Online Selling Rules And Regulations In The UK

Selling online is one of the fastest ways for UK small businesses to reach new customers. Whether you’re launching a Shopify store, taking orders via Instagram, or building a subscription app, the opportunity is huge.

But there are also clear online selling rules and regulations in the UK. Getting across them early keeps you compliant, builds customer trust, and prevents costly headaches later.

In this guide, we’ll walk you through the key laws, the must‑show information for your website and checkout, consumer rights you need to honour, privacy and marketing rules, and the essential legal documents to get in place from day one.

What Counts As Online Selling In The UK?

“Online selling” covers far more than a traditional e‑commerce website. If you accept orders or form contracts with consumers via digital channels, the online selling rules likely apply.

This can include:

• Your own website or app (including mobile checkout, guest checkout, and subscriptions)
• Marketplace listings (e.g. Amazon, Etsy, eBay) or social media sales (e.g. Instagram or TikTok Shop)
• Orders taken by email, direct message, or over the phone following information displayed online
• Digital content and services (downloads, SaaS, online courses, streaming, in‑app purchases)

If you sell to consumers (individuals acting for purposes outside their trade or profession), UK consumer protection law applies, even if you’re a micro‑business. B2B sales are treated differently in places, but many rules below still matter for both.

The Core Online Selling Rules And Regulations In The UK

Here are the main legal frameworks you should know. Don’t stress if this feels like a lot - we’ve summarised what they require in plain English so you can take action.

Consumer Contracts Regulations (Distance Selling)

The Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013 set the ground rules for “distance” sales. In short, you must give clear pre‑contract information, provide a cooling‑off (cancellation) period for most consumer purchases, and avoid hidden charges or default‑ticked extras. If you’re new to this area, it’s worth reading up on distance selling laws first.

Consumer Rights Act 2015

The Consumer Rights Act 2015 sets standards for goods, services and digital content. Goods must be of satisfactory quality, fit for purpose and as described; digital content must be as described and of satisfactory quality; services must be provided with reasonable care and skill. Customers have repair/replacement or refund rights if things go wrong. For faulty goods obligations, see this guide to the Consumer Rights Act 2015.

Electronic Commerce Regulations

The Electronic Commerce (EC Directive) Regulations 2002 require you to provide certain information about your business on your website (like your legal name, contact details and company registration number if incorporated) and to make your contract process clear and transparent.

Pricing And Surcharges

Pricing must be transparent. You shouldn’t hide delivery or mandatory fees until late in the checkout. It is unlawful to add card payment surcharges to consumer transactions. If you change ongoing fees (for example with a subscription), follow fair notice and variation practices and consider your obligations under UK consumer law and your contract terms. If relevant, plan ahead for fair notice by reviewing price increase notification laws.

Subscriptions And Auto‑Renewals

For subscriptions, make auto‑renewal terms prominent before purchase, set clear renewal periods, explain cancellation rights, and avoid unfair barriers to cancel. There is specific consumer guidance on cancellations and “dark patterns”, and the law is tightening on misleading designs. For more detail, see the overview of UK auto‑renewal laws.

Data Protection And Privacy

If you collect personal data (names, emails, delivery addresses, analytics, etc.), you must comply with UK GDPR and the Data Protection Act 2018. That means having a lawful basis, using data fairly, keeping it secure, and being transparent via a clear Privacy Policy. Cookies and marketing are covered separately by PECR (see below).

PECR (Cookies And Electronic Marketing)

The Privacy and Electronic Communications Regulations 2003 (PECR) control cookies, direct marketing by email/SMS, and similar technologies. In practice, you need consent for non‑essential cookies and you must not send unsolicited marketing without a valid lawful basis under PECR. We cover this further below.

Product Safety And Restricted Items

If you sell items like cosmetics, toys, electronics or food, specific product safety regimes apply (labelling, composition, CE/UKCA marking as applicable, recalls). You must not sell restricted items (like age‑restricted goods) without proper checks. Always check UK‑specific requirements for your product category.

VAT And Invoicing

If your taxable turnover exceeds the UK VAT threshold, you must register, charge VAT as appropriate, and issue VAT‑compliant invoices. Even if you’re not VAT‑registered, good invoicing practice is important - see this step‑by‑step guide to UK invoice requirements.

Mandatory Information To Display On Your Site And During Checkout

UK law requires certain information to be clearly available before a consumer commits to buy. This isn’t just best practice - it’s a legal requirement under the Consumer Contracts and eCommerce rules.

Make sure the following are easy to find (ideally linked in your footer and shown or summarised during checkout):

• Your legal business name, geographic address, and contact details (email and, where available, phone)
• Company registration number and registered office (if you’re a company), plus VAT number if registered
• Key product details: main characteristics, total price including taxes and delivery fees, and any ongoing charges
• Delivery options, costs and estimated timescales
• How to pay, after‑sales support, and complaint handling
• Cancellation rights (cooling‑off), how returns work, and any exceptions (e.g. for perishable or bespoke items)
• Contract length and termination terms for services or subscriptions
• Digital content compatibility and technical requirements (where relevant)

Your online purchasing process should also make clear when the customer is placing an order that creates a payment obligation (for example by using a button label like “Pay Now” rather than something ambiguous). And avoid pre‑ticked boxes for extras.

It’s smart to mirror these disclosures in your customer‑facing terms so everything is consistent - we’ll cover the documents you need below.

Consumer Rights: Cancellations, Returns And Faulty Goods

Consumer protection is at the core of the UK’s online selling rules and regulations. Here are the key points you must build into your process and policies.

Cooling‑Off (14‑Day Cancellation) For Distance Sales

Consumers usually have 14 days from delivery to cancel an online purchase without giving a reason. You must then refund within 14 days of receiving the returned goods (or receiving proof they’ve been sent back). You can require customers to cover the cost of return postage if you clearly told them about this before purchase.

There are important exceptions, including:

• Personalised or made‑to‑order items
• Perishable goods
• Sealed items not suitable for return due to health protection/hygiene once unsealed
• Digital content once download/streaming has begun with express consent

Refunds For Faulty Goods Or Sub‑Standard Services

Separate to the 14‑day cancellation right, the Consumer Rights Act 2015 gives customers remedies if goods are faulty or not as described, or if services aren’t performed with reasonable care and skill. For goods, consumers get a short‑term right to reject within 30 days, or a repair/replacement; after that, further remedies apply depending on the timeframe. Make sure your refund flow recognises CRA rights - your terms can’t take these away.

Returns Policy And Clear Process

Having a clear, written Returns Policy that aligns with the law is essential. It should set out:

• When and how customers can cancel under the cooling‑off rules
• How to initiate returns and where to send items
• Who pays return shipping and any restocking approach (note: you can’t deduct unfair amounts)
• Timelines for refunds and how they’ll be processed
• Faulty/defective items procedure and evidence requirements
• Any lawful exceptions to cancellation and returns

Keep your customer service scripts, email templates and internal processes aligned with your policy, so staff don’t inadvertently promise something different or refuse a legal right.

Data, Cookies And Marketing: GDPR And PECR Essentials

Most online businesses collect at least some personal data. That puts you squarely in UK GDPR territory. On top of that, cookies and marketing messages are regulated by PECR. Here’s the practical version of what that means.

Privacy Policy And Lawful Basis

Tell people what you collect, why, and how long you keep it - in a clear, accessible Privacy Policy. You must have a lawful basis (e.g. contract necessity for processing an order, consent for non‑essential cookies, legitimate interests with balancing for some analytics - if appropriate). Only collect what you need, keep it secure, and respect data subject rights (access, erasure, objection, etc.).

Cookies And Consent

For non‑essential cookies (analytics, advertising, personalisation), get prior consent via a compliant banner and give users fine‑grained control. Don’t drop non‑essential cookies until consent is given. For a practical walkthrough, this guide to compliant cookie banners is a good place to start.

Email And SMS Marketing (PECR)

You generally need prior consent to send electronic marketing to individuals, unless you can rely on the “soft opt‑in” for existing customers who bought similar products and were given a chance to opt out at the point of sale and on every message. Always include a working unsubscribe link and honour opt‑outs promptly. If you’re checking your approach, revisit the summary of UK email marketing laws.

Data Minimisation, Retention And Security

Collect the minimum personal data you need, store it securely, and set retention limits (don’t hold on “just in case”). Review who has access, encrypt where possible, and keep a process for dealing with subject access requests and breach response. If you use third‑party processors (e.g. email platforms, cloud providers), make sure you have appropriate contracts and transfer safeguards in place.

Key Legal Documents For Your Online Store

Good documents don’t just tick compliance boxes - they reduce disputes, set expectations, and help you scale. Here are the essentials for most UK e‑commerce businesses.

• Website Terms And Conditions - Set the rules for site use, IP ownership, acceptable behaviour and liability caps. A professionally drafted set of Website Terms and Conditions makes your house rules enforceable.
• Terms Of Sale - The commercial deal with customers: pricing, payment, delivery, risk, cancellations, returns, warranties and complaints. This should reflect the Consumer Contracts Regulations and CRA requirements. If you sell digital content or subscriptions, include digital content and renewal terms.
• Privacy Policy - Explain how you handle personal data under UK GDPR. Link it in your footer and present it at relevant touchpoints (newsletter sign‑up, checkout). You can start with a tailored Privacy Policy and update as you grow.
• Cookie Policy/Controls - Outline cookie use and give users tools to control non‑essential cookies. Many businesses pair the policy with a compliant banner and consent log; a service‑level Cookie Policy makes this straightforward.
• Returns And Refunds Policy - Summarise the legal rights and your process in plain English to reduce inbound questions and chargebacks. Keep it consistent with your Terms of Sale and shipping pages.
• Subscription Terms (if relevant) - Make auto‑renewals and cancellation steps crystal‑clear and fair so you’re aligned with UK consumer guidance and auto‑renewal laws.
• Supplier And Fulfilment Contracts - Agree clear service levels, delivery timelines, quality standards, indemnities and termination rights with couriers, 3PLs and key suppliers. This keeps your promises to customers realistic and enforceable.

One more tip: courts are more likely to uphold online terms if you present them properly (e.g. via click‑wrap during checkout). If you’re updating your flow, check how to make your website terms enforceable with clear acceptance mechanisms.

Key Takeaways

• Understand the core UK frameworks for online selling: the Consumer Contracts Regulations (distance selling), Consumer Rights Act 2015, eCommerce Regulations, pricing transparency rules, UK GDPR and PECR. If you run subscriptions, build your flow around clear, fair renewal and cancellation terms that reflect UK auto‑renewal laws.
• Show mandatory information prominently before purchase: who you are, how to contact you, total prices (including taxes and delivery), delivery times, cancellation/return rights, contract length for services, and digital content requirements. Keep your invoices compliant using UK invoice requirements.
• Honour consumer rights: a 14‑day cooling‑off period for most distance sales, fair and timely refunds, and robust remedies for faulty goods and sub‑standard services under the Consumer Rights Act. Put it all in a clear, lawful Returns Policy.
• Get privacy and marketing right: publish a transparent Privacy Policy, collect only what you need, secure it properly, and respect data rights. Implement consent‑based cookie controls with compliant cookie banners and follow PECR for opt‑ins and opt‑outs under the UK’s email marketing laws.
• Use strong, tailored documents: Terms of Sale, Website Terms, Privacy and Cookie Policies, and (if relevant) Subscription Terms provide clarity and help you enforce your rights. Present terms with clear acceptance to keep them binding and consistent with your customer journey.
• Build a compliance habit: review product‑specific safety rules, keep pricing and shipping transparent, refresh policies as you scale, and train your team to follow the process. Small tweaks now prevent chargebacks, complaints and regulatory issues later.

If you’d like help setting up your online store’s legals - from Terms of Sale and Website Terms to privacy and cookie compliance - our team can guide you through it. You can reach us on 08081347754 or team@sprintlaw.co.uk for a free, no‑obligations chat.