The Electronic Commerce (EC Directive) Regulations 2002 in Practice

April 30, 1998

Designed to promote greater use of online trading and, in doing so, ensure the free movement of “information society services” across the EC, the Directive came into force on 21 August 2002 in the form of the Electronic Commerce (EC Directive) Regulations 2002 (SI 2002/2013).

The Directive applies to the way in which service providers are established, commercial communications, electronic contracts, the liability of intermediaries, codes of conduct, out-of-court dispute settlements, court actions and cooperation between Member States.


Broadly speaking, the Regulations apply to all forms of commercial activity conducted online. There are, however, certain exceptions such as in relation to tax or gambling law, although promotional competitions or games designed to encourage the sale of goods or services would be caught.

The key points of the Regulations are that:

· While the UK law applies to online sales and advertising if the merchant is established here, online service providers established in other EU Member States may not be affected. Exceptions do exist, notably in respect of consumer contracts and the freedom of contracting parties to choose the governing law of their contract;

· Recipients of online services must be given clear information about the merchant, the nature of the commercial communication and how to complete an online transaction; and

· Online service providers are exempt from liability for the content that they convey or store in specified circumstances.

Additionally, enforcement authorities such as the Office of Fair Trading and the Trading Standards Departments also have their powers amended.

The legislation is aimed at “Information Society Services”, defined in Article 2(a) of the Directive and summarised in Recital 17 of the Directive as:

“any service normally provided for remuneration, at a distance, by means of electronic equipment, for the processing (including digital compression) and storage of data, and at the individual request of the recipient of a service”.

The phrase “normally provided for remuneration” is intended to be broad in its scope rather than referring solely to the online sale and purchase of goods or services. As such, it also covers services where there is no direct remuneration from the service recipient as will be the case for online advertisers (ie the senders of commercial communications) and those involved in the transmission or storage of electronic communications, or the provision of the means of access to a communications network.

The Regulations do not define what is meant by the term “online”, but DTI guidelines indicate that it relates to goods or services provided via the Internet, interactive TV and mobile phones. The Regulations will apply to all online aspects of a service, irrespective of whether the goods or services are themselves delivered electronically.


The Regulations do not apply to any aspects of a transaction which are conducted offline, for example, the delivery of goods which have been ordered online, nor do they apply to non-commercial online activities.

Furthermore, the offline elements of an online contract, such as the hard copy conclusion of an agreement of electronic origin are also outside the scope of the Regulations.

It is also important to note that matters covered by the Data Protection Directive or the Telecoms Data Protection Directives are not affected by the Regulations. Services which are not provided via electronic processing or inventory systems, including means that direct marketing by phone or fax are also exempt.

Key Regulations in Summary

Regulation 4 obliges online-service providers established in the UK to comply with UK law, but disapplies UK legal restrictions in respect of the provision of online services from elsewhere in the European Economic Area (ie not just the European Community). Gibraltar is in this respect considered as part of the Community, but the Isle of Man and the Channel Islands are not.

Regulations 6 to 9 set out information supply obligations for online service providers, in particular in relation to advertisers and merchants.

Regulation 10 states that such information obligations are in addition to existing legal requirements.

Regulation 11 places obligations on service providers on the placement of online orders.

Regulation 12 clarifies the relationship between orders and contractual offers.

Regulations 13 to 16 provide remedies in respect of breaches of Regulations 6 to 9 and 11.

Regulations 17 to 22 are of particular applicability to ISPs and limit potential liabilities in certain instances in respect of information carried or stored by online service providers.

Establishment in the UK

Establishment, for the purpose of the Regulations, has more than one meaning and includes both the place where a company is constituted and the actual pursuit of an economic activity through a fixed establishment for an indefinite period. It is not the place where a server hosting the Web site is located, nor the place from where the Web site is accessed.

As such, a service provider can have several places of establishment, although there will only be one for each respective service, namely that place from which the service provider has the centre of its activities for that service.

The effect of Regulation 4 is that UK enforcement authorities will regulate information society services provided from the UK wherever they are delivered in the UK. Conversely, information society services provided in the UK from elsewhere in the EEA will be regulated by the establishment country’s enforcement authorities. This effectively means that UK-based service providers need to comply with UK law when providing information society services to recipients elsewhere in the EEA.

The Regulation does not, however, prevent enforcement authorities from preventing the continuation of a service in the UK where that service has originated from another EEA country if it is deemed necessary on the grounds of public policy, the protection of public health, national security or the protection of consumers. However, unless the matter is urgent, the UK authority can only take such action where it has previously requested its EEA counterpart to act but without any result.

Advertising Restrictions

Advertisements, or “commercial communications” as they are defined in Regulation 2(1), are dealt with specifically under the Regulations and are described as:

“a communication, in any form, designed to promote, directly or indirectly, the goods, services or image of any person pursuing a commercial, industrial or craft activity or exercising a regulated profession”.

Communications consisting solely of information allowing direct access to the activity of that person, including a geographic address, a domain name or an e-mail address, are excluded, as are those relating to the goods, services or image of that person, providing that the communication has been prepared independently (including without financial consideration) of the person making it.

This definition is broad and is designed to catch both Web sites and e-mails whose essential purpose is advertising and those sites where access is free to the recipient. Some interpretation is possible however. An example given by the DTI of a situation in which it is uncertain whether the communication falls under the Regulations is that of a mobile text “welcome” message. These are sent by mobile telecom companies to customers to introduce them to the local network, setting out useful contact numbers or electronic greeting cards which, although they may not be “designed” to promote the service provider, do still identify them and in doing so arguably publicise them.

In addition, Regulations 7 and 8 state that commercial communications:

· must be clearly identifiable as such;

· must clearly identify the person on whose behalf they are being sent; and

· in relation to a promotional offer, the service provider must ensure that any conditions which must be met to qualify for it are easily accessible and presented clearly and unambiguously.

It is important to note that unsolicited e-mail commercial communications, or so-called “spam”, will be subject to new rules under the conditions of the Communications Data Protection Directive 2002/58/EC, adopted on 12 July 2002 and due to be implemented by Autumn 2003.

Also worth taking into account are the DTI’s comments that enforcement authorities are likely to take a broad view of whether or not a “commercial, industrial or craft activity” is being pursued, with the likelihood being that the burden of proof will be on the sender to show that they fall outside this classification.


In keeping with the broad-brush approach to the Regulations, the definition of a recipient includes both natural and legal users of all types of information society services, whether using the Internet for private or professional reasons.

Information Requirements

As with the Consumer Protection (Distance Selling) Regulations 2000, the Government has demonstrated its desire to enhance consumer confidence in e-commerce by requiring increased transparency in online transactions.

This can be seen in Regulation 6(1), which states that an information society service provider must make available certain information including its name, address (including e-mail), service details and VAT number to the service recipient and to any relevant enforcement authority, in a form and manner that is easily, directly and permanently accessible. Pricing information must be clear and unambiguous. Additional rules apply to the providers of regulated professions, such as lawyers.

The Regulations do not detail how the requirement to make information “easily, directly and permanently accessible” should be achieved, although the Government has issued general guidance on this. However, the responsibility lies with the service provider to make the information accessible for as long as it may be necessary to do so. Service providers should therefore keep records of their supplied information.

Additionally, Regulation 9(1) holds that, where a contract is to be concluded electronically and unless parties are business customers who have agreed otherwise, a service provider must provide in a clear, comprehensible and unambiguous manner, certain information to the service recipient prior to its ordering, such as details of the necessary technical steps to conclude the contract and how errors may be corrected. Contractual terms must also be capable of being copied and stored by the consumer. If these prior information obligations are not met, the consumer may rescind the contract.

Non-Liability of Intermediate Service Providers

The Regulations also make provision for the non-liability of service providers which act solely as a “conduit” for information by essentially just providing the transmission network for the sending or receiving of information. This excludes any service provider which either initiated the message, selected the recipient or selected or modified the information (other than technically) contained in the message.

Regulation 18 extends this protection to service providers which cache information for the purpose of transmission and Regulation 19 extends that protection to communication hosts, subject to the Godfrey v Demon (1994) 4 EMLR 542 obligation to remove hosted information where the host is aware that liability has arisen in respect of it. However, the Regulations do not impose a general obligation on service providers to monitor the information that they transmit or store, nor is there any obligation on intermediate service providers to act promptly to inform relevant authorities of alleged illegal activities of which they become aware.

To an extent, the Regulations represent good practice procedures that should already be in place within service provider’s operations. However, this is not always the case and the introduction of the Regulations will necessitate changes to many online merchants’ Web sites, as non-compliance may result in consumers not being bound into contracts. Certainly a review of Web site content and online ordering procedures should at least be considered.