International Sales Compliance: The Checklist That Keeps You Legal
Updated:
6 min read
International Sales Compliance: The Checklist That Keeps You Legal
Selling internationally feels like growth. It is-until the compliance failures catch up. VAT audits. Product seizures. Data protection fines. Consumer protection claims.
By the end of 2024, 144 countries implemented national data privacy laws, covering about 6.64 billion people under some form of data protection regulation. In 2024 alone, regulators issued over €1.2 billion in GDPR violation fines.
Each country you sell into brings its own regulatory requirements. Ignorance isn't a defense. Neither is "we're just a small business."
This checklist identifies the compliance requirements most eCommerce brands miss-and the consequences of missing them.
Tax and Duty Compliance
VAT/GST Registration
European Union:
Registration threshold: €10,000 aggregate EU sales (as of July 2021 rules)
One-Stop Shop (OSS) available for simplified compliance
Each member state has different standard rates (17-27%)
United Kingdom:
Registration threshold: £0 for non-UK businesses (must register for any sales)
20% standard VAT rate
Postponed VAT accounting available
Australia:
Registration threshold: AUD $75,000 annual revenue
10% GST rate
Low-value goods (
Canada:
GST/HST registration varies by province
Thresholds vary
Provincial requirements differ
Compliance Actions:
Determine registration requirements for each market
Register where required
Charge correct rates
File returns on schedule
Maintain compliant invoices
Import Duties and Customs
Classification:
Products classified by HS codes
Classification determines duty rates
Misclassification can trigger penalties
Valuation:
Duties calculated on transaction value
Includes shipping and insurance
Transfer pricing rules for related parties
Country of Origin:
Determines applicable duty rates
Trade agreements affect rates
Origin marking requirements
Compliance Actions:
Correct HS codes for all products
Proper valuation on customs declarations
Accurate country of origin declaration
Compliance with trade agreement rules (if claiming preferences)
Product Compliance
Safety Standards
EU CE Marking:
Required for many product categories
Self-certification or third-party depending on product
Technical file required
US Requirements:
CPSC regulations for consumer products
FDA for food, cosmetics, medical devices
FCC for electronics
Australia:
ACCC safety standards
Electrical safety certification
Product bans list
Compliance Actions:
Identify applicable safety standards by market
Obtain required certifications
Maintain compliance documentation
Monitor for standard changes
Labeling Requirements
Required Information (varies by market and product):
Product identification
Country of origin
Contents/ingredients
Care instructions
Warnings
Importer information
Language Requirements:
Local language often required
Official languages specified by regulation
Compliance Actions:
Research labeling requirements per market
Create compliant labels
Include required languages
Update for regulatory changes
Restricted and Prohibited Products
Categories to Research:
Electronics (certification, disposal regulations)
Cosmetics (ingredient restrictions)
Food (import requirements, ingredient rules)
Textiles (composition labeling, fiber content)
Children's products (enhanced safety requirements)
Supplements (regulations vary dramatically)
Compliance Actions:
Identify product category regulations by market
Verify products meet requirements
Obtain necessary registrations/notifications
Document compliance
Data Protection Compliance
Gartner estimates that three-quarters of the global population have their personal data protected under privacy laws. Compliance with these regulations is mandatory, and falling short can result in hefty fines.
GDPR (European Union)
Key Requirements:
Lawful basis for processing
Privacy policy disclosure
Consent management
Data subject rights (access, deletion, portability)
Breach notification (72 hours)
Data Protection Impact Assessments (if high risk)
The European Accessibility Act (EAA) became effective on April 26, 2024, requiring e-commerce stores to implement Web Content Accessibility Guidelines (WCAG 2.1).
Compliance Actions:
Privacy policy compliant with GDPR
Cookie consent mechanism
Data subject request process
Processing records maintained
Processor agreements in place
Breach response plan
Other Privacy Regulations
The Digital Services Act (DSA) and Digital Markets Act (DMA) became effective in 2024 and continue to impact e-commerce in 2025, enhancing transparency and providing greater algorithmic accountability.
UK GDPR:
Similar to EU GDPR
Separate registration with ICO
California (CCPA/CPRA):
Privacy policy disclosures
Opt-out rights
Consumer request process
Australia Privacy Act:
Privacy policy required
Data breach notification
Cross-border disclosure restrictions
Compliance Actions:
Identify applicable privacy laws
Update privacy policy for each jurisdiction
Implement required rights mechanisms
Train staff on requirements
Consumer Protection Compliance
Right of Return
EU Consumer Rights:
14-day cooling-off period (no reason required)
Applies to distance sales
Refund within 14 days of return receipt
Australia Consumer Law:
No general cooling-off for change of mind
But strong remedies for faulty goods
Major failure = choice of refund, replacement, repair
Compliance Actions:
Return policy meets local minimums
Clearly communicated at purchase
Process handles required timelines
Warranty and Guarantee
EU:
2-year legal guarantee on goods
Can't be waived by contract
Burden of proof rules
Australia:
Consumer guarantees can't be excluded
Remedies for major vs. minor failures
Manufacturer warranties additional
Compliance Actions:
Understand legal warranty requirements by market
Don't disclaim non-disclaimable rights
Process for warranty claims
Advertising and Marketing
Truth in Advertising:
Claims must be substantiated
Price comparisons regulated
Bait advertising prohibited
Environmental Claims:
"Green" claims scrutinized
Substantiation required
Greenwashing fines increasing
Compliance Actions:
Review marketing claims for substantiation
Environmental claims verified
Price comparison compliance
Promotion terms clear
The Compliance Audit Checklist
Annual Review:
Tax:
Registration status current in all required markets
Rates applied correctly
Returns filed on time
Documentation maintained
Product:
Certifications current
Labels compliant
Restricted products identified
Testing/documentation current
Privacy:
Policies reviewed and updated
Consent mechanisms working
Rights processes functional
Staff trained
Consumer:
Policies meet minimums
Communications compliant
Processes handle requirements
Trigger Reviews:
Entering new market
Launching new product category
Regulation changes
Enforcement actions in sector
Customer complaints about compliance
The Compliance Resource Stack
Tax:
Local tax advisors in major markets
VAT compliance software (Avalara, Vertex)
Customs broker relationship
Product:
Testing laboratories
Certification bodies
Regulatory consultants
Legal:
International commerce attorney
Local counsel in major markets
Privacy specialist
Tools:
Compliance management software
Document management
Audit trail systems
The FTC has issued over $1.2 billion in penalties since 2020 for non-compliance. 20 U.S. states have enacted their own broad privacy laws as of 2024, in the absence of a unified federal law. Two out of three people would no longer trust an organization after they learned it had misused data.
Compliance isn't optional-it's the price of admission to international markets. Build it into operations from the start, or pay the penalty (literally) for catching up later.
