If you are selling any products or services online, you need to comply with e-commerce regulations.
But what exactly must your business do to comply with these regulations? We asked Adrien Herbert of Lawbite to explain;
Don’t assume you’re not affected
Let’s start with activity to which the Regulations do not apply:
The Electronic Commerce (E C Directive) Regulations (2002) to give them their proper title do not apply to taxation; betting, gaming or lotteries; data protection; the activities of a public notary; the representation of a client and defence of his or her interests before courts; or cartel laws.
To state this is to accept that the Regulations apply to all those engaged in commercial activity, which does not fall within the limited list of activities described above and this is, generally, true.
Small businesses should be aware of the Electronic Commerce Regulations and their requirements and must comply with them in all commercial transactions.
The Regulations are written to control the activities of ‘information society services’, which are defined as those services provided from a distance for which the provider receives payment.
E-Commerce Regulations cover all commercial activity
Since entry into UK law however it has become clear that this definition covers all those services, which are provided from a distance and not just those, which charge a recipient on an individual basis.
They also apply wherever a service (or purchase) is provided from a distance. To this extent therefore, thinking of the Regulations as purely e-commerce regulations is misleading. They are applied to all, non-bricks and mortar shopping, commercial activity.
The UK Regulations apply to any organisation, which is established in and controlled from the UK. So locating a business’s technological base or data sources/stores overseas does not negate the applicability of the UK Regulations.
Unfortunately, when trading with any of the 30 countries in the EEA (the EU + Norway, Lichtenstein and Iceland) UK-located businesses must comply with local laws as well as with the Electronic Commerce Regulations in relation to selling or providing information to consumers, copyright and other intellectual property (trademarks, patents etc.) matters and also other laws which member states elect to impose for broadly public policy reasons.
As an information society service provider (and not only those with e-commerce platforms) you must give the customer / user the following information. This is the minimum amount of information you must provide:
(a) the name of the service provider – not a trading name or style, the name of the partnership, sole trader, limited company or charity;
(b) the street address of the service provider (which needs to be the main operational headquarters address which establishes your operations in the UK not necessarily your registered office address);
(c) the details of the service provider, including his electronic mail address, to communicate with him in a direct and effective manner – providing a ‘Contact’ page on a website without also providing an email address does not meet the requirements of the Regulations;
(d) where the service is in a public trade or similar register, details of the register in which the service provider is entered, its registration number (including a company registered number) or equivalent means of identification in that register;
(e) details of any relevant supervisory authority;
(f) where the service provider practices in a regulated profession —
(i) details of any professional body with which the service provider is registered;
(ii) the professional title of professionals working within the service provider and the EEA member State where that title has been granted;
(iii) a reference to the professional rules applicable to the service provider in the EEA member State of establishment and the means to access them; and
(g) the VAT registration number if the service provider is registered to collect and pay VAT.
Prices must be clearly displayed stating whether or not they are inclusive of VAT and / or delivery.
If you are a business selling to consumers over the web The Consumer Contracts Regulations (2014) contain various additional information requirements so you should also check what information is required to meet these.
If you send commercial communications the Electronic Commerce Regulations require that they must be clearly identifiable as such and, that you also make obvious the fact that your business is the sender.
If the communication is a promotion, or a competition, or a game then the rules, or terms and conditions in each case, must be clear, unambiguous and easily accessible.
Where e-mail communications are unsolicited when sent (‘spam’) then they must be immediately identifiable as spam.
The Privacy and Electronic Communications Regulations prohibit sending spam to any personal email addresses unless the individual has bought from you and freely given their details and then, only when you give them the option not to receive future emails.
You may spam individuals’ business email addresses. Different member states have different laws relating to spam so it is crucial to check the regulations state by state if you conduct business in Europe.
All this said, the General Data Protection Regulation which comes into force in the UK next year will outlaw any spam where the recipient has not opted in to receiving the specific type of communication.
Before concluding a contract or accepting an order the Electronic Commerce Regulations require that organisations provide clear, comprehensive and unambiguous details of:
a) the technical steps required to agree a contract or place an order;
b) where the customer can access a copy of the contract;
c) how the customer can amend any input errors on your part or their own entered before the agreement / order; and
d) whether or not you contract in other languages.
The Regulations require organisations to make the terms and conditions of any agreement available for download and retention by the customer. The customer may apply to court for an order to enforce this regulation in the event of a provider failing to meet the requirement.
Organisations must make receipts immediately available to customers once a purchase has taken place.
… but there are exceptions …
Companies dealing (‘B2B’) with each other can however exclude these obligations.
These requirements don’t apply to any transactions, which are concluded solely by email or by direct, private, one to one communication.
This guide has been written exclusively for ByteStart by Adrien Herbert, a Lawbrief working with Lawbite taking SMEs from Idea to Ideal. To consult Adrien on the e-commerce regulations or on any other aspects of commercial regulations, you’re welcome to enquire here.
Last updated - 28th June, 2017