Back to Blog
ecommercecomplianceprivacysales taxconsumer protection

E Commerce Compliance: Shipping, Tax, Privacy, and Consumer Protection

March 11, 2026
11 min read

<h2>E-Commerce Compliance in 2026</h2>

<p>Running an online business offers incredible flexibility and reach, but it also exposes you to compliance requirements across multiple jurisdictions. Unlike a brick-and-mortar store that primarily deals with local and state regulations, an e-commerce business may have obligations in every state where it has customers. From sales tax collection to data privacy, shipping regulations to consumer protection, the compliance landscape for online sellers is broad and evolving.</p>

<p>This guide covers the major compliance areas every e-commerce business must address. Whether you sell physical products, digital goods, or online services, understanding these requirements will help you avoid costly penalties and build customer trust. For a personalized compliance checklist, <a href="/wizard">use our free compliance wizard</a>.</p>

<h2>Sales Tax Compliance</h2>

<h3>Economic Nexus and Online Sellers</h3>

<p>Since the 2018 Wayfair decision, every state with a sales tax can require online sellers to collect and remit sales tax based on their economic activity in that state. This means your e-commerce business could have sales tax obligations in dozens of states simultaneously. For a deep dive into nexus rules, read our comprehensive guide on <a href="/blog/sales-tax-nexus-after-wayfair">sales tax nexus after Wayfair</a>.</p>

<h3>Product Taxability</h3>

<p>Not everything you sell online is taxable, and taxability rules vary by state. Common variations include:</p>

<ul>

<li><strong>Digital products:</strong> Some states tax digital goods (e-books, software, streaming), while others exempt them</li>

<li><strong>Clothing:</strong> States like New York and Pennsylvania exempt most clothing, while others tax it fully</li>

<li><strong>Food and beverages:</strong> Taxability depends on whether items are considered grocery (often exempt) or prepared food (usually taxable)</li>

<li><strong>SaaS (Software as a Service):</strong> Treatment varies dramatically. Some states treat SaaS as taxable tangible personal property, others tax it as a service, and some exempt it entirely</li>

</ul>

<h3>Marketplace Facilitator Obligations</h3>

<p>If you sell through Amazon, Etsy, eBay, Walmart, or other major marketplaces, those platforms are required to collect and remit sales tax on your behalf in most states. However, sales through your own website remain your responsibility. Track your own-channel sales carefully to monitor nexus thresholds.</p>

<h2>Shipping and Fulfillment Compliance</h2>

<h3>FTC Mail Order Rule</h3>

<p>The Federal Trade Commission's Mail, Internet, or Telephone Order Merchandise Rule (commonly called the Mail Order Rule) requires that you ship orders within the timeframe stated on your website. If you do not specify a shipping time, the default is 30 days. If you cannot meet the promised delivery date, you must notify the customer and offer the option to cancel for a full refund.</p>

<h3>Shipping Hazardous Materials</h3>

<p>If you sell products classified as hazardous materials (perfumes, aerosols, lithium batteries, cleaning chemicals, nail polish), you must comply with DOT, USPS, UPS, and FedEx regulations for shipping these items. Requirements include proper packaging, labeling, documentation, and in some cases carrier-specific certifications.</p>

<h3>International Shipping</h3>

<p>Selling internationally adds layers of complexity: customs declarations, duties and tariffs, export controls, and country-specific product regulations. The Bureau of Industry and Security (BIS) maintains a list of restricted countries, entities, and products. Certain items require export licenses.</p>

<h2>Data Privacy and Security</h2>

<h3>State Privacy Laws</h3>

<p>The United States does not have a single comprehensive federal privacy law (yet), but a growing number of states have enacted their own. As of 2026, significant privacy laws are in effect in California (CCPA/CPRA), Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and several other states.</p>

<p>Common requirements across state privacy laws include:</p>

<ul>

<li>Posting a clear, comprehensive privacy policy</li>

<li>Disclosing what personal information you collect and how you use it</li>

<li>Providing consumers the right to access, delete, and opt out of the sale of their data</li>

<li>Implementing reasonable data security measures</li>

<li>Honoring "Do Not Sell" and "Do Not Share" opt-out requests</li>

</ul>

<p>For a thorough overview of data privacy obligations, see our <a href="/blog/data-privacy-small-business-guide">data privacy guide for small businesses</a>.</p>

<h3>PCI DSS Compliance</h3>

<p>If you accept credit card payments (and virtually every e-commerce business does), you must comply with the Payment Card Industry Data Security Standard (PCI DSS). The level of compliance required depends on your transaction volume. Most small businesses fall under PCI Level 4, which requires completing an annual Self-Assessment Questionnaire and maintaining a secure payment environment.</p>

<p>The easiest path to PCI compliance is using a payment processor that handles card data on their servers (like Stripe, PayPal, or Square), so sensitive card information never touches your systems. This significantly reduces your compliance scope.</p>

<h3>Children's Privacy (COPPA)</h3>

<p>If your e-commerce site is directed at children under 13, or if you knowingly collect information from children under 13, you must comply with the Children's Online Privacy Protection Act (COPPA). This requires verifiable parental consent before collecting children's data, among other obligations.</p>

<h2>Consumer Protection</h2>

<h3>FTC Act and Advertising</h3>

<p>The FTC Act prohibits unfair or deceptive business practices. For e-commerce businesses, this means your advertising must be truthful and non-deceptive, product descriptions must be accurate, customer testimonials and reviews must be genuine, "free" offers must truly be free (no hidden charges), and comparison claims must be substantiated.</p>

<h3>Return and Refund Policies</h3>

<p>While federal law does not mandate a specific return policy, many states have laws requiring you to clearly disclose your return policy. Some states (like California and New York) require that if you do not post a return policy, you must accept returns within a specified period. Always display your return and refund policy prominently on your website.</p>

<h3>Terms of Service and Disclaimers</h3>

<p>Every e-commerce site should have clear Terms of Service that cover acceptable use of your site, limitation of liability, dispute resolution mechanisms, intellectual property rights, and governing law and jurisdiction. Have an attorney review your Terms of Service to ensure they provide meaningful legal protection.</p>

<h2>Website Accessibility (ADA)</h2>

<p>The Americans with Disabilities Act has been increasingly applied to e-commerce websites. Courts have ruled that commercial websites must be accessible to people with disabilities. While specific standards are still evolving, following the Web Content Accessibility Guidelines (WCAG) 2.1 Level AA is widely accepted as the benchmark.</p>

<p>Key accessibility requirements include providing alt text for images, ensuring keyboard navigation works throughout your site, maintaining sufficient color contrast, adding captions to video content, and ensuring forms are accessible to screen readers.</p>

<h2>Email Marketing (CAN-SPAM)</h2>

<p>If you send commercial emails (and most e-commerce businesses do), you must comply with the CAN-SPAM Act. Requirements include not using deceptive subject lines, identifying the message as an advertisement, including your physical mailing address, providing a clear unsubscribe mechanism, and honoring opt-out requests within 10 business days.</p>

<h2>Build Your E-Commerce Compliance Foundation</h2>

<p>E-commerce compliance touches nearly every aspect of your online business, from the moment a customer lands on your website to long after their order arrives. While the requirements are extensive, they are manageable when approached systematically.</p>

<p><strong><a href="/wizard">Use the SMBRegs compliance wizard</a></strong> to identify every compliance requirement for your e-commerce business. Our tool considers your products, sales volume, states of operation, and business model to generate a comprehensive checklist with actionable guidance.</p>

<p>Explore our <a href="/regulations">regulations database</a> for detailed requirements by state, and visit the <a href="/glossary">compliance glossary</a> for definitions of key e-commerce regulatory terms.</p>

Previous
New York Business Compliance: NYC and State Requirements
Next
Minimum Wage Updates 2026: Every State and Major City

Ready to Simplify Your Compliance?

Get a personalized compliance checklist for your business in minutes. Free, fast, and meant to be verified before you file or rely on it.

Start Free AssessmentRead More Articles
SMBRegs

Small business compliance made simpler. Know what to review, track your progress, and verify what matters.

Disclaimer: SMBRegs provides informational content about business regulations and compliance requirements. This information does not constitute legal, tax, or professional advice. Regulations change frequently; always verify requirements directly with the relevant government agency.

© 2026 Spoon Seller LLC. All rights reserved.

Made with care for small businesses everywhere.