Understanding UK Electronic Commerce Regulations: What Every Online Business Must Know

If you’re thinking about launching or growing an electronic commerce business in the UK-whether it’s a retail shop, a dropshipping operation, or even an online platform that shares information or connects businesses-you’ll want to get to grips with the UK’s Electronic Commerce Regulations (“ECR”).

Setting up your digital venture is exciting, but it’s essential to know that UK eCommerce law doesn’t just apply to classic online shops. It also covers a huge range of business activities, from B2B service platforms to dropshipping and data-driven offerings.

Don’t worry-navigating ECR might sound daunting, but with the right understanding and practical steps, you can make sure your business is both compliant and set up for long-term success. Below, we’ll break down which businesses need to pay attention, what your main compliance obligations are, and practical tips for managing your risks. If you’re in the early stages, or your business model is a bit out-of-the-box, keep reading to learn why every online business needs to make ECR compliance a priority.

What Are The UK Electronic Commerce Regulations?

The Electronic Commerce (EC Directive) Regulations 2002 (“ECR”) are the main framework for online business activity in the UK. They set out rules for trading, advertising, contracting, and providing services online-designed to make the digital marketplace safe, fair, and transparent.

Importantly, these rules don’t just target retailers or consumer-focused sites. The ECR applies to:

• Online stores (selling goods or services, physical or digital)
• Dropshipping businesses
• B2B eCommerce or service marketplaces
• Platforms providing paid access to online databases or information
• Websites that offer commercial communications (e.g. advertising, sponsorships, paid listings)
• Any economic activity conducted “by electronic means at a distance”

Whether you’re offering products, connecting other businesses, charging for access, or even just running digital ads-if there’s economic activity involved, you fall into the ECR’s net.

If you’re not sure where your business fits, check out our comprehensive guide to UK ecommerce law. It’s a helpful resource for reading up on the basics.

Do Dropshipping Businesses Need To Comply?

Absolutely. The dropshipping model-where you sell goods online but a third-party supplier fulfils and ships orders directly to the customer-is extremely popular, especially for new businesses.

The ECR makes no distinction between holding your own stock and having a supplier dispatch products for you. If you’re the operator of the website and the ‘face’ of the store, you’re responsible for ECR compliance. This means you must:

• Clearly display your business details and terms to customers
• Provide clear information before and after a purchase
• Handle orders, complaints and returns in line with the law
• Ensure your website complies with rules for commercial communications (including advertising and pricing transparency)

The upshot? Just because you don’t physically handle the product doesn’t mean you can skip the legal requirements. For more about dropshipping legals (and mistakes to avoid), have a look at our guide to dropshipping legal requirements.

Does The ECR Apply To B2B Businesses?

Yes-this is a key point many founders overlook. The Electronic Commerce Regulations don’t just protect consumers; they cover all online transactions involving economic activity, including those where one business supplies goods or services to another.

That means if you operate:

• A software-as-a-service (SaaS) company supplying tools to other companies
• A B2B marketplace
• Any business that takes payments from, or makes agreements with, other businesses online

...you must make sure your online platform, advertising, and contractual arrangements are ECR compliant. This extends to displaying essential business details, making your contract terms accessible, confirming orders, and being clear about how you handle and process data.

This broad definition means creative or tech-focused businesses-like platforms or agencies-can’t assume these rules don’t affect them. The scope is deliberately wide.

Do The Regulations Cover More Than Just Buying And Selling?

Yes! While the ECR governs online shops and payment processes, it extends to any business activity conducted online for profit (or with a commercial purpose).

This captures a range of scenarios, for example:

• Websites or apps that display commercial advertising, even if they don’t sell goods directly
• Platforms charging for access to market information or databases
• Online directories that allow paid business listings
• Sites sharing sponsored content, reviews or affiliate marketing

In short, if your online presence is used to make money, pitch services or products, or provide access to commercial information, the ECR almost certainly applies. If your business is built on online content or advertising, we recommend checking out our expert guide on online marketing legal requirements, which unpacks the ins and outs of compliance.

What Key Requirements Do Online Businesses Need To Meet?

The ECR lays out a number of specific duties for online businesses. Here’s a summary of the main things you need to have in place:

1. Make Your Identity And Contact Details Clear

• Your business name, registered address, company number (if a company) and email must be easy to find on your website
• Details of any relevant trade bodies, professional titles or VAT numbers should also be included if applicable

This isn’t just good practice-it’s a legal requirement. For tips on what else to display, see our online business legal requirements checklist.

2. Be Transparent About Terms And Pricing

• Display your terms and conditions of sale or service accessibly (e.g. before the customer places an order)
• Show up-front pricing, including all taxes and delivery charges
• Give information about how customers can pay, cancel orders, return goods or get support

Protection for customers (and other businesses) depends on being clear about contract terms. Avoid copying another business’s policies-have yours tailored professionally so they’re fit for your particular model.

3. Confirm Orders And Contracts Promptly

• When someone makes a purchase, both parties should receive a confirmation, typically by email
• This must include a summary of the order, a copy of your terms, and information on ending or returning the contract

For recurring or subscription-based services, be extra clear about how renewals and cancellations work-see our guide to online subscription terms and conditions.

4. Follow Specific Rules For Commercial Communications

• If your website includes adverts, sponsored content, or affiliate links, disclose this clearly
• Adverts and communications must be honest, transparent, and not misleading, in line with consumer protection and advertising laws
• You must not send unsolicited marketing emails without consent-see our coverage on email marketing laws for full details

5. Protect User Data And Privacy

• If you collect personal data (even via order or registration forms), you must comply with the UK GDPR and Data Protection Act 2018
• This generally means having a clear Privacy Policy, managing cookies properly, and following consent procedures for email marketing or analytics

These are the minimum requirements. Depending on your business model, there might be more specific duties-so it’s wise to get advice tailored to your circumstances.

What Happens If You Don’t Comply?

Ignoring the Electronic Commerce Regulations isn’t just risky-it could leave your business open to:

• Fines or investigations by the Competitions and Markets Authority (CMA), Trading Standards, or the Information Commissioner’s Office (ICO)
• Customer claims for refunds, cancellation, or damages
• Being sued for misleading customers or failing to supply what you promised
• Reputational damage or account suspensions (for example, by card processors or payment gateways)

For these reasons, ECR compliance should be factored into your launch process as a matter of course-not left until there’s a problem. Taking care of your key legal documents from the start is the safest approach.

Are There Other UK Laws You Need To Worry About?

Yes. The ECR isn’t the only regulation that governs online trading and business in the UK. You’ll also need to consider:

• Consumer law: The Consumer Rights Act 2015 requires you to be fair and transparent with customers, especially around returns, descriptions and guarantees
• Data protection law: As mentioned above, collecting or processing any personal data means full compliance with UK GDPR is expected
• Other sector-specific laws: If you sell food, child-related products, medicine, or regulated services, you may face additional requirements
• Advertising law: Truthfulness, clear labelling of ads and commercial arrangements, and data use transparency are all enforced

It can be a lot to keep track of-but you don’t have to figure it all out alone. Our business legal checklist breaks down what you’ll need, and our team is always happy to answer questions about your unique risks.

How Should You Approach Compliance?

Here’s a practical checklist to get your eCommerce business on the right footing:

• Assess your business model and website to see how the ECR applies (including any non-sales activities)
• Draft and display clear, accurate business information on your site
• Have tailored terms and conditions covering sales, services, subscriptions, or digital products
• Confirm orders properly and make your terms available on confirmation
• Be transparent in all online advertising, sponsored content, and marketing
• Review and update your Privacy Policy and ensure cookie compliance
• Keep records to demonstrate compliance if challenged

If you’re uncertain about how the regulations affect your exact model (for instance, if you’re launching a marketplace, SaaS product, or novel online service), it’s sensible to get professional legal advice-before you go live.

Key Takeaways

• The UK Electronic Commerce Regulations require all online businesses-including dropshipping, B2B platforms and those offering commercial information-to comply with info and transparency rules
• You must provide accessible business details, clear terms and pricing, and prompt order confirmation, regardless of your eCommerce business model
• The scope of the law is broad, covering online advertising, paid information services and all economic activity conducted via a website or app
• Consumer protection, data privacy, and advertising laws also apply to all digital businesses alongside ECR requirements
• Failing to comply with the ECR can result in fines, claims, account suspensions, and reputational harm
• Getting your legal foundations right from day one empowers growth and protects you as your business scales
• Expert guidance and professionally prepared legal documents can give you peace of mind and prevent costly future problems

If you’d like tailored support with ECR compliance or help drafting essential online business documents, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat. We’re here to help you get set up the right way-so your digital business can thrive with confidence and security from day one.