14 e-commerce laws and legal requirements for online businesses

Blogs 18 Mar 2022

Protect your business and take steps to ensure your e-commerce website is legally compliant with FSB Legal and Business Hub’s beginner-friendly guide.

Business owner typing on laptop in warehouse packing boxes

This content was updated on 26 March 2024. 


Before you launch your business online and take your first orders, you need to ensure that your e-commerce website meets all the relevant legal requirements. There are important policies to put in place, online payment security standards to comply with, data protection laws to follow and so much more.  

Our experts from FSB Legal and Business Hub have broken down some of the main areas of business legislation your small business needs to be aware of, so that you can trade legally online. In addition to this guide, there are more detailed factsheets, together with numerous precedent documents, available on the FSB Legal and Business Hub. 

What are the legal requirements for an e-commerce business? 

Although your legal obligations are much the same as a traditional brick-and-mortar retailer, there are additional areas that you need to consider when trading online. This includes online payment security standards, policies for your website, accessibility and more. Here are 14 areas you need to be aware of when running an e-commerce business. 

1. Electronic Commerce Regulations 

These regulations relate to information that you should clearly provide on your website if you’re selling online, including:  

  • Your business name (and trading name if you have one) 
  • Your address (and registered address if this is different) 
  • Contact email address 
  • Company registration number 
  • Any Trade or Professional Association memberships 
  • Your VAT number if you’re VAT registered 

Typically, this information features in your website footer.   

2. Do you have terms and conditions?

As an online retailer, it’s important to have terms and conditions in place as an online contract to reduce your legal risk. Make sure this is tailored to your business, for example Business-to-Business (B2B) or Business-to-Consumer (B2C). There are precedent terms and conditions use when selling goods and/or services online available on the FSB Legal and Business Hub. 

3. Online selling rules 

There are extra steps that you must take when selling online to consumers. A consumer is an individual acting for purposes wholly or mainly outside of a business, and their statutory rights cannot be taken away or altered. 

Before the sale, this includes: 

  • Making it clear to Consumers they have to pay when ordering 
  • Clearly displaying delivery options and costs 
  • Giving an accurate description of your goods or services 
  • Informing customers of their right to cancel.  For goods, up to 14 days from the receipt of the goods, and for services, up to 14 days from the date the contract is entered into).  There are limited circumstances in which there is no right to cancel, for example bespoke or perishable goods 

After the sale, this includes: 

  • Confirming the contract and associated terms, including the right to cancel with an order confirmation email 
  • Delivering the goods within 30 days, unless agreed otherwise 

4. Consumer Rights Act 

The Consumer Rights Act outlines what rights a Consumer has and what your obligations are as a goods or services provider in the event of a dispute. For example, when you’re putting together your product descriptions, you should make sure they’re accurate to avoid misleading customers under the terms of the Consumer Rights Act.   

If you are selling business to business, then the Sale of Goods Act 1979 (as amended) applies, unless your terms and condition alter or amend this.  

5. Is your online shop accessible? 

By law, you must make reasonable adjustments to ensure your website is suitable for all, including disabled users. The Web Content Accessibility Guidelines are an international standard for ensuring that websites are accessible for all.   

If you’ve chosen to set up your own ecommerce website rather than sell through an online marketplace, you’ll want to make sure that it’s designed with accessibility in mind.  

6. Are you compliant with UK GDPR?

If a user is registering for an account on your website, purchasing a product, or receiving your marketing emails, you need to ensure that you are handling this data correctly in compliance with data protection laws

The Data Protection Act 1998 has been replaced by the Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR). GDPR is an EU regulation that no longer applies to the UK, however, the provisions of GDPR have been incorporated into UK law as the UK GDPR. The regulation applies to any business that processes personal data.  

7. Privacy and Electronic Regulations (PECR) 

Whether you’re sending out email newsletters with your latest offer or calling prospective clients, you need to ensure you’re staying on the right side of the law. In addition to UK GDPR, Privacy and Electronic Regulations (PECR) give individuals privacy rights linked to electronic methods of communication, including email marketing and cookies. The regulations apply to both B2B and B2C marketing. The ICO provides an overview of the basics of PECR for businesses.   

You can access a detailed FAQ about direct marketing and the implications for UK GDPR and PECR on the FSB Legal and Business Hub.  

8. Website terms of use 

 Whether a customer is browsing your site, registering for an account, or going through the checkout process, your website terms of use include the conditions that the user agrees to when using your website. In essence, it explains what is required of a customer if they use your service. Ultimately, they service to protect your intellectual property, such as with information relating to the permitted use of your content.  

9. Privacy policy 

No matter what you’re selling online, processing customer data is central to running an e-commerce business. Whether it’s an email address to register for an account or credit card details to make a purchase, your business may collect various types of data that needs to be protected.  Failure to have a privacy policy will leave you in breach of UK GDPR and open to both fines from the Information Commissioner’s Office (ICO) and legal action by data subjects. 

A privacy policy provides an overview of how your business collects, uses and stores your customers’ personal information. You need to let your customers know why you do this, what you do with the data and how you protect it.  

What should you include? 

  • Let customers and visitors know what data you’re collecting and how you store it 
  • Explain what data (if any) you’ll be sharing and with whom. 
  • Make sure your give customers the choice of opting in or out 
  • Inform customers of their rights 
  • State how long you hold onto the data  

Your privacy policy needs to be easy to find and understand. It commonly features as a link in the footer of a website. On some websites, you might encounter a pop-up to disclose that by continuing to use the website, you’re agreeing to terms of their privacy policy.  

10. Cookie policy 

If you’re website uses cookies (for example, to track user behaviour for analytics or marketing purposes), then you need to include a section dedicated to them in your privacy policy. Your cookie policy should include: 

  • Why you’re using them on your website 
  • The types of cookies you’re using 
  • Relevant information about third parties using the data from cookies 

Again, failure to have a cookie policy will leave you in breach of UK GDPR and open to both fines from the ICO and legal action by data subjects. 

11. Refund and return policy 

A major policy for businesses operating in the e-commerce space to have is a refund and returns policy. Every now and then you might experience a customer who requests a refund for a faulty item, is unhappy that a product has arrived damaged, isn’t impressed with the service, or wants to return an item that isn’t suitable.

Therefore, a robust refund and return policy protects your business and manages customer expectations. When putting together your policy, you need to remember Consumer rights, for example their right to a  full refund within 30 days for a faulty product, and to cancel online purchases within 14 days of receipt of the goods.

12. PCI compliance 

Taking online payments is an essential aspect of e-commerce, whether it’s credit cards, PayPal or other providers. Offering multiple ways to pay provides a more convenient checkout experience with less friction, but you need to ensure this is secure and compliant to protect both you and your customer.  

Security measures like the Payment Card Industry Data Security Standard (PCI DSS) are not only essential for compliant online transactions, but also serve to boost customer confidence when making a purchase.  

Although it’s not required by law, failure to comply with PCI can result in fines from your bank provider if there is a data breach. You also risk breaching the Data Protection Act 1998 and enforcement action from the ICO.  

Find out more about how to become PCI compliant.  

13. Strong Customer Authentication 

New rules under the Payment Service Directive 2 (PSD2) mean that consumers are now required to confirm their identity when purchasing online to improve payment security.  

Strong Customer Authentication (SCA) is a form of two-factor authentication, whereby extra steps are put in place for online card transactions to reduce card-not-present fraud. 

Discover what you need to know about Strong Customer Authentication and how it applies to your business.   

14. Ban on surcharges 

Giving your customers the option of several payment methods on your website creates a better checkout experience. Surcharge rules ban traders from adding a surcharge fee in addition to the price of a transaction if paying with a certain method of payment like credit cards or electronic payments.  

You can find detailed guidance about surcharge rules for consumer and business transactions on FSB Legal and Business Hub.  

Is your e-commerce website compliant? 

Whether you’re ready to set up your e-commerce website or you want to check your current website is compliant, FSB members can take a quick health check for trading online on the FSB Legal and Business Hub.   

Legal compliance is just a click away

With FSB Legal and Business Hub, you’ll have legal documents at your fingertips. Search over 1,500 documents, templates, policies and more, on everything from tax to cyber security. Checked by real lawyers, fully compliant and easy to use.

find out more