Skip to content 
Anyone running an online business should familiarize themselves intensively with the Legal issues online business deal with. Even small mistakes such as a missing cookie notice, ambiguous terms and conditions or an incorrect legal notice can result in warnings - with considerable financial consequences. In this article, I will show you the most important legal requirements for legally compliant e-commerce. I will also go into some details that can quickly get lost in the daily routine of a store operator and thus cause legal uncertainty.
Key points
- GENERAL TERMS AND CONDITIONS should be formulated with legal certainty and actively involved.
- Data protection in accordance with the GDPR is mandatory - including cookie consent.
- Right of withdrawal must be correctly communicated and technically implemented.
- Imprint obligation applies to every business website.
- Hosting significantly influences data protection and technical security.
Legal obligations are often underestimated, especially at the start of an online business. To avoid later trouble and expensive warnings, you should observe the applicable regulations in every step of your store creation. This starts with the choice of domain name, the integration of a secure ordering process and clear and transparent information about prices, shipping costs and delivery times. It often happens that new store operators initially focus on marketing and product optimization and overlook the fact that every online store in Germany has a comprehensive obligation to provide information and notices.
Legal foundations in e-commerce
Anyone selling products or services online in Germany must comply with numerous laws. These include, among others, the UWG (Act against Unfair Competition), which Copyright and the DSGVO. Violations not only cost money - they also jeopardize the trust of your customers. Minimum legal requirements such as the Packaging Act or the Price Indication Ordinance must not be ignored. A regular legal review of all store content will protect you from unnecessary warnings. For a well-founded overview, you can find a Guide to legally compliant website design.
The topic of competition law is particularly important in e-commerce: promotions or discount codes must be transparent and must not contain any misleading statements. Product descriptions and advertising statements are also frequently the subject of warning letters. This happens, for example, if an objective promise of quality could be derived from a simple advertising formula such as "best quality", but this cannot be proven. You should therefore always make sure that your statements can be verified and substantiated.
Conclusion of contract and information obligations
A purchase contract is concluded digitally in online business. This makes it all the more important that you provide clearly recognizable information. This includes not only your name, address and email address, but also the Essential product featuresthe full price or the right of withdrawal. Many mandatory details must be visible directly in the store - especially before the order is completed. A common mistake: an incomplete legal notice or the lack of a correct privacy policy.
You should also define exactly when a contract is concluded. This is often the click on the "Order with obligation to pay" button. In some stores, however, uncertainty arises if, for example, the order confirmation by email is the final point at which the contract is concluded. Clear structures in the ordering process therefore not only increase transparency for customers, but also create legal certainty. It is also advisable to clearly list important contractual information such as shipping costs, delivery times and return conditions in order confirmations.
The confirmation email itself also has legal relevance. It should not contain any content that could lead to confusion, for example if another confirmation or a similar-sounding email subject is sent. This is because customers must be able to clearly recognize whether it is still an order request or already a binding purchase. Clear wording helps to avoid misunderstandings later on. If necessary, it is worth carrying out a legal check of the order form or using reliable sample texts.
Data protection: GDPR and cookie obligations
The DSGVO places high demands on online retailers. You must clearly state how user data is collected, stored and processed. Each Privacy policy must be up-to-date and name all tools used. An active opt-in is required for marketing, analysis and tracking cookies - the so-called cookie consent banner. Without proper consent, fines may be imposed. You can find more details on the secure handling of user data in this GDPR guide.
Online retail often generates extensive data: Addresses, payment information, user behavior. Data protection therefore starts with the selection of software tools that you use to process your customer data. Make sure that your service providers are GDPR-compliant, offer secure interfaces and practice data minimization wherever possible. If you offer newsletters, social media integrations or customer accounts, data protection-compliant consent is essential. Tracking pixels from third-party providers that collect data in advance without consent are also a common pitfall.
General terms and conditions and contract texts
General terms and conditions (GTC) make your online business easier to plan. You define here Delivery modalitiesliability limits or terms of payment. Incorrect or unclear formulations, however, lead to invalidity. Important: The customer must actively confirm the terms and conditions at checkout. A mere link in the footer is not sufficient. References to the place of jurisdiction or guarantees must also be legally correct.
If you have special business models - such as subscription models, digital downloads or customized products - your T&Cs need to be formulated particularly carefully. With digital content in particular, regulations on updates or copy protection, for example, must be clearly defined. Questions regarding the limitation of liability for any loss of customer data also play a role, for example with cloud software. A professionally drafted document creates certainty for both sides and prevents unclear expectations.
In this context, you should also ensure that your T&Cs are always adapted to new legislation or court rulings. Jurisdictions are constantly changing, and what was valid three years ago may be invalid or at risk of a warning today. You should therefore regularly check whether your T&Cs, privacy policy or withdrawal policy still comply with the current requirements. If you rely on outdated templates, you quickly risk legal action that could often be avoided.
Legally compliant revocation and return regulations
Distance selling contracts are subject to the statutory Right of withdrawal. Consumers have 14 days to withdraw from the purchase - without giving reasons. As an entrepreneur, you must provide comprehensive information about this option. No information? Then the period is extended to one year. Exceptions apply for certain product types (e.g. sealed goods) - but you must also clearly state these. The return process and refund should run automatically and be documented.
In practical customer contact, I see time and again that retailers communicate their returns policies clumsily. There are often no clear forms or self-explanatory return steps. It's better if you offer a convenient and transparent returns process. This ensures a positive customer experience, which also has a long-term effect on your ratings and the loyalty of your buyers. In addition, clear documentation of returns and returns also protects your own legal position in the event of disputes. You can prove how you handled a withdrawal at any time.
Geo-blocking and EU requirements
Many retailers would like to focus on the German market - the EU law does, however, impose requirements on them. Thanks to the Geo-blocking Regulation, EU customers may not be discriminated against. This applies to prices, domain access or certain delivery options. Automatic redirects to other language versions of your store, for example, are only permitted with consent. Transparent information on delivery areas and shipping costs is mandatory.
It is perfectly possible to restrict delivery to certain countries only, but this must be clearly communicated. A hidden error message in the ordering process that simply states "Delivery not possible" should be avoided. Instead, it should be clearly listed which regions are supplied and which are not. You should also bear in mind that the EU is placing increasing emphasis on cross-border trade. This does not mean that every retailer has to be active in every EU country - but discrimination based on the customer's origin is not permitted.
Geo-blocking is not only relevant for physical products. Digital services such as streaming platforms or software downloads must also be taken into account in the EU regulation. You may only want to offer certain content in Germany - but especially if you make the same product available in several EU countries, you should make sure that this is done under the same conditions, unless you can provide valid reasons (such as higher shipping costs).
Protecting domain names and trademark law
You should check the desired domain name before starting your webshop. Violations of Trademark rights or naming rights quickly result in warning letters. Use official databases and have a specialized lawyer check if necessary. One Trademark application protects you from imitations. It gives you exclusive rights of use and strengthens confidence in your online business.
Also bear in mind that trademark law does not only apply to the domain name. Your logo design, slogans or product names should also be independent and not confusingly similar to protected designations. It makes sense to research carefully whether similar terms already exist in your industry. By registering a trademark with the German Patent and Trademark Office or Europe-wide with the EUIPO (European Union Intellectual Property Office), you can protect yourself legally and prevent a competitor from beating you to it.
Choice of legal form with foresight
The Legal form of your online business should be carefully considered - because it affects your liability, accounting and public image. Sole proprietorships or GbRs are quick to set up, but involve personal risk. GmbHs or UGs offer protection of private assets, but require more start-up capital and more formalities. The following table gives you a quick overview:
| Legal form | Suitable for | Liability | Foundation costs |
|---|---|---|---|
| Sole proprietorship | Individual founders | Private assets | Low |
| GbR | At least 2 persons | Private assets | Low |
| Ltd. | Single/multiple | Company assets | High |
| UG (limited liability) | Single/multiple | Company assets | Medium |
Anyone who decides to set up a limited liability company should consider not only the set-up costs but also the ongoing obligations: annual financial statements must be published and stricter accounting and documentation requirements apply. In addition, potential business partners often want to know the structure behind a company. A GmbH or UG often appears more professional, which can increase trust - but this also means greater demands in terms of day-to-day administration. It is therefore worth weighing things up.
Some online entrepreneurs also opt for hybrid forms: For example, a holding-type structure in which several projects run under one roof. This allows synergy effects to be exploited and risks to be better distributed. However, the bureaucratic effort increases. In this case, it should also be clearly regulated how responsibilities are distributed between the various company units in order to avoid liability risks and disputes over authority.
Legally compliant dispatch of newsletters
In email marketing, I pay strict attention to the Double opt-in-obligation. Advertising is prohibited without clear consent. Newsletters must also contain a functioning unsubscribe link. Even a single mistake can be considered unfair harassment - and result in a warning. It is therefore worth checking newsletter tools for compliance.
There are potential pitfalls, especially when sending newsletters via automated systems: for example, customer data may not be misused for further advertising purposes if it was only collected for the ordering process. Even the content of a new customer welcome email should not contain advertising unless the customer has consented to this in advance. With a clean double opt-in process and a clear privacy policy, you can ensure that every advertising measure is legally covered.
Product liability must not be underestimated
Online retailers are responsible for the products they offer. If an item causes damage or works differently than described, you are liable - even if it was produced by a third party. You should therefore adhere exactly to the Product Safety Actcheck certificates and correctly set CE markings. Guarantees must be regulated transparently and comprehensibly.
Caution is required, especially with technical devices or cosmetic products. Precise product specifications, content information and warnings play an important role here. If you import products from abroad, you must ensure conformity with European standards yourself. This pays off in two ways: You avoid legal action and ensure the satisfaction of your customers by providing them with a safe and tested product. If you have to carry out recalls, complete batch traceability is a must. So consider in advance how you can efficiently manage returns, complaints and product inspections.
Communication with your suppliers is also essential. Make sure that contracts with your manufacturers, wholesalers or dropshipping partners clearly regulate how liability issues are handled. Solid contractual safeguards can clarify who is obliged to pay compensation or carry out test routines in the event of a dispute. Especially in global supply chains, you have to expect time differences and language barriers. Clear contracts and regular quality controls are particularly important here in order to be able to work together smoothly in the long term.
Hosting and server location are legally decisive
Legal issues no longer only affect the visible part of your website. Also Server locations and hosting partners play a key role - especially when it comes to data protection. I choose providers that offer regular security updates, backups and protection mechanisms such as DDoS firewalls. The following table offers a direct comparison:
| Provider | Performance | Data protection | Support | Legal certainty |
|---|---|---|---|---|
| webhoster.de | Very good | Very high | 24/7 | Excellent |
| Provider 2 | Good | High | 24/7 | Very good |
| Provider 3 | Satisfied. | Medium | Working days | Good |
You can also find further information on the legal situation regarding hosting options and data storage in this Article on legal hosting obligations. You should also bear in mind that you are not only responsible for your own store server, but also for the data security of email providers, cloud storage or external services. A security breach at an external service provider can also significantly affect you and, in the worst case, lead to fines if personal data is affected. Minimum standards are regular backups, SSL encryption and compliance with current security protocols.
It is also conceivable to deliberately choose your server location within the EU in order to comply with the strict European data protection guidelines. Some retailers rely on international hosting providers outside the EU, but this can lead to problems if the data protection regulations there are less strict. Carefully weighing up costs, performance and legal compliance will pay off in the long term. You should also ensure in your contracts that your hosting provider can provide you with information about storage locations and protective measures.
Concluding thoughts: Act with legal certainty, actively avoid risks
If you want to survive in online retail, you need to understand and implement the legal principles. Many requirements can be reliably mapped with clear processes and tools. I recommend that you don't take any risks - because a warning letter not only costs money, but also credibility. Technology, content and processes should be regularly checked from a legal perspective. With the right know-how and professional support, your online business will remain legally compliant in the long term.
Especially in a fast-moving market like e-commerce, it is wise to continuously educate yourself and minimize potential points of risk. Guidelines change, as do technology and customer expectations. Review your order process, terms and conditions, cookie consent solutions and marketing measures at regular intervals to ensure you are always up to date. As an online retailer, you have numerous tools and resources at your disposal to identify and avoid legal pitfalls at an early stage. With a well thought-out, professional approach, you can strengthen the trust of your customers and hold your own against competitors in the long term.
In summary, the key is to keep an eye on all aspects of the business - from the legal situation and data protection to the user-friendly processing of sales contracts. Foresighted risk management and transparent communication are crucial to long-term success. This will not only make your online business profitable, but also stable and reputable.
