Legal requirements for European e-commerce sites

29 May 2017

Business Insight

If you’re selling online to European customers, you’ll need to comply with EU laws. This includes both the laws specifically related to e-commerce and also the laws relating to data privacy. If you don’t follow the rules, it could be considered a criminal offence.

Overall, the laws are straightforward. They are aimed at protecting consumers’ rights and avoiding practices which can mislead consumers. There are also rules to follow the keep customers’ data safe.

Here is a brief summary of some of the important rules to follow.


No pre-checked boxes

You cannot have any pre-checked boxes on your website. If you give your clients an option to sign up for a newsletter or to choose extra insurance, they clients must actively check the box.

This protects clients from accidentally agreeing to spend more than they planned or buy services they don’t need. It also prevents spamming as customers must actively opt-in for newsletters and emails.


14-day cooling off period for withdrawing from a sales contract

Your customers have 14 days to change their minds and cancel their orders or return the items. They don’t need to provide any reason or justification. You must communicate this information to the customers. If customers do exercise this right, you then have fourteen days from the date of withdrawal to refund the money, including the cost of delivery.


You can’t make a profit from a credit card surcharge

Some businesses charge consumers more to use certain payment methods. While this is allowed, you cannot charge the customer more than the actual cost to you of processing this payment method. So if your customer spends €100 and chooses a payment method which costs you 2% to process, you cannot charge more than €2 (2% of €100).


Customers must confirm they know they have to pay a price

When customers click the final button to confirm payment, it must be clear that they are agreeing to pay at this point. The customer must see the final amount, with a description of all they are paying for, including the products and any additional charges, such as delivery or credit card fees.


You must clearly display your business information

When customers are making a purchase, in addition to having the precise information about what they are buying and the total cost, consumers must also be presented with your business information. This includes the name of your business, the physical address, the contact information and the information for any third party traders you are using if you are offering a marketplace service. If your business is registered, you must provide the registration number.


You must give clear information on who pays to return goods

It must be clear to customers who will be responsible for paying to return goods. Especially in cases such as when someone buys something bulky and heavy like a couch, there should be at least an estimate of the cost of returning the product.


You must send a detailed receipt

Following the order, you must send your customers a detailed receipt promptly, either electronically or in paper format. This receipt must be complete with all the details of the order, which items were purchased and the total cost. This must make it simple for customers to identify any mistakes they may have made when inputting the order so they can take the necessary measures.


You must comply with the EU Cookie Law 

If your site contains any cookies, the EU Cookie Law requires that you make this clear. Many sites have banners at the top or bottom which are visible as soon as somebody arrives on the site. If you are using an e-commerce platform you should be able to find a module or extension already made to meet this requirement.


Lemon Way - legal regulations for e-commerce in Europe


You must protect clients’ data

In order to respect the data protection laws for various countries, you must only collect necessary data and store it securely. You cannot share this information to a third party without the permission of the customer. In the EU people also have the right to be forgotten so clients can ask you to delete their data and you must comply if you have no true need to keep it.


You must comply with the Payment Card Industry Data Security Standard (PCI-DSS)

There are various rules relating to the processing of credit cards which must be respected for safety. There are twelve requirements.



If you are using a payment gateway, you will only need to complete a limited self-assessment validation to show you comply with requirements 9 and 12.