Sapna is a content writer at Sprintlaw. She has completed a Bachelor of Laws with a Bachelor of Arts. Since graduating, she has worked primarily in the field of legal research and writing, and now helps Sprintlaw assist small businesses.
Contents
Starting an online business in the UK can feel refreshingly "low barrier" - you can sell from your kitchen table, launch a website in a weekend, and reach customers across the country (or the world) straight away.
But the legal side still matters, even when your business is fully digital. In fact, online trading often comes with extra rules around consumer rights, privacy, and marketing.
Don't stress - if you build the right legal foundations early, you'll be protected from day one and in a much better position to grow confidently in 2026 and beyond.
What Counts As An Online Business (And Why The Legal Setup Changes)
An "online business" is any business that sells, markets, or delivers products/services primarily through digital channels. That can include:
- an eCommerce store selling physical products
- a digital product business (templates, courses, software downloads)
- a subscription business (membership access, recurring services)
- a marketplace seller (Etsy, Amazon, eBay)
- a service-based business that sells and delivers remotely (coaching, design, consulting)
- a SaaS platform or app
The reason the legal setup can change for online businesses is simple: you're often forming contracts with customers at a distance, collecting personal data, and making claims through marketing copy - all of which are regulated in specific ways.
So while you might not need a "shop licence" to sell online, you do need to get the structure, policies, and compliance right so you're not exposed to avoidable disputes, refunds you didn't anticipate, or privacy complaints.
Before You Launch: A Quick Legal Sense-Check
Before you spend money on stock, website builds, or ads, ask yourself:
- Who is your customer? Consumers (B2C) have stronger legal protections than business customers (B2B).
- What are you selling? Physical goods, digital content, regulated goods, or services all carry different obligations.
- How will you get paid? One-off purchases, subscriptions, staged payments, or invoices affect what your terms should say.
- Will you collect personal data? If yes (and most online businesses do), GDPR compliance is not optional.
Choosing Your Business Structure And Registering Correctly
Your first big "legal requirement" is choosing a structure that fits your risk level, growth plans, and how you'll operate day-to-day.
Sole Trader
This is usually the fastest and simplest route. You and the business are the same legal person, which means:
- you keep profits (after tax)
- you're personally responsible for business debts and liabilities
- you'll register for Self Assessment with HMRC and manage tax returns
For many first-time founders, this is a practical way to validate the idea. The trade-off is personal exposure if things go wrong (for example, a refund dispute, a supplier issue, or a claim about faulty goods).
Limited Company
A limited company is a separate legal entity. In plain English, it can provide a level of separation between your personal finances and the business (though directors still have duties and there are exceptions).
A company structure can also help if you want to:
- bring on co-founders or investors
- sell shares or implement share vesting
- build credibility with larger suppliers or clients
- scale into a more complex operation with staff and contractors
If you're setting up with more than one founder, the internal "rules" matter just as much as the incorporation step. That's where documents like Founders Agreement and a shareholders agreement come into play, so everyone is clear on ownership, decision-making, and what happens if someone wants to exit.
Partnership
If you're going into business with someone else without forming a company, you may be running a partnership (even if you don't call it that). Partnerships can work well, but the default legal rules may not match what you expect - so it's usually smart to put a clear Partnership Agreement in place early.
Because structure affects tax, liability, contracts, and even how you present your business online, it's worth getting tailored advice before you lock it in.
Registrations, Tax, And Ongoing Admin You Can't Ignore
Once your structure is chosen, you'll need to register and run the business properly. This is where many online businesses get caught out - not because they're trying to do the wrong thing, but because the admin feels "invisible" compared to building a website or running ads.
Core Registrations To Consider
- HMRC registration (Self Assessment for sole traders; Corporation Tax for companies)
- VAT registration if you exceed the threshold (or if voluntary registration makes commercial sense)
- Companies House filings if you operate through a limited company (confirmation statements, annual accounts, etc.)
- PAYE if you hire employees (or in some setups, directors drawing salary)
Invoices And Payment Records
Even if most of your sales are processed through Stripe, PayPal, Shopify, Etsy, or Amazon, you still need clean records and compliant invoicing where relevant - especially for B2B sales, larger service projects, or staged payments.
If invoicing is part of your model, getting the basics right upfront helps avoid payment disputes and delays. It's also a good habit to align your billing process with Invoice requirements so you're not scrambling later when a customer challenges a charge.
Sector-Specific Permissions (Sometimes Overlooked)
Not every online business needs a licence - but some do. Common examples include:
- selling alcohol (licensing rules still apply, even online)
- consumer credit / finance broking (Financial Conduct Authority regulation may apply)
- health products, cosmetics, supplements (product safety, labelling, and advertising rules)
- selling to children (extra care needed with marketing and data)
If your product sits in a "regulated" category, it's worth checking requirements early so you don't waste money building a brand around a model you can't legally operate.
Website And eCommerce Compliance: Terms, Refunds, Subscriptions, And Consumer Rights
Your website (or marketplace listing) is not just marketing - it's often where the contract with your customer is formed. That means your online business needs clear, legally accurate customer-facing information.
Your Terms Need To Match How You Actually Sell
At a minimum, most online businesses should have tailored website terms that cover things like:
- how orders are placed and accepted
- pricing, payment, and taxes
- delivery timeframes and responsibility for delivery issues
- refunds, returns, and cancellations
- limitations of liability (where appropriate)
- intellectual property ownership (your content, brand assets, downloads)
- acceptable use rules (especially for SaaS, communities, or memberships)
Many founders start with a template - but online business models vary a lot. A service-based website, a digital download store, and a subscription community don't face the same risks. Properly drafted eCommerce Terms can help you avoid disputes and set expectations clearly.
Consumer Rights And Distance Selling Rules
If you sell to UK consumers online, you'll almost certainly be dealing with the Consumer Rights Act 2015 and the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 (often called "distance selling rules").
In practical terms, this can affect:
- what information you must provide before purchase (and how clearly)
- cooling-off periods for many online purchases
- how you handle faulty goods and remedies
- delivery obligations and what happens when items go missing or arrive damaged
These rules don't just apply to big brands. If you're selling on Instagram, TikTok Shop, Shopify, Etsy, or your own site, the customer's legal rights can still apply.
Returns And Refund Timelines
Returns are one of the most common flashpoints for online businesses - not because customers are difficult, but because expectations vary wildly between industries.
You'll want a returns policy that is consistent with consumer law, clearly displayed, and realistic for your operations. This is especially important if you're shipping physical goods, using fulfilment partners, or selling internationally.
It also helps to be clear on operational timelines and legal obligations around refund timing, so your support team (even if that's just you) can respond consistently.
For many online retailers, having a clear returns policy is one of the simplest ways to reduce complaints, chargebacks, and negative reviews.
Auto-Renewals And Subscriptions (High-Risk If Not Done Properly)
If you run a membership, subscription box, SaaS product, or any recurring billing model, your legal risk profile increases - mainly because customers are sensitive to surprise renewals and unclear cancellation processes.
Your legal documents and checkout flow should be designed so customers understand:
- when they'll be charged
- how often charges occur
- how to cancel
- whether there are minimum terms or notice periods
It's worth making sure your terms and processes align with auto-renewal rules, because vague subscriptions can lead to refund demands, payment disputes, and reputational damage (even if your intentions were good).
Data Protection, Cookies, And Marketing Rules (GDPR And PECR In Plain English)
Most online businesses collect personal data - even if it's "just" names, emails, delivery addresses, and payment confirmations. Once you collect personal data, you need to take UK GDPR and the Data Protection Act 2018 seriously.
This isn't about adding legal text for the sake of it. It's about being transparent, using data lawfully, storing it securely, and giving people the rights the law provides.
Your Privacy Compliance Basics
At a practical level, many online businesses should have:
- a clear privacy policy explaining what data you collect and why
- secure systems for storing customer information
- contracts in place with key suppliers who process personal data (for example, email platforms, CRMs, analytics providers)
- internal processes for data access requests and handling complaints
A well-drafted Privacy Policy is often the starting point - especially if you're running ads, collecting leads, or using analytics tools that track user behaviour.
Cookies And Tracking
If your site uses cookies for analytics, ads, retargeting, or embedded tools, you'll likely need a compliant cookie setup. This is where PECR (Privacy and Electronic Communications Regulations) usually comes into play alongside GDPR.
In many cases, you'll need:
- clear cookie disclosures
- an appropriate consent mechanism (depending on the cookies used)
- accurate records of user choices
Having a properly drafted Cookie Policy is a simple but important step to show transparency and reduce complaint risk.
Email And SMS Marketing
If you're building an email list (most online businesses do), be careful about:
- how you collect consent (and whether consent is required)
- how you provide unsubscribe options
- how you use customer emails for marketing after a sale
Marketing compliance isn't just a "big business" issue. If your growth relies on email campaigns and paid ads, it's worth setting it up properly early so you don't have to rebuild systems later.
Working With Contractors And Hiring Staff
Online businesses often start lean: a founder, a VA, maybe a freelance designer, developer, or marketer. Even when you're "just hiring a freelancer," you should still get the relationship in writing so you're clear on:
- who owns the work product and intellectual property
- payment terms and deliverables
- confidentiality
- how either party can terminate
And if you hire employees (even your first one), you'll need proper employment documentation and processes - including compliant policies for handling data, performance, and workplace expectations.
Key Takeaways
- Choose the right structure early (sole trader, partnership, or limited company), because it affects liability, tax, and how you contract with customers and suppliers.
- Register and run your admin properly, including HMRC registrations, any VAT obligations, and good recordkeeping for payments and invoices.
- Your website is part of the contract, so your terms, checkout flow, and customer information should reflect UK consumer law and distance selling rules.
- Refunds, returns, and delivery rules are a major risk area for online retailers, so clear policies and processes can prevent disputes and chargebacks.
- Subscriptions and auto-renewals need extra care, with transparent billing and cancellation processes to reduce legal and reputational risk.
- GDPR and marketing compliance apply to most online businesses, especially if you collect leads, run analytics, or send promotional emails.
- Don't DIY the important legal documents - templates rarely match your exact business model, and small drafting gaps can create expensive problems later.
If you'd like help getting your online business legally set up from day one, you can reach us at 08081347754 or team@sprintlaw.co.uk for a free, no-obligations chat.
Sapna Goundancontent writer
