Launching an Online Shop in the EU? Start With This Checklist.

Before you hit “publish”, make sure your shop is not only beautiful and functional - but also legally compliant and ready for cross‑border growth.

Here’s a quick, practical legal roadmap for digital businesses:

I. Choose Your Legal Structure & Register Your Business

Regardless of whether you choose a limited liability or a joint-stock company, it is essential to register your business with the appropriate national authority.

Key steps:

• Select your business structure based on liability protection and tax implications.

• Register with the national commercial register in your country of establishment.

• Obtain a business registration number and ensure your legal business name is displayed on your website.

• Check whether your activity requires any sector-specific licenses or permits (e.g., food, cosmetics, health products).

II. Register for VAT & Understand your VAT Obligations

Furthermore, obtaining a VAT number is typically mandatory for most online shops. 

Determine whether you’ll use the One-Stop Shop (OSS) for cross‑border EU sales. 

Also, keep in mind that if you need to store inventory in a specific country, you will need to register for VAT there.

Key steps:

• Obtain a VAT identification number in your country of establishment.

• Determine whether you exceed the EUR 10,000 cross-border sales threshold, which triggers obligations in other EU member states.

• Register for the One-Stop Shop (VAT OSS) to simplify cross-border VAT compliance - it can reduce administrative burden by up to 95%.

• If you store inventory in another country, register for VAT there separately.

• Understand reverse-charge mechanisms and import VAT rules when selling from outside the EU (Import One-Stop Shop — IOSS).

• Issue VAT-compliant invoices for every transaction.

III. Prepare your  Legal Documents & Comply with EU Consumer Protection Rules

EU consumer protection law requires every online shop to provide clear, accessible legal information.

Mandatory legal documents for your online store:

• Terms and Conditions (T&Cs) for online sales - covering, among others, the order process, payment terms, delivery, and applicable law.

• Privacy Policy (GDPR-compliant) - explaining what personal data you collect, why, how you protect it, and how long you retain it.

• Cookie Policy + cookie consent banner - compliant with the ePrivacy Directive and the upcoming ePrivacy Regulation.

• Returns and Refunds Policy - aligned with the 14-day right of withdrawal; or mentioning the no-withdrawal right, where applicable.

• Shipping and Delivery Policy - with clear information on delivery times, costs, and available shipping regions - which can be included in the T&C, but for clarity, it is recommended to have it separately.
  

IV. Set Up GDPR-Compliant Data Practices

GDPR compliance is non-negotiable for any business that processes the personal data of EU residents.

Key steps:

• Identify what personal data you collect (names, emails, payment info, IP addresses) and define a clear purpose for each.

• Implement a lawful basis for data processing (consent, legitimate interest, contractual necessity) for each processing activity.

• Prepare and maintain internal Records of Processing Activities (ROPA) as required under Article 30 GDPR. Even when not required, it proves a clean organization.

• Ensure secure data storage, encryption, and access control measures.

• Sign Data Processing Agreements (DPAs) with all third-party service providers (payment processors, email marketing tools, analytics platforms, hosting providers).

• Appoint a Data Protection Officer (DPO) if required, based on the nature and scale of your data processing.

• Implement procedures for handling data subject access requests (DSARs) - including rights to access, rectification, erasure, and data portability.

• Ensure cookie consent management is implemented correctly, with opt-in (not pre-ticked) consent for non-essential cookies.

V. Prepare for Customer Support & Complaints Handling

EU consumer law requires online businesses to offer accessible and responsive support channels. In some cases, DSA meets this requirement as well.

Key steps:

• Provide at least one fast, accessible contact method

• Inform consumers about alternative dispute resolution (ADR) and online dispute resolution (ODR) options.

• Set internal procedures for handling returns, refunds, and customer complaints within the legally required timeframes.

• Consider implementing a customer-facing FAQ or help center addressing common questions about shipping, returns, and payments.

VI. Check Intellectual Property & Branding

Protecting your brand identity and intellectual property (IP) is essential when launching an e-commerce business in the EU.

Key steps:

• Conduct a trademark search to ensure your brand name, logo, and domain name don't infringe on existing rights.

• Register your trademark with the EUIPO (European Union Intellectual Property Office) for EU-wide trademark protection.

• Secure your domain name across relevant extensions (.com, .eu, country-specific TLDs).

• Protect your original content, product descriptions, and images with copyright notices.

• If selling branded products, ensure you have proper authorization agreements and are not infringing on distribution rights.

—

The content of this article is general information, not tailored legal advice for your specific situation. It has a strictly informative and general purpose; the information contained does not constitute legal advice.

Every business is different. For personalized consultancy, schedule a consultation call or write to us directly at 📧 anamaria@legallyremote.online.