Control Blog  
Helping Grow Your Business

ecommerce rules and regulations - control

There is an honor code when selling online. It’s a partially self-regulated practice, but there are also some fixed rules and regulations that every business must follow. You might consider your business so insignificant that the government won’t notice you cutting corners. However, in a self-regulated commerce, customers are also en guard and if they see something suspicious or out of sorts with your brand, you’ll be flagged.

Here are 8 eCommerce rules and regulations that are industry standards. Even if they aren’t written as rules in your country, it is still good practice.

Anti-Spam Law:

There are different names for Anti-Spam Laws, but they are all in placed to protect consumers from receiving unsolicited marketing material.

Online businesses have the capability of collecting consumer information, a lot of it. It’s easy to abuse that power. With this regulation in place, businesses cannot legally spam people without having them consent to it first. In addition, when sending out commercial material, businesses must include the following:

  • A clear method to unsubscribe, which then must be honored.
  • Identifier marking the message as an advertisement.
  • Subject and header that doesn’t mislead the recipient.  

If you intend to use email as a channel for marketing, you need to get your customer’s permission first. For example: if you violate this law in Canada, your business will be penalized up to $16,000 for every non-compliant email sent.

Privacy Policy:

Transparency is key in earning brand trust; therefore, it is important to have a clear and accessible privacy policy in placed. What should the policy contain?

As mentioned earlier, online businesses have access to consumer information: name, address, email address, payment data, etc.

There are valid reasons why a business will hang onto the information for you: to help serve consumers better and offer personalized products would be two reasons. The data is not only valuable for your business; it’s also valuable to third-party companies such as marketers.

Rather you are storing the data or sharing it to a third-party, it must be clearly stated in the privacy policy. Then it is the duty of the online business to comply with it.

PCI Compliance:

Any business that processes, stores or passes on credit card information must comply with the Payment Card Industry Data Security Standard (PCI DSS). PCI ensures that businesses are operating in a secure manner that prevents sensitive payment data from being stolen or misused.

When consumers see that your company is not compliant with PCI, they will contact the payment brands (Visa, MasterCard, etc.). The payment companies are then responsible for dealing with the violation. If a security breach or loss of data had taken place, then the business will face a much higher fine and repercussion.  

PCI was designed for large enterprise companies, but that doesn’t mean small-to-medium-sized businesses (companies that process approximately 20,000 credit card transaction a year) are ignored. In fact, SMBs are often targeted, because the majority of SMBs don’t have an IT team. Still they are responsible for ensuring their customers’ payments are being processed through a secure network and is stored in a protected database.

Collecting Taxes:

Taxes can be quite confusing for online businesses—and the proper process differs from country to country and region to region. Even the way your business handles taxes may differ from another business operating next door.  Like people, businesses can handle the tax process differently, but what matters is doing it accurately.

In the US, an online store without any physical presence is not required by law to collect taxes on purchases. However, “physical presence” lies in a gray area. Each state has a different definition for it.

Whether you are including the tax in the overall price of the product or filing it afterward, it’s good practice to speak with an accounting professional. Since every business is different, it’s good to know specifically what exemptions your brand will have.

Keeping Business Records:

Since audits are not uncommon for online businesses, it’s important to keep the business documents in case you need to present it to the agencies. Depending on the documents and the country in which your business operates, there are different suggested lengths in which to hold these documents and it goes case by case. Since different documents serve different purposes, it’s smart to clarify with the agencies first before destroying.

Generally, if it involves income taxes, business ledgers, and supporting documents, the IRS suggest that you keep the records for 7 years from the day the taxes were filed. If the documents are regarding employment, it is suggested that the documents be kept for 4 years from the day it was filed. If the documents are regarding an injury that took place in the workplace, the document should be kept for 10 years, after the length of time necessary for employment compensation to be paid.


Your eCommerce business depends on your ability to fulfill shipment. If you cannot get your product to the customer, you don’t have a business. So before you even start selling, you must recognize the regulations set for certain items such as aerosols, food, beverages, perfumes, alcohol, etc.

Depending on your shipment provider, they may permit the product to be shipped if proper paperwork is filed or if fees are paid.

Shipping can lead to more sales or ruin a shopper’s experience. For more tips on implementing a successful shipment process, read our classic post: 8 Ways to Make Shipping a Joy for eCommerce Shoppers

Holding Inventory:

Not every eCommerce business has a big Amazon-sized warehouse to hold their inventory. Regardless of the infrastructure, the inventory needs to be held somewhere. Holding inventory and running a business from home is a case-by-case basis that is dependent on your product and your location. If you are keeping it in a zone that prohibits warehousing or business operation in general, it’s good to know before you end up with boxes and boxes of merchandise and a fine.

Terms and Conditions:

If you were operating a brick-and-mortar store, the rule would probably be to have good insurance to cover lost and damages to your business. Online businesses don’t have the same protection, many insurance companies don’t offer plans for online businesses and even if they do they are known to be costly.

Having a solid terms and condition will reduce your personal liability should your business face any problems. In the terms and conditions, you can clearly define what your company is offering, guarantees, warranties, etc.

If it isn’t written, it will not hold up.

Wherever your company is based, you must remember that the web is a global market and customers are all equal. Understanding these 8 regulations will help your company perform, stay organized, and avoid any crisis that can possibly shut down your account.

Control offers the tools for online businesses succeed. Download our app and start measuring, monitoring, and managing your payments data today.