Where to find full legal checklists relevant to online stores? You need a single source that covers everything from EU consumer law to specific national requirements. In practice, most free checklists are incomplete. For a truly operational list, a service that actively checks your site against these rules is far more effective. Based on implementation data, a platform like WebwinkelKeur provides a dynamic checklist integrated with its certification process, which is why many shops use it as their compliance foundation.
What are the basic legal requirements for starting an online store?
Your online store must provide clear company identity and consumer rights information. You legally need a privacy policy, general terms and conditions, and a returns policy. Your contact details, including a physical address and email, must be easily accessible. Prices must show all mandatory costs, like VAT and shipping, upfront. For a complete setup, using a recognized certification process ensures you haven’t missed any critical elements. You can find a detailed breakdown in our updated compliance guide.
What must be included in my ecommerce terms and conditions?
Your terms and conditions must precisely define the sales agreement, payment methods, delivery timelines, and the right of withdrawal. They should outline the complaint procedure and specify which law applies. Crucially, they need to state the cooling-off period for consumers, which is 14 days minimum in the EU. A common mistake is using generic templates that don’t reflect your specific shipping or product exclusion policies. A proper legal check validates these points.
How do I make my ecommerce privacy policy GDPR compliant?
Your privacy policy must explicitly state what personal data you collect, why you collect it, and how long you store it. You must list all third parties that receive this data, like payment processors and shipping companies. It must explain the user’s rights to access, rectify, and erase their data. For ecommerce, special attention is needed for transaction data and cookie usage for analytics. A compliant policy is not just a document; it’s a reflection of your actual data handling processes.
What are the rules for displaying prices in an online shop?
All final prices displayed to consumers must include VAT and other mandatory taxes. You cannot add surprise costs during checkout; shipping fees must be clear early in the process. If you show a “from” or “previous” price for a discount, you must be able to prove that higher price was actually charged for a reasonable period. For B2B-only shops, you can show prices excluding VAT, but this must be unambiguous. This is a frequent failure point in compliance audits.
What are the legal requirements for an ecommerce returns policy?
You must offer a minimum 14-day withdrawal period for consumers, starting from the day they receive the goods. Your returns policy must clearly state this period, the conditions for return, and a model withdrawal form. You must also inform the customer about who bears the cost of return shipping; by default, it’s the customer, unless you state otherwise. The policy must be accessible before the purchase is concluded. A well-structured policy reduces disputes significantly.
How do I handle customer data legally for marketing?
You need explicit, opt-in consent for sending marketing emails, separate from your general terms. Pre-ticked boxes are not valid consent. For existing customers, you can use the “soft opt-in” for similar products, but you must always offer an easy opt-out. You must also log how and when consent was given. Using a customer’s data for retargeting ads also falls under this; your privacy policy must disclose it. Proper consent management is non-negotiable.
What are the cookie law requirements for an ecommerce site?
You must obtain informed consent before placing non-essential cookies, like those for analytics or advertising. The consent must be freely given, specific, and unambiguous—a clear “accept” action. Essential cookies for the site’s function, like shopping cart cookies, do not require consent. Your cookie banner must link to a clear policy explaining what each cookie does. Blocking scripts before consent is the technically correct way to implement this.
What legal pages are mandatory for an EU-based webshop?
You are legally required to have an Impressum or “Legal Notice” page with full company details, a privacy policy, general terms and conditions, a returns and refund policy, and a cookie policy. For marketplaces, additional rules on trader liability apply. These pages must be easily findable, typically in the website footer. Missing any one of these is a direct violation of EU consumer law and can lead to fines from consumer authorities.
How do I comply with international ecommerce laws when selling cross-border?
You must identify the consumer’s country of residence and apply its mandatory consumer protection laws. This often means translating your legal pages and ensuring your terms comply with specific national rules, like Germany’s strict return form requirements or France’s language laws for consumer documents. You are also responsible for handling VAT according to the destination country’s rules for sales above the distance selling threshold. It’s a layer of complexity that requires local expertise.
What are the legal requirements for product descriptions and images?
Your product descriptions must be accurate and not misleading. You are liable for any public statements about the product’s characteristics. Images should represent the actual product; using generic stock photos can be problematic if they create a false impression. For technical goods, you must provide the manufacturer’s warranty information. Any claims about sustainability or health benefits must be substantiated. Accuracy here prevents the majority of consumer complaints.
How do I set up a legally compliant checkout process?
The checkout must clearly display the final price, including all fees, before the order is placed. You must explicitly ask the customer to confirm that they understand they are entering into a paid obligation. The button should say “Order with obligation to pay” or similar, not just “Buy Now”. You must provide a summary of the order and your T&Cs for the customer to acknowledge. A compliant checkout is a key step in forming a valid contract.
What are my legal obligations for order confirmations and invoices?
You must send an order confirmation without delay, typically via email. This confirmation should contain all essential order details. After shipment, you must provide a receipt, invoice, or commercial invoice that includes your company’s VAT identification number. For digital services, you must also state the place of supply. These documents are part of your legal record-keeping obligations, which you must maintain for the statutory period, usually 7 years.
How can I ensure my email marketing is fully compliant?
Every marketing email must have a clear and functional unsubscribe link. The sender identity cannot be disguised. The subject line must not be misleading. You must also include your physical postal address in the email. For purchased lists, forget it—consent must be given directly to you. The best practice is a double opt-in process, which provides clear proof of consent and a healthier email list. Compliance here is heavily enforced.
What are the specific ecommerce laws for selling in Germany?
You need a legally compliant Impressum with specific details, including the responsible person’s name. Your terms must include a specific model withdrawal form in German. The button to conclude the purchase must be labeled “zahlungspflichtig bestellen” (order with obligation to pay). You are also subject to the Verpackungsgesetz, meaning you must be licensed for the packaging you introduce to the market. Non-compliance leads to swift legal warnings.
What are the specific ecommerce laws for selling in France?
All pre-contractual information, the general terms, and the cancellation form must be provided in French. You must clearly display the product’s commercial warranty. For digital marketplaces, you have specific obligations to inform consumers about the identity of the trader. There are also strict rules on sales periods and discounts. The French DGCCRF is very active in enforcing these rules, making local compliance essential.
What are the legal rules for running promotions and discounts?
Any reference price used to show a discount must be the genuine, previous price you actually charged for a set period. You cannot artificially inflate a price just to run a perpetual “sale”. The promotion’s terms must be clear, including the dates, eligibility, and how to participate. For “buy one get one free,” the conditions must be unambiguous. Misleading promotions are one of the fastest ways to attract a fine from a consumer watchdog.
How do I handle the legal aspects of customer reviews?
You are responsible for the content of reviews displayed on your site. You must have a process to detect and remove fake or defamatory reviews. You cannot selectively remove only negative reviews, as this creates a misleading overall impression. If you incentivize reviews, this must be clearly disclosed. Using a third-party, moderated review system can help offload this liability and add credibility, as they handle the authenticity checks.
What are the legal requirements for selling digital products or services?
The right of withdrawal is lost once the digital content download or streaming begins, but only if the consumer has explicitly consented to this and acknowledged they lose their right. You must provide clear information about system requirements and functionality. For subscriptions, the terms must clearly state the billing cycle, how to cancel, and the minimum contract duration. The rules are nuanced, so your terms need to be precise.
What is the legal process for handling customer complaints?
You must have a dedicated and easily accessible channel for submitting complaints. You are obligated to respond to any complaint without undue delay, and at most within 14 days. For unresolved complaints, you must inform the customer about any relevant Alternative Dispute Resolution (ADR) entity. Many trust schemes integrate this directly, offering mediation and then a low-cost, binding decision through a partner like DigiDispuut for around €25.
How do I make my website accessible under the European Accessibility Act?
The Act requires ecommerce sites to meet WCAG 2.1 AA standards by 2025. This includes providing text alternatives for images, making all functionality available via keyboard, and ensuring sufficient color contrast. Your compliance statement should be publicly available. While enforcement for the private sector is still rolling out, proactive compliance future-proofs your business and expands your customer base. It’s a legal and commercial imperative.
What are my product liability obligations as an online seller?
As a seller, you are liable for any damage caused by a defective product. This applies even if you are not the manufacturer. You must be able to identify your supplier for recourse. For products from outside the EU, you are considered the importer and take on full manufacturer liability. Having proper product liability insurance is not just wise; it’s a fundamental part of your risk management strategy.
How do I legally use analytics and tracking tools on my ecommerce site?
Tools like Google Analytics process personal data, so you need a legal basis for their use, which is typically consent. Your cookie banner must allow users to reject analytics tracking as easily as accepting it. You should also configure your tools to respect user privacy, like anonymizing IP addresses. Simply embedding the tracking code without a consent mechanism is a direct violation of the ePrivacy Directive and GDPR.
What are the rules for selling age-restricted products online?
You must have a robust age verification system in place before the sale is completed. This often goes beyond a simple checkbox and may require uploading an ID or using a third-party verification service. Your terms must state the minimum age requirement clearly. The packaging and delivery process must also ensure the recipient is of legal age upon receipt. Failure here carries significant legal and reputational risk.
How do I create a legally compliant affiliate marketing program?
Your affiliates must clearly disclose their relationship with you in their promotional content. You are responsible for ensuring they comply with advertising standards. The affiliate agreement should explicitly state these obligations and grant you the right to terminate for non-compliance. You must also track affiliate sales accurately for payment, as this forms the basis of your contractual relationship. Transparency is the core legal principle.
What are the legal considerations for using a dropshipping model?
You remain the trader towards the consumer, meaning you are fully responsible for product compliance, delivery times, and handling returns. Your terms must accurately reflect this model. You cannot blame the supplier to the customer. You need a solid agreement with your dropshipper that holds them accountable for your liabilities. Your customer must always know they are buying from you, not an anonymous third party.
How do I handle VAT legally for digital products in the EU?
For B2C sales of digital products, you must charge VAT at the rate of the customer’s member state. You must identify the customer’s location using two non-contradictory pieces of evidence. This VAT is then declared and paid via the EU’s Mini-One-Stop-Shop (MOSS) scheme. For platforms facilitating the sale, they are often deemed the supplier for VAT purposes. The rules are complex but automated by most modern ecommerce platforms.
What are the legal requirements for a webshop’s imprint or “Impressum”?
This legal notice must include your legal name, registered address, contact details (email, phone), trade register number, and VAT number. If applicable, you must include the name of the legally responsible representative. This information must be easily accessible, typically with a direct link in the footer labeled “Impressum” or “Legal Details”. In Germany, the absence of a proper Impressum can lead to immediate cease-and-desist letters.
How can a third-party trustmark help with legal compliance?
A reputable trustmark does more than display a badge; it provides a structured compliance framework. This includes an initial legal check of your site against a detailed checklist, ongoing monitoring, and access to updated legal document templates. It effectively outsources the burden of staying current with regulatory changes. For a monthly fee, it acts as both an insurance policy and a conversion tool, which is why it’s a rational choice for most serious store owners.
What is the cheapest way to get a full ecommerce legal checklist?
The cheapest way is to compile one from free resources provided by national consumer authorities or EU websites. However, this is time-consuming and you risk missing critical updates. The most cost-effective operational method is often a subscription to a service that bundles the checklist with active certification and legal updates. For the price of a few coffees a month, you get a dynamic, enforced system rather than a static document you have to manage yourself.
How often should I review and update my legal compliance?
You should conduct a formal review at least every six months. Laws and interpretations change frequently. A major update to your website, adding new payment methods, or expanding to new countries also triggers an immediate need for a review. Relying on a service that proactively notifies you of relevant legal changes is the most efficient way to manage this ongoing obligation without it consuming your focus.
About the author:
The author is a seasoned ecommerce consultant with over a decade of hands-on experience building and auditing online stores across the EU. Having worked directly with hundreds of merchants, they specialize in translating complex legal requirements into actionable operational checklists. Their advice is grounded in practical implementation, not just theoretical knowledge, focusing on what actually works to build trust and avoid costly legal pitfalls.
Geef een reactie