coverage schedules strengthen both safety and legal defenses.
Insurance, liability & member protection
Insurance is where many gyms misunderstand risk exposure, underinsure, or fail to update policies when offerings change.
Expert insight: “Knowing what legal obligations exist before a problem arises is essential. Waiting until a legal issue occurs is too late.” Matthew Becker, Esq. — Fitness & Business Law Attorney
This applies to general liability, professional liability, and employee-related coverage. A waiver may reduce ordinary negligence exposure, but it does not protect against claims of gross negligence, for example, where a gym failed to maintain an AED that a state statute requires or ignored repeated reports of faulty equipment. In such cases, courts have allowed compensation awards despite waivers.
Fitness industry monitoring & ongoing compliance
Your monitoring should focus on areas that change most often: contract language, membership disclosures, cancellation rules, privacy expectations, and employment classifications.
Expert insight: “Reasonable safety means you need to be certain you’ve set up risk-management strategies and created an environment that limits the likelihood of foreseeable accidents.” JoAnn M. Eickhoff-Shemek, PhD, FACSM — Leading Fitness Legal & Risk Management Expert
A repeatable review cycle, monthly hazard trends, quarterly staff certification audits, and annual contract and insurance reviews keep you aligned with evolving law and reduce surprise risk.
Digital membership management tools can support compliance by automating waiver collection and digital form delivery. Wellyx’s gym management platform includes built-in digital forms designed with these obligations in mind. Explore Wellyx’s digital forms.
3. Membership contract law for US gyms
The membership contract is the legal foundation of a gym’s entire business model. It governs the relationship with every paying member, defines what the gym promises to deliver, and determines how, and under what circumstances, either party can exit the arrangement. For gym owners, membership contracts are also one of the most heavily regulated commercial agreements in American consumer law. Most states have dedicated health club statutes that prescribe specific contract terms, cancellation rights, and refund obligations. Noncompliance is not merely a technical problem; many of these statutes carry per-violation penalty structures that can transform a single flawed contract template into thousands of dollars in liability. Understanding the three core areas of membership contract law, cancellation rights, automatic renewal restrictions, and refund obligations during closures, is foundational to operating a legally sound gym in the United States.
A. Mandatory cancellation rights and cooling-off periods
Every state with a health club consumer protection statute requires gyms to provide members with a minimum cooling-off period, a window of time after signing a contract during which the member may cancel without penalty and receive a full refund. In Pennsylvania, New York, Massachusetts, and Virginia, this period is three business days. California gives members five business days. These are not optional policies a gym may choose to offer; they are mandatory statutory rights that must appear in the contract itself, typically in bold type of at least 10 points, in conspicuous proximity to the signature line. A gym that buries, omits, or waters down this notice is not simply being unhelpful; it is violating the law, and those violations carry consequences.
Beyond the cooling-off window, state statutes mandate additional cancellation rights that apply throughout the life of a membership contract. Across virtually all states with health club laws, members have the right to cancel and receive a prorated refund if they relocate more than 25 miles from any facility operated by the gym. Members also have the right to cancel if a physician certifies a disability that prevents them from using the gym’s services for a significant period, typically three to six months, depending on the state. These hardship cancellation rights cannot be contracted away. A gym that attempts to enforce continued payment obligations against a member who has relocated or become disabled, on the basis of contract language limiting cancellation rights, will find that language void and unenforceable under the applicable state statute.
Virginia’s Health Club Act goes further in specifying exactly how the cancellation notice must be formatted and what the contract must say, including that the words ‘BUYER’S RIGHT TO CANCEL’ must appear as a conspicuous caption in the body of every contract. New York has recently amended its Health Club Services Act to require that gyms accept cancellations through any of several methods, including the gym’s website, email, telephone, or mail, closing the longstanding industry practice of requiring in-person cancellation visits that deterred members from exercising their rights. California similarly prohibits gyms from making cancellation materially more burdensome than sign-up. A gym that accepts online membership applications but requires a certified letter or in-person visit to cancel is now operating against both federal and state regulatory trends.
B. Automatic renewal clauses and the FTC’s click-to-cancel rule
Month-to-month memberships that automatically renew unless a member cancels, often called negative option arrangements, are the standard business model of the modern gym. They are also the single most actively regulated feature of gym membership agreements at both the federal and state levels right now.
At the federal level, the FTC finalized its Click-to-Cancel rule in October 2024 as part of its broader Negative Option Rule framework. The rule’s core principle is straightforward: the cancellation process must be no more difficult than the sign-up process. If a member joins online, they must be able to cancel online, through the same channel, with no requirement to call, visit in person, or navigate through mandatory retention sales pitches before reaching a cancellation option. Before any recurring charge begins, gyms must make a clear and conspicuous disclosure of all material terms, including pricing, renewal intervals, and the cancellation process. They must then obtain explicit, affirmative consent to those terms, documented and retained for at least three years. The FTC has made the fitness industry a specific enforcement target. In August 2025, the FTC filed a complaint against Fitness International (the operator of LA Fitness), alleging burdensome cancellation procedures for gym memberships and add-on plans.
The penalty exposure for noncompliance with the FTC rule is substantial. Violations constitute an unfair or deceptive act or practice under Section 5 of the FTC Act, and the FTC may seek civil penalties of up to $51,744 per violation, with each noncompliant membership transaction potentially counting as a separate violation. For a gym with hundreds of members who were enrolled through a non-compliant process, aggregate liability can become significant very quickly. The rule also does not displace state law; where state automatic renewal laws impose stronger requirements, those requirements apply in addition to the federal baseline.
It is worth noting that although the Eighth Circuit vacated a portion of the FTC’s proposed Negative Option Rule in July 2025, the FTC’s enforcement authority under the existing ROSCA statute and the FTC Act remains intact. ROSCA, the Restore Online Shoppers’ Confidence Act, independently requires clear disclosure of all material terms before billing information is collected, express informed consent before charges are applied, and a simple mechanism to stop future recurring charges. A gym enrolling members online is subject to ROSCA regardless of the Negative Option Rule’s litigation status.
State automatic renewal laws (ARLs) layer additional requirements on top of the federal baseline. California, New York, Illinois, and a growing list of other states require affirmative written consent before an automatic renewal provision takes effect, advance notice to members before an annual renewal charge, and, in some states, a requirement that the gym offer a simple online cancellation pathway even for contracts signed in person. State-level enforcement of these provisions is active and growing.
C. Refund obligations for closures and service disruptions
The COVID-19 pandemic exposed a significant gap in many gym membership agreements: what happens when the gym cannot deliver the services the member paid for? State health club laws address this in varying ways. Still, the legal principle is consistent: Members who have prepaid for services they cannot receive are entitled to a remedy, either a refund or an extension of their contract term.
New York’s Health Club Services Act provides that if a facility temporarily closes for 30 days or fewer, members are entitled to an extension of their contract equal to the number of days of closure. For closures exceeding 30 days where the gym cannot offer a comparable facility within ten miles, members are entitled to a prorated refund. Maryland law is similarly structured: if a health club is closed for more than one month through no fault of the member, the member may choose either a contract extension equal to the closure period or a prorated refund, and if the closure was through the fault of the gym operator rather than an external cause, the choice of remedy belongs to the member rather than the gym.
California’s Health Studio Services Contract Law takes a particularly member-protective approach. Members may cancel and receive a prorated refund if the gym eliminates or substantially reduces any facility or service described in the contract, including a swimming pool, group fitness program, or specific equipment type, unless the reduction is genuinely temporary and for reasonable repairs or improvements. A gym that eliminates a service category entirely and argues it was just a temporary change faces an uphill battle against California’s statutory standard. Furthermore, any attempt by a California gym to induce a member to sign through willfully false or misleading advertising entitles the member to cancel and recover three times the resulting damages plus attorney’s fees.
In states without a specific health club statute, closures and service disruptions fall under general Unfair or Deceptive Acts or Practices (UDAP) statutes, which all 50 states and the District of Columbia maintain. UDAP statutes typically prohibit deceptive practices in consumer transactions and frequently provide for enhanced damages, double or treble damages, plus attorney’s fees. A gym that continues billing members’ credit cards during a prolonged closure, without offering refunds or extensions, is a strong UDAP candidate in any state.
The per-violation penalty problem
The feature that elevates membership contract law from a compliance nuisance to a genuine existential risk for gym operators is the per-violation penalty structure embedded in most state health club statutes. These laws were intentionally designed so that a single flawed contract template, used for hundreds or thousands of memberships, creates hundreds or thousands of separate violations, each carrying its own statutory penalty. A gym that opens with a membership agreement that fails to include the required cancellation notice language does not have one problem; it has a problem that multiplies with every membership sold.
The practical implication is clear: the single highest-return legal investment a gym can make before opening is having a qualified attorney review and draft its membership agreement. A custom agreement costs a fraction of what a single enforcement action costs. The contract must be built from the ground up against the specific requirements of the state in which the gym operates, not adapted from a template downloaded from the internet, which will almost certainly be deficient in material respects. Gyms operating across multiple states need agreements tailored to each jurisdiction’s requirements. And as federal and state regulatory activity around automatic renewals and cancellation procedures continues to intensify, gym owners should treat their membership agreements as living documents requiring periodic legal review, not a one-time drafting task.
A compliant membership contract protects the commercial relationship with your members. But before any of that matters, your facility has to be legally entitled to operate in the first place, which is what zoning, licensing, and permitting govern.
4. Zoning, licensing & permitting law for US gyms
Before a gym opens its doors and after it begins operating, it exists within a web of local regulatory obligations that are entirely distinct from the state-level and federal legal frameworks governing employment, contracts, and consumer protection. Zoning, licensing, and permitting are hyperlocal in nature; the rules that govern a gym in Austin differ from those in Chicago, and the rules in Chicago’s River North neighborhood differ from those in its suburban fringe. But the categories of obligation are consistent across jurisdictions, and failing to meet them can result in consequences ranging from fines and forced closures to ongoing operational restrictions that outlast the original violation. For a gym operator, these four areas, certificate of occupancy, zoning compliance, business licensing, and music licensing, form the operational bedrock of a legally sound business.
A. Certificate of occupancy
A Certificate of Occupancy (CO) is the local government’s formal confirmation that a building or space is safe and legally approved for a specific type of use. No gym should open to the public or allow members inside without one. Operating without a valid CO is not merely a technical violation; it exposes the gym owner to personal liability for any injury that occurs in a space that was never certified as safe for occupancy.
For gyms, the CO process is more demanding than it is for most retail or office tenants. Under the International Building Code (IBC), which most states have adopted as their foundation, fitness centers with occupant loads of 50 or more people are classified as Group A-3 (Assembly) occupancies, a higher-risk category than standard business (Group B) use. Assembly classification triggers stricter requirements for emergency egress, occupant load calculations, restroom fixture counts, and, in many cases, fire sprinkler systems. A 5,000-square-foot gym and a 5,000-square-foot office space in the same building will face materially different CO requirements.
The practical implication for gym operators is that the CO process almost always requires the involvement of a licensed architect or structural engineer to produce sealed drawings of the interior layout, aisle widths, restroom locations, equipment placement, and emergency exit paths, before a permit application can even be submitted. In cities like New York, an additional fire inspection sign-off is required before a CO will be issued. In states that have adopted amended versions of the IBC, California, Florida, and New York maintain their own building codes layered on top of the federal baseline; the specific requirements vary further. Gyms taking over a space that was previously a different use category (retail, office, or restaurant) should budget for the longest possible CO timeline: in complex jurisdictions, the process from application to issuance can take months.
B. Zoning compliance: noise, traffic, and operating hours
Obtaining a CO confirms that the space can be used as a gym. Zoning compliance is a separate and ongoing question: whether the way the gym actually operates conforms to the land-use rules for that location. Gyms are frequent zoning enforcement targets for three reasons: loud music, high volumes of foot and vehicle traffic, and operating hours that extend into early mornings or late nights. Each of these operational characteristics can bring a gym into conflict with the zoning rules of its jurisdiction, particularly when the gym is located in or adjacent to a mixed-use or residential zone.
Noise is the most common trigger. Municipal noise ordinances typically set decibel thresholds that vary by time of day and zone classification, with stricter limits between the hours of roughly 10 p.m. and 7 a.m. A gym that opens at 5 a.m. with bass-heavy music audible from the parking lot is generating noise at a time when the most restrictive ordinance limits apply. Portland, Oregon, enforces one of the stricter municipal noise codes in the country, with fines that can reach $5,000 per infraction and the authority to issue multiple citations per day. NYC gyms operating in mixed-use buildings face additional noise attenuation requirements; high-impact facilities must be fully enclosed and designed to meet the city’s noise code before a CO will issue. Even in more permissive jurisdictions, a sustained pattern of neighbor complaints about noise will eventually produce an enforcement response: a Notice of Violation, a compliance timeline, and, if ignored, civil penalties or injunctive relief that can include compelled operating hour restrictions.
Parking and traffic generation are the second major zoning friction point. Zoning codes typically require a minimum number of off-street parking spaces per 1,000 square feet of fitness facility use, often more spaces per square foot than are required for office use, because peak gym hours concentrate a large number of vehicles in a short window. A gym that underestimates its parking requirement during the zoning review process, or that attracts significantly more members than originally projected, may find itself out of compliance with its approved site plan. Complaints from neighboring property owners about parking overflow are taken seriously by zoning enforcement offices and can generate formal reviews of whether the gym’s original approval remains valid.
The practical takeaway for gym operators is that zoning compliance does not end at opening. It is an ongoing operational obligation. A gym that stays within its approved parameters, managing its music volume, maintaining adequate parking, and operating within approved hours, will rarely face zoning enforcement. A gym that consistently pushes against those parameters through neighbor-generated complaints will eventually attract formal scrutiny, and the remediation process is considerably more expensive and disruptive than prevention.
C. Business licenses, mercantile licenses, and health club registrations
A Certificate of Occupancy is not the same thing as a business license, and both are required. Most cities and counties require a general business license, often called a mercantile license or business privilege license, that must be obtained before commercial operations begin and renewed annually. These licenses are typically administered by the local revenue or finance department, not the building department. They operate on a separate application track from the CO. Bethlehem, Pennsylvania, for example, requires both a commercial CO from the Code Enforcement office and a separate mercantile license from the city, with independent fees and renewal obligations for each.
On top of local business licensing, most states with health club consumer protection statutes require gyms to register with a state agency, often the Attorney General’s Bureau of Consumer Protection, before selling memberships or health club services. In Pennsylvania, registration is required at least 30 days before the gym opens or begins advertising. In California, gyms must register under the Health Studio Services Contract Law. New York, Massachusetts, Virginia, and Maryland have equivalent state-level registration requirements. These registrations are distinct from both local business licenses and the CO, and they carry separate renewal obligations and compliance conditions, including, in many states, the posting of a surety bond. A gym that opens without completing its state health club registration is technically operating illegally in most of these jurisdictions from the first day it accepts a membership payment.
Specialty activities that a gym offers may trigger additional licensing. If the gym operates a pool, state health department permits covering pool chemistry, safety equipment, and lifeguard certification requirements apply. Childcare spaces require childcare facility licensing from the state. Tanning beds are regulated at the state level in most jurisdictions and require separate permits. The more service lines a gym adds, the more licensing lines it must track, and since each comes with independent renewal deadlines, letting any one of them lapse can mean operating out of compliance even if everything else is in order.
Licensing is primarily state and local, and the U.S. Small Business Administration notes that requirements vary by location and business activity. This is why a “universal gym license checklist” rarely works without local verification. Of course, this can be very frustrating as one of our clients, Thamar Hewison, discovered trying to obtain a “Certificate of Occupancy” document.
An example: the certificate of occupancy in Bethlehem, Pennsylvania
Bethlehem’s city’s Commercial Certificate of Occupancy application requires you to submit site drawings (stamped surveyor drawing showing property lines and parking), plus a signed/sealed interior layout drawing showing aisle widths, restroom locations, and the arrangement of your equipment.
Thamar had all the necessary drawings and schemes drawn up, but the City of Bethlehem was taking its time to send an inspector. The result was that the gym couldn’t open till they had done so. This was costing time and money, and in truth, there wasn’t much Thamar could do about it. As she says, “We’ve done everything we can do, we are now just waiting for them.”
Why are gyms more complex?
Gyms aren’t treated as simple retail or office space; they trigger stricter building code scrutiny. Under Pennsylvania code, buildings used for recreation and sports are classified as Group A (Assembly) occupancies, Pennsylvania Code and Bulletin, which carries more demanding requirements than a standard business/office classification. This affects egress, fire suppression, occupant “load” calculations, and structural requirements.
The federal baseline: what’s consistent everywhere
No matter what state you’re in, a Certificate of Occupancy confirms that your gym space meets building codes and zoning laws and is approved for business use. The City of Bethlehem and most states have adopted the International Building Code (IBC) as their foundation, which classifies gyms as Group A-3 (Assembly) occupancies, triggering higher standards for exits, fire suppression, and occupant load than a plain office or retail space. That part is fairly universal.
What diverges significantly is everything built on top of that foundation.
Building code adoption & amendments
States adopt the IBC, but often on different cycles and with local amendments. Florida, for instance, publishes its own Florida Building Code, which has specific gymnasium occupant load formulas that account for bleacher seats, main court area at 15 sq. ft. per person, and locker rooms at 5 sq. ft. per person. California, Texas, and New York all maintain their own amended versions of the base codes. This means the same 5,000 sq. ft. gym can have meaningfully different egress, plumbing fixture, and sprinkler requirements depending on which state you’re in.
The occupancy classification gray zone
One of the biggest practical variables is how local code officials classify a fitness center. Under IBC, tenant spaces with an occupant load of fewer than 50 people can be classified as Group B (Business) rather than A-3 (Assembly), and this dramatically changes plumbing fixture counts, egress requirements, and fire safety obligations. Business Licenses. Whether a boutique yoga studio or small CrossFit box gets classified as A-3 or B can come down to the individual code official’s interpretation. That judgment call varies city to city and state to state.
New York City: The most complex case
NYC has historically been the hardest jurisdiction for gyms, full stop. Until 2021, gyms in NYC were classified as “Physical Culture Establishments” (PCEs), a legacy category dating to 1961, and required a special permit from the Board of Standards and Appeals that could take more than six months to obtain and cost up to $50,000. That’s on top of the standard CO process. The 2021 health and fitness text amendment eliminated the special permit requirement and dropped the BSA approval process from eCode360, making NYC considerably more approachable for gym operators. However, it remains more complex than most cities. High-impact facilities like gyms with free weights and indoor cycling now face additional noise attenuation requirements. They must be completely enclosed and designed to meet all NYC noise code regulations before CO issuance.
California
Local Building & Safety departments issue California’s Certificate of Occupancy(CO) process, and the timeframe can range from a few days to several weeks, depending on the project’s complexity and the local jurisdiction’s efficiency. Redheadagent Beyond the standard CO, California also requires gyms to register under its Health Studio Act (separate from the CO), which is California’s equivalent of Pennsylvania’s Health Club Act. In California, a Health Studio Registration costs approximately $100 annually City of Bethlehem, compared to the relatively light City of Bethlehem bonding requirements. However, California’s building code (Title 24) adds its own wrinkle: some municipalities layer on additional seismic and energy code requirements that can affect gym build-outs, particularly around HVAC (which matters a lot for a space with high-intensity exercise).
Texas
Texas is generally more permissive. There’s no state-level health club registration law equivalent to Pennsylvania’s or California’s. The CO process is handled entirely at the local level; what Dallas requires differs from what Austin or Houston requires. Texas also has no state building code for commercial buildings; you have to research your specific city or county’s requirements directly City of Bethlehem, and smaller Texas municipalities may have minimal oversight compared to major metros.
Pools, showers, and specialty spaces
One area where variation bites gym operators unexpectedly: some state and local governments have specific permitting requirements for pools, and some locations even have different licensing requirements for businesses with showers versus those without shower facilities. Adding a pool in Florida triggers state health department licensing on top of local CO requirements. In some jurisdictions, locker rooms with showers are treated similarly to a health spa or bathhouse, pulling in a separate inspection track entirely.
The practical takeaway
The IBC gives a common framework, but the real variation comes from: (1) which edition of the code a state has adopted, (2) local amendments layered on top, (3) how individual code officials classify your specific gym type, and (4) whether your state has a separate health club registration law like Pennsylvania’s. A small boutique gym in a suburban Texas town and the same concept in Manhattan are operating in genuinely different regulatory universes, with the same federal baseline, radically different local implementation.
Was it already a gym?
It gets harder if you’re doing a significant build-out (adding locker rooms, showers, a pool, or a childcare area, each of which triggers additional inspections). Some state and local governments have specific permitting requirements for pools, and some locations have different licensing requirements for businesses with shower facilities.
It’s easier if you’re moving into a space that was already a gym or assembly-use space; the CO process is much smoother when the occupancy classification doesn’t need to change. You’ll probably need a licensed architect or engineer to produce the required sealed drawings. If you’re fitting out a raw or retail space, you may need building permits for the construction work before you can even apply for the CO. Plan for 4–8 weeks minimum if everything goes smoothly, longer if there are zoning issues or plan revisions.
Local permits and licences confirm that your gym can open. ADA compliance determines whether everyone can use it, and unlike most of the frameworks above, it applies regardless of your size, location, or how long you have been operating.
5. The Americans with disability act, compliance for US gyms
The Americans with Disabilities Act applies to gyms of every size. Unlike employment law thresholds that kick in at 15 employees, or state health club registration requirements that vary by state, the ADA’s Title III public accommodation obligations apply to a gym with two members as readily as one with twenty thousand. The law’s core principle is straightforward: Individuals with disabilities must have equal access to the goods, services, and facilities that a gym provides, but its practical requirements are detailed, evolving, and increasingly enforced. For gym operators, ADA compliance has three distinct dimensions: the physical facility, the equipment inside it, and the digital infrastructure through which members interact with the gym online.
A. Physical accessibility: parking, entrances, locker rooms, and equipment spacing
Physical accessibility requirements are the most established and concrete dimension of ADA compliance for gyms. They are also the area where violations are most visible and most commonly the subject of complaints. The ADA’s 2010 Standards for Accessible Design, which govern newly constructed and substantially altered facilities, set specific dimensional and design requirements that affect virtually every area of a gym’s physical plant.
Parking lots must include a minimum number of accessible spaces scaled to lot size, one in every 25 spaces, with at least one van-accessible space, with required access aisles, surface gradients, and signage. The accessible route from the parking area to the gym entrance must be continuous, stable, and slope-compliant. Entrance doors must be accessible; if the gym uses a key fob, card reader, or turnstile entry system, an accessible alternative must be provided for members with mobility impairments who cannot use the standard entry mechanism.
Inside the facility, accessible routes must connect all areas of the gym that are open to members, including fitness floors, group exercise rooms, locker rooms, and any food or retail areas. Locker rooms carry particularly specific requirements: accessible routes to lockers, a minimum number of accessible lockers at compliant heights, and, where showers are provided, at least one roll-in accessible shower stall with a fold-down bench, compliant grab bars, and a handheld showerhead on a sliding bar. Accessible restroom requirements, stall dimensions, grab bar placement, sink heights, and mirror position are similarly precise.
Equipment spacing on the fitness floor is the physical accessibility requirement most frequently violated in practice, and one of the most commonly cited in complaints. The ADA requires that exercise equipment have an accessible route, defined as a clear floor space of at least 30 inches wide by 48 inches long, adjacent to each piece of equipment, positioned so that a person using a wheelchair could transfer to the equipment. A gym that packs its treadmill row or free weight area so tightly that wheelchair users cannot navigate between machines is in violation, regardless of how compliant the rest of the facility is. This requirement has direct implications for gym layout planning: equipment density that maximizes floor space utilization may simultaneously create ADA violations that require costly reconfiguration.
B. Equipment accessibility obligations: an evolving area
Beyond equipment spacing, the question of what accessible fitness equipment means in practice is one of the more actively developing areas of ADA compliance for gyms. The US Access Board, the federal agency that develops ADA accessibility guidelines, has issued guidance on fitness facility accessibility that addresses both the route to equipment and the design of equipment itself. Still, the standards for adaptive and accessible equipment continue to evolve as technology and advocacy advance.
The ADA does not currently require gyms to purchase specific adaptive equipment. What it does require is that gyms make reasonable modifications to their policies, practices, and procedures to accommodate members with disabilities. In practice, this has been interpreted to mean that a gym must engage in an individualized interactive process when a member with a disability requests an accommodation, evaluating what modifications are feasible and what auxiliary aids or services might be provided. A gym that categorically refuses to allow a member with a disability to use the facility, or that applies a blanket policy excluding members with certain conditions without an individualized assessment, is likely violating the ADA.
In 2016, the New York Attorney General’s office took action against LA Fitness over a policy that discriminated against members with disabilities, an early signal that gym-specific ADA enforcement was intensifying at the state level as well as federally. The broader trend since then has been toward more, not less, scrutiny of how gyms handle accommodation requests. Staff training on how to respond to accommodation requests, and how not to respond, has become a genuine legal risk management priority rather than a nice-to-have.
C. DOJ enforcement, complaint trends, and website accessibility
ADA enforcement against gyms has intensified materially in recent years, with actions at both the federal and state levels making clear that the fitness industry is an active enforcement target. The most prominent recent example is the DOJ’s October 2024 lawsuit against Fitness International LLC, the operator of LA Fitness, alleging ADA violations at its gym and fitness club locations, including failures to accommodate disabled members and discriminatory fees and access denials. As of early 2026, the case remains in active litigation following a motion to dismiss filed by LA Fitness in December 2024. The DOJ’s willingness to pursue a major national gym chain through federal court signals clearly that the agency views the fitness industry as a priority enforcement area, and that smaller operators should not assume their size provides insulation.
Individuals who experience ADA violations at a gym can file complaints directly with the DOJ, which has the authority to investigate, negotiate settlement agreements with mandatory compliance timelines and reporting obligations, and bring civil suits. First-time civil penalties for ADA violations can reach $75,000, with subsequent violations reaching $150,000. Beyond federal enforcement, state civil rights laws in New York, California, and several other states provide private rights of action for disability discrimination in places of public accommodation, with statutory damages provisions that in some states allow recovery without proving actual damages. This means that a gym can face litigation from individual members with disabilities independently of any DOJ involvement.
The digital accessibility dimension of ADA compliance, specifically website and app accessibility under the Web Content Accessibility Guidelines (WCAG), is the fastest-growing area of ADA litigation for businesses generally, and gyms are directly in the exposure zone. In mid-2024, the DOJ released updated technical guidance clarifying that websites tied to physical places of public accommodation must meet WCAG 2.1 Level AA standards. For a gym, this means its website, member portal, online class booking system, and mobile app must be accessible to users who are blind, have low vision, are deaf, or have motor impairments that prevent standard mouse-based navigation.
The scale of digital accessibility litigation is significant and growing rapidly. Over 4,000 ADA website lawsuits were filed in 2024, with projections of nearly 5,000 for 2025, a 20% year-over-year increase. The fitness and sports accessories sector specifically accounted for between 1.8% and 5.2% of filings in the first half of 2025. A gym with an inaccessible online booking system is not a theoretical target; it is a real one, and the litigation pattern is driven in part by serial plaintiffs who scan fitness business websites systematically for WCAG violations.
Common WCAG violations that generate lawsuits include: images without descriptive alt text (which prevents screen readers from conveying the image’s content to blind users), insufficient color contrast ratios between text and backgrounds, form fields and booking interfaces that cannot be navigated by keyboard alone, video content without captions, and PDF documents such as membership forms that have not been tagged for accessibility. A gym that allows members to book classes, purchase memberships, or manage their accounts through its website and has not audited that site against WCAG 2.1 Level AA criteria has unknown legal exposure that could be resolved for a few thousand dollars in remediation, or could generate a lawsuit settlement in the same range.
One widely promoted but legally dangerous shortcut deserves specific correction: accessibility overlay widgets. These JavaScript plugins claim to make any website ADA-compliant by adding a floating toolbar of display adjustments. In 2025, the FTC reached a $1 million settlement with a major overlay provider for misleading businesses about what its widget actually accomplished. Courts and plaintiffs’ attorneys have become specifically attuned to overlay-reliant sites; in 2024, 25% of all ADA website lawsuits explicitly cited accessibility overlays as barriers rather than solutions. A gym that installs an overlay and considers the matter resolved has not reduced its legal exposure; it may have increased it.
Conclusion
ADA compliance for a gym is a three-front obligation: the physical facility must meet dimensional and design standards from parking through locker rooms; equipment must be reachable, and the gym must have a functioning process for handling accommodation requests; and the gym’s digital presence must be genuinely navigable by users with disabilities, not cosmetically patched. Each front carries real enforcement risk, and the DOJ’s October 2024 action against LA Fitness makes clear that being a large, well-resourced company does not reduce that risk; it may increase scrutiny. The practical approach for a new gym is to commission an ADA accessibility audit of the physical space before opening, brief staff on accommodation request procedures, and have the website evaluated against WCAG 2.1 Level AA standards by a qualified accessibility professional before the site goes live.
With physical accessibility addressed, the next legal layer shifts from who can enter your gym to what you can legally call it, brand it, and play inside it, which is the domain of intellectual property law.
6. Intellectual property law for US gyms
Two types of intellectual property law concern us here, often abbreviated as IP law. The first is trademark law, which governs whether a gym can use the name of a branded fitness program without authorization. The second is copyright law, so, for example, what happens when a gym posts workout videos online with copyrighted music in the background, or copy pastes a picture from the internet without permission.
A. Building from scratch
If, like a number of Wellyx gym management software users, you’re creating a whole new gym brand from scratch, there’s an extra dimension to think of. Your brand new brand. You want to create something that others can’t infringe on and also something that doesn’t infringe on the copyright of others.
At some point, you will have to sit down and think about naming.
You have to create a name that is unique and will stand you in good stead long into the future when the world and its tastes have shifted. So you don’t want it to date fast. To add to the challenge, you have to find a name that suggests gym, fitness and health, yet at the same time distinguishes you from all the other gym, fitness and health offerings out there.
That tension between the familiar yet individual makes the task deceptively difficult.
Naming a gym so that you own protectable intellectual property, not just a business name is a step worth taking deliberately. IP specialists recommend treating due diligence as the first step: before committing to a name, check whether existing trademark registrations cover anything sufficiently similar to yours, including in relevant international classes. The cost of a proper clearance search is small relative to the cost of rebranding after a cease-and-desist letter arrives. If buying in a name or brand from a supplier, ensure suitable indemnities are in place.
Infringing someone else’s IP, even inadvertently, can mean changing your brand, taking down marketing portals, surrendering merchandise, and paying significant legal fees. It is considerably wiser to invest in a clearance search upfront than to absorb those costs later.
Expert Insight: “You want your customers working out in your gym, not your lawyers working you over in court.” Tom Hope — Co-Founder, Appella.net | IP & Brand Naming Specialist
The other important thing to remember is that it’s not just the name, but all of the brand property that comes into question. The logo, the iconography, the arrangement of your equipment, and even how you mandate greeting members as they walk into the gym. While none of these individually may be ownable, together they form a package which might be ownable. And one that a major player that’s selling this package to its franchisees will want to defend.
Conversely, an ownable package may be something you can franchise if your gym grows beyond the boutique.
So if you want to create something you can charge people for using, it has to be a strong, coherent package that integrates every part of the user experience.
When working through name options, generate a long list first, candidates will naturally reduce to a shortlist through clearance checks and testing. Avoid committing emotionally to any single name until it has passed trademark clearance and stakeholder review.
B. Branded fitness programs: trademark exposure from crossfit, Zumba, and others
Fitness methodology often now comes as a brand. For example, CrossFit is the most aggressively enforced fitness trademark in the United States. CrossFit LLC holds a federally registered trademark that the International Trademark Association has deemed ‘famous’, a designation that affords the mark elevated legal protection against dilution as well as standard infringement. A gym wishing to operate as a CrossFit affiliate must complete a certification course and pay an annual licensing fee of $3,000. CrossFit LLC maintains a dedicated IP enforcement program and relies partly on a community reporting mechanism through which affiliated gyms and members can flag unauthorized use of the mark. Cease-and-desist letters are the first step; if compliance is not obtained, CrossFit LLC files suit. In one federal case, CrossFit LLC v. Chelmsford Sports Club, the company pursued a Massachusetts gym for offering what it advertised as ‘CrossFit style training’, asserting that even the association of the word with a competitor’s programming constituted trademark infringement. The scope of what CrossFit considers protectable extends to website content, social media handles, hashtags, signage, t-shirts, and any other commercial context in which the name appears.
Zumba is similarly trademark-protected, with licensing and certification requirements administered through Zumba Fitness LLC. Teaching Zumba classes requires instructor certification; operating a gym that hosts Zumba classes without certified instructors, or using the Zumba name in marketing without authorization, is trademark infringement. The practical question for gym operators is whether they can describe a Latin-inspired dance fitness class in their schedule without using the word ‘Zumba.’ The answer is yes, describing the class by its format and energy is permissible; using the trademarked name as a shorthand for the format is not.
The Pilates story is instructive about how these situations can evolve. Pilates Inc. pursued an aggressive trademark enforcement strategy in the 1990s analogous to CrossFit’s current approach, sending hundreds of cease-and-desist letters to studios using the name without licensing it. In 2000, the US District Court for the Southern District of New York invalidated the Pilates trademark, ruling that the word had become generic, the common name for a method of exercise rather than an identifier of a particular commercial source. As a result, any gym can use the word ‘Pilates’ freely today. CrossFit faces the same genericide risk. Whether it will ultimately prevail in maintaining trademark validity as the training methodology becomes ubiquitous is an open legal question. Still, until a court rules otherwise, CrossFit remains a protected mark that requires either affiliation or avoidance.
The practical guidance for gym operators is clear: before using any branded fitness program name in class schedules, marketing materials, social media profiles, signage, or merchandise, confirm whether the name is trademarked and whether the gym holds the appropriate license or certification. This is not a complicated due diligence step; a USPTO trademark search and a visit to the program owner’s website will establish the answer in minutes. The cost of getting it wrong, including injunctive relief, disgorgement of profits, and attorneys’ fees in cases of willful infringement, far exceeds the cost of any licensing fee.
So what if you want to set up your brand for expanding as a franchise in the future?
C. Music for the gym floor, the fitness class and the social media post
Music licensing meets the gym in different and subtle ways. There’s music that’s playing in the gym and also the music that’s used online as the track for social media content, which is the staple of a lot of Instagram and TikTok output.
Gyms face a specific complication that most other businesses do not: the distinction between background music and synchronized fitness use.
Standard commercial background music licenses, including those provided by services like SiriusXM for Business, Pandora for Business, and similar platforms, explicitly exclude music used in conjunction with physical activity where movement is dependent on the music. This means that a background music service license that covers the gym floor and locker room does not cover a cycling class, a HIIT class, or a yoga session where the instructor’s programming is synchronized to the music. Group fitness use requires a separate, higher-tier license directly from each PRO. A gym that believes its background music service covers its group fitness classes is almost certainly wrong, and that misunderstanding is precisely the kind of compliance gap PROs audit for
Under US copyright law, publicly performing a copyrighted musical work, which includes playing recorded music through speakers in a commercial space, without authorization from the rights holder, constitutes copyright infringement.
And of course, having the right to play Spotify through your headphones does not constitute a license to use your iPhone to drive the gym’s main sound system.
For gym operators, authorization comes through blanket licenses issued by Performing Rights Organizations (PROs): ASCAP, BMI, SESAC, and GMR. Each PRO represents a different catalog of composers and publishers. Because each songwriter may affiliate with only one PRO, no single license covers all music; a gym needs licenses from all relevant PROs to be fully covered.
ASCAP and BMI are the two largest PROs and together cover the vast majority of commercially popular music. Both operate under federal consent decrees that require them to offer blanket licenses to any business that requests one, at regulated rates. For fitness centers, license fees are calculated based on venue size, number of speakers, and, in BMI’s case, the number of members. As a rough benchmark, an indoor recreation facility can expect to pay in the range of $660 per year to BMI for background music, with ASCAP fees structured around speaker count, approximately $230 for up to three speakers, with per-speaker additions beyond that. SESAC and GMR are smaller, for-profit PROs not bound by consent decrees; their fees and terms are negotiated directly and tend to be less predictable.
The enforcement consequences of operating without proper music licenses are severe. Statutory damages for copyright infringement range from $750 to $30,000 per song for non-willful infringement, and up to $150,000 per song for willful infringement, with the infringer also potentially liable for the PRO’s attorney’s fees.
Another major intellectual property exposure area for gyms arises from social media content, specifically, workout videos posted to Instagram, TikTok, Facebook, YouTube, or any other platform that include copyrighted music in the audio track. This is a distinct legal issue from in-gym music licensing, and the two are not interchangeable. A gym that holds valid ASCAP, BMI, and SESAC performance licenses for its physical space has not obtained any rights to use that music in video content posted online. The license that covers playing music in a room does not cover synchronizing that music to a video and distributing it on the internet.
Online video use of music requires what is called a synchronization license, a separate right that covers the combination of music with visual images in a fixed audiovisual work. Sync licenses must be obtained from the music publisher (for the underlying musical composition) and separately from the record label (for the specific sound recording). Both rights are required; obtaining only one is still an infringement. Neither right is included in PRO performance licenses, platform-level music licenses, or standard business music services. For popular commercial music, these licenses are typically not available to small businesses on reasonable terms; the major labels and publishers negotiate sync licenses for advertising campaigns and film productions, not for individual gym Instagram posts. The practical implication is that gyms wanting to use popular music in their social media content often cannot obtain the necessary rights at any realistic price.
The enforcement consequences are severe and well-documented in the fitness industry. In 2021, Sony Music Entertainment filed a federal copyright lawsuit against Gymshark, the UK-based fitness apparel company, alleging infringement of hundreds of sound recordings used in social media video advertisements posted to Instagram, TikTok, and Facebook. Sony sought damages of up to $150,000 per infringed recording, the statutory maximum under the Copyright Act for willful infringement. The suit named both videos created directly by Gymshark and videos created by social media influencers with whom Gymshark had commercial relationships, establishing that a gym can face contributory and vicarious copyright liability for infringing content created by its sponsored athletes or affiliated trainers, not just content it posts itself.
The scale of this exposure for small gyms is not theoretical. Music publishers have systematically expanded copyright enforcement against small business social media operations, and the statutory damages structure makes even modest gyms attractive targets. A gym that has posted 50 Instagram Reels over the course of a year, each featuring a different copyrighted song, faces potential statutory damages ranging from $37,500 (at $750 per work) to $1.5 million (at $30,000 per work for non-willful infringement), numbers that can exceed annual revenue for a single-location gym. A demand letter citing ten infringements and offering settlement for $15,000 is painful but cheaper than litigation, which is precisely the economics that drives this enforcement model.
Platform-level content management systems, YouTube’s Content ID, and Instagram’s Rights Manager do not protect gyms from liability; they protect the platforms. When a platform removes or mutes a video in response to a copyright claim, it is complying with its own DMCA safe harbor obligations. The copyright owner retains the right to pursue the gym directly for damages even after the content has been taken down. Removal does not cure the infringement; it simply stops the ongoing distribution.
Compliant approaches for gym social media content include: using royalty-free or Creative Commons licensed music from libraries such as Epidemic Sound, Artlist, or Musicbed, which provide synchronization rights as part of their subscription fees; using platform-native music tools on Instagram and TikTok that include limited sync licensing for content posted within those platforms (noting that this license does not extend to content reposted outside the originating platform); or creating content without music. Gyms should also audit their existing social media archives for infringing content and remove it proactively; past posts continue to generate infringement exposure for as long as they remain accessible.
D. Picture licensing
A gym owner or their social media manager searches Google Images for a striking photo of a muscular athlete, downloads it, and posts it to Instagram or their website without checking licensing terms. In practice, for small businesses like independent gyms, settlements tend to land in these rough ranges:
- Minor cases (one or two images, quick resolution): $500 – $3,000
- Moderate cases (multiple images, some back and forth): $3,000 – $15,000
- Contested cases with legal fees: $15,000 – $50,000+
Professional photographers and image licensing agencies, most notably Getty Images and Shutterstock, employ automated web-crawling software that scans the internet for unauthorized use of their catalogs. When a match is found, the business receives a formal demand letter, often claiming damages significantly higher than the original licensing fee would have been. These letters are legally grounded in the Digital Millennium Copyright Act (DMCA) and the Copyright Act, which allows rights holders to claim statutory damages of between $750 and $30,000 per image, rising to $150,000 per image if wilful infringement is proven.
Getty Images, in particular, has pursued thousands of small businesses across industries, and gyms are frequently targeted, given how image-driven their marketing tends to be. Beyond the agencies, individual fitness photographers and athletes have also pursued gyms directly, particularly where a photo of a specific person was used without a model release or licensing agreement, raising both copyright and personality rights issues.
The practical lesson the industry has learned the hard way is that “found on Google” is not a license. Safe alternatives include platforms like Unsplash or Pexels for free licensed images, proper subscriptions to stock libraries, or commissioning original photography, which also has the branding advantage of being authentic to the actual gym.
Music, names, and branded programmes involve the data you use publicly. Data privacy law governs the member information you collect privately, and in recent years it has moved from a background concern to a front-line compliance obligation.
7. Data privacy law for US gyms
A modern gym collects a remarkable volume of personal data: names, addresses, payment information, emergency contacts, health questionnaires, body composition metrics, check-in timestamps, class booking histories, and, if it uses biometric access control, fingerprints or facial geometry scans. For most of the fitness industry’s history, this data was collected, stored, and used with minimal legal scrutiny. That era is over. Data privacy law has become one of the fastest-moving areas of legal compliance in the United States, and gyms sit at the intersection of three distinct regulatory frameworks: biometric privacy statutes, state consumer data privacy laws, and federal health data protections. Understanding where each applies, and where they overlap, is no longer optional for a gym operator.
A. Biometric data: Illinois BIPA and the growing state patchwork
Illinois’ Biometric Information Privacy Act (BIPA), enacted in 2008, is the most consequential data privacy law for gyms that use fingerprint or retinal scanners for member check-in. It is the sharpest legal instrument in the data privacy toolkit, combining a broad definition of covered data, strict procedural requirements, a private right of action, and statutory damages that have produced some of the largest class action settlements in US consumer privacy history.
BIPA defines biometric identifiers to include fingerprints, retina and iris scans, voiceprints, and scans of hand or face geometry. Before collecting any such data, a business must: inform the individual in writing that biometric data is being collected and the purpose for which it will be used; specify the length of time it will be retained; obtain a written release from the individual; publish a publicly available written policy establishing a data retention schedule and guidelines for destruction of biometric data. These are not aspirational best practices; they are mandatory prerequisites. A gym that installs a fingerprint check-in system and begins collecting member fingerprints without completing each of these steps before the first scan is in violation of BIPA from day one.
The private right of action is what makes BIPA uniquely dangerous. Any person aggrieved by a BIPA violation, and courts have held that a purely technical violation, with no actual harm or misuse of data, is sufficient, may sue in state or federal court and recover statutory damages of $1,000 per negligent violation or $5,000 per reckless or intentional violation. These damages are available per class member, making BIPA the primary engine of consumer privacy class action litigation in the country. In 2025 alone, over 107 new BIPA class actions were filed in Illinois. Settlements in this space have reached nine figures: Meta settled Instagram BIPA claims for $68.5 million, BNSF Railway settled fingerprint access claims for $75 million, and Speedway settled for $12.1 million.
An important 2024 amendment to BIPA recalibrated the per-scan damages structure that previously threatened astronomical aggregate liability. Under the amendment, signed into law in August 2024, repeated collection of the same biometric data from the same person using the same method counts as a single violation, rather than a separate violation per scan. This limits the maximum exposure per member to $5,000 per BIPA provision violated, rather than $5,000 for every gym visit that involves a fingerprint scan. The amendment substantially reduces the catastrophic damage scenarios that characterized pre-2024 BIPA litigation, but class actions across hundreds or thousands of members remain financially devastating for small gym operators.
BIPA applies only in Illinois, but other states are following. Washington’s My Health My Data Act includes biometric protections with a private right of action, the second state after Illinois to do so, and is expected to generate its own wave of class action litigation. Texas and Washington state have biometric privacy laws without private rights of action, relying on state AG enforcement instead. Any gym operating a fingerprint or facial recognition check-in system in any of these states must treat biometric compliance as a live legal obligation, not a theoretical future risk.
B. State consumer data privacy laws: CCPA and the multi-state patchwork
California’s Consumer Privacy Act (CCPA), as significantly amended by the California Privacy Rights Act (CPRA) effective January 2023, is the most comprehensive state consumer data privacy law in the country and the model against which others are measured. For gyms with California members or California employees, it establishes a framework of consumer rights and business obligations that goes well beyond anything in federal law.
The CCPA applies to for-profit businesses that do business in California and meet at least one of three thresholds: annual gross revenue exceeding $26.625 million (as adjusted effective January 2025); buying, selling, or sharing the personal information of 100,000 or more California consumers or households annually; or deriving 50% or more of annual revenue from selling or sharing personal data. Most single-location gyms will not meet these thresholds, but multi-location chains and franchisees may, and any gym collecting personal data from California residents through a website or app should evaluate its position. Critically, a business need not be located in California to be subject to the CCPA; it is sufficient to conduct online transactions with California residents.
For gyms subject to the CCPA, the law grants members a suite of rights: the right to know what personal information has been collected and how it is used; the right to delete that information; the right to correct inaccurate information; the right to opt out of the sale or sharing of their data; and the right to limit the use of sensitive personal information, a category that explicitly includes biometric data, precise geolocation, and health information. The gym must publish a comprehensive privacy policy disclosing its data practices, provide at least two methods through which consumers can submit requests to know, delete, or correct their data, and respond to those requests within 45 calendar days. New CPPA regulations that took effect January 1, 2026, expand these requirements further, including rules on automated decision-making technology that may affect gyms using algorithmic systems to personalize member experiences.
Virginia, Colorado, Connecticut, Texas, Florida, and more than a dozen other states have enacted general consumer data privacy laws modeled on the CCPA framework. While no two are identical, they share common themes: notice requirements, consumer access and deletion rights, data minimization obligations, and requirements for contracts with third-party vendors who process member data on the gym’s behalf. A national or regional gym chain must maintain a state-by-state compliance map that tracks which laws apply in each operating jurisdiction, because there is no federal preemptive privacy law that simplifies the analysis.
C. HIPAA and health-related data
HIPAA, the Health Insurance Portability and Accountability Act, is widely understood as the federal law governing healthcare data. What is less widely understood is when it applies to a gym. HIPAA does not apply to every business that handles health-related information. It applies to covered entities (healthcare providers, health plans, and healthcare clearinghouses) and their business associates. Most gyms are neither, and a standard gym collecting member health questionnaires or tracking body composition metrics is not automatically subject to HIPAA.
However, a gym can cross into HIPAA territory in several ways. If the gym employs or contracts with licensed healthcare providers, physical therapists, registered dietitians, or physicians who use health records to provide individualized clinical services to members, those activities may constitute healthcare operations subject to HIPAA. If the gym uses a third-party wellness or health platform that exchanges data with a member’s health insurer or healthcare provider, that data flow may trigger HIPAA’s business associate agreement requirements. If the gym markets itself as a medically supervised facility or integrates with employer wellness programs connected to health plans, the analysis becomes more complex.
For most standalone gyms, the more immediate concern is not HIPAA directly but the state-level health data privacy laws that have proliferated in HIPAA’s wake and that apply more broadly. Washington’s My Health My Data Act covers any entity that collects, processes, or shares consumer health data, defined expansively to include body composition metrics, exercise data, and any data that could be used to infer health status, without requiring that the entity be a HIPAA-covered entity. It applies to gyms explicitly. Similar laws are advancing in other states, and the trend is clearly toward broader, not narrower, regulation of health-adjacent data in commercial fitness contexts.
To sum up
Data privacy compliance for gyms has moved from a peripheral concern to a front-line legal obligation in the span of a few years, driven by BIPA litigation, the CCPA’s maturation, and the rapid proliferation of state-level health data laws. The practical steps for a new gym are clear: decide before opening whether to use biometric check-in systems, and if so, build a BIPA-compliant consent and data management framework before the first member scan; audit what member data is collected, where it is stored, and who it is shared with; publish a privacy policy that accurately reflects actual data practices; and assess whether the CCPA or any other state privacy law applies based on the gym’s member base. The cost of these steps is modest. The cost of ignoring them, measured in class action settlement exposure, statutory penalties, and regulatory investigation, is not.
Data privacy mistakes generate statutory penalties and class action exposure. The tax and structure decisions covered in the next section are less dramatic in how they surface, but equally capable of producing six-figure liability if they are handled wrong from day one.
8. Tax classification & structure for US gyms
Tax and business structure decisions do not carry the courtroom drama of a lawsuit or the regulatory urgency of a biometric data violation. Still, they are decisions made on day one that shape a gym’s legal and financial exposure for as long as it operates. Entity structure determines whether a personal injury judgment can reach the owner’s personal assets.
Sales tax compliance determines whether years of uncollected tax quietly accumulate into a back-liability crisis. Worker classification determines how much the IRS can collect, and from whom, when an audit reveals that independent contractors were actually employees. These are not peripheral concerns. They are foundational ones, and they are addressed across the three subsections below.
A. Entity structure: LLC vs. S-Corporation
The choice of business entity is the first legal decision a gym owner makes and one of the most consequential. Operating as a sole proprietor or general partnership, the default structures that apply when no formal entity is created, means there is no legal distinction between the business and the owner. A judgment against the gym is a judgment against the owner personally. In an industry with significant premises liability exposure, where member injuries can generate six-figure claims, operating without a liability shield is a risk that no business attorney would recommend.
A Limited Liability Company (LLC) is the most commonly chosen structure for single-location gym owners, for good reason. An LLC provides the liability shield that separates personal assets from business obligations, is relatively inexpensive to form and maintain, and offers flexible pass-through taxation, meaning the gym’s income and losses flow through to the owner’s personal tax return without the entity itself paying corporate income tax. For a new gym generating losses in its early years, this pass-through treatment can provide meaningful personal tax benefits. LLCs are governed by operating agreements that can be tailored to the gym’s specific ownership and management structure, making them adaptable to both single-owner and multi-partner arrangements.
An S-Corporation offers an additional tax advantage that becomes relevant once the gym reaches meaningful profitability: the ability to split income between salary and distributions. Because self-employment tax (currently 15.3%) applies to salary but not to S-corp distributions, an owner-operator who pays themselves a reasonable market salary and takes remaining profits as distributions can reduce their self-employment tax burden substantially compared to an LLC taxed as a sole proprietorship. The tradeoff is additional administrative complexity, S-corps require payroll, corporate formalities such as annual meetings and minutes, and more rigorous bookkeeping. For a gym generating significant net income, the tax savings typically outweigh these costs. For a gym in its early stages, the LLC’s simplicity is usually the better fit, with a potential conversion to S-corp election as profitability matures.
One critical point applies to both structures: the liability shield only holds if it is respected. Commingling personal and business funds, failing to maintain a separate business bank account, or operating the business in a way that ignores the legal separation between owner and entity can lead a court to pierce the corporate veil, disregarding the entity structure and holding the owner personally liable. For gym owners, maintaining that separation from day one is as important as choosing the right structure.
B. Sales tax on memberships: a complex and variable landscape
Sales tax on gym memberships is one of the most commonly mishandled tax obligations in the fitness industry because the rules are fragmented, counterintuitive, and easy to get wrong through simple inattention. There is no federal sales tax; the obligation is entirely state and local. Roughly half of the US states impose sales tax on gym memberships, and half do not, but the division is not clean, and the details matter enormously.
Among states that do tax gym memberships, the legal rationale varies. Texas classifies gym memberships as a taxable amusement service and applies its 6.25% state sales tax rate, with an exemption only for memberships purchased under a physician’s written prescription, a new prescription required at every renewal. Florida applies its 6% sales tax to charges for participation in sports or exercise activities. Pennsylvania applies its 6% sales tax to health club memberships directly. Washington State treats fitness facility membership as a taxable retail service. Minnesota explicitly taxes health club and exercise facility fees under its sales tax statutes.
Among states that do not impose a statewide sales tax on gym memberships, the picture is equally nuanced. California generally exempts services from sales tax, so standard gym memberships are not taxable, but if the gym bundles tangible property, such as supplements or apparel, into a membership fee without separately stating the prices, the entire bundled fee may become taxable. New York State exempts health and fitness facility memberships from state sales tax. Still, New York City imposes its own 4.5% local sales tax on those same memberships, meaning a gym in Manhattan has a sales tax obligation that an identical gym in Buffalo does not. South Carolina’s rules are among the most granular in the country: memberships to for-profit gyms are generally exempt if the facility offers only exercise equipment and aerobics, but the exemption is lost if the facility includes a basketball court, tennis court, or similar participatory sport facility.
The practical consequence of getting this wrong is severe and slow-moving. Sales tax liabilities accrue quietly; a gym that should have been collecting 6% on every membership fee but was not has been accumulating a back-tax obligation with every billing cycle. State revenue departments conduct audits, and a multi-year audit of a gym that failed to collect required sales tax produces a bill for all uncollected tax, plus interest and penalties that can substantially exceed the original obligation. The gym, not the member, bears this liability: the obligation to collect and remit sales tax falls on the seller, and the seller cannot retroactively collect it from members who were never charged. A gym opening in any state should obtain a formal sales tax determination, either through the state revenue department’s guidance publications or a consultation with a state and local tax professional, before its first membership is sold.
C. Worker classification: tax consequences of the employee vs. contractor decision
The employment law dimensions of worker classification, the ABC test, state-by-state variation, and the 2025 DOL reversion to the economic realities standard are covered in full in Section 1A of this guide. The tax consequences of getting that classification wrong are distinct and worth understanding separately, because the IRS operates as an additional enforcement party independently of the Department of Labor.
When a gym misclassifies an employee as an independent contractor, none of this happens: the gym pays the worker’s gross amount with no withholding, issues a Form 1099-NEC at year’s end, and treats its employer-side tax obligations as nonexistent.
If the IRS later determines on audit that the worker was actually an employee, the gym becomes liable for all unwithheld income taxes, both the employee and employer shares of FICA going back the full audit period, and interest and penalties on top. The IRS’s Section 3509 rates for misclassification, the reduced rates that apply when the gym did not intentionally circumvent the rules, are 1.5% of wages for income tax and 20% of the FICA amounts.
For willful misclassification, those rates double. Across multiple misclassified personal trainers over several years, the aggregate liability from a single IRS audit can run into six figures.
The IRS offers a voluntary disclosure program, the Voluntary Classification Settlement Program (VCSP), that allows businesses to prospectively reclassify workers as employees and settle past misclassification liability at significantly reduced rates, typically 10% of the employment tax liability for the most recent tax year, with no interest or penalties.
For a gym that suspects its contractor arrangements would not survive IRS scrutiny, the VCSP is a substantially cheaper resolution than waiting for an audit. Eligibility requires that the gym has consistently treated the workers as contractors, has filed 1099s for them, and is not currently under an employment tax audit.
To sum up
Tax and structure decisions sit at the operational foundation of a gym’s business, invisible when right, enormously disruptive when wrong. Forming the correct entity before opening, determining the applicable sales tax treatment before the first membership is sold, and getting worker classification right before the first contractor agreement is signed are decisions that cost relatively little to make correctly at the outset. Correcting them after years of noncompliance, through an IRS audit, a state revenue department examination, or a DOL investigation, costs orders of magnitude more. Each of these areas benefits from specialist advice: a business formation attorney for entity structure, a state and local tax professional for sales tax compliance, and a payroll or employment tax advisor for worker classification. The investment in getting these foundations right is among the most reliably high-return legal spending a new gym can make.
Tax structure is about how your business is organised. The moment you start selling consumable products at your facility, you add an entirely separate compliance layer, one that most gym owners only discover after something goes wrong.
9. Food, supplement & product sales law for US gyms
Selling protein shakes, supplements, or food at your gym might seem like a natural revenue extension. But it also pulls your business into a separate and underappreciated layer of legal compliance that many gym owners discover only after something goes wrong. The moment a gym begins selling consumable products, it becomes subject to FDA regulations, state food safety licensing, and product liability exposure entirely distinct from the gym’s core fitness business. Understanding these obligations before opening a smoothie bar or supplement display is not bureaucratic caution; it is financial self-preservation.
A. FDA regulation on supplement labeling and health claims
Dietary supplements, protein powders, pre-workouts, creatine, amino acids, vitamins, and similar products are regulated by the FDA under the Dietary Supplement Health and Education Act of 1994 (DSHEA). This law treats supplements as a special category of food rather than as drugs, which has an important consequence. Unlike pharmaceuticals, supplements do not require FDA approval before they reach the market. Manufacturers are responsible for ensuring their products are safe and properly labeled before selling them. The FDA’s role is largely reactive; it can take action against products after they reach the market, but it does not pre-screen them.
For a gym retailing supplements made by third-party manufacturers, this system creates a deceptively relaxed feeling of compliance. The gym did not make the product; the manufacturer did. But the legal exposure does not stop at the manufacturer’s door, as discussed in the product liability section below. What the gym can control, and must, is how it markets and represents those products.
The FDA regulates three categories of claims that can appear on supplement labels and in associated marketing: health claims, structure/function claims, and nutrient content claims. Health claims describe a relationship between a supplement ingredient and a reduced risk of disease, for example, a statement linking calcium intake to reduced osteoporosis risk. These require FDA authorization before use and cannot be made unilaterally. Structure/function claims describe how a nutrient affects normal body structure or function, for example, ‘supports muscle recovery’ or ‘promotes energy production’, and are permitted without pre-authorization, but must be accompanied by a disclaimer stating that the FDA has not evaluated the claim and that the product is not intended to diagnose, treat, cure, or prevent any disease. The manufacturer must also notify the FDA within 30 days of first marketing a structure/function claim.
The line between a permissible structure/function claim and an impermissible drug claim is one of the most frequently crossed legal boundaries in supplement marketing. A claim that a supplement ‘supports healthy blood pressure’ may be acceptable; a claim that it ‘treats hypertension’ is not, as it constitutes a drug claim, and making it without FDA drug approval exposes the seller to enforcement action. Gyms that display third-party marketing materials, write their own social media posts promoting supplements they sell, or have staff make verbal claims about a product’s health benefits can independently create legal liability under FTC advertising rules and FDA misbranding provisions, even if the product label itself is compliant.
CBD products deserve special mention. They have become popular in gym retail environments but remain in a legally ambiguous category. The FDA has not approved CBD as a dietary supplement and has issued warning letters to companies making unsupported health claims. A gym selling CBD products is operating in an area of active federal regulatory uncertainty, compounded by significant state-level variation in how CBD is treated commercially.
B. State food handler permits and retail food establishment licensing
The moment a gym begins preparing or serving food, blending protein shakes, making smoothies, selling packaged food that requires refrigeration, or operating any kind of juice bar, it typically becomes a retail food establishment under state law. This triggers a licensing and inspection regime entirely separate from the gym’s standard business licensing.
The specifics vary considerably by state. In Texas, a retail food establishment permit is required before serving any food, and all food employees must complete an accredited food handler certification course within 30 days of hire. California requires a food handler card for all workers who prepare, store, or serve food, and under state law, employers must cover the cost of that certification. In New York, food service permits are issued by local health departments, and operators must demonstrate compliance with workers’ compensation insurance requirements before a permit will be issued. Many states, including Illinois, Oregon, and Washington, require handler certification within 30 days of employment, while others require only that at least one manager hold a Certified Food Protection Manager credential.
The Certified Food Protection Manager (CFPM) requirement, typically satisfied through programs like ServSafe, is worth understanding in detail. A CFPM designation covers food safety principles, temperature control, contamination prevention, and sanitation. The expectation is that this certified person actively manages food safety practices and trains other staff. A gym that hires someone to run its smoothie bar without ensuring a CFPM is on staff is likely operating out of compliance in most jurisdictions.
The physical infrastructure of the food preparation area also comes under regulatory scrutiny. Most jurisdictions require plan review approval of any food prep space before a permit is issued, meaning the layout, equipment, sinks, refrigeration, and handwashing stations must meet health code standards. A gym adding a smoothie bar during renovation should budget for this review process and factor permit timelines into the opening date. Plan approval can add weeks to a project timeline. Selling only factory-sealed, shelf-stable prepackaged supplements typically avoids the retail food establishment permit requirement, but the moment any food preparation happens on-site, the permitting obligations apply.
C. Product liability exposure from supplement sales
Of the three legal areas in this section, product liability is the one most likely to generate catastrophic financial exposure for a gym. The supplement industry’s regulatory gaps, no pre-market approval requirement, inconsistent manufacturing oversight, and widespread mislabeling create a real risk that a product sold at the gym counter causes a member harm. When that happens, the legal question is not just whether the manufacturer is liable. It is whether the gym, as the retailer, is liable too.
Under product liability law, retailers, not just manufacturers, can be held liable for defective products they sell. A product can be defective in three ways: defective design (the product’s formulation itself causes harm), defective manufacturing (something went wrong in production, yielding a dangerous individual item), or inadequate warnings (the product lacks sufficient instructions or caution disclosures). A gym that sells a pre-workout supplement containing an undisclosed stimulant, or a protein powder later found to contain heavy metals at unsafe levels, can be named as a defendant in a personal injury lawsuit even though it had no role in manufacturing the product.
The stakes are not hypothetical. The Capati v. Crunch Fitness case, filed in 1999, remains a landmark warning for the industry. A member died after a workout, and the lawsuit alleged a connection to a supplement her personal trainer had recommended. The resulting litigation involved claims exceeding $320 million and put the question of trainer supplement recommendations squarely in the legal spotlight. The case made clear that when gym employees actively recommend specific supplements to members, the gym’s liability exposure deepens well beyond simple retail. Recommendation implies endorsement; endorsement implies knowledge; and knowledge of a product that turns out to be harmful is a building block for negligence claims.
The supplement industry’s mislabeling problem compounds this risk substantially. Studies have found that a significant proportion of supplements on the market contain ingredients not disclosed on the label, including, in some cases, pharmaceutical compounds, anabolic steroids, or undisclosed allergens. Bodybuilding and weight-loss supplements in particular have been linked to liver injury cases in clinical research. A gym that retails these categories without due diligence on the brands it carries is not merely relying on the manufacturer; it is accepting a share of the legal exposure that comes with selling improperly manufactured products.
Practical risk management in this area has several components. First, gyms should stock only supplements from manufacturers that follow Current Good Manufacturing Practices (cGMPs) as required by the FDA, and ideally products carrying third-party testing certifications such as NSF Certified for Sport or Informed Choice, programs that test for label accuracy and contamination. Second, gym staff should be trained not to make specific health claims or therapeutic recommendations about supplements; selling a product is different from prescribing one. Third, the gym’s general liability insurance policy should specifically include product liability coverage for sold consumable products; standard gym liability policies do not always extend to this. Fourth, supplier contracts should include indemnification clauses requiring the manufacturer to defend and hold harmless the gym in the event of a product liability claim arising from the manufacturer’s product.
To sum up
Food and supplement sales can meaningfully improve a gym’s per-member revenue, and many gyms build strong ancillary businesses around their retail offerings. But the legal layer is real and distinct from the gym’s core liability exposure. FDA claim rules, state food handler licensing, and product liability together form a compliance framework that rewards planning and punishes improvisation. The gym that adds a smoothie bar or supplement shelf as an afterthought, without reviewing its permits, training its staff on what they can and cannot say, and vetting the products it carries, is creating exposure it did not have the day before it put that product on the counter.
The nine sections above map the US legal landscape. If you operate, or plan to operate, in the UK, the European Union, or Australia, the same categories of risk apply. But the rules governing them differ in ways that matter operationally.
How Gym Law Varies: UK, EU/Malta, and Australia vs. the US
For a gym operator familiar with US law, the legal environment in the UK, the European Union, and Australia will feel both recognizable and structurally different. The same categories of obligation exist: membership contracts, data privacy, employment, premises liability, but the underlying philosophy, enforcement mechanisms, and specific requirements diverge in ways that matter operationally. The broadest structural difference is this: the US relies heavily on statute-by-statute, state-by-state layering, with federal minimums and a strong role for private litigation as an enforcement driver. The UK, EU, and Australia rely more on centralized frameworks, national consumer law statutes, and supranational regulation, with regulator-led enforcement playing a proportionally larger role than in the US.
| Legal area | United States | UK | EU / Malta | Australia |
| Cooling-off periodContract law | 14 days EU Consumer Rights Directive mandates 14-day withdrawal for distance contracts (online/phone sign-ups). Applies uniformly across all member states including Malta. No dedicated gym statute in Malta, falls under Consumer Affairs Act and Civil Code. | 14 days14-day right under the incoming Digital Markets, Competition and Consumers Act 2024 (expected in force 2026). Additional 14-day window at price changes and auto-renewal. Strongest protection of the four jurisdictions. | FTC + state ARLsFTC Click-to-Cancel rule (Oct 2024): cancellation must be as easy as sign-up. ROSCA applies to online enrollments. CA, NY, IL, and others layer additional state automatic renewal laws. Civil penalties up to $51,744 per violation. | Varies by state: ACT, Queensland, WA, and SA have mandatory fitness industry codes with specific cooling-off periods. National ACL covers unfair contract terms; no single federal cooling-off period for fitness specifically. |
| DMCCA 2024: Proactive consumer notification required before auto-renewal. CMA can fine up to 10% of global annual turnover without going to court. CMA already secured undertakings from Bannatyne’s, David Lloyd, Virgin Active over unfair terms. | State patchwork. No federal comprehensive privacy law. CCPA (CA) applies at $26.6M revenue or 100k consumers. IL BIPA covers biometrics. VA, CO, TX, FL + 10+ others have own statutes. Compliance map required for multi-state operators. | Unfair Practices Directive: The EU Unfair Commercial Practices Directive prohibits drip pricing and contract burial. Member-state enforcement varies; GDPR adds data-layer obligations on subscription management. Malta relies on Consumer Affairs Act. | 3–5 days, 3 business days in PA, NY, MA, VA; 5 days in CA. Must appear in bold, conspicuous type in contract. Varies by state, ~35 states have health club statutes. | ACL + ACCCACCC has pursued gyms for advertising “no contracts” while imposing binding terms. Unfair contract terms now carry civil penalties up to AUD $1.1M per contravention (penalty regime from late 2023). ACL applies nationally. |
| Data privacy frameworkData privacy | UK GDPR mirrors EU GDPR post-Brexit. 72-hour breach notification. Fines up to £17.5M or 4% of global turnover. Health data (body composition, fitness assessments) is special-category data requiring explicit consent. ICO enforces. | EU GDPR is uniform across all member states. Health data = special category requiring explicit written consent. Biometric check-in may require a Data Protection Officer. 72-hour breach notification to Malta Information Technology Agency. Max fines €20M or 4% global turnover. | EU GDPRUniform across all member states. Health data = special category requiring explicit written consent. Biometric check-in may require a Data Protection Officer. 72-hour breach notification to Malta Information Technology Agency. Max fines €20M or 4% global turnover. | Generally enforced, waivers are a primary risk-management tool. Enforceable in most states for ordinary negligence if clear and conspicuous. Do not protect against gross negligence (e.g. failure to have a mandated AED, known equipment defect). CA and NY apply additional scrutiny. |
| Biometric data (fingerprint / facial check-in)Data privacy | BIPA (IL only)IL BIPA: written consent, retention schedule, and public policy required before first scan. $1k–$5k per violation, private right of action, class actions routine. WA, TX have biometric laws without private rights of action. 2024 amendment limits per-scan stacking. | UK GDPR Art. 9Biometric data is special-category data. Explicit consent required. Data Protection Impact Assessment recommended. ICO guidance specifically addresses workplace biometrics. High fines for non-compliance. | GDPR Art. 9Same as UK GDPR framework. Biometric processing for ID purposes is explicitly Article 9 special-category data. DPO may be required where biometric processing is a core activity. Malta’s MITA is the supervisory authority. | Privacy Act sensitive dataBiometric data treated as sensitive information under Australian Privacy Principles. Consent required. No equivalent to BIPA class-action structure. OAIC can investigate but enforcement is regulator-led, not private-action-driven. |
| Member-state rules: Malta: no EU-wide employment classification directive; national labour law applies. EU Platform Work Directive (2024) introduces a rebuttable presumption of employment for digital platform workers, limited direct gym relevance but signals broader shift. | Liability waivers | Restricted by CRA 2015Consumer Rights Act 2015 renders unfair terms void. Clauses excluding liability for personal injury due to negligence are unenforceable as unfair. Gyms have limited waiver protection; insurance and risk management are primary shields. | Generally unenforceableEU Unfair Terms Directive prohibits terms creating significant imbalance to consumer’s detriment. Exclusions of liability for personal injury are routinely held unfair across member states. Malta: same EU framework applies. | Restricted by ACLTerms excluding liability for negligence-caused personal injury generally unenforceable as unfair under ACL. Some states permit “recreational services” waivers under civil liability legislation but courts apply these narrowly. Waivers are a weaker shield than in the US. |
| Contractor vs. employee classificationEmployment | State-by-stateCA, MA, NJ use strict ABC Test, trainers almost always employees. FL, TX, NY use more lenient common-law test. Federal DOL reverted to “economic realities” test (May 2025). Equinox $12M settlement (2025) is landmark. Misclassification = back pay + FICA + penalties. | Three-tier systemEmployee / worker / self-employed. “Worker” status (middle tier) grants holiday pay, minimum wage, and some rights without full employee status. HMRC scrutinises fitness industry arrangements. IR35 rules apply to personal service company structures. | Member-state rulesMalta: no EU-wide employment classification directive; national labour law applies. EU Platform Work Directive (2024) introduces a rebuttable presumption of employment for digital platform workers, limited direct gym relevance but signals broader shift. | ACL + High Court test2022 High Court decisions (CFMMEU, Jamsek) clarified that written contract terms govern classification. Gyms with clear contractor agreements have more certainty than pre-2022. Fair Work Act entitlements apply to employees; ATO scrutinises sham contracting. |
| Unfair dismissal / at-will employmentEmployment | At-will (with limits)At-will doctrine gives broad latitude but cannot terminate for discriminatory reason, protected activity, or in breach of implied handbook contract. Title VII (15+ employees) + state equivalents. Documentation is primary defence. | Unfair dismissal rightsStatutory unfair dismissal rights apply after 2 years’ employment. No at-will doctrine. Dismissal must follow a fair procedure. Employment Tribunal claims are common. Compensation capped but procedural failures are costly. | Strong protectionsMalta Labour Law provides strong employee protections. Notice periods and procedural fairness required. No equivalent of at-will employment. Industrial Tribunal handles disputes. EU Working Time Directive also applies. | Fair Work ActUnfair dismissal claims available after minimum employment period (1 year for small businesses, 6 months for others). Fair Work Commission arbitrates. General protections provisions prohibit dismissal for workplace rights exercise. No at-will doctrine. |
| AED requirementsSafety | State-by-state mandatesPA, NY, CA, IL, NJ, MA and others have specific AED statutes for fitness facilities. Requirements vary: number of devices, placement, staff training intervals, emergency response plan. Absence of mandated AED = statutory negligence per se in civil claims. | No statutory mandateNo law specifically requires AEDs in gyms. Health and Safety at Work Act 1974 and RIDDOR govern incident reporting. HSE and leisure industry guidance strongly recommends AEDs. Failure to have one may still be negligent depending on circumstances. | Member-state rulesNo EU-wide mandate. Malta has no specific AED gym requirement. Some member states (e.g. Italy, France) have enacted requirements for sports facilities. Duty of care under national civil codes still applies. | State-basedNo national AED mandate for gyms. Some states have first-aid requirements for fitness facilities under work health and safety legislation. AUSactive code of practice recommends AEDs. Negligence exposure exists regardless of statute. |
| Personal trainer qualifications (legal mandate)Safety | Patchy state rulesNo federal mandate. Some states reference certification in health club statutes. Insurance carriers and courts treat documented CPR/first-aid and professional certification as baseline competence evidence. Failure to verify credentials weakens negligence defence. | Industry-led (CIMSPA)No statutory requirement but CIMSPA registers fitness professionals and sets qualification standards. Employers typically require Level 2/3 qualifications. HSE expects demonstrable competence. Courts use industry standards as the benchmark. | Member-state rulesMalta does not regulate fitness instructors (aside from dive instructors), one of the more permissive EU member states. France, Portugal, Spain have statutory qualification requirements. EU mutual recognition applies across member states. | Industry-driven (AUSactive)No legal mandate in most states but insurers and employers require Cert III/IV in Fitness from accredited providers plus current first-aid. AUSactive maintains a national register. More structured than the US, less statutory than some EU states. |
- Strongest consumer protection / most restricted for operators
- Moderate
- More permissive
- Varies significantly within jurisdiction
A. United Kingdom
The UK’s approach to gym membership contracts is governed primarily by the Consumer Rights Act 2015, which replaced and consolidated earlier consumer protection legislation. The Act subjects all consumer contracts, including gym memberships, to a test of fairness. A term is unfair if it creates a significant imbalance in the parties’ rights and obligations to the detriment of the consumer, and an unfair term is void and unenforceable. This gives UK gym law a flexibility that US law largely lacks: rather than a checklist of mandatory provisions, the CRA 2015 establishes a principles-based standard that allows courts and the Competition and Markets Authority (CMA) to assess any contract term on its merits.
The CMA has used this power actively against the gym sector. Following an OFT High Court enforcement order against gym management company Ashbourne Management Services in 2011 for unfair contract terms, the regulator investigated Bannatyne’s, David Lloyd’s, Fitness First, and Virgin Active,e securing undertakings from each to revise their cancellation terms, minimum period provisions, and debt collection practices. Under the CRA 2015, an unnecessarily long minimum term, unreasonable early termination fees, automatic renewals without clear consent, and punitive penalty clauses are all candidates for unfairness.
The UK is now implementing the Digital Markets, Competition and Consumers Act 2024, which introduces subscription-specific rules expected to come into force in early 2026. These include a mandatory 14-day cooling-off period at the start of every membership contract, a further 14-day cooling-off period when prices change or at the end of each contract term, and proactive consumer notification before auto-renewal. This is significantly more protective than most US state cooling-off requirements, which run 3 to 5 days. The CMA gains stronger direct enforcement powers under the Act, including the ability to impose fines of up to 10% of annual global turnover without needing to go to court.
On employment, UK gym staff enjoy materially stronger statutory protections than their US counterparts. Unfair dismissal rights apply after two years of employment; there is no at-will employment doctrine. Statutory sick pay, parental leave entitlements, and Working Time Regulations capping the working week at 48 hours (absent an opt-out) all apply regardless of employer size. The distinction between employee, worker, and self-employed contractor is similarly contested, and the consequences of misclassification are real. Still, the legal tests differ from the US IRS and DOL frameworks. On data privacy, UK GDPR (which mirrors EU GDPR post-Brexit) applies to all gyms handling member data, with a 72-hour breach notification requirement and fines up to £17.5 million or 4% of global annual turnover for serious violations, considerably more severe than anything in US data privacy law.
B. European Union and Malta
EU member states, including Malta, operate under a supranational layer of consumer and data protection regulation that has no US equivalent. The EU’s Consumer Rights Directive provides a 14-day statutory right of withdrawal from distance contracts, contracts concluded online or by phone, which applies to gym memberships sold digitally. The Unfair Commercial Practices Directive prohibits misleading and aggressive commercial practices, including the kind of drip pricing and contract burial that the FTC is only now targeting federally in the US.
The most significant difference for gym operators in the EU versus the US is GDPR. Where US data privacy law is fragmented, a patchwork of state laws, BIPA in Illinois, the CCPA in California, and no comprehensive federal framework, the GDPR applies uniformly across all EU member states and sets a single, demanding standard. For a Maltese gym, this means: a documented lawful basis is required for processing each category of member data; health information (including body composition data and fitness assessments) qualifies as ‘special category data’ requiring explicit written consent; members have the right to access, correct, and delete their data; and a personal data breach must be reported to the Malta Information Technology Agency within 72 hours. Gyms processing biometric data, fingerprint or facial recognition check-in, as a core activity, may be required to appoint a Data Protection Officer. Maximum GDPR fines reach €20 million or 4% of global annual turnover, whichever is higher.
For Malta specifically, there is no dedicated health club statute equivalent to Pennsylvania’s Health Club Act or California’s Health Studio Services Contract Law. The Consumer Affairs Act, the Civil Code, and applicable EU directives govern membership contracts. Notably, gym instructor qualifications are largely unregulated at the national level; the EU’s 2016 mutual evaluation found Malta did not regulate the fitness instructor profession (apart from diving instructors), unlike France, Portugal, and Spain, which impose qualification requirements for fitness instructors. This is more permissive than several US states that require personal trainers to hold liability insurance and, in some cases, specific certifications.
VAT compliance in Malta
Operating a fitness business in Malta requires strict VAT compliance and structured transaction reporting. For a founder already absorbing €50,000 in pre-opening burn, a compliance misstep would not have been a minor inconvenience. It could have delayed registration, triggered penalties, or interrupted operations at launch.
During setup, Maltese authorities required Prestige Fitness, run by Zack Camillieri, to confirm to the tax authorities that the billing and invoicing system was structured correctly for VAT handling. This step was not optional. The software had to demonstrate accurate VAT calculation, a compliant invoicing structure, and proper transaction breakdown aligned with Maltese tax requirements.
This step illustrates a broader principle: in high-bureaucracy markets, gym management software is not just an operational convenience. It becomes part of the compliance infrastructure. C. Australia
Australia’s gym law framework most closely resembles the UK’s in its reliance on a single national consumer protection statute, the Australian Consumer Law (ACL), with state and territory layers on top. The ACL applies uniformly across all jurisdictions and prohibits unfair contract terms in standard-form consumer contracts (which most gym membership agreements are), misleading or deceptive conduct, and unconscionable conduct. From late 2023, unfair contract terms carry significant civil penalties; previously, they were merely void and unenforceable.
The ACCC, Australia’s equivalent of the FTC, has been an active enforcer in the gym sector. It has pursued gyms for advertising ‘no contracts’ memberships while imposing binding terms, and warned that misleading conduct penalties can reach AUD $1.1 million per contravention. Several states and territories, ACT, Queensland, Western Australia, and South Australia, have mandatory fitness industry codes of practice that sit on top of the national ACL framework and prescribe specific disclosure requirements and cooling-off periods for fitness memberships. This creates a multi-jurisdictional compliance task for gym chains operating nationally that mirrors the US state-by-state challenge. However, the base ACL provides more consistency than the US federal floor.
On liability waivers, a major feature of US gym membership agreements, Australian law is notably more restrictive. Under the ACL, terms purporting to exclude liability for personal injury caused by the gym’s negligence are generally unenforceable as unfair. While fitness providers can include ‘recreational services’ waivers in some states under specific civil liability legislation, Australian courts have repeatedly held that broadly drafted waivers do not protect gyms from negligence claims. US gym operators accustomed to liability waiver clauses that substantially limit exposure would find their Australian equivalents significantly weaker as a legal shield. The practical result is that Australian gyms carry more premises and instructor liability exposure than a comparably situated US gym, making public liability insurance more central to risk management.
Finally, Australia’s fitness industry is substantially more self-regulated than the US when it comes to trainer qualifications. AUSactive, the peak national body, administers a national code of practice and maintains a register of exercise professionals. While most states do not legally mandate specific qualifications for personal trainers, insurers and employers typically require a Certificate III or IV in Fitness from an accredited provider, along with current first aid certification. This industry-driven credentialing system operates in place of the patchwork of state-level certification requirements and CPR mandates found in health club statutes across the US.
To sum up
A US gym operator expanding internationally faces a consistent pattern: the destinations covered here are more protective of consumers in contract law (longer cooling-off periods, stronger unfairness tests, less reliance on fine print), more unified in data privacy (GDPR in the UK and EU, ACL in Australia versus the US state patchwork), and in Australia’s case more restrictive on liability waivers. The US advantage is a more permissive environment for independent contractor arrangements and, outside Illinois, considerably weaker biometric data restrictions.
Running a gym With confidence, not anxiety
Gym legal compliance is not a one-time task. It is an operating discipline, one that touches every part of your business, from the contract a new member signs on day one to the music playing in your cycling class, the food handler certification behind your smoothie bar, and the biometric scanner at your entrance.
The good news is that most compliance failures are preventable. They share a common root: decisions made quickly at the start, without specialist input, that compound quietly until they become expensive. The gym that gets its membership agreement reviewed before opening, classifies its trainers correctly from the first payroll cycle, and audits its website for accessibility before it goes live is not spending more than its competitor. It is spending earlier, at a fraction of what remediation costs later.
Use this guide as your operating map. For the areas most relevant to your situation: employment structure, membership contracts, and data privacy in particular, treat it as the starting point for a conversation with qualified local counsel, not the end of one.
The law around gyms is not static. Federal enforcement priorities shift, state privacy statutes multiply, and the FTC’s focus on subscription practices is intensifying. Building a compliance review cycle into how you run the business. Annual contract reviews, quarterly staff certification checks, periodic ADA audits is how you stay ahead of changes rather than react to them.
Your members come to your gym to work on their health. Your job is to make sure the business is in equally good shape.
Wellyx helps gym operators manage memberships, automate contracts, and maintain compliant digital records.
Frequently Asked Questions About Gym Legal Compliance
1. What licences and permits does a gym need before opening?
Most compliance starts with local zoning and permitted use confirmation. Gyms in both the US and UK must check zoning codes, obtain planning/building permits for renovations, and secure a Certificate of Occupancy (US) or planning approval (UK). Failure to do so can delay openings or trigger enforcement action.
2. Do gyms have to conduct risk assessments?
Yes. Both jurisdictions require documented risk assessments for equipment, wet areas, slips/trips, and emergency procedures. In the UK, this is mandated under the Health and Safety at Work Act 1974; in the US, OSHA standards and general duty clauses expect reasonable safety controls and documentation.
3. What kind of insurance should gyms carry?
At minimum, gyms need general liability insurance covering member injuries on premises, and employers’ liability (UK) or workers’ compensation (US) if they employ any staff. Beyond that baseline, the specific services a gym offers determine what additional cover is needed. A gym with personal trainers delivering one-to-one sessions should carry professional liability coverage.
A gym selling supplements or food needs product liability coverage, standard gym policies often exclude consumable product claims. If the gym uses biometric check-in in Illinois, BIPA class action exposure is not covered by a standard policy and may require specialist privacy liability cover. A waiver does not replace insurance: US courts have found gyms liable despite signed waivers in cases of gross negligence, such as failure to maintain a legally required AED or ignoring known equipment defects. Insurance and waivers are separate and complementary protections, not substitutes for each other.
4. Are membership contracts legally enforceable?
Contracts must be clear, fair, and compliant with consumer protection laws. In the UK, the Consumer Rights Act 2015 requires transparent terms and fair cancellation policies. In the US, state health club laws often regulate contract disclosures and renewal terms. Unfair terms can be unenforceable.
5. How must gyms handle member data?
The answer depends heavily on which state or country you operate in. In the US, Illinois’ BIPA applies strict written consent and retention requirements to any biometric check-in system, with statutory damages of $1,000–$5,000 per violation and a private right of action that has already produced nine-figure class action settlements.
California’s CCPA grants members access, deletion, and opt-out rights if your revenue or data volume meets the statutory thresholds. Virginia, Colorado, Texas, Florida, and a growing number of other states have their own general privacy laws. All gyms should at minimum publish an accurate privacy policy, secure member data against unauthorised access, and assess whether their use of health questionnaires or body composition data triggers any state health-data law.
UK and EU gyms operate under UK/EU GDPR, which treats health and biometric data as special-category data requiring explicit written consent, and carries fines up to 4% of global annual turnover for serious violations.
6. What are the gym’s responsibilities for sexual harassment prevention?
Gyms must adopt zero‑tolerance harassment policies, provide safe reporting mechanisms, and respond promptly. In the US, harassment can violate anti‑discrimination laws (e.g., Title VII) if ignored. In the UK, duty‑of‑care and equality laws require safe environments for staff and members.
7. Do gyms need documented safety training?
Yes. Written records of staff training (first aid, emergency response, equipment use) demonstrate proactive risk management and are often key in defending negligence claims or insurance disputes.
8. What happens if a gym fails to maintain equipment?
Poor maintenance increases liability. If equipment malfunctions and injures someone, courts or insurers may hold the gym accountable, especially if inspection and repair logs are missing. Regular inspection schedules and documented actions are essential.
9. Can gyms play music and show content legally?
Yes, but music licenses are required if recorded music is played publicly (e.g., ASCAP, BMI, SESAC in the US; PPL/PRS in the UK). Similarly, screening TV content may need compliance with copyright/licensing rules.
10. What should gyms do to stay compliant over time?
Compliance is an ongoing process: schedule regular contract reviews, risk assessments, staff training audits, equipment maintenance checks, insurance renewals, and data protection audits. A compliance calendar reduces surprises and builds trust with members and regulators.
