eCommerce Legislation: What You Need To Know

Running an online store in Australia is exciting - you can reach customers nationwide (and overseas) with low overheads and a polished digital experience.

But with that opportunity comes a web of legal obligations around consumer rights, privacy, advertising, payments and more.

The good news? When you understand the key rules early and put the right contracts and policies in place, compliance becomes part of your daily operations - not a roadblock.

In this guide, we’ll walk through the essential eCommerce legislation in Australia, the documents you’ll need, and practical steps to set up your store the right way.

What Is eCommerce Legislation In Australia?

When people say “eCommerce legislation,” they’re usually referring to the mix of Australian laws that apply when you sell goods or services online.

There isn’t one single “eCommerce Act.” Instead, several laws work together, including the Australian Consumer Law (ACL), the Privacy Act, spam and marketing rules, and rules around payments and digital contracting.

As an online retailer, you’ll typically need to comply with these areas from day one - regardless of whether you operate through a simple website, a marketplace store or a mobile app.

Step-By-Step: Setting Up An Online Store Legally

1) Choose Your Structure And Register

Decide whether you’ll operate as a sole trader, partnership, or company. Many online retailers start simple, then incorporate as they grow for better liability protection and investor-readiness.

Next steps include getting an ABN, registering your business name, and setting up a dedicated business bank account and bookkeeping tools. If your turnover is likely to hit the GST threshold, register for GST early and get your invoicing processes sorted.

2) Build Your Contract Framework

Your website or app is also a legal interface. Before you launch, make sure customers can view clear terms and policies covering purchases, delivery, returns, privacy and acceptable use.

At a minimum, your store should display Website Terms and Conditions, a Privacy Policy and clear, ACL-compliant returns and refunds information. If you’re offering warranties, delivery guarantees, subscriptions or memberships, you’ll need extra clauses.

3) Map Your Data Flows

Privacy compliance starts with understanding what data you collect, why, and where it’s stored. Map forms, checkout fields, cookies, analytics, emails and integrations so your policies and consent mechanisms reflect reality.

Then check your tech stack (e.g. payment gateways and CRM tools) for security settings, data retention, and access controls.

4) Set Up Marketing Legally

Your growth plan likely includes email, SMS, social ads and possibly phone outreach. Each channel has its own rules about consent, identification and unsubscribes. Get compliant opt-ins in place before you turn on campaigns.

5) Embed ACL Compliance Into Operations

Train your team on consumer guarantees, refunds, delivery timeframes and fair advertising. Align your customer service scripts and policies with the ACL so your practice matches your promises.

6) Keep It Current

eCommerce evolves quickly. Schedule regular reviews of your contracts, policies and operational procedures, especially when you launch new products, add payment methods, change your tech stack or expand into new markets.

What Laws Do eCommerce Businesses Need To Follow?

The specifics will depend on your products and business model, but most Australian online stores need to consider the following.

Australian Consumer Law (ACL)

The ACL applies to most transactions with consumers in Australia. It covers consumer guarantees (for example, that goods are of acceptable quality and match their description), refunds and repairs, unfair contract terms and misleading or deceptive conduct.

Your product pages, checkout flow and customer service must reflect ACL rights. For example, you can’t refuse a refund when a product is faulty, and you can’t rely on small-print terms that conflict with consumer guarantees. Claims about your products must be accurate and substantiated to avoid issues under section 18 (misleading or deceptive conduct).

Privacy And Data Protection

If you collect personal information (names, addresses, emails, phone numbers, payment details and similar), you must handle it securely and transparently. In practice, that means telling customers what you collect, why, how you store it, and who you share it with - and obtaining consent where required.

Having a clear, tailored Privacy Policy on your website is a core part of this. It should align with your actual data practices and cover cookies, analytics, cross-border transfers and data security measures.

Spam And Marketing Rules

Australia’s spam laws require consent to send commercial emails or SMS, accurate sender identification, and a functional unsubscribe in every message. Keep records of opt-ins and honour unsubscribes promptly.

If you’re unsure whether a campaign idea is compliant, review the principles outlined in Sprintlaw’s overview of email marketing laws and make any necessary changes before sending.

Advertising And Pricing Laws

Online advertising is subject to truth in advertising rules. Price displays must be accurate, total and not misleading (think drip pricing, component pricing and surcharge transparency). If you strike-through prices or run “limited time” offers, ensure the comparison is genuine and the timeframe is real.

It helps to align your merchandising and promotions with the guidance in Sprintlaw’s note on advertised price laws to reduce risk.

Digital Contracting And Checkout UX

Online purchases form legally binding contracts. Your checkout experience should present key terms clearly before payment (for example, shipping costs, delivery timeframes and returns). You should also maintain records of orders, customer acceptance of terms and any communications that affect the deal (like changes to delivery dates).

If you rely on clickwrap acceptance or email confirmations for contract formation, remember that in many cases emails can be legally binding, so ensure your wording is accurate and consistent across templates.

Payments And Refunds

Payment processing must be secure and transparent. Be clear about who is charging the customer (your legal entity name), the currency, and any surcharges or recurring billing. For subscriptions, spell out trial periods, renewal dates, and how to cancel.

Your refunds process should reflect ACL rights. If you provide additional warranties or service commitments, make sure they’re consistent with your legal obligations and documented correctly (more on that below).

Intellectual Property

Your brand name, logo and content are valuable. Consider registering your trade marks to protect against lookalikes, and create internal rules for using third-party content (images, fonts, product descriptions) to avoid infringement.

If your brand is central to growth, take proactive steps to register your trade mark and lock in protection as you scale.

Marketplace, App Store And Platform Rules

If you sell through marketplaces or app stores, you must also comply with those platforms’ rules. These often include service level standards, handling returns through the platform, and specific wording for listings. Keep in mind, platform compliance is in addition to - not instead of - your legal obligations under Australian law.

What Legal Documents Should An eCommerce Store Have?

Solid contracts and policies do more than tick compliance boxes - they set clear expectations, reduce disputes and build trust. Here are the documents online retailers commonly rely on.

• Website Terms and Conditions: The rules for using your site, covering user conduct, IP ownership, disclaimers and liability limits. Make sure they are easily accessible and tailored to your business; Sprintlaw can assist with Website Terms and Conditions that suit your store.
• Terms of Sale: The purchase contract that covers pricing, payment, shipping, delivery timeframes, risk, returns and refunds. If you sell internationally or offer pre-orders, your Terms of Sale should address those scenarios explicitly.
• Privacy Policy: Explains your data handling practices in plain English. A tailored Privacy Policy should match your data flows (checkout, analytics, cookies, marketing, third-party integrations).
• Cookies And Tracking Notices: Let users know about cookies and similar technologies and provide options to manage preferences, often implemented alongside your Privacy Policy and consent tools.
• Refunds And Returns Policy: Sets out how you’ll honour ACL rights and any extra benefits you offer. If you provide warranties, include the mandatory wording and consider a formal Warranties Against Defects Policy.
• Supplier/Manufacturer Agreements: Clarify order quantities, quality standards, delivery, IP ownership, defects management and indemnities - essential if you’re dropshipping or outsourcing production.
• Fulfilment And Logistics Agreements: For 3PL or courier relationships, cover service levels, lost/damaged goods, data sharing and termination rights.
• Marketplace Terms (if applicable): If you run a marketplace, you’ll need robust platform terms for buyers and sellers, and clear allocation of risk across all parties.
• Employment/Contractor Agreements: If you engage staff or contractors (for customer service, content or development), use clear contracts and role-specific policies to protect your IP and set expectations.

Not every store needs every document on day one, but most will benefit from a core suite (Privacy Policy, Website Terms and Conditions and Terms of Sale) before taking orders.

How To Keep Your Online Store Compliant Day-To-Day

Build Compliance Into Your Product And Marketing Workflow

• Review product pages for accurate descriptions, key inclusions/exclusions and realistic claims (avoid “cure-all” or unverifiable statements).
• Use pricing rules that prevent accidental drip pricing or misleading comparisons. If you’re running discounts, check your procedures against advertised price laws.
• Require marketing to confirm consent status and unsubscribe processes for every campaign channel. When in doubt, revisit the principles in email marketing laws.

Train Your Team On The ACL

Frontline staff need to recognise when a customer is entitled to a repair, replacement or refund - and when they can offer goodwill. A short internal guide that mirrors your public-facing refunds policy reduces escalations and keeps messaging consistent with the ACL.

Keep Records

Store key records (orders, returns, customer communications, proof of delivery, and acceptance of terms). Good records are invaluable if a dispute arises or a regulator asks questions.

Review Your Policies After Changes

Launching subscriptions, adding buy-now-pay-later, expanding to new countries or collecting new data? Update your Terms of Sale and Privacy Policy so they match what you actually do. Consistency between practice and policy is what regulators look for.

Use Clear Warranty Wording

If you offer extra warranties, you may need to include specific mandatory text and contact details. Align your customer service templates and on-site wording with your written warranty to avoid confusion.

Common eCommerce Pitfalls (And How To Avoid Them)

• Unclear Returns And Refunds: Make your refunds process easy to find and aligned with the ACL. Avoid blanket “no refunds” statements - these are risky and often unlawful in Australia.
• Misleading Promotions: Limited-time offers must be genuinely limited; “before/after” pricing must be real. Build internal sign-off for promotions to reduce risk under section 18 of the ACL.
• Copy-Paste Policies: Borrowed templates rarely match your data flows or business model. Tailor your Privacy Policy and Terms so they describe your actual practices.
• Ignoring IP: Delay in brand protection can be costly. If you’re building a distinctive brand, prioritise a trade mark application via register your trade mark.
• Marketplace Blind Spots: If you sell via a marketplace, read the platform rules closely, especially around returns, product safety and prohibited content. Your risk profile changes when your store sits on someone else’s infrastructure.
• Poor Checkout Disclosure: Customers should see total prices, shipping and key terms before paying. Surprises after purchase are a common driver of complaints.

When Should You Get Legal Help?

Many founders start with DIY setups, then seek support as they grow. Consider professional help if:

• you’re launching a new product category, subscription model or marketplace concept
• you’re receiving more customer complaints or chargebacks than expected
• you’re expanding into new countries or selling regulated products
• you’re raising investment and investors want to see legal risk managed

For targeted support, it can be helpful to speak with an eCommerce lawyer who can review your store and produce a practical action plan.

Key Takeaways

• eCommerce legislation in Australia isn’t one statute - it’s a practical mix of consumer law, privacy, marketing rules, payments and IP that apply to most online stores.
• Put core documents in place before launch: Website Terms and Conditions, Terms of Sale and a tailored Privacy Policy that reflects your data flows.
• The Australian Consumer Law requires accurate product claims, clear pricing and proper handling of refunds and warranties - review promotions against section 18 principles.
• Marketing must follow consent and unsubscribe rules; build compliant growth systems aligned with Australia’s email marketing laws.
• Protect your brand early by taking steps to register your trade mark, and keep good records to reduce disputes.
• Schedule regular reviews when your business model, tech stack or markets change so your terms and policies stay accurate.

If you’d like a consultation on getting your eCommerce business set up correctly in Australia, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.