The Complete Guide to Ecommerce Regulations in the UK

The Complete Guide to Ecommerce Regulations in the UK

ecommerce regulations in uk

If you operate an online business that sells goods, you’re required to adhere to a number of ecommerce regulations in the UK. Though numerous ecommerce rules have been enacted over the years, it all started with the Electronic Commerce Regulations of 2002, a set of requirements that still make up the crux of ecommerce law in Great Britain and Northern Ireland. We’ve simplified the most important requirements to help you remain in compliance and in good standing. For additional information, refer to your legal representation.

Quick Links:

Information Sharing Requirement
Clear Pricing Regulations
Advertising and Email Disclosures
Rules for Consumer Contracts
Order Placement Regulations
Regulations Surrounding Product Guarantees
Laws for Product Reviews
PCI Compliance

 

Information Sharing Requirement

In summary: You must provide your company name, physical address, and other identifying information to customers.

Under the Ecommerce Regulations of 2002, businesses that sell goods online must provide complete contact information. A PO Box may not be used in lieu of a physical address. This law also applies to businesses that sell via email and SMS. If your website includes a contact form, you must provide an email address.

Other information may also be required if available. For instance, if you belong to any professional societies, you’ll need to disclose the details. You’ll also need to provide details of any accreditations or authorisations. If you’re VAT-registered, provide your VAT number.

Clear Pricing Regulations

In summary: You must be 100% transparent about pricing, identifying any supplemental costs that may be separate from the sale price.

Ecommerce retailers in the UK are required to adopt clear pricing policies free of hidden or undisclosed charges. The website must clearly identify any added costs including VAT, tax, and delivery costs. This information must be disclosed before the buyer completes their purchase.

Advertising and Email Disclosures

In summary: You must clearly identify commercial emails and include the recipient’s name in the message.

To put it simply, advertising materials have to be labelled as advertising materials. You can’t use deceptive subject lines like “Want to know a secret?” to draw in potential customers and then surprise them with a sales pitch. While the exact requirement is vague, the basic rule is that any customer should be able to read your subject line and immediately know that they’re receiving an advertisement.

In addition, the email message itself must contain the intended recipient’s name. This rule makes it harder for spammers to mass-distribute thousands of low-quality messages to random recipients.

Finally, if you are sending unsolicited messages to non-subscribers (which the regulations classify as spam), you must identify the message as unsolicited in the subject line.

Note that these rules also apply to text message advertisements, not just email. If you don’t have enough space to include all of the required information in a 160-character text, you can include a URL where the recipient can view more information.

Rules for Consumer Contracts

In summary: All contracts must be clearly laid out on your website and must adhere to the guidelines of every nation or state where you conduct business. At the very least, you need clearly defined Terms and Conditions as well as a cookie policy.

Complete terms and conditions must be clearly outlined. If there are any other contracts or expectations, those must be clearly identified as well. It may not be enough to create a blanket Terms list. Your terms must adhere to the laws of every member state in which consumers can purchase your product or service and they must be plainly laid out in the primary language of said state. For example, if you have customers in Germany, you must make your terms and conditions available in German, and the terms must conform to German consumer laws.

If your website uses cookies, you must have a clearly defined cookie policy in accordance with European Union guidelines. This isn’t just an ecommerce requirement (it’s required for all websites that use cookies), but it’s something that a lot of UK ecommerce businesses get into trouble for. Your cookie policy must:

  • Indicate that you collect cookies
  • Explain what cookies are and when they’re used
  • Request the user’s consent to store a cookie on their device

This only needs to be done the first time the user visits your website.

Order Placement Regulations

In summary: You must have a user-friendly checkout process that allows each customer to easily confirm the accuracy of their order before paying. Then you need to provide a receipt upon checkout.

When a customer places an order on your website, you are required to provide them with “appropriate, effective and accessible technical means” that make it easy for them to spot and correct any errors before finalising the transaction. You must also present the customer with an electronic receipt without delay. The receipt needs to outline the item(s) sold and the exact amount of money transacted.

This rule only applies to orders completed on your website. It does not apply to private transactions completed entirely by email or other electronic communications.

Regulations Surrounding Product Guarantees

In summary: All guarantees must be submitted in writing with the terms and conditions clearly presented.

You’re not required to provide a guarantee for every product you sell, but if you do offer a guarantee, it must meet specific criteria under the Consumer Rights Act of 2015. The guarantee must include:

  • Your name and address
  • The name of the product being guaranteed
  • The precise terms of the guarantee (how long it’s good for, which countries it applies in, exemptions, etc…)
  • Instructions on filing a claim
  • A statement noting that the customer has statutory rights not affected by the guarantee

Businesses are expected to honour their customers’ basic rights even if the guarantee term has expired or no guarantee was offered in the first place. In other words, a product should always look and function as advertised and should maintain satisfactory quality so long as it is used correctly and maintained properly.

Laws for Product Reviews

In summary: Fake product reviews aren’t just in poor taste; they’re illegal in the UK. Just don’t do it.

The practice of publishing fake product reviews is known as “astroturfing.” Businesses have long used this practice to bolster interest and trust in their products, but it’s illegal in the United Kingdom under the Consumer Protection From Unfair Trading Regulations 2008.

Fake reviews are considered a form of unfair commercial practice, subverting public trust and—in worst-case scenarios—even damaging the reputation of competing businesses.

PCI Compliance

In summary: You must take steps to protect your customers’ personal and credit card data in accordance with PCI Security Council standards.

The Payment Card Industry Data Security Standard (PCI DSS) was established to protect consumers who purchase goods and services online. The standard includes 12 core components that every ecommerce business is required to adhere to. For example:

  • Credit card data must be secured by a firewall
  • Custom, secure passwords must be used for all sensitive logins
  • Antivirus software must be installed and updated regularly
  • Access to cardholder information must be limited to need-to-know users
  • Security systems must be tested on a regular basis

One of the most important things you can do is to ensure that your UK payment gateway is PCI-compliant. This will offset much (though not all) of the burden.

Failure to maintain PCI compliance may result in hefty fines or the termination of your merchant account, so make it a top priority.

Maintaining Compliance With Ecommerce Regulations in the UK

It can be confusing and overwhelming trying to navigate the labyrinth of ecommerce regulations in the UK. There are numerous steps you can take to make the compliance process easier, though:

  • Choose a merchant services provider that offers compliance audits. They’ll review your site regularly and notify you of any potential legal breaches.
  • Install plug-ins and applications that are designed for compliance. For example, if your site is built on WooCommerce, you can choose from a number of free and premium plug-ins that generate automatic cookie policies in accordance with EU rules.
  • Review the Electronic Commerce Regulations of 2002. A majority of the most important ecommerce regulations in the UK can be found in those pages.
  • Speak with a legal representative to learn more about any potential vulnerabilities in your website or marketing materials.

Keeping up with the laws can be time-consuming and costly, but it’s not nearly as costly as recovering from the penalties of non-compliance. Make sure to keep your online business in good standing for both yourself and your customers.

A.J. Almeda
A.J. Almeda E-Commerce Expert

A.J. is an e-commerce expert with an emphasis on digital marketing and payment processing with 15 years of industry experience. He combines this experience with an in-depth understanding of online retail and public relations to help other businesses grow and succeed.