Legal Documents Required for an Online Store in the EU: Complete Guide 🛒
Launching and running an eCommerce store in the European Union involves more than just design, logistics, and payment integration. It also requires strict compliance with EU law, particularly in terms of consumer protection and data privacy.
This guide outlines the essential legal documents that must be published on every EU-based or EU-targeting online store, along with the purpose of each document and the latest regulatory requirements.
Mandatory Legal Documents for eCommerce in the EU ✅
Under EU legislation, an online store is required to display the following legal documents on its website:
Terms and Conditions (General Terms of Sale / GTOS)
Privacy Policy
Cookie Policy
Impressum / Legal Notice
Return and Withdrawal Policy
Shipping and Delivery Terms
Consent to Personal Data Processing (GDPR compliance)
These documents ensure transparency, protect consumers, and establish a legal foundation for handling personal data.
1. Terms and Conditions (General Terms of Sale) 📄
Purpose:
Defines the contract between the seller and the buyer. It outlines the terms under which the products are sold, including pricing, payment, delivery, and dispute resolution.
Required by:
EU Consumer Rights Directive (2011/83/EU)
National contract law of each EU member state
What it should include:
Company details (name, registration number, address, VAT ID)
Product and pricing information
Payment methods and terms
Delivery times and methods
Return and cancellation policies
Warranty and liability terms
Governing law and jurisdiction
2. Privacy Policy (GDPR-Compliant) 🔒
Purpose:
Informs users about how their personal data is collected, stored, processed, and shared. Required under the General Data Protection Regulation (GDPR).
Required by:
Regulation (EU) 2016/679 (GDPR)
What it should include:
What data is collected (e.g., name, email, IP address)
Legal basis for processing (e.g., consent, contractual necessity)
Purposes of processing (order fulfillment, communication, marketing)
Retention periods
Information about third-party data sharing (e.g., payment processors, couriers)
Data subject rights (access, rectification, deletion, objection)
Contact details for the Data Protection Officer (if applicable)
3. Cookie Policy 🍪
Purpose:
Explains how the site uses cookies and similar tracking technologies. Under the ePrivacy Directive (and aligned with the GDPR), users must be informed and given clear control over the use of cookies — especially those used for analytics and advertising.
Key requirements:
Users must give prior consent before any non-essential cookies are placed
Consent must be freely given, specific, informed, and unambiguous
Users should be able to reject or disable analytics and advertising cookies
Cookie banners must not use manipulative design (so-called “dark patterns”)
Consent mechanisms should allow for easy withdrawal or change of preference
What to include in the Cookie Policy:
Categories of cookies used (essential, performance, targeting)
Their purpose and duration
Details of third-party cookies (e.g., Google, Meta)
Instructions on how to manage cookies (e.g., browser settings or a preference center)
4. Impressum / Legal Notice 🧾
Purpose:
A mandatory legal notice identifying the business and its operator. Required in many EU countries (e.g., Germany, Austria, France).
Required by:
National laws (e.g., §5 TMG in Germany)
eCommerce Directive 2000/31/EC
What it should include:
Full legal name of the business owner or company
Registered address
Commercial register number (if applicable)
VAT number
Contact email and phone number
Supervisory authority (if regulated activity)
5. Return and Withdrawal Policy 🔁
Purpose:
Explains the consumer’s right to withdraw from a purchase and return goods. Under EU law, consumers must be given at least 14 days to cancel a purchase made online.
Required by:
EU Consumer Rights Directive
What it should include:
Time frame for returns (minimum 14 days)
Return process and conditions
Refund timeline
Exceptions (e.g., perishable goods, personalized items)
Contact details for initiating a return
6. Shipping and Delivery Terms 🚚
Purpose:
Details the conditions, timing, and cost of product delivery. While not strictly a legal requirement, this is expected under fair commercial practice laws.
What it should include:
Shipping options and costs
Estimated delivery times
Carriers used
International shipping conditions (if available)
Handling of lost/damaged goods
7. Consent to Personal Data Processing ✅
Purpose:
A clearly expressed, specific, informed, and freely given agreement by the user to the processing of their personal data — typically gathered through checkboxes or consent banners.
Required by:
GDPR, Article 6 and 7
How to comply:
Use opt-in checkboxes (no pre-checked boxes)
Link to Privacy Policy at every point of data collection
Store proof of consent (for audit purposes)
Allow withdrawal of consent at any time
Where and How to Display These Documents
All documents should be clearly accessible from every page of the website, usually in the footer
Must be written in plain, understandable language
Should be available in the official language(s) of the countries the store serves
Consent mechanisms must be fully functional and compliant (especially for cookies and data processing)
Documents must be updated regularly to reflect changes in law or business practices
Summary Table
| Document | Mandatory | Based on |
|---|---|---|
| Terms and Conditions | ✅ Yes | Consumer Rights Directive |
| Privacy Policy (GDPR) | ✅ Yes | GDPR (EU 2016/679) |
| Cookie Policy | ✅ Yes | ePrivacy Directive + GDPR |
| Impressum / Legal Notice | ✅ Yes | National & eCommerce Directive |
| Return/Withdrawal Policy | ✅ Yes | Consumer Rights Directive |
| Shipping Terms | ⚠️ Expected | Unfair Commercial Practices Directives |
| Consent for Data Processing | ✅ Yes | GDPR |
Failure to implement these documents or comply with related requirements can result in fines, injunctions, and loss of consumer trust. EU regulatory bodies such as data protection authorities (DPAs) and consumer watchdogs actively monitor online businesses.
Complying with EU legal standards is not only about avoiding penalties — it's a foundation for transparency, trust, and long-term success in European eCommerce.