If you operate an online business that sells goods or services in the European Union or any of the member states therein, you’re required to adhere to a number of guidelines and regulations. Though numerous e-commerce rules have been enacted over the years, the major requirements are laid out in the Electronic Commerce Directive (first adopted in 2000).
We’ve simplified the most important requirements of the Ecommerce Directive 2000 (and subsequent updates) to help you remain in compliance with all ecommerce regulations in Europe.
The following is just a sampling of the major regulations and is in no way intended to be viewed as comprehensive or interpreted as legal counsel. For additional information, read the directive for yourself and refer to your legal representation.
In summary: You must provide your company name, physical address, and other identifying information to customers.
As noted in Article 5 of the directive, businesses that sell goods online must provide complete contact information, including the name of the business and the precise geographic address where the business is located. Digital contact information, like an email address, is also required.
Other information may also be required if available. For instance, if you belong to any professional societies, you’ll need to disclose the details. You’ll also need to provide details of any accreditations or authorisations. If you’re VAT-registered, provide your VAT number.
In summary: You must be 100% transparent about pricing, identifying any supplemental costs that may be separate from the sale price.
E-commerce retailers in the EU are required to adopt clear pricing policies free of hidden or undisclosed charges.
The website must clearly identify any added costs including VAT, tax, and cross-border parcel delivery costs. This information must be disclosed before the buyer completes their purchase.
Advertising and Email
In summary: You must clearly identify commercial emails and give recipients the ability to opt out.
To put it simply, advertising materials have to be labelled as advertising materials. You can’t use deceptive subject lines like “Want to know a secret?” to draw in potential customers and then surprise them with a sales pitch.
While the exact requirement is vague, the basic rule is that any customer should be able to read your subject line and immediately know that they’re receiving an advertisement.
In addition, you must have a registry set up that allows recipients to opt out of further communications. As noted in Article 7 of the directive, you’re required to respect the wishes of recipients who prefer not to receive communications.
In summary: You must have a user-friendly checkout process that allows each customer to easily confirm the accuracy of their order before paying. Then you need to provide a receipt upon checkout.
When a customer orders a product or service on your website, you are required to provide them with appropriate technical means that make it easy for them to spot and correct any errors before finalising the transaction.
You must also present the customer with an electronic receipt without delay. The receipt needs to outline the item(s) sold and the exact amount of money transacted.
Consumer Guarantees & Returns
In summary: As an online seller, you must provide buyers with a 2-week, no-questions-asked return policy. You must also provide a two-year legal guarantee against faulty goods.
Though this isn’t covered as part of the directive, EU law requires that online sellers and other distance sellers (like phone and mail order sellers) provide customers with a 2-week return policy. This is known as a “cooling off” period and can combat impulse purchases.
In addition, a product should always look and function as advertised and should maintain satisfactory quality so long as it is used correctly and maintained properly. All goods must be guaranteed for two years against claims that a product is faulty or not as advertised.
In summary: Fake product reviews aren’t just in poor taste; they’re illegal in the EU. Just don’t do it.
The practice of publishing fake product reviews is known as “astroturfing.” Businesses have long used this practice to bolster interest and trust in their products, but it’s illegal in every member state of the European Union as noted in the 2005 directive.
The directive specifically prohibits the practice of “falsely claiming or creating the impression that the trader is not acting for the purposes relating to his trade, business, craft or profession, or falsely representing oneself as a consumer.”
Fake reviews are considered a form of unfair commercial practice, subverting public trust and—in worst-case scenarios—even damaging the reputation of competing businesses.
In summary: You must take steps to protect your customers’ credit card and personal data in accordance with PCI Security Council standards.
The Payment Card Industry Data Security Standard (PCI DSS) was established to protect consumers who purchase goods and services online. This consumer protection standard includes 12 core components that every ecommerce business is required to adhere to. For example:
- Credit card data must be secured by a firewall
- Custom, secure passwords must be used for all sensitive logins
- Antivirus software must be installed and updated regularly
- Access to cardholder information must be limited to need-to-know users
- Security systems must be tested on a regular basis
One of the most important things you can do is to ensure that your European payment gateway is PCI-compliant. This will offset much (though not all) of your liability in terms of data protection.
Failure to maintain PCI compliance may result in hefty fines or the termination of your merchant account, so make it a top priority.
Maintaining Compliance With E-Commerce Regulations in the European Union
It can be confusing and overwhelming trying to navigate the labyrinth of ecommerce regulations and consumer rights in Europe. There are numerous steps you can take to make the compliance process easier, though:
- Choose a merchant services provider that offers compliance audits. They’ll review your site and online sales regularly and notify you of any potential legal breaches.
- Install plug-ins and applications that are designed for compliance. For example, if your site is built on WooCommerce, you can choose from a number of free and premium plug-ins that generate automatic cookie policies in accordance with EU rules.
- Review the e-commerce directive. A majority of the most important ecommerce regulations in the EU can be found in those pages.
- Speak with a legal representative to learn more about any potential vulnerabilities in your website or marketing materials.
Keeping up with the laws can be time-consuming and costly, but it’s not nearly as costly as recovering from the penalties of non-compliance. Make sure to keep your online business in good standing for both yourself and your customers.