EU eCommerce Legal Requirements in 2026: The Complete Checklist
Selling online to EU customers in 2026 means navigating GDPR, the Consumer Rights Directive, the Digital Services Act, EU VAT OSS, the European Accessibility Act, and more. This checklist covers every legal requirement your store must meet.

Selling Online in the EU Has Never Been More Regulated
The EU's digital regulatory framework has expanded dramatically between 2022 and 2026. An eCommerce store that was fully compliant in 2022 may be non-compliant today across several different regulatory areas — many of which carry their own independent fine regimes.
This checklist covers every legal requirement your EU eCommerce business must meet in 2026.
---
1. Data Protection — GDPR
Status: In force since 2018. Fully enforced.
Every eCommerce store that collects data from EU customers must comply with GDPR. For eCommerce specifically, this means:
Required documents:
Key obligations for eCommerce:
Fines: Up to €20 million or 4% of global annual turnover
---
2. Consumer Rights Directive — 14-Day Right of Withdrawal
Status: In force. Updated by Omnibus Directive from 2022.
Every eCommerce store selling to EU consumers must provide:
Exceptions to withdrawal right: Customised products, perishables, digital content once download begins (with prior consent), sealed hygiene products once opened.
Fines: Vary by member state but typically €10,000-€500,000 per violation depending on severity and turnover.
---
3. Digital Services Act (DSA)
Status: Applicable to all online platforms and intermediaries since February 2024.
The DSA applies at different levels depending on your platform size. For most eCommerce businesses, the basic obligations are:
For marketplaces specifically: you must clearly indicate whether a seller is a trader or a private individual, as consumer protection rights differ.
---
4. VAT — One-Stop-Shop (OSS)
Status: Required for cross-border EU digital and physical sales above €10,000 per year.
If your eCommerce store sells goods or digital services to customers in multiple EU member states and your cross-border sales exceed €10,000 per year, you must register for the EU VAT One-Stop-Shop (OSS).
Without OSS:
With OSS:
eCommerce-specific VAT rates (2026 indicative):
| Country | Standard VAT | Digital Services VAT |
|---------|-------------|---------------------|
| Cyprus | 19% | 19% |
| Germany | 19% | 19% |
| France | 20% | 20% |
| Italy | 22% | 22% |
| Ireland | 23% | 23% |
You must apply the VAT rate of the customer's country, not your own.
---
5. European Accessibility Act (EAA)
Status: In force from June 28, 2025. Enforcement begins June 28, 2025.
The EAA requires eCommerce websites and apps to be accessible to people with disabilities, aligned with WCAG 2.1 Level AA standards.
What this means practically:
Who must comply: All eCommerce businesses with more than 10 employees OR more than €2 million annual turnover. Micro-enterprises are exempt but should assess voluntarily.
Fines: Set by each member state — expected to range from €10,000 to €100,000 per violation.
---
6. Product Safety and Consumer Protection
Status: EU General Product Safety Regulation (GPSR) applies from December 13, 2024.
If you sell physical goods to EU consumers, the GPSR replaces the old General Product Safety Directive and introduces:
---
7. Pre-Contractual Information Requirements
Before a consumer completes a purchase, EU law requires disclosure of:
This information must be provided before the order confirmation — not buried in a PDF or hidden in a footer link.
---
8. The Dark Patterns Ban
Status: Enforceable under the DSA and Omnibus Directive.
The EU has moved aggressively against "dark patterns" — user interface designs that manipulate consumers into unintended choices. Banned practices include:
The EU's DPAs and national consumer protection authorities are actively investigating and fining platforms for dark patterns. CNIL (France), the ICO (UK), and the Irish DPC have all issued specific guidance on dark patterns in 2024-2025.
---
The 2026 eCommerce Legal Checklist Summary
| Area | Key Requirement | Fines |
|------|----------------|-------|
| GDPR | Privacy Policy, Cookie Policy, Consent Banner, DPAs | Up to €20M / 4% turnover |
| Consumer Rights | 14-day withdrawal, transparent pricing | Up to €500K |
| DSA | ToS transparency, KYBC for marketplaces | Up to 6% global turnover |
| VAT OSS | Register if cross-border sales >€10K | Per-country penalties |
| Accessibility (EAA) | WCAG 2.1 AA compliance | Up to €100K per violation |
| GPSR | Product safety, traceability | Varies by member state |
| Dark Patterns | No manipulative UX design | Included in DSA/consumer law fines |
Need a full compliance review or the legal documents your eCommerce store is missing? Our team provides eCommerce compliance bundles covering GDPR documentation, Terms and Conditions, Refund Policy, and Cookie Compliance — ready in 48-72 hours.
Need Legal Documents?
Get expert-drafted legal documents customized for your business. From NDAs to GDPR policies, we've got you covered.

