Does your website comply with the law? (Probably not)
You have a website. It’s online, it looks good, clients find you. Everything in order — right?
Probably not. Most small business websites are missing basic legal requirements. Not out of ill will, but out of ignorance. And the law makes no distinction between intent and ignorance.
What the law requires
In Europe, concrete legal requirements apply to every commercial website. These aren’t recommendations — they’re obligations:
1. Company registration and VAT number
Every business registered with a trade authority is required to display its company registration number and VAT identification number on its website. This follows from commercial register legislation and VAT regulations. Whether you’re a sole trader or a limited company — both numbers must be visible.
Yet they’re missing from the majority of small business websites. Not deliberately hidden — just forgotten.
2. Contact details
Your website must include:
- Your business name (or trading name)
- A direct means of contact (email address, phone number, or other channel that allows rapid, direct communication)
- Your registered address (or postal address)
This follows from Distance Selling regulations and the e-Commerce Directive. A website without accessible contact details isn’t just unprofessional — it’s illegal.
A contact form alone is not enough. Many business owners only offer a form — often out of fear of spam. But the e-Commerce Directive requires a means of direct, rapid communication. A form that disappears into a queue doesn’t meet that standard. An email address, a phone number, or an instant messaging channel does.
While not strictly mandatory, displaying an email address signals trust and accessibility. The fear of spam is understandable, but it’s a technical problem with good solutions — not a reason to hide. Modern platforms can protect email addresses from bots while keeping them visible and clickable for real visitors. Engineering instead of hiding.
3. Privacy policy
If you process personal data in any way (and you do the moment someone fills out a contact form or you run analytics), you’re required to publish a privacy policy. It must describe:
- What data you collect
- Why you collect it
- How long you retain it
- Who you share it with
- How someone can request deletion of their data
A generic privacy policy copied from the internet that doesn’t match what your site actually does technically is worse than no policy at all — it’s misleading.
4. Terms and conditions
If you provide services or sell products, you’re required to make your terms and conditions available before entering into an agreement. On a website, that means: they must be findable and downloadable.
5. Cookie notice (where applicable)
If your website places non-essential cookies (tracking, analytics, marketing), you must:
- Request consent in advance (opt-in)
- Explain which cookies you place and why
- Give the visitor the option to refuse
No tracking? No cookies? Then you don’t need that irritating cookie banner at all. With a cleanly built website, that’s often the case — which directly results in a faster site and a better user experience. But most DIY sites do place cookies — often without the owner knowing.
Why most sites don’t comply
The problem isn’t that business owners want to break the law. The problem is that nobody tells them:
- DIY platforms don’t ask for your registration number when you create your site
- Template builders don’t have a field for legal information in the footer
- Privacy policy generators produce text that doesn’t match the technical reality of your site
- Web designers deliver a site without a legal check
It’s like opening a shop and nobody tells you that you need a permit. You don’t know — until someone comes along who does.
The risks
Consumer protection authorities and data protection regulators actively enforce these obligations. The consequences:
- Fines — ranging from warnings to thousands in penalties
- Legal notices — from competitors or advocacy groups that hold you accountable for missing information
- Loss of trust — a client who looks up your registration number and doesn’t find it questions your legitimacy
- Legal vulnerability — in a dispute, you’re in a weaker position if you haven’t met your disclosure obligations
The checklist
Check whether your website includes the following:
| Requirement | Where on your site | Mandatory? |
|---|---|---|
| Company registration and VAT number | Footer or contact page | Yes |
| Business name | Clearly visible throughout | Yes |
| Email address, phone number, or other direct contact channel | Contact page + footer | Yes |
| Registered or postal address | Footer or contact page | Yes |
| Privacy policy | Separate page, linked from footer | Yes (when processing personal data) |
| Terms and conditions | Downloadable, linked from footer | Yes (when providing services/selling) |
| Cookie notice + banner | Separate page + popup | Only with non-essential cookies |
If you have to answer “no” to one or more of these points, your website doesn’t comply with the law.
The solution
The good news: this isn’t a complicated problem. It’s a checklist you go through properly once. With a professional website upgrade, all these elements are included as standard:
- Registration number in the footer
- Contact details in the right place
- Privacy policy that matches the technical reality
- Terms and conditions available and findable
- Cookie notice only when needed (and with a clean site, that’s often not the case)
It’s the difference between a shop that has all its permits in order and a shop hoping nobody ever comes to check. Both are open. But only one sleeps easy.
Curious how your website performs? Try the free website check.