Legal Requirements for Setting Up an Online Business in the UK

This section discusses the legal requirements for setting up an online business in the UK. Staying compliant with these rules will prevent you from getting in trouble with the law, allowing you to concentrate on scaling your business.

Business Structure and Registration

The first legal step to starting any business is deciding its legal structure. This is important because each structure comes with its own implications on liability, business as a sole trader, partnership, or limited company in the UK.

  • Sole trader – In this business setup, you would operate as an individual, and the business income would be considered personal income. To register your business as a sole trader, visit the HM Revenue & Customs (HMRC) website and apply for a Taxpayer Reference (UTR) number.
  • Partnership – If more than one person owns the business, you can register it as a partnership. You’ll be required to register with HMRC and nominate one partner to be responsible for tax matters.
  • Limited company – These are separate legal entities from their owners. To register a limited company, you would submit all necessary documents like a list of directors, shareholders, and the company's article of association to the Companies House.

Website Compliance

All businesses operating online in the UK are required by the Companies Act 2006 and the Electronic Commerce (EC Directive) Regulations 2002 to provide the following information on their website;

  • Business name
  • Business address
  • Business email address
  • Business registration number
  • Professional or trade association membership
  • VAT number, if applicable

In addition to that, you should have a clear term of service for your website, outlining user rules and expectations.

In this case, you would address the following issues;

  • User Conduct
  • Intellectual property right
  • Limitation of liability
  • Dispute resolution mechanisms

Compliance with Data Protection Laws

Customers usually leave a lot of data when they visit your website. For instance, online casinos like the one at Lottoland may require users to enter their email and phone numbers when signing up for their services.

Besides, such websites may collect payment details and IP addresses when users make purchases. They usually use cookies to track customers’ online activities and use the data collected to offer them customised products and services.

To protect the user, the Data Protection Act 2018 and UK GDPR have outlined measures on how e-commerce sites can collect data, how they use it, and how long they can store the information. Therefore, as an online business, you are expected to disclose to your site visitors that you collect their data and for what purpose. Here are the two ways you can do that;

1. Privacy Policy

Clearly state your data processing activities in a privacy policy. First, you need to obtain explicit consent from users before collecting and processing their personal information. You should also explain how you collect, why, how you use and store this information, how long you keep the data, and who you share it with.

2. Cookie Policy

Most websites use cookies for marketing purposes and analytics. They usually use them to track users after leaving their site to analyse their purchasing behaviour.

Like in the privacy policy, you must disclose to your customers how you use cookies, why you are using them, the type of cookie you are using, and if you share the data you collect with anyone else.

Moreover, you must implement robust security measures to protect your website visitors against data breaches. Failure to have a cookie and privacy policy can lead to legal action from data subjects and can attract a fine from the Information Commissioner's Office (ICO).

PCI Compliance

As mentioned above, online businesses usually collect payment information when buyers make purchases. If this information lands in the wrong hands, fraudsters can use it to execute extortion and phishing attacks.

In that case, the Payment Card Industry Data Security Standard (PCI DSS) has outlined requirements all e-commerce must follow to process and store this data to protect users. They include;

  • Encrypt data and sensitive information for secure transmission
  • Using anti-virus software
  • Using firewall

Keep in mind that PCI DSS is a global entity. Therefore, you can attract a fine from your bank in case of breach or find yourself in a legal action against the ICO and data subjects.

Consumer Protection Laws Compliance

You are also required to comply with consumer protection laws when running an ecommerce business in the UK. Consumers' and online businesses' rights and obligations are outlined in the Consumer Rights Act 2015.

As an online business, you must provide clear information about products or services you sell. This information includes pricing, accurate product descriptions, terms and conditions, delivery timeline, and cost.

It ensures the customer doesn't end up with a different product other than the one they intended to buy. The description should cover all aspects of the product, including colour, texture, and material. It’s important to note that, unless agreed otherwise, you must deliver the product within 30 days.

You should also inform your customers of their cancellation rights and how to enforce them. In the Consumer Contracts Regulations 2013, consumers have a right to return goods within 14 days of receiving them.

Additionally, the Surcharge law prohibits sellers from adding additional costs to the price of a transaction for different payment methods.

Intellectual Property Protection

Protecting your brand and intellectual property is vital in the competitive digital marketplace. Here are the steps you can take;

  • Trademark Registration: Registering your business name, logo, or slogan as a trademark with the UK Intellectual Property Office (IPO) provides legal protection against unauthorised use by others.
  • Copyright Protection: Ensure your website content is original or properly licensed to avoid copyright infringement.

Taxation Obligations

Whether running a brick-and-mortar or an e-commerce business, understanding and meeting your tax obligations is fundamental to the success of your business. Failure to pay your taxes could lead to unnecessary fines that could pull the business behind. Here are key tax considerations:

  • Value Added Tax (VAT): If your taxable turnover exceeds the VAT threshold, currently £85,000, you must register for VAT. As a result, you will charge VAT on your products or services and submit regular VAT returns to HMRC.
  • Corporation Tax: Limited companies are subject to corporate tax on their profits. Ensure you familiarise yourself with the applicable rates and deadlines for filing annual tax returns.
  • Income Tax: Sole traders and partners in partnerships are subject to income tax on their business profits. Ensure you have accurate record-keeping in place and fulfil your self-assessment tax return obligations.

Accessibility and Discrimination Laws

Your online business should be accessible to everyone, regardless of their abilities. You must comply with accessibility standards to ensure that individuals with disabilities can use your website. Additionally, adhere to anti-discrimination laws to prevent any form of discrimination in your business operations.

Statistics Around Online Businesses in the UK

Online businesses have become very popular in recent years due to lower start-up costs compared to traditional businesses and the potential to reach millions of global customers. Younger people, in particular, prefer this business model due to the ease of running and the freedom that comes with it.

Data from the International Trade Administration indicates that the UK has the third- largest online business market in the world after China and the United States. As of January 2021, the UK e-commerce market was estimated to be 36.3% of the total UK retail market, with its revenue estimated to hit $285.60 billion by 2025.

In addition, over 80% of the UK population usually buy goods and services online regularly. For this reason, you could be missing a lot if you just have a traditional business without an online presence.


With e-commerce businesses expected to grow rapidly in the coming years, there's no better time to venture in than now. But before you do, you need to understand and comply with all legal requirements.

From choosing the right business structure to complying with data protection laws and taxation obligations, each step will contribute to the long-term success and sustainability of your online business.

While most conditions are similar to those of starting a physical business, some extra legal obligations are specifically for e-commerce. Therefore, it is important to consult a lawyer conversant with e-commerce business law in the UK to help you meet all the legal obligations.

Legal Requirements for Setting Up an Online Business in the UK