Legal Pitfalls for Czech E-Shops Selling Abroad: VAT, GDPR and T&Cs

JUDr. Jakub Dohnal, Ph.D., LL.M.
JUDr. Jakub Dohnal, Ph.D., LL.M.
10.3.2026 | ARROWS law firm

If you sell goods online abroad, you will face legislative pitfalls that cannot be avoided without thorough preparation. From correctly setting up VAT under Czech and EU rules, through GDPR obligations, to ensuring your terms and conditions are compliant—each step comes with its own requirements. In this article, you will learn exactly what you need to meet, what risks may affect you, and how to avoid the most common mistakes that cost e-shops hundreds of thousands of Czech crowns.

The photo shows the partners of ARROWS, a Prague-based international law firm.

Quick summary

  • VAT on cross-border sales follows a principle that looks simple, but in practice includes many exceptions under Czech and EU rules. When selling within the EU, you must choose between the reverse-charge mechanism for B2B transactions and the One Stop Shop (OSS) scheme for sales to end consumers.
  • GDPR is not optional, and breaches lead to significant fines. Failure to comply with personal data protection rules can result in penalties of up to EUR 20 million or 4% of total worldwide annual turnover.
  • Terms and Conditions (T&Cs) are not just a formality, but a binding legal document under Czech law. Missing or unclear T&Cs are a common reason for fines imposed by the Czech Trade Inspection Authority (ČOI).

VAT for e-shops selling abroad: Basic principles

We will start with the most complex part – value added tax. Before you even begin selling abroad, you need to understand that for consumers, the tax usually follows the goods. This means that, in certain cases, VAT is paid in the country where the goods are consumed, not where your business is established in the Czech Republic. This rule concerns determining the place of supply.

In practice, this means that if, as a Czech e-shop, you sell to a customer in Germany and exceed the applicable threshold, VAT is calculated at the German rate and paid to the German tax authorities. Each country has its own rates and specific rules. In addition, there are special schemes that can make your life easier—if you know them and apply them correctly.

The attorneys at ARROWS, a Prague-based law firm, deal with tax matters on a daily basis and regularly handle cases where e-shops make mistakes specifically in their VAT setup. An error at this stage often leads to additional tax liabilities, penalties, and late-payment interest.

Reverse-charge mechanism – a solution for B2B sales within the EU

If you sell goods to another business in a different EU country, the supply is generally treated as exempt with the right to deduct VAT. The obligation to declare and pay the tax is shifted to the customer. As the seller, you invoice the goods without Czech VAT, and your customer accounts for the tax in their own country at their applicable rate.

The invoice must include a statement that the customer is liable to pay the tax, for example by referencing the relevant section of the law or the applicable EU directive.

Important notice: This approach can only be applied if the goods actually leave the Czech Republic and your buyer is VAT-registered in another EU Member State. You must verify this in the VIES system.

If the business customer cannot provide a valid VAT number or the goods do not leave the Czech Republic, this mechanism cannot be applied and you are required to charge and pay Czech VAT. In practice, e-shops sometimes forget to verify the VAT number in VIES and then face additional tax assessments.

Related questions on VAT schemes for cross-border sales

1. What if I choose the wrong VAT scheme—what are the consequences?
If you fail to pay VAT in the correct country, you may incur a debt to the foreign tax authority. In addition, the Czech tax office may assess additional tax if you incorrectly applied an exemption. Late-payment interest and penalties may apply.

2. How do I find out which VAT rates apply in individual countries?
VAT rates differ across the EU and you must use the current rates for the relevant year. We recommend using the European Commission’s database (Taxes in Europe Database) or the services of tax advisers.

3. Can I register for OSS voluntarily even if I am below the EUR 10,000 threshold?
Yes. If you register for OSS voluntarily, you must then use this scheme for all EU Member States to which you ship goods to consumers. The advantage is that you do not need to monitor whether you have exceeded the threshold.

Sales to end consumers in the EU: One Stop Shop (OSS)

If you sell directly to end consumers in the EU via distance sales, the situation changes and the reverse-charge mechanism does not apply. This is where the EUR 10,000 threshold (excluding VAT) comes into play. This threshold is calculated in aggregate for sales to all EU Member States, not separately for each country. Up to the threshold, the place of supply is the Czech Republic; above the threshold, the place of supply becomes the country of consumption. To avoid having to register for VAT in each country, you can use the One Stop Shop (OSS) scheme.

You register only in the Czech Republic and, in a single quarterly return, pay VAT for all EU countries at once. The Czech tax administration then distributes the funds to the relevant Member States. For most growing e-shops, however, the OSS system is key, as it allows you to avoid registering in each country separately. As of 2025, an amendment concerning the special scheme for small enterprises has also come into effect.

Sales outside the EU: Exports exempt from VAT

If you sell to countries outside the EU, for example Switzerland or the USA, this is an export of goods. Exports of goods are exempt from Czech VAT provided the goods are dispatched to a third country. Taxation then takes place in the destination country and is typically paid by the customer. You must prove the exemption with tax documentation and a decision of the customs office confirming the export of the goods to a third country, or by other means of evidence.

In practice, this means you must keep precise records. You cannot simply say you sold goods to America, so it is VAT-free. Without tax and customs documents, the Czech tax office will assess Czech VAT, including penalties.

VAT and international sales

Risks and penalties

How ARROWS can help (office@arws.cz)

Incorrect determination of the place of supply: The e-shop invoices with Czech VAT even though it should have invoiced with German VAT. Result: additional tax assessment abroad and penalties.

Process setup and OSS: ARROWS’ Prague-based attorneys and tax advisors can assist you with OSS registration and setting up your invoicing system so that it correctly determines VAT rates based on the country of consumption under EU rules.

Missing proof of export outside the EU: You apply the VAT exemption on export, but you do not have the customs authority’s decision. The Czech tax authority will assess Czech VAT.

Review of export documentation: We will advise which documents to archive and how to set up cooperation with logistics providers so you have tax-recognised evidence that the goods left the EU.

Incorrect use of Reverse Charge: You invoice without tax to a person who is not a business or does not have a valid VAT ID. Liability for the tax remains with you.

Business partner validation: We can help set up processes for verifying VAT IDs in the VIES system and adjust contractual terms for B2B sales.

GDPR for e-shops: Obligations when processing data

GDPR is part of everyday operations for e-shops because you process names, addresses, emails and even purchasing behaviour. Statistics show that a large share of e-shops still do not have cookies and consents properly set up.

Fines for GDPR breaches can be devastating, reaching up to EUR 20 million or 4% of total worldwide annual turnover. The Office for Personal Data Protection in the Czech Republic (ÚOOÚ) tends to impose lower fines in practice, but in cases of serious data breaches the penalties are significant.

Legal bases for processing personal data

You may process personal data only on the basis of a legal ground. In e-commerce, three are key:

  • Performance of a contract: To process an order and deliver goods, you need a name, address and contact details. You do not need the customer’s consent here; the processing is necessary.
  • Legitimate interest: For example, for direct marketing to your existing customers who have purchased from you, or for debt collection.
  • Consent: Required for marketing outreach to people who have not purchased from you, or for storing non-technical cookies. Consent must be freely given and informed.
Cookies and marketing: Where e-shops most often go wrong

Under the Czech Electronic Communications Act, the Opt-In principle applies. For technical cookies, you do not need consent; providing information is sufficient. For analytics and marketing cookies, you must obtain the user’s active consent before cookies are stored.

The Office for Personal Data Protection provides detailed guidance on cookie banners. A cookie banner must include buttons to accept, reject and set preferences, and the reject option must not be visually suppressed.

E-shop obligations under GDPR
  • Information duty: You must have a Privacy Policy document on your website that clearly explains what data you collect.
  • Security: You must adopt technical and organisational measures such as HTTPS, encryption and strong passwords.
  • Incident reporting: If a data breach occurs that poses a risk to individuals’ rights, you must report it to the Czech Office for Personal Data Protection (ÚOOÚ) within 72 hours.
GDPR and selling abroad

Within the EU, the rules are harmonised. If you sell outside the EU, you must address so-called transfers of personal data to third countries.

  • USA: Since July 2023, an adequacy decision has applied for organisations participating in the .
  • Other countries: If a country does not have an adequacy decision from the European Commission, you must use Standard Contractual Clauses or another transfer mechanism.

GDPR and personal data protection

Risks and penalties

How ARROWS can help (office@arws.cz)

Incorrect cookie banner: The banner does not allow easy rejection or stores cookies before consent is given. You risk a fine from the Czech Office for Personal Data Protection (ÚOOÚ).

GDPR website audit: We will review your cookie banner and propose a technically and legally compliant solution in line with the Czech Electronic Communications Act.

Unlawful email marketing: You send newsletters to people who have not given consent and are not your customers. You risk penalties for sending commercial communications.

Setting up marketing processes: We will review your contact databases and consent wording so you can run marketing effectively and lawfully under Czech and EU rules.

Data breach: A hacker gains access to your customer database.

Crisis management: We will assist with reporting the incident to the Czech Office for Personal Data Protection (ÚOOÚ), communicating with data subjects, and minimising reputational and legal damage.

Terms and Conditions (T&Cs): Legal protection

Terms and Conditions define the contractual relationship between you and the customer. They are not just a formality—during an inspection by the Czech Trade Inspection Authority (ČOI), they are the first document inspectors typically ask to see. Misleading or missing information can lead to high fines under the Consumer Protection Act.

Mandatory elements of Terms and Conditions
  • Seller identification: Full details including company ID (IČO), registered office and contact information.
  • Information about goods and price: The price must be final, including all taxes and fees.
  • “Order button” requirement: The order button must clearly state “Order with obligation to pay” or contain similarly unambiguous wording.
  • Withdrawal from the contract: The consumer has the right to withdraw within 14 days, and you must provide a model withdrawal form.
  • Complaints procedure: Information on rights arising from defective performance and the statutory time limit for handling complaints.
  • Out-of-court dispute resolution (ADR): You must inform customers about the ADR entity and provide a link to its website.
  • Reviews: If you publish reviews, you must explain how you verify that they come from real customers.
  • Discounts: When stating discounts, you must show as the original price the lowest price at which the goods were sold in the 30 days prior to the discount.
Terms and Conditions and cross-border sales

For B2C sales within the EU, the so-called Rome I Regulation applies. It provides that even if you choose Czech law in your T&Cs, you must not deprive the consumer of the protection afforded by the law of their country if it is more favourable to them. If you sell to Germany, for example, and German law provides longer warranty periods or more favourable return conditions, you must comply with the German rules.

That is why it is advisable to have your T&Cs localised not only linguistically but also legally for key markets. Without this, you risk your terms being unenforceable abroad.

Specific challenges for e-shops selling to different parts of the world

Each region has its own specifics that need to be reflected in the legal setup of your e-shop.

Selling in the EU: A harmonised market with national differences

Although EU law is harmonised, national deviations still exist. For example, Germany is very strict about company identification details (Impressum) and the “button solution” rules. In many countries, you also need to register with packaging take-back systems as soon as you send your first parcel there.

Selling outside the EU

In the USA, the tax system is extremely complex and varies from state to state. After Brexit, the United Kingdom is a third country, which means you may need to register for UK VAT on import and comply with specific rules for shipments up to GBP 135.

Inspections by the Czech Trade Inspection Authority (ČOI): What you may be penalised for

The Czech Trade Inspection Authority (Česká obchodní inspekce) focuses on compliance with Czech consumer protection legislation. The most common fines are imposed for providing misleading information about discounts and for breaching the 30-day rule.

Another frequent offence involves unfair commercial practices, such as fake reviews or high-pressure sales tactics. Inspectors also check for missing information on out-of-court dispute resolution and failure to meet the statutory deadline for handling consumer complaints.

Practical checklist of steps for a compliant setup

  • VAT analysis: Check whether you exceed the EUR 10,000 threshold for sales to the EU. If so, register for OSS in the Czech Republic.
  • Website review (GDPR): Check your cookie banner, HTTPS security, and the wording of marketing consents.
  • Update your Terms & Conditions: Implement rules on discounts, reviews, the “button solution”, and out-of-court dispute resolution.
  • Environmental obligations: Verify whether you must register for packaging fees in the destination countries.

Conclusion

Selling abroad is a natural expansion for an e-shop business. However, the legal and tax infrastructure is complex. VAT, GDPR, and terms and conditions form an interconnected system, where an error in one part can create issues in another.

ARROWS advokátní kancelář addresses these matters with e-shops and online sellers on a daily basis, and thanks to the ARROWS International network we also have reach into foreign jurisdictions.

Our Czech legal team at ARROWS advokátní kancelář can assist you with OSS registration in the Czech Republic and assessing your VAT regime. We also provide a GDPR audit, cookie banner setup, and tailored Terms & Conditions for the Czech Republic and international markets. We are insured up to CZK 400,000,000. 

If you want to be confident that your business is built on solid foundations, contact us at office@arws.cz.

FAQ – Most common legal questions on VAT, GDPR, and terms and conditions

1. When do I become a mandatory VAT payer in the Czech Republic?
In the Czech Republic, you become a mandatory VAT payer if your turnover for up to 12 immediately preceding consecutive months exceeds CZK 2,000,000. Note: do not confuse this threshold with the EUR 10,000 threshold for the OSS regime.

2. Can I register for OSS voluntarily even if I have not exceeded the EUR 10,000 threshold?
Yes, you can. Many e-shops do this so they do not have to track turnover in each country separately and can unify their processes.

3. Do I need to have my terms and conditions translated into the language of the target country?
Legally, this is not always strictly required, but from a consumer protection perspective it is essential. If your website targets German customers, your Terms & Conditions must also be in German; otherwise, the withdrawal period may be extended.

4. What about fake discounts?
You must state the lowest price from the last 30 days before the discount as the reference price. If you artificially increase the price shortly before a promotion to claim a higher discount, this is an unfair commercial practice that may be sanctioned by the Czech Trade Inspection Authority (ČOI).

5. What if I discover that I have GDPR errors?
We recommend immediate remediation. When determining the amount of a fine, authorities consider whether you actively tried to address the issue. Contact office@arws.cz for a fast audit.

Notice: The information contained in this article is of a general informational nature only and is intended for basic guidance. Although we strive for maximum accuracy, legal regulations and their interpretation evolve over time. To verify the current wording of the relevant regulations and their application to your specific situation, it is therefore necessary to contact ARROWS advokátní kancelář directly (office@arws.cz). We accept no liability for any damages or complications arising from the independent use of the information in this article without our prior individual legal consultation and expert assessment. Each case requires a tailored solution, so please do not hesitate to contact us.

Read also: