Access key links:

Frequently Asked Questions


eCommunications - The Electronic Commerce Directive (00/31/EC) and The Electronic Commerce (EC Directive) Regulations 2002 (SI 2002 No. 2013)

Guidance on regulation

Frequently Asked Questions on The Electronic Commerce (EC Directive) Regulations 2002

  1. When did the Electronic Commerce Regulations come into effect?
  2. What is the purpose of the E-Commerce Directive?
  3. What do the Regulations cover?
  4. What areas do the Regulations not cover?
  5. How is an established service provider defined in the Regulations?
  6. How are Information Society Services defined in the Regulations?
  7. Which countries does the Electronic Commerce Directive cover?
  8. What areas are excluded from the scope of these Regulations?
  9. What is the “Country of Origin” Rule?
  10. Do the Regulations allow for any exceptions to the “Country of Origin” rule?
  11. What information must a person providing an information society service make available?
  12. What information does a service provider need to provide with regard to sending commercial communication (e-mail)?
  13. Do the Regulations allow contracts to be concluded by electronic means?
  14. What information does a service provider need to give where contracts are concluded by electronic means?
  15. What information does the service provider need to give to service users when they place an electronic order?
  16. What will happen to service providers who breach these rules?
  17. How do Stop Now Orders relate to the Regulations?
  18. What liability do Intermediary Service Providers have?
  19. How is “actual knowledge” specified in relation to the Regulations?
  20. Is there a general obligation for ISP’s to monitor information?
  21. What is the 2008 European Court of Justice ruling that companies should provide a means of contact on their websites in addition to postal and email addresses?

Back to the E-Commerce Directive Pages  

This FAQ is intended as a general guide to the Electronic Commerce (EC Directive) Regulations 2002, it is not a substitute for detailed and specific legal advice.

Question 1. When did the Electronic Commerce Regulations (“The Regulations”) come into effect?

The Electronic Commerce (EC) Regulations 2002 (SI 2002 No.2013) came into force on the 21 August 2002, except for Regulation 16 on the amendment of “Stop Now Orders” which came into force on the 23 October 2002. These Regulations transpose the Electronic Commerce Directive 2000/31/EC.

(Top)

Question 2. What is the purpose of the E-Commerce Directive?

The purpose of the E-Commerce Directive is to ensure the free movement of “information society services” across the European Community (i.e. enhancing the internal market). It deals with the establishment of service providers, commercial communications, electronic contracts, the liability of intermediaries, codes of conduct, out-of-court dispute settlements, court actions and cooperation between Member States.

(Top)

Question 3. What do the Regulations cover?

The Regulations cover online services provided for remuneration, and extend to services, which are not remunerated by those who receive them, such as those offering on-line information or commercial communications, or those providing search, access and retrieval of data.

(Top)

Question 4. What areas do the Regulations not cover?

The Regulations do not apply to non-commercial interactions, or the offline elements of online transactions e.g. the goods or services themselves where these are not provided online or the delivery of goods or services not provided online; the offline elements (e.g. the conclusion of a hardcopy contract) of any transaction that commences online (e.g. in response to an advertisement on a website) are therefore not within their scope.

(Top)

Questions 5. How is an established service provider defined in the Regulations?

An established service provider is defined in Regulation 2 as a “service provider who is a national of a member state or a company or firm as mentioned in Article 48 of the Treaty and who effectively pursues an economic activity by virtue of which he is a service provider using a fixed establishment in a member state for an indefinite period, but the presence and use of the technical means and technologies required to provide the information society service do not, in themselves, constitute an establishment of the provider; in cases where it cannot be determined from which of a number of places of establishment a given service is provided , that service is to be regarded as provided from the place of establishment where the provider has the centre of his activities relating to that service; references to a service provider being established or to the establishment of a service provider shall be construed accordingly”. An example of this is where a multinational company who provides services online and whose main base is in the UK, but has some subsidiary offices in another country, would count as being established in the UK.

(Top)

Question 6. How are Information Society Services defined in the Regulations ?

For the purposes of these Regulations “Information Society Services” are “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service.

This covers a wide range of economic activities that take place online, including selling goods online, as well as video on demand and services consisting of the transmission of information via a communication network, providing access to a communication network, hosting information provided by a recipient of the service or providing commercial communications by e-mail. However, the use of e-mail or equivalent electronic communications (e.g. by persons acting outside their trade, business or profession, including their use for the conclusion of contracts between such persons) is not an information society service e.g. personal e-mail exchanges or a website with no commercial content would not be covered by these Regulations.

(Top)

Question 7. Which countries does the Electronic Commerce Directive cover?

All countries in the European Economic Area (i.e. Iceland. Liechtenstein and Norway, as well as the European Community members comprising of Austria, Belgium, Denmark, Finland, France, Germany, Greece, Ireland, Italy, Luxembourg, the Netherlands, Portugal, Spain, Sweden and the United Kingdom (Gibraltar is for the purposes of the Directive part of the Community via their own implementation, but the Isle of Man and the Channel Islands are not).

(Top)

Question 8. What areas are excluded from the scope of these Regulations?

The following areas are excluded from the scope of this Regulation:

  1. taxation;
  2. any areas covered by the Data Protection Directive and the Privacy and Electronic Communications Directive (2002/58/EC), which concerns the processing of personal data and the protection of privacy in the electronic communications sector;
  3. questions relating to agreements or practices governed by cartel law; and
  4. the following activities when they are carried out online:
  • the activities of a public notary or equivalent professions to the extent that they involve a direct and specific connection with the exercise of public authority;
  • the representation of a client and defence of his interests before the courts; and 
  • betting, gaming or lotteries which involves wagering a stake with monetary value.

(Top)

Question 9. What is the “Country of Origin” Rule?

The Directive broadly follows a “country of origin” approach to regulation where services are provided across borders within the EEA – the principle, subject to some exclusions and qualifications, is that an online service provider is subject to the law that applies in the country where they are based, rather than where their customers are.

The effect of regulation 4(1) is that information society services provided to a person in the UK or in another Member State by a service provider from an establishment in the UK must comply with any UK legal requirement that falls within the coordinated field. The coordinated field means requirements applicable to information society services or the providers of those services, whether those requirements are general in nature or specifically designed for services or providers. It covers requirements with which services providers have to comply in respect of the taking up of the activity of an information society service (e.g. requirements concerning qualifications of service providers) and the pursuit of the activity of an information society service (e.g. requirements concerning the behaviour of service providers).

Regulation 4(2) provides that the enforcement authorities are responsible for ensuring compliance with requirements of UK law. The effect of this is to shift the responsibility for enforcement. UK enforcement authorities will regulate information society services provided from the UK, wherever in the EEA they are delivered. Similarly, information society services provided from elsewhere in the EEA shall be regulated by the enforcement authorities in those Member States. This is the effect of regulation 4(3), which provides that, subject to certain exceptions (discussed in relation to Question 10 below), any requirements shall not be applied to the provision of an information society service from an EEA state other than the UK for reasons falling within the coordinated field where the application of that requirement would restrict the freedom to provide information society services to a person in the UK.

(Top)

Question 10. Do the Regulations allow for any exceptions to the “Country of Origin” rule?

Enforcement authorities may take measures, and courts may apply UK law, that restrict the provision of a given information society service into the UK from elsewhere in the EEA on a case-by-case basis and under certain circumstances.

First, the restriction must be proportionate (i.e. it must go no further than is necessary to achieve the desired result).

Second, the restriction must be necessary for one of the following reasons:

a) public policy, in particular the prevention, investigation, detection and prosecution of criminal offences, including the protection of minors and the fight against any incitement to hatred on grounds of race, sex, religion or nationality, and violations of human dignity concerning individual persons;

b) the protection of public health;

c) public security, including the safeguarding of national security and defence; or

d) the protection of consumers, including investors.

Third, the information society service in question must prejudice or present a serious and grave risk of prejudice to at least one of the objectives given above.

Fourth, where an enforcement authority is acting, it must have:

a) asked the Member State in which the service provider is established to take measures within the stated deadline, and if the Member State did not do so, or the measures taken were inadequate, then;

b) notify the European Commission (via UKREP) and the Member State in which the service provider is established of its intentions to take appropriate enforcement action.

Finally, in cases of urgent threats to the interests of public policy, public security, public health or the protection of consumers, an enforcement authority may take measures in respect of an information society service without first asking the Member State of establishment to act and notifying the Commission; but where such urgent action is taken, the Member State and the Commission must be notified of the measures taken as soon as possible, and the reasons for urgent action must be fully explained.

(Top)

Question 11. What information must a person providing an information society service make available?

A person who provides an information society service must provide the following information to the recipient of that service, and to any relevant enforcement authority, in a form and manner that is easily, directly and permanently accessible, the following information:

  • the name of the service provider;
  • the geographic address at which the service provided is established. (This not necessarily his principal or registered office, nor the usual address that he cites for the purpose of sending communications. Rather, it is the address that derives from the definition of “established service provider” and so indicates the Member State whose laws will, in general, apply to the provision of the service in question);
  • the details of the service provider, including his e-mail address;
  • where the service provider is registered in a trade or similar register available to the public, details of the register in which the service provider is entered and his registration number, or equivalent means of identification in that register
  • where the provision of the service is subject to an authorisation scheme, the particulars of the relevant supervisory authority. The schemes in question are those relevant to the information society service in question, not to any subsequent offline transaction; 
  • where the service provider exercises a regulated profession –

i). the details of any professional body or similar institution with which he or she is registered;

ii). his or her professional title and the Member State where that title has been granted; and

iii). a reference to the professional rules applicable and a way that the service user can access them (for example, a link to the professional body’s website); and

  • where the service provider undertakes an activity that is subject to VAT, the identification number referred to in Article 22(1) of the sixth VAT Directive 77/388/EEC of 17 May 1977 needs to be shown on the website.

(Top)

Question 12. What information does a service provider need to provide with regard to sending commercial communication (e-mail)?

A service provider must ensure that a commercial communication provided by him and which constitutes or forms part of an information society service (e.g. an advertising e-mail) must:

a) be clearly identifiable as a commercial communication;

b) clearly identify the person on whose behalf the commercial communication is made;

c) clearly identify as such any promotional offer (including any discount, premium or gift) and ensure that any conditions that must be met to qualify for it must be easily accessible, and presented clearly, and unambiguously; and

d) clearly identify as such any promotional competition or game and ensure that any conditions for participation are easily accessible and presented clearly and unambiguously.

(Top)

Question 13. Do the Regulations allow contracts to be concluded by electronic means?

The Government believes that the great majority of relevant statutory references (e.g. to requirements for writing or signature) are already capable of being fulfilled by electronic communications where the context in which they appear does not indicate to the contrary.

Where existing legal requirements applicable to the contractual process do create obstacles for the use of the electronic contracts or result un such contracts being deprived of legal effectiveness and validity on account of their having been made by electronic means, the Government will propose necessary amendments on case-by-case basis.

(Top)

Question 14. What information does a service provider need to give where contracts are concluded by electronic means?

Regulation 9(1) provides that, where a contract is to be concluded by electronic means and unless parties who are not consumers have agreed otherwise, a service provider must, prior to an order being placed by the recipient of a service, provide to that recipient in a clear, comprehensible and unambiguous manner the following information:

a) the different technical steps to follow to conclude the contract, so that recipients are made aware of what the process will involve and the point at which they will commit themselves;

b) whether or not the concluded contract will be filed by the service provider and whether it will be accessible. “Filing” is a legal concept in other Member States that would apply in the UK only where contracts are made with service providers established in those Member States;

c) the technical means for identifying and correcting input errors prior to the placing of the order; and

d) the languages offered for the conclusion of the contract.

These requirements do not apply where, for example, initial contact is made via a website but, for reasons relating to the complexity of the contract, it is actually concluded offline e.g. by phone or by an individual exchange of e-mails rather than a standard online purchasing mechanism.

A consumer is defined in regulation 2 as 'any natural person who is acting for purposes other than those of his trade, business or profession'.

(Top)

Question 15. What information does the service provider need to give to service users when they place an electronic order?

Unless parties who are not consumers have agreed otherwise, where the recipient of the service places his order through technological means, service provider must:

a) acknowledge receipt of the order to the recipient of the service without undue delay and by electronic means; and

b) make available to the recipient of the service appropriate, effective and accessible technical means allowing him to identify and correct input errors prior to the placing of the order.

(Top)

Question 16. What will happen to service providers who breach these rules?

Depending on the nature of the breach, service providers may face a claim for damages, or their online contract may be invalidated. Where the breach affects the collective interest of consumers, a service provider may also be subject to a “stop now” order by a trading standards office or other regulator (see question 17 below).

(Top)

Question 17. How do Stop Now Orders relate to the Regulations?

Where failure to comply with the Regulations harms the collective interests of consumers, the service provider responsible may face a “stop now” order under Part 8 of the Enterprise Act 2002. This will permit the Office of Fair Trading and other named consumer-protection bodies to apply to the courts for an enforcement order where infringement of these Regulations by a service provider harms the collective interests of consumers. The courts will also be able to order service providers to publish corrective statements with a view to eliminating the continuing effects of past infringements. Failure to comply with an enforcement order is treated as contempt of court, punishable by fines and/or imprisonment.

(Top)

Question 18. What liability do Intermediary Service Providers have?

The Regulations limit the liability of service providers who unwittingly transmit or store unlawful content provided by others in certain circumstances. There are 3 categories of service providers whose liability is thus limited by the Regulations; those who transmit information (i.e. mere conduits), those who engage in “caching” information, and those engaged in “hosting” information. You should refer to Regulations 17- 22 for a full explanation of the requirements you will have to meet in order to fall within these limitations of liability and in case of doubt you should seek legal advice on such issues.

(Top)

Question 19. How is “actual knowledge” specified in relation to the Regulations?

Regulation 22 provides that in determining whether a service provider has actual knowledge for the purposes of Regulations 18(b)(v) and 19(a)(i), a court shall take into account all matters which appear to it in the particular circumstances to be relevant and, among other things, shall have regard to:

a) whether a service provider has received a notice through a means of contact made available in accordance with Regulation 6(1)(c); and

b) the extent to which any notice includes:

i) the full name and address of the sender of the notice;

ii) details of the location of the information in question; and

iii) details of the unlawful nature of the activity or information in question.

It is expected that the onus will be on the party alleging that liability has arisen to demonstrate that a service provider had actual knowledge or awareness but did not act upon it appropriately.

(Top)

Question 20. Is there a general obligation for ISP’s to monitor information?

The Regulations do not address the imposition of a general obligation on service providers, when providing the services referred to in Regulations 17-19, to monitor the information that they transmit or store or to actively seek facts or circumstances indicating illegal activity. No such obligations exist in UK law, and their introduction would be incompatible with the requirements of the E-Commerce Directive.

However, this does not affect the imposition of monitoring obligations in specific cases (e.g. in compliance with a warrant issued under Section 5(1)(a) of the Regulation of the Investigatory Powers Act 2000 to secure the interception of a communication in the course of its transmission by means of a telecommunication system). Existing statutory obligations continue to apply equally online as well as offline.

(Top)

Question 21. What is the 2008 European Court of Justice ruling that companies should provide a means of contact on their websites in addition to postal and email addresses?

Currently companies must provide an email address and a geographic address on their websites. The German Federation of Consumers' Associations brought the case against an online insurance seller (deutsche internet versicherung AG) which did provide policy holders with a telephone number but only after the conclusion of the contract. The ECJ has now ruled that some additional form of contact is required. This could be a telephone number or it could be a web form which can be filled in by the consumer and which will be responded to by the company. The ECJ ruling can be found here: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:C:2008:313:0007:0008:EN:PDF

(Top)

Minister responsible

Mark Prisk is the minister responsible for this policy area.