International Sales Compliance: The Checklist That Keeps You Legal

International Sales Compliance: The Checklist That Keeps You Legal

Selling internationally feels like growth. It is-until the compliance failures catch up. VAT audits. Product seizures. Data protection fines. Consumer protection claims.

By the end of 2024, 144 countries implemented national data privacy laws, covering about 6.64 billion people under some form of data protection regulation. In 2024 alone, regulators issued over €1.2 billion in GDPR violation fines.

Each country you sell into brings its own regulatory requirements. Ignorance isn't a defense. Neither is "we're just a small business."

This checklist identifies the compliance requirements most eCommerce brands miss-and the consequences of missing them.

Tax and Duty Compliance

VAT/GST Registration

European Union:

• Registration threshold: €10,000 aggregate EU sales (as of July 2021 rules)
• One-Stop Shop (OSS) available for simplified compliance
• Each member state has different standard rates (17-27%)

United Kingdom:

• Registration threshold: £0 for non-UK businesses (must register for any sales)
• 20% standard VAT rate
• Postponed VAT accounting available

Australia:

• Registration threshold: AUD $75,000 annual revenue
• 10% GST rate
• Low-value goods (

Canada:

• GST/HST registration varies by province
• Thresholds vary
• Provincial requirements differ

Compliance Actions:

• Determine registration requirements for each market
• Register where required
• Charge correct rates
• File returns on schedule
• Maintain compliant invoices

Import Duties and Customs

Classification:

• Products classified by HS codes
• Classification determines duty rates
• Misclassification can trigger penalties

Valuation:

• Duties calculated on transaction value
• Includes shipping and insurance
• Transfer pricing rules for related parties

Country of Origin:

• Determines applicable duty rates
• Trade agreements affect rates
• Origin marking requirements

Compliance Actions:

• Correct HS codes for all products
• Proper valuation on customs declarations
• Accurate country of origin declaration
• Compliance with trade agreement rules (if claiming preferences)

Product Compliance

Safety Standards

EU CE Marking:

• Required for many product categories
• Self-certification or third-party depending on product
• Technical file required

US Requirements:

• CPSC regulations for consumer products
• FDA for food, cosmetics, medical devices
• FCC for electronics

Australia:

• ACCC safety standards
• Electrical safety certification
• Product bans list

Compliance Actions:

• Identify applicable safety standards by market
• Obtain required certifications
• Maintain compliance documentation
• Monitor for standard changes

Labeling Requirements

Required Information (varies by market and product):

• Product identification
• Country of origin
• Contents/ingredients
• Care instructions
• Warnings
• Importer information

Language Requirements:

• Local language often required
• Official languages specified by regulation

Compliance Actions:

• Research labeling requirements per market
• Create compliant labels
• Include required languages
• Update for regulatory changes

Restricted and Prohibited Products

Categories to Research:

• Electronics (certification, disposal regulations)
• Cosmetics (ingredient restrictions)
• Food (import requirements, ingredient rules)
• Textiles (composition labeling, fiber content)
• Children's products (enhanced safety requirements)
• Supplements (regulations vary dramatically)

Compliance Actions:

• Identify product category regulations by market
• Verify products meet requirements
• Obtain necessary registrations/notifications
• Document compliance

Data Protection Compliance

Gartner estimates that three-quarters of the global population have their personal data protected under privacy laws. Compliance with these regulations is mandatory, and falling short can result in hefty fines.

GDPR (European Union)

Key Requirements:

• Lawful basis for processing
• Privacy policy disclosure
• Consent management
• Data subject rights (access, deletion, portability)
• Breach notification (72 hours)
• Data Protection Impact Assessments (if high risk)

The European Accessibility Act (EAA) became effective on April 26, 2024, requiring e-commerce stores to implement Web Content Accessibility Guidelines (WCAG 2.1).

Compliance Actions:

• Privacy policy compliant with GDPR
• Cookie consent mechanism
• Data subject request process
• Processing records maintained
• Processor agreements in place
• Breach response plan

Other Privacy Regulations

The Digital Services Act (DSA) and Digital Markets Act (DMA) became effective in 2024 and continue to impact e-commerce in 2025, enhancing transparency and providing greater algorithmic accountability.

UK GDPR:

• Similar to EU GDPR
• Separate registration with ICO

California (CCPA/CPRA):

• Privacy policy disclosures
• Opt-out rights
• Consumer request process

Australia Privacy Act:

• Privacy policy required
• Data breach notification
• Cross-border disclosure restrictions

Compliance Actions:

• Identify applicable privacy laws
• Update privacy policy for each jurisdiction
• Implement required rights mechanisms
• Train staff on requirements

Consumer Protection Compliance

Right of Return

EU Consumer Rights:

• 14-day cooling-off period (no reason required)
• Applies to distance sales
• Refund within 14 days of return receipt

Australia Consumer Law:

• No general cooling-off for change of mind
• But strong remedies for faulty goods
• Major failure = choice of refund, replacement, repair

Compliance Actions:

• Return policy meets local minimums
• Clearly communicated at purchase
• Process handles required timelines

Warranty and Guarantee

EU:

• 2-year legal guarantee on goods
• Can't be waived by contract
• Burden of proof rules

Australia:

• Consumer guarantees can't be excluded
• Remedies for major vs. minor failures
• Manufacturer warranties additional

Compliance Actions:

• Understand legal warranty requirements by market
• Don't disclaim non-disclaimable rights
• Process for warranty claims

Advertising and Marketing

Truth in Advertising:

• Claims must be substantiated
• Price comparisons regulated
• Bait advertising prohibited

Environmental Claims:

• "Green" claims scrutinized
• Substantiation required
• Greenwashing fines increasing

Compliance Actions:

• Review marketing claims for substantiation
• Environmental claims verified
• Price comparison compliance
• Promotion terms clear

The Compliance Audit Checklist

Annual Review:

Tax:

• Registration status current in all required markets
• Rates applied correctly
• Returns filed on time
• Documentation maintained

Product:

• Certifications current
• Labels compliant
• Restricted products identified
• Testing/documentation current

Privacy:

• Policies reviewed and updated
• Consent mechanisms working
• Rights processes functional
• Staff trained

Consumer:

• Policies meet minimums
• Communications compliant
• Processes handle requirements

Trigger Reviews:

• Entering new market
• Launching new product category
• Regulation changes
• Enforcement actions in sector
• Customer complaints about compliance

The Compliance Resource Stack

Tax:

• Local tax advisors in major markets
• VAT compliance software (Avalara, Vertex)
• Customs broker relationship

Product:

• Testing laboratories
• Certification bodies
• Regulatory consultants

Legal:

• International commerce attorney
• Local counsel in major markets
• Privacy specialist

Tools:

• Compliance management software
• Document management
• Audit trail systems

The FTC has issued over $1.2 billion in penalties since 2020 for non-compliance. 20 U.S. states have enacted their own broad privacy laws as of 2024, in the absence of a unified federal law. Two out of three people would no longer trust an organization after they learned it had misused data.

Compliance isn't optional-it's the price of admission to international markets. Build it into operations from the start, or pay the penalty (literally) for catching up later.