Website legal information: basic requirements

27 Apr 2008
Alasdair Taylor

Warning: this post is out-of-date.  For the current law (as at 18 May 2012)  on ecommerce site information disclosures, see:


English law requires that most business websites supply certain information.

The basic information requirements are set out in:

  • The Electronic Commerce Regulations (EC Directive) Regulations 2002 (the “Ecommerce Regulations”). These Regulations implement into English law Directive 2000/31/EC of the European Parliament and of the Council of 8 June 2000 on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market (the “Ecommerce Directive”); and
  • The Companies Act 2006 and the Business Names Act 1985.

The application of each piece of legislation, and the detailed information that will be required where the legislation applies, is considered below.

Ecommerce Regulations: application

The Ecommerce Regulations basic disclosure requirements apply to “…a person providing an information society service…” (Regulation 6). “Information society service” means “any service normally provided for remuneration, at a distance, by means of electronic equipment for the processing (including digital compression) and storage of data, and at the individual request of a recipient of a service” (Recital 17 of the Ecommerce Directive). This requirement should be broadly construed. For example, although a simple “brochure” website might not be an information society service, a website that earns money through advertising almost certainly will constitute an information society service, even if it is completely free to users.

The Ecommerce Regulations only apply to service providers established in the UK. However, service providers established elsewhere in the EU will have to comply with equivalent requirements under the national law of the state in which they are established. “Established service provider” is defined in the Ecommerce Directive as follows: “a service provider who effectively pursues an economic activity using a fixed establishment for an indefinite period. The presence and use of the technical means and technologies required to provide the service do not, in themselves, constitute an establishment of the provider;” So, the location of the servers hosting a website do not determine the place of establishment. Where there are multiple “fixed establishments” in relation to a given service, then Recital 19 of the Directive provides guidance: “… in cases where a provider has several places of establishment it is important to determine from which place of establishment the service concerned is provided; in cases where it is difficult to determine from which of several places of establishment a given service is provided, this is the place where the provider has the centre of his activities relating to this particular service.”

Ecommerce Regulations: requirements

A person providing an information society service must make available to the recipients of the service (and any relevant enforcement authority) in a form and manner which is easily, directly and permanently accessible, the following information:

  • the name of the service provider;
  • the geographic address at which the service provider is established;
  • the details of the service provider, including his electronic mail address, which make it possible to contact him rapidly and communicate with him in a direct and effective manner;
  • where the service provider is registered in a trade or similar register available to the public, details of the register in which the service provider is entered and his registration number, or equivalent means of identification in that register;
  • where the provision of the service is subject to an authorisation scheme, the particulars of the relevant supervisory authority;
  • where the service provider exercises a regulated profession: (i) the details of any professional body or similar institution with which the service provider is registered; (ii) his professional title and the member State where that title has been granted; (iii) a reference to the professional rules applicable to the service provider in the member State of establishment and the means to access them; and
  • where the service provider undertakes an activity that is subject to value added tax, the relevant identification number.

In addition, where a person providing an information society service refers to prices, these must be indicated clearly and unambiguously and, in particular, must indicate whether they are inclusive of tax and delivery costs.

Companies Act 2006 and Business Names Act 1985

Every UK company should list on its website:

  • its name;
  • its company registration number;
  • its place of registration; and
  • its registered office address.

Sole traders and partnerships who carry on a business in the UK under a business name (very roughly, not the names of the trader/partners) must also make certain website disclosures:

  • in the case of a sole trader, the individual’s name;
  • in the case of a partnership, the name of each member of the partnership;
  • in either case, in relation to each person named, an address in the UK at which service of any document relating in any way to the business will be effective.


This site has been helpful…I am the volunteer secretary of a writers group and we have a web site. We are looking into publishing work on the web – not for sale – . I am not clear when you refer to the “service provider” whether that means the ISP or the writers group.

So if a sole trader is working from home, then by law they have to put their home address on their website and cannot use an alternative contact address because the served documents would otherwise not be effective? Now that’s just stupid, ridiculous and puts people at risk. Can I then go on to sue the government for making me have to deal with stalkers, burglars, etc?? I doubt it!

A big issue with working from home is putting your address on a website. There is this idea that everyone will know where you live and you will be vulnerable to burglars etc. Its very likely that the only people likely to access your website are the ones trying to get hold of your business for business reasons rather than to check your property out for robbing. With the billions of websites out there who has got the time to randomly to through them and to check who is working at home? How are people going to know that is your home address? Hopefully you put your address on a business card, which you then hand it out to anyone slightly interested. Can’t these people also stalk and rob you?

Well duh, people just get your address details from the Whois database relating to your web address.

For uk domains you can withhold your address so it would not appear on whois and for .com you can also do the same I believe

Does this also apply to pages and profiles within social networks (e.g. faceook)? And if a “personal” profile is also used for business purposes?

In respect of the Ecommerce Regulations requirements, the question is whether such pages/profiles would constitute an “information society service” provided by the relevant businesss. In general terms, I think that most social networks would be classified as services provided by the network operator, and so the basic disclosure requirements under the Regulations will not apply. However, it may depend upon the particular network.

The company names rules have been updated since this post was written. The requirements are now set out in The Companies (Trading Disclosures) Regulations 2008 as well as the Companies Act 2006:

A company name is needed on all business communications, and this would include communications on third party websites. However the “further particulars” referred to in the Regulations are not I think required on third party sites like social networks.

I share the same concerns with Mr Anonymous about the need for sole traders to publicly publish their home address (and not just own their own website but on other websites such as eBay too). Even if you put the security and burglary risk aside (which I think is a significant risk) it can result in a situation where you have people turning up at your private residential property unannounced which may be inconvenient, which is something a commercial premises wouldn’t have to deal with. Clearly there should be some provision to allow for this under the law and perhaps a more sensible approach would be to supply your address details on request or only on an invoice or receipt where a sale has taken place. Seems a more sensible approach but when was the law ever sensible!

I have a question I’m hoping someone can answer.. This page states that businesses have a legal obligation to publish their trading name and address on their website under Companies Act 2006 and Business Names Act 1985, but does the law specifically state how prominently these need to be displayed? I’ve seen some sites (big manufacturers and retailers) where they bury them in tiny print among the terms and conditions page and its only by chance you might look there and find them. There’s nothing under the usual “Contact” link page. Is this still legal?

@Paul Under The Companies (Trading Disclosures) Regulations 2008), there is a basic legibility requirement for website and business communication disclosures: “Any display or disclosure of information required by these Regulations must be in characters that can be read with the naked eye”. There is a requirement of prominence in relation to registered office notices, but this does not apply to website and business communication disclosures. See the Regs for full details: The position is not so clear-cut under the Ecommerce Regulations. Disclosures have to be “in a form and manner which is easily, directly and permanently accessible”. The question, then, is whether company information buried in website T&Cs is easily accessible. The answer to this question may vary from case to case. I would be very surprised if the question ever gets put before a court of law: it’s wouldn’t be of interest to regulators, and even if it gives rise to private rights of action (I don’t know off the top of my head if it does), it’s hard to image a breach of those rights that would give rise to a significant loss that wouldn’t be independently recoverable.

@Alasdair: Thanks very much for your detailed response to my earlier question. I have one more question which maybe you can answer which will no doubt interest others in a similar situation… Myself and a group of others have setup a website and “scheme” for cyclists to provide free facilities from third party businesses free of charge. It’s not a for profit business and doesn’t sell anything. It’s intended to be more of a charity format, relying on donations from the industry (but not a registered charity at this stage). Members are invited to register free at the website. Beyond their full name and personal profile, they don’t provide their address, telephone number or any financial details etc. Obviously the Data Protection Act would still apply, but I’m more concerned about the Ecommerce regulations you mentioned, specifically the need for displaying the Webmasters/main admin’s home address on the website. Would that still be a legal requirement do you think on a website like this? If there is a legal requirement, would it be possible to use a PO Box address instead?

@Paul. With regards to displaying an address, then surely these sole traders are oblidged to give full disclosure of their address on invoices and headed paper. So a disgruntled customer would be able to find them anyway. You are also correct with regards to large companies. I have just witnessed a case being thrased out on a forum where someone was accusing a major site of lifting his copy and could not get in contact with the company, without registering for the site or paying for a premium phone call to India (which proved fruitless!). Not quite sure what the legal redress is for companies who disregard the ecommerce regs? Where and who are they reported to? @Alasdair. If a business is on some directories/ lead generation sites, their address is witheld from being made public (particularly in the latter case, I presume to stop customers ringing people direct and cutting out the lead generators profit/commission). How do they get around that? Is a business like that or eBay excluded because they have the business’ full contact details? One interpretation of the law I have seen, the regulations do state that a registered office would suffice (compulsory if it is a company). Is there a simple way sole traders could have a registered office without becoming a company? (this does not apply to me as I am Limited and know what I have to do). I looked at the following document and quote: point 5.2 (b) on page 17:”The geographic addressat which the service provider is established. This is not necessarily his principal or registered office, nor the usual address which he cited for the purposes of sending communications. Rather, it is an address that derives from the definition of “established service provider” and so indicates the Member States whose laws will, in general, applyto the provision of the service in question”. As long as they comply with 5.2 (c): “the details of the service provider, including his email address, which makes it possible to contact him rapidly and communiacte with him in a direct and effective manner” then surely this would be a get out-clause for those operating a business from home, provided he can provide an address within the UK at which he is easily contactable. (Used to be like driving licenses in the past “contactable address”?). Bare in mind I am no lawyer, but as a commoner that is how I would interpret it. Reading 5.4, which addresses “rapidly”, “the enforcement authorities are expected to treat this as a question of common sense” with “the onus being on the service provider to demonstrate that he has complied with this requirement”. As a lawyer would you not be able to argue that provided a service provider has given those details upon direct communication with the consumer (along with terms and conditions and everything else required by Distance Selling Regulations), that a business operating from home has complied, particularly when you look at 5.3, regarding texts (particularly as limited to 160 characters)… though they mention refering back to a source such as a website. Surely a some sort of disclaimer along the lines of providing full address on placement of order/commencement of communication and re-iterating the right to a cooling off period of 7 days (Direct Selling Regulations) could be argued to be sufficient in these cases of home businesses. Alternatively, keep safe. Sell via directories and eBay and dont have a website/Social Media presence etc. Sorry to be so long winded but have spent a lot of time researching this as it interests me a lot, given the poor policing of the net. Big companies that hid info really annoy me!

I decided to google my name and even tough I am careful on social websites, my name appear on search engines next to my address, a map and my date of birth. I am an IT contractor and have a limited company at my name. I am the only person in that limited company. I feel that this is absolutely wrong. Details can be obtained by agencies and individuals on a limited company but displaying these details on a search engine is wrong. Internet is a new thing and the law is changing constantly. I really feel we should do something about this. Problem is I don’t know where to start. Next week I will contact a solicitor. But what else can I do? The law must change as our times are changing an I am pretty sure that maybe there are already some groups out there that are trying to do this. Do you know?

Where the personal information in question is part of a public record (your DoB and address are, as you know, part of the Companies House records), and you have no IP rights that you can assert in respect of the information, then it may be hard to put together a persuasive legal argument that Google must remove the information from the SERPs. 

Your best bet will likely be the Data Protection Act 1998.  Without doing some research, I’m not entirely sure how the DPA applies in these circumstances.  Certainly, there is no general exemption for information that forms part of a public record (see section 34 for the exemption that relates to data controller with the statutory obligation to disclose the information).  I’m guessing that Google would argue their processing is covered by paragraph 6(1) of Schedule 2:

The processing is necessary for the purposes of legitimate interests pursued by the data controller or by the third party or parties to whom the data are disclosed, except where the processing is unwarranted in any particular case by reason of prejudice to the rights and freedoms or legitimate interests of the data subject.

If it turns on this “legitimate interests” exception, there’s certainly room for argument.

Have you tried simply asking Google to remove the information in the first instance?

If selling services, like “banner ads”, do the same laws of e-commerce apply? 

Example: Facebook doesn’t have an address, and we can buy ads from them anywhere in the world. Certainly they don’t open a business in every country?

With reference to the Ecommerce Regs:

  • it is generally thought that a free service funded by advertising will constitute an “information society service” for the purposes of the Regs;
  • business that are not established in the EEA will not however be subject to these rules.

Add a new comment

Your email address will not be published.

SEQ Legal
Copyright © 2022 Docular Limited | All rights reserved