Global e-commerce offers many challenges, from local purchasing habits and logistics to complex payment processes and shopping cart abandonment. One of the main issues that you must address is both global and local regulations. While your headquarters might be based in one country, expansion to new locations obligates you to adhere to local e-commerce and taxation laws at each site.
Rule of thumb – consult with legal and tax experts at each new location in order to understand local expectations and requirements. Before expanding to new sites, be sure that you are fully aware of laws and taxes that might prove to be costly.
Here are several examples of legal and regulatory issues that you should study before entering a new market:
Each country has local taxes of which you need to be aware. Many countries obligate you to charge VAT on the items you are selling online. Some countries, like Brazil, have a highly complicated taxation structure which necessitates ongoing consultation with local tax experts. Other countries levy corporate income taxes on cross-border e-commerce operators.
China recently announced tighter regulations regarding CBEC imports and more paperwork for online merchants who import goods into bonded warehouses. Any e-commerce merchant who does business in China should study the new stipulations carefully.
Last year, the EU enacted the first phase of the General Data Protection Regulation (GDPR) which sets guidelines for the collection and processing of personal information of individuals within the European Union. No matter where your business is headquartered, if you have a commercial website, an online shop or a blog, and if you do business within the European Union, you are liable under this regulation and may end up paying steep fines to the EU in the event of a personal data breach.
The CAN-Spam Act applies to all commercial messages and not just emails. Even an email to former customers announcing a new product must comply with this law. The regulation stipulates the use of accurate subject lines, clear labelling of the message as an ad, and inclusion of your valid physical location/email.
Your message must prominently display instructions on how to opt out, and you should honor unsubscribe requests promptly. Even if a third party is handling these messages for your business, you will still be held liable in the event of violation. Penalties may exceed $40,000, so you should definitely adhere to instructions carefully.
PCI compliance necessitates meeting standards connected to the Payment Card Industry Data Security Standard (PCI DSS) which was compiled by major credit card companies such as Visa, MasterCard, Discover and American Express. Merchants that handle cardholder information must maintain PCI compliance or be penalized by the companies responsible for creating the standard.
If your company accepts card payments, and stores, processes and transmits cardholder data, you need to host data securely with a PCI compliant hosting provider. As an inherent part of their services, advanced payment platforms use cryptographic keys, tokenization and other security measures to ensure that stored customer data cannot be breached.
Avoid legal surprises
We have touched on several prominent legal issues that concern cross-border online merchants, but by no means have we covered all of them. Due to the fact that laws and taxes may vary dramatically from country to country and from region to region, always consult with local experts before scaling to new territories.