UK Digital Business Legal Requirements

8th of April 2025

When it comes to starting a new online business, or maintaining an existing one, it's important to understand the legal implications of having an online presence. Every business owner, Product Manager and Owner, Delivery and Project Manager, Copywriter, UXer, and QA, essentially the whole team, should at least be vaguely aware of the following laws and regulations. Please note that I am not a legal professional and this does not constitute legal advice, but I can tell you that if you work towards complying with the following information then your legal team will be much happier.

Digital Markets, Competition and Consumers Act 2024

You must not use unfair commercial practices such as fake reviews, hidden fees, drip pricing, and subscription traps. The CMA can impose fines of up to 10% of your global annual turnover, or £300k for individuals, for non-compliance. You can be named and shamed and have notices issued against you.

UK General Data Protection Regulation (UK GDPR) & Data Protection Act 2018

Personal data such as cookies, user account detail, etc, must have a lawful basis for its collection and use. The data must be secured by appropriate measures and this typically means it's encrypted during transmission and at rest. Your privacy policy must be transparent, and a customer has the right to access and deletion of their data. You could be fined up to £17.5m or 4% of your global turnover, whichever is higher. You may receive criminal charges for deliberate breaches and may have civil claims raised against you.

Consumer Rights Act 2015

When selling goods and services a customer has the right to clear information, and a right to a refund, repair, or replacement. Digital content must be of satisfactory quality and services must be performed with reasonable care. Trading Standard, the CMA, or a Court may issue unlimited fines or, rarely, imprisonment for non-compliance.

Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013

For distance selling you must provide clear pre-contract information such as the price, delivery costs, and right to cancel. You must give a 14-day cooling-off period for most goods, starting from the day after delivery, meaning a customer should be able to return this in its original state (at their own expense) for a full refund. No pre-ticked boxes can be used that cause extra charges. You may receive an unlimited fine and injunctions for non-compliance.

Equality Act 2010

You must make reasonable adjustments such that your website does not discriminate against a customer with disabilities. Think customers who cannot use a mouse, cannot see well, have cognitive impairments. Shockingly, most websites are still uncompliant with this law and are at high risk of penalty. You are at risk of unlimited fines, compensation claims, and reputational damage if you fail to consider this Act.

Consumer Protection from Unfair Trading Regulations 2008 (CPRs)

You must not use misleading advertising, you must not omit important information, and you must not use aggressive sales tactics. For example, using messaging such as fake countdown timers, or compelling customers to purchase now because of limited stock, especially where these are not true. You may receive unlimited fines and / or up to two years imprisonment for non-compliance with this regulation.

Companies Act 2006

You must display the following information on your website, email headers, and letters: Registered company name, Company number, Registered office address, Place of registration. Companies House, an Insolvency Service, or the Courts may issue a fine of up to £1,000, with daily additional fines of £100 for non-compliance. Directors face disqualification.

Privacy and Electronic Communications Regulations 2003 (PECR)

You must be transparent about your use of personal information such as cookies. This requires you to display a banner to allow customers to opt-in to them. You may not place non-essential cookies before this has been given, and implied consent is not informed consent and therefore not allowed (no banners that only show on one page, or disappear after a few seconds). You must also gain consent to use marketing such as by email, text, or phone. The ICO can issue fines of up to £500,000 for non-compliance, though this Regulation is closely tied to GDPR and you are at risk of the penalties from that Regulation too.

The Electronic Commerce (EC Directive) Regulations 2002

You must display your business name, address, and contact details on your website. You must show clear pricing and contract steps. You must confirm orders by electronic means, e.g. email confirmation. You may receive injunctions, compliance orders, and unlimited fines for failing to provide statutory information.

Misrepresentation Act 1967

You must not make false or misleading statements in contracts. If a customer relies on inaccurate information to make a purchase, they can seek damages or cancellation. No criminal penalty, but a civil court can dissolve contracts and award damages against you.