Open navigation
Search
Search
All expertise
Explore our breadth of expertise.
International Desks
Helping you access overseas markets with support from our country and region-specific experts
Sectors View all
Practice Areas View all
Offices
Discover the scope of our presence in the jurisdiction.
Global Reach
Learn about our capabilities beyond borders.
CMS United Kingdom
All insights
Leverage our expert analysis, intelligence and thought leadership for your strategic advantage.
Personalised updates
Receive tailored insights and intelligence that apply directly to your business.
Topics in focus View all
Insights by type
CMS Spotlight: join our events and webinars!
CMS News
Stay up to date with our growth, evolution and our many successes.
CMS Press Office
Contact us
For all general enquiries.
About CMS
CMS Careers

Select your region

International Europe Africa Asia-Pacific The Americas Middle East
Legal Update

The E-commerce Directive

12 Apr 2002 United Kingdom 10 min read

Framework of the Directive

The E-commerce Directive 2000/31/EC establishes a legal framework within which electronic trading can operate. The Directive applies to natural or legal persons that provide an information society service and who are established within the European Economic Union ("EEA").

The definition of an "information society service" in the Directive is very wide. The definition basically covers any service that is normally provided for remuneration, at a distance by electronic means of electronic equipment for the processing and storage of data and at the individual request of a recipient of the services.

Information society services spans a wide range of economic activities that take place online including selling goods and services online, such as online newspapers, online databases, online financial services, online professional services (such as lawyers, estate agents) and online entertainment services. It also includes services consisting of the transmission of information via a communication network, providing access to a communication network, hosting information or providing commercial communications by email. Services may also be provided using other electronic means including by email or by mobile phone.

The definition of information society services is not restricted to selling online for remuneration by the recipient of the service. It also extends to services that are not remunerated by those who receive the service, for example offering online information or commercial communications (eg advertisements) which are funded by advertising or sponsorship revenue. Television and radio broadcasting services do not fall within an "information society service" because these services are not provided "at the individual request of a recipient of a service".

The Directive does not apply to certain areas including the field of taxation (particularly VAT imposed on information society services), issues relating to information society services covered by the Data Protection Directive 95/46/EC and the Telecoms Data Protection Directive 97/66/EC and agreements or practices governed by cartel law (dividing the market or fixing prices). The Directive does not establish additional rules on private international law (ie the part of UK law that deals with cases having a foreign element, such as where a contract is made in a foreign country or one or more of the parties is not resident in the UK), nor does it deal with the jurisdiction of courts.

The Directive deals with 5 distinct issues:

  • The qualified "country of origin" principle
  • Information for customers
  • Requirements for commercial communications
  • Requirements for electronic contracts
  • Limiting the liability of intermediary service providers

The qualified "country of origin" principle
The Directive establishes a qualified "country of origin" principle. This requires that any natural or legal person who provides an information society service in the EEA comply with the laws applicable to them in the Member State in which that service provider is established. The place of establishment of a service provider is the place where they pursue an economic activity using a fixed establishment for an indefinite period. The presence and use of the technical means and technologies required to provide the information society services do not in themselves, constitute an establishment of the provider.

This is of crucial importance to any e-business and means that for the purposes of the Directive, it is irrelevant where that business' website or server is located. The determining factor is where the business actually pursues its economic activity (ie. the centre of its operations or head office). Where it is difficult to determine from which of several places of establishment a given service is provided, it is the place where the service provider has the centre of its activities relating to that particular service. Therefore, if the service provider complies with the laws of the Member State in which it is established it will not have to concern itself with the varying laws of the other 18 Member States in which it might be operating.

The "country of origin" principle is qualified because the Directive does not establish pure country of origin regulation (ie. regulation entirely in the service provider's home country and not in the consumer's). Firstly, the "country of origin" principle in the Directive will not apply to areas including certain intellectual property rights such as copyright, the freedom of the parties to a contract to choose the applicable law and certain contractual obligations concerning consumer contracts. Also, the principle will not apply to certain areas of law because the Directive and Regulations do not apply to taxation and other areas as already discussed. Secondly, the Directive allows Member States to impose regulations on providers established in another Member State on a case by case basis and under certain circumstances for example, where necessary for reason of public policy or the protection of consumers. The Member State will need to notify the EC that it intends to impose such regulation on overseas providers. Therefore, a provider of information society services will need to the extent discussed, comply with the laws of the Member State in which the overseas provider is operating.

Information requirements for customers
Service Providers must provide customers with certain basic information which must be made permanently accessible to customers:

  • the name of the service provider;
  • the geographic address at which the service provider is established;
  • the details of the service provider, including his email address so that the service provider can be contacted rapidly and communicated with in a direct and effective manner;
  • where applicable, details of the service provider's membership of a trade register, authorisation scheme, or professional body; and
  • VAT details of the service provider.

The Directive requires that in addition to other information requirements established by Community law, Member States shall at least ensure that, where information society services refer to prices, these are to be indicated clearly and unambiguously and, in particular, must indicate whether they are inclusive of tax and delivery costs.

Requirements for Commercial Communications
Commercial communications are defined as "any form of communication designed to promote the goods, services or image of a company, organisation or person pursuing a commercial, industrial or craft activity or exercising a regulated profession…".

The Directive requires that commercial communications which are a part of or constitute an information society service (for example, an advertising email) comply with certain conditions:

  • Commercial communications must be clearly identifiable as such.
  • Clearly identify within the communication the natural or legal person on whose behalf the commercial communication is made.
  • Any promotional offers such as discounts, premiums and gifts where permitted in the Member State where the service provider is established (reflecting again the country of origin principle), must be clearly identifiable as such so as not to leave any ambiguity as to their nature. Promotional games and competitions must clearly indicate the terms and conditions of entry, for example by means of a logo with a hyperlink.

Unsolicited commercial communications – Spam


Unsolicited commercial communication sent by e-mail to be "identifiable clearly and unambiguously" as such as soon as it is received so that the recipient can instantly identify it as a commercial communication without having to open it and read it.

Electronic contracts

Information prior to order being placed


Except when otherwise agreed by parties who are not consumers, service providers must describe in advance in a "clear, comprehensible and unambiguous manner" the following information prior to an order being placed by the recipient of the service:


  • the different technical steps to follow to conclude the contract so that customers are aware of what the process will involve and the point at which they will commit themselves;
  • whether or not the concluded contract will be filed/archived by the service provider and whether it will be accessible;
  • the technical means allowing a customer to identify and correct input errors prior to the placing of his order;
  • the languages offered for the conclusion of the contract.

Note that the requirement to provide the above information does not apply to contracts concluded exclusively by exchange of email. The draft UK Regulations specify that if the service provider has not made available to the customer the technical means to identify and correct input errors prior to placing an order, the contract with the customer will not be enforceable and the customer may give notice to cancel the contract at any time.

Placing orders


Unless parties who are not consumers have agreed otherwise, where the recipient of the service places his order through electronic means, the service provider must acknowledge receipt of the order to the recipient of the service without undue delay and by electronic means.

A service provider must make available to the customer appropriate, effective and accessible technical means to allow him to identify and correct input errors prior to the placing of the order.

Note that the draft UK Regulations provide that if a service provider fails to acknowledge receipt of an order or made available means of allowing a customer to identify and correct input errors then the contract shall not be enforceable and the customer may give notice to cancel the contract.

Liability of Intermediary Service Providers
The Directive aims to limit the liability of intermediary service providers who transfer/store information from supplier to recipient but is not aware of its content.

Mere conduit


Service providers will be exempt from liability where they play a passive role as a mere conduit of information in circumstances where the provider transmits information across communication networks or provides access to a communication network. The exemption from liability will apply provided that the provider:

(a) does not initiate the transmission of information (ie. he did not make the decision to carry out the transmission);
(b) does not select the receiver of the transmission; and
(c) does not select or modify the information contained in the transmission. Manipulations of a technical nature in the course of transmission that do not alter the integrity of the information are not an issue.


Caching


Where an information society service is provided which consists of the transmission in a communication network of information provided by a recipient of a service, the service provider is not liable in damages as a result of that transmission where the information is the subject of automatic, intermediate and temporary storage where that storage is for the sole purpose of making more efficient onward transmission of the information to other recipients of the service upon their request and the service provider complies with certain conditions including that the service provider does not modify the integrity of the information and removes access to the information it has stored on obtaining actual knowledge of the fact that the information at the original source of the transmission has been removed or access disabled.


Where a service provider provides hosting services that consist of storing information provided by a recipient of their service (eg. the provision of server space for a website or a newsgroup), the service provider will be excluded from liability in damages on the condition that the service provider:

(a) does not have actual knowledge that the information was in breach of any law and is not aware of facts or circumstances from which it would have been apparent to the service provider that the information was unlawful; and
(b) on obtaining such knowledge or awareness, acts expeditiously to remove or to disable access to the information.

For further information on this topic, please contact Rose Qui at rose.qui@cms-cmck.com or on +44 (0)20 7367 3570.

More insights
Cyber TMT - Technology, Media & Telecommunications Communications Media Technology

Explore more

Event United Kingdom

CMS Update Morning: Media, Sports and Entertainment

29 Apr 2026
Expert Guide International

Data protection and cybersecurity laws in the United Kingdom

38 min read
Publication United Kingdom

Cyber risk management for senior leadership teams

02 Oct 2025 1 min read
Back to top Back to top
You will now find all Law-Now content on CMS.law
Explore more
Law-Now, RegZone, LEXplicite and Blogtt have moved to CMS.law. Law-Now has moved to CMS.law. RegZone has moved to CMS.law. LEXplicite has moved to CMS.law. Blogtt has moved to CMS.law.
Learn more Learn more Learn more Learn more
If you want to use third party tools, please enable personalisation cookies as part of your cookie preferences. You can change this setting at any time via the button below or in our Cookie Notice.