You are an EU company selling services online (information society services) or you are planning to establish an entity somewhere in the EU and to sell to EU clients. Not a problem, but you just need to be aware of a list of items that the company must cover in order to comply with all regulations for a EU business selling services online.

The applicable acts to be taken into account would be different depending on the specific country you operate but regardless of the country, they all implement the EU’s Electronic Commerce Directive 2000 and others applicable into local law and practically every commercial website would be covered by it.

The following article covers Business to Business (B2B) transactions, i.e. selling to business clients online. For companies selling to individual consumers (natural persons), additional requirements and specific consumer protection rules apply that will be included in my next post.


You are bound by law to provide at least the following information to your potential clients:

  • the name of the service provider on the site.;
  • the geographic address of the company;
  • the details of the company including email address;
  • details of a register, including any registration number;
  • if the company is a member of a trade or similar register available to the public, confirmation of that;
  • the particulars of the relevant supervisory authority if the services are subject to an authorisation scheme;
  • details of any professional body or similar institution with which the company is registered, their professional title and the Member State where that title has been granted;
  • a VAT number – even if the website is not being used for e-commerce transactions;
  • prices on the website must be clear and unambiguous and, in particular, state whether prices are inclusive of tax and delivery costs;
  • place of registration;
  • additional information requirements for B2C transactions.


Identification of all commercial messages:

  • that it is a commercial communication;
  • the person on whose behalf it is being sent;
  • and if appropriate, that the communication is a promotional offer or promotional competition or game, and make conditions clear, unambiguous and easily accessible.

Identification of unsolicited commercial messages:

  • to be clearly and unambiguously identifiable as such;


  • Explicit consent of individual subscribers must be obtained (unless the recipient’s contact details have been obtained in the course of the sale or negotiation for the sale of a product or services) – e.g. through your online Privacy Policy;
  • No explicit consent needed from corporate subscribers.


Information to be provided before an order is placed:

  • the different technical steps to follow to conclude the contract;
  • whether or not the concluded contract will be filed by you and whether it will be accessible;
  • the technical means for identifying and correcting input errors prior to the placing of the order;
  • the languages offered for the conclusion of the contract;
  • which relevant codes of conduct it subscribes to (if any) and give information on how those codes can be accessed electronically;
  • where you send terms and conditions applicable to the contract to the recipient, the terms and conditions must be made available in a way which allows a user to store and reproduce them.

Placing the order:

  • provide technical means to allow consumers to identify and correct input errors before completing the order;
  • Acknowledgment of receipt of the order;


You should understand how to avoid liability when acting as a conduit, cache or host. Provided a service provider complies with the applicable legislation, it is generally not liable for any material where it:

  • acts as a mere conduit;
  • caches the material; or
  • hosts the material.


  • consider Data Protection principles applicable as EU law regarding Data Protection is much stricter compared to the protection granted to personal information in the US for example;
  • consider including a Privacy Policy to the website;
  • transfer of personal data outside of the EU – If you have a parent or a subsidiary company outside of the EU for example – you must strictly comply with the requirements on transfer of personal data outside of the EU.


  • file for a your company name, logo, etc. trademark protection within the specific country, or even better, within the entire EU with a Community Trademark. It may further protect your company domain name, as those are generally unprotected against third parties, unless registered as trademarks;
  • unlike the US, no copyright registration is needed or officially provided on a state level within the EU.