E-Commerce Regulations In The UK: Key Rules For Online Stores

Selling online opens up a huge market for your products or services. But with that opportunity comes a specific set of rules - and missing them can lead to fines, chargebacks, or unhappy customers.

Good news: UK e-commerce regulations aren’t there to trip you up. They’re designed to create trust and clarity between you and your customers. If you understand the basics and set up the right documents, you’ll be compliant and confident from day one.

In this guide, we break down the key UK e-commerce regulations (including the E‑Commerce Regulations 2002), what information you need to show on your site, consumer rights for online sales, privacy and cookies rules, and the documents your online store should have in place.

What Are The UK E-Commerce Regulations?

Several UK laws and regulations apply to online shops and service providers. The main ones you’ll hear about are:

• Electronic Commerce (EC Directive) Regulations 2002 (the “E‑Commerce Regulations 2002”): Set out information you must provide about your business and how you conclude contracts online (e.g. order steps and acknowledgements).
• Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (“Consumer Contracts Regulations”): The “distance selling” rules for most B2C online sales, including pre‑contract information and cooling‑off rights.
• Consumer Rights Act 2015 (“CRA 2015”): Core consumer rights for goods, services and digital content (e.g. quality, fit for purpose, repairs, refunds).
• Data Protection Act 2018 and UK GDPR: Rules for collecting and using personal data (names, emails, addresses, analytics, etc.).
• Privacy and Electronic Communications Regulations (PECR): Extra rules for cookies, electronic marketing, and consent.
• Advertising Standards Authority (ASA) CAP Code: Marketing must be legal, decent, honest and truthful (covers pricing, promotions, influencer marketing, etc.).
• Payment Services Regulations 2017 and Strong Customer Authentication (SCA): Security requirements for online payments (often handled by your payment provider).
• Companies Act 2006 and business disclosure rules: Company/LLP details that must appear on your website and business emails.

There are also product‑specific rules (for example, age‑restricted items, cosmetics, food and drink, medical devices). If you sell regulated products, factor in labelling, safety and licensing obligations relevant to your niche.

The Mandatory Information You Must Show Online

Under the E‑Commerce Regulations 2002 and Companies Act, you must make the following information easily, directly and permanently accessible on your website:

• Your business name (and trading name if different).
• Geographic address (not just a PO Box), email address and a way to contact you quickly (e.g. contact form, phone number).
• Company registration number, registered office and place of registration if you’re a company or LLP.
• VAT registration number (if registered).
• Membership details for any regulated profession or trade body (if applicable).

For online checkout flows, you also need to clearly explain:

• The technical steps to place an order and how to correct errors before submitting.
• Which languages your contract can be concluded in.
• Pricing that includes all taxes and unavoidable charges.
• Delivery costs and timing before the customer commits to buy.
• How you’ll confirm orders (e.g. immediate on‑screen confirmation and email acknowledgement).

This information usually appears across your footer, contact page, and your Website Terms of Use or Terms and Conditions. Keep it clear and consistent - customers shouldn’t have to hunt for it.

Distance Selling, Cancellations And Refunds

If you sell to consumers online, the Consumer Contracts Regulations apply to most transactions. In practice, this means you must provide certain pre‑contract information and, in many cases, offer a 14‑day cooling‑off period during which a consumer can cancel.

Key points to know:

• Pre‑contract information: Before checkout, show the main characteristics of the goods or services, total price (including taxes and delivery), delivery/fulfilment times, minimum contract term (if any), cancellation rights and how to exercise them, and your identity and contact details.
• Cooling‑off period (usually 14 days): Consumers typically have 14 days from delivery (goods) or from contract conclusion (services/digital) to change their mind. There are important exceptions and nuances, especially for personalised goods, perishable items, urgent repairs, sealed items where hygiene is an issue once unsealed, and digital content once download/streaming begins with explicit consent.
• Refunds: If a consumer cancels in time, you must refund within 14 days of receiving the goods back (or of cancellation for services/digital content, depending on the scenario). You can usually deduct for diminished value due to handling beyond what’s necessary to check the goods.
• Delivery: Unless you agree otherwise, you must deliver within 30 days and risk generally passes on delivery. Make delivery costs and timeframes clear up front.

Remember the CRA 2015 also sets out remedies for faulty goods and digital content (e.g. repair, replacement, price reduction, right to reject within 30 days for goods). It’s wise to keep your customer terms aligned with these rights. For a deeper dive into consumer cancellation and information duties, see Distance Selling Laws and how to structure a fair, compliant Returns Policy.

Delivery obligations can be easy to overlook - make sure your T&Cs reflect your actual fulfilment capability and the CRA 2015 rules on timing, risk and remedies. This is covered in our guide to seller delivery obligations.

Data Protection, Cookies And Marketing Rules

If your site collects any personal data (checkout details, newsletter sign‑ups, account creation, contact forms, analytics tied to individuals), UK GDPR and PECR apply. In practice, you should:

• Have a transparent Privacy Policy that explains what you collect, why, the lawful basis, how long you keep data, who you share it with (including service providers and international transfers), and users’ rights.
• Use a compliant cookie approach: provide a clear cookie notice, obtain consent for non‑essential cookies (like marketing/analytics), and allow users to manage preferences.
• Handle marketing lawfully: get consent (or rely on a limited “soft opt‑in”) for unsolicited electronic marketing to individuals; always include an easy unsubscribe.
• Secure data: implement appropriate security measures and choose reputable processors (e.g. payment gateways, email platforms).

Start with the fundamentals: publish a clear, tailored Privacy Policy and a straightforward Cookie Policy, and ensure your cookie banner captures and records consent correctly. For practical set‑up tips, our guidance on cookie banners explains common pitfalls and how to avoid them.

For email marketing, check whether you can rely on the soft opt‑in (limited to your own similar products and existing customer relationships) or if you need explicit consent. Either way, keep records of how and when consent was obtained and honour opt‑outs promptly.

Pricing, Advertising And Subscriptions

How you present your products and prices online matters just as much as what you sell. A few areas to watch closely:

• Pricing transparency: Display total prices inclusive of VAT and unavoidable fees before checkout. If you display price discounts or “was/now” pricing, be able to substantiate them.
• Marketing claims: Ensure claims are accurate and not misleading (ASA CAP Code). Be careful with environmental claims (“green”, “sustainable”), health claims, or user‑generated content you republish.
• Delivery charges: Show these early - don’t hide them until the final step.
• Promotions: State key conditions up front (eligibility, time limits, exclusions, how to redeem).
• Subscriptions and auto‑renewals: Present the minimum term, renewal cycle, price, and how to cancel in a clear, prominent way. Send timely renewal and price‑change notices. Check your practices against the UK’s auto‑renewal laws and CMA guidance.

If you operate subscriptions or memberships, it’s critical that your onboarding and cancellation journeys are fair and friction‑free. Dark patterns (e.g. making cancellation hard to find) are under scrutiny and can lead to enforcement.

Practical Compliance Checklist And Key Takeaways

1) Map Your Sales Model And Audience

• Confirm whether you sell to consumers (B2C), businesses (B2B), or both - consumer law is stricter.
• Note if you sell physical goods, services, digital content, or a mix; rules differ slightly.
• Identify any regulated products (cosmetics, food, alcohol, knives, vapes, supplements, childcare items) and layer those rules in.

2) Get Your Website Notices And Processes Right

• Display your legal identity and contact details in the footer/contact page.
• Explain the order steps, error‑correction, languages, pricing and delivery costs before checkout.
• Send an on‑screen and email order acknowledgement promptly after purchase.

3) Build Consumer Law Into Your Policies

• Give the required pre‑contract information on product pages and at checkout.
• Offer cooling‑off rights where required, with clear instructions and an email address for cancellations.
• Align your returns and refund wording with the CRA 2015 and Consumer Contracts Regulations; avoid unfair terms.

4) Lock Down Privacy, Cookies And Security

• Publish a tailored Privacy Policy and keep your data map up to date.
• Implement a compliant cookie banner and maintain a consent log via your CMP.
• Use reputable processors (payment gateway, CRM, email) and sign appropriate data processing terms.
• Limit access to personal data, enable MFA where possible, and have a basic breach response plan.

5) Present Prices And Offers Clearly

• Show VAT‑inclusive pricing and unavoidable charges early.
• Disclose delivery charges and realistic delivery windows before checkout.
• Ensure promotions and claims are substantiated and not misleading.
• For subscriptions, highlight the renewal cycle and how to cancel; align with auto‑renewal laws.

6) Put The Right Contracts And Policies In Place

Your website should host clear, tailored legal documents that reflect your actual processes. At a minimum, consider:

• Terms and Conditions that set the contract with your customers (products/services, delivery, risk, returns, warranties, liability, and governing law).
• A Returns Policy that mirrors consumer rights and your operational realities.
• A clear Shipping Policy for costs, carriers, locations served, delivery timeframes, and handling delays.
• A Privacy Policy and Cookie Policy that match your tech stack and data uses.
• For marketplaces or subscriptions, extra clauses for user content, platform conduct, auto‑renewals and cancellations.

To make your terms stick, ensure customers actively accept them at checkout and that your wording is fair and clear - our guide on making website T&Cs enforceable covers the essentials.

7) Common Grey Areas To Sanity‑Check

• Digital content: When does access begin? Have you collected the necessary consent to waive the cooling‑off right?
• Personalised/”made to order” goods: State clearly if standard cancellation doesn’t apply (where legally permitted).
• Part‑shipments and pre‑orders: Be transparent on timelines and remedies if delays occur.
• International customers: Consider local taxes, customs, and consumer laws that could apply in destination countries.
• Influencer and affiliate marketing: Ensure advertising disclosures (#ad) are prominent and instructions to partners are clear.

Key Takeaways

• The E‑Commerce Regulations 2002 require you to display key business information and make your online contracting steps clear and transparent.
• Consumer law (Consumer Contracts Regulations and CRA 2015) sets strict rules for information, cancellations and refunds - build these into your checkout and terms.
• Publish a tailored Privacy Policy and Cookie Policy, get proper cookie consent, and follow PECR/UK GDPR for marketing and data use.
• Be upfront with pricing, delivery charges and timelines; make sure promotions are fair and substantiated, and manage subscriptions in line with UK rules.
• Have robust, plain‑English website documents (Terms and Conditions, returns and shipping) and ensure customers actively accept them at checkout.
• Setting up these legal foundations early will protect your brand, reduce disputes, and help you scale with confidence.

If you’d like help reviewing your e‑commerce setup or drafting the right online terms and policies for your store, our friendly team can guide you through what’s required for your specific model. You can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.