Legal requirements for company websites in the UK

Creating or maintaining a company website in the UK involves more than good design and usability — several legal obligations apply to all businesses, with additional rules for those selling online or processing personal data. These requirements ensure transparency, consumer protection, and regulatory compliance. Below is a comprehensive 2026 overview, based on the latest legislation and guidance.

1. Mandatory company information

The Companies (Trading Disclosures) Regulations 2008 and the Electronic Commerce (EC Directive) Regulations 2002, UK companies must display specific business details clearly on their website.
Required information includes:

• Registered company name (not just trading name).
• Company registration number.
• Place of registration (e.g., England & Wales, Scotland, NI).
• Registered office address.
• Geographic business address if selling online.
• VAT number, where applicable.
• Contact details, such as email address and preferably a phone number.

Although optional, if directors’ names are listed, all directors must be included.

A common best practice is to place these details in the website footer, ensuring they appear on every page.

2. Data Protection & Privacy (UK GDPR)

Any business collecting personal data must comply with the UK GDPR. Even basic features such as contact forms, newsletter sign-ups, analytics tools, and enquiry forms count as data collection.

Your website must include:

A privacy policy explaining:

• What personal data you collect.
• Why and how you collect it.
• How long you retain it.
• How data is stored and protected.
• Who it may be shared with.
• Users’ rights (e.g., access, deletion, correction).

A clear and accessible privacy policy is not optional. Transparency is a legal obligation for any business processing user information.

3. Cookies & tracking – Information Commissioner’s Office (ICO)

The ICO regulates how websites use cookies and tracking technologies by enforcing PECR and UK GDPR, requiring organisations to obtain valid consent and provide transparent information, and ensuring compliance through investigations and penalties to protect users’ privacy and control over their data.

What the law requires:

• Consent is mandatory for:

• • Advertising pixels (Meta/Facebook Pixel, LinkedIn Insight Tag, etc.)
  • Behavioural tracking tools
  • Retargeting technologies
  • Cross-site tracking
  • Profiling cookies
  • Most analytics cookies

• Consent is required for non-essential cookies, a banner is legally required to; ask for consent, allow users to accept or reject non-essential cookies, avoid pre-ticked boxes and avoid implied consent.
• A cookie policy is required under UK GDPR and this has been detailed above.

This is enforceable by law and non-compliance results in a maximum penalty of £17.5 million or 4% of global annual turnover under UK GDPR.

4. Consumer protection & E‑Commerce requirements

If your website sells goods or services, the following laws apply. These are the E-Commerce Regulations 2002, Consumer Contracts Regulation 2013 (CCR) and the Consumer Rights Act 2015 (CRA), UK companies must display these details on their website.

You must display:

• Full pricing (inclusive of VAT if applicable).
• Delivery details and timelines.
• A clear explanation of the ordering process
• Cancellation and refund rights.
• Accurate product or service descriptions.

Failing to provide required information can lead to consumer disputes and regulatory enforcement action.

5. Fake reviews prohibited (DMCC Act 2024 Enforcement)

The Digital Markets, Competition and Consumers Act (DMCC) has made fake or misleading reviews illegal.

Businesses must now:

• Take reasonable steps to verify that testimonials and reviews are genuine.
• Avoid incentivising reviews without full disclosure.
• Not publish fabricated or unverified customer endorsements.
• Do not buy, sell, or submit fake reviews

Using verified review platforms (e.g., Trustpilot, Feefo) helps meet compliance requirements.

6. Accessibility requirements (EAA 2025–2026)

From 2025 onwards, the European Accessibility Act (EAA) influences UK business websites, especially those selling products online, providing digital services, or distributing digital content.

Websites should:

• Be usable with assistive technologies.
• Provide alternative text for images.
• Use accessible navigation and contrast settings
• Present information clearly
• Ensure apps and online services follow the same rules
• Provide accessible customer support

Though enforcement varies post‑Brexit, accessible design reduces legal risk and improves user experience.

7. Terms & Conditions (recommended but often essential)

While informational websites don’t need Terms & Conditions, they become legally mandatory for e‑commerce and service‑based businesses that enter into contracts with consumers. A valid T&Cs page as per the Consumer Contracts Regulations 2013 and Consumer Rights Act 2015 typically covers:

• Business Identity & Contact details
• Description of goods, services, or digital content.
• Pricing, fees & total costs.
• Delivery or service fulfilment terms.
• Cancellation & refund rights.
• Rules for using the website.
• Complaints & dispute resolution.
• Limitations of liability.
• Intellectual property rights.

This protects your business from disputes and clarifies expectations for users.

8. Additional requirements (where applicable)

Trade bodies or regulatory memberships

If your business is part of a regulated industry (e.g., financial services, legal services), you must display details of:

• Accreditation
• Membership
• Authorisation numbers

Examples of sectors where this is regulatory are:

• Financial services (must display FCA authorisation details)
• Legal services (SRA number, regulatory status)
• Estate Agents (membership of an approved redress scheme)
• Charities (charity registration number)
• Healthcare providers (CQC registration number)
• Insurance Brokers (authorisation details)

Dissolution notices

If the company is being wound up, this must be disclosed on the website.

Conclusion

A UK company website in 2026 must meet a wide range of legal obligations covering business transparency, data protection, cookies, consumer rights, accessibility, and sector‑specific disclosures. While requirements differ depending on whether a site is informational or transactional, all businesses must ensure: Mandatory company details are displayed

• Mandatory company details are clearly displayed
• Privacy and cookie practices comply with UK GDPR and PECR
• Consumer information is accurate, transparent, and complete
• Reviews are genuine and not misleading
• Content and digital services meet accessibility standards
• Additional regulatory disclosures are included where required

Staying compliant not only avoids regulatory penalties but also strengthens user trust, supports credibility, and ensures your website meets modern expectations for transparency and fairness.