Running a business website in the UK means meeting specific legal requirements. This guide covers what UK law requires you to display on your website, from company registration details to cookie consent.
Company Information Requirements
If your business is a limited company or LLP, you must display certain information on your website. The Companies Act 2006 requires:
- Registered company name (exactly as it appears on the Companies House register)
- Company registration number
- Place of registration (England and Wales, Scotland, or Northern Ireland)
- Registered office address
Most businesses display this information in the website footer. If you trade under a different name, you must show both the trading name and registered name.
Sole Traders and Partnerships
Sole traders and partnerships have simpler requirements. You need to display:
- Your business name
- A geographic address where documents can be served
- Your email address
VAT-Registered Businesses
If you're VAT-registered, you must also display your VAT registration number on your website, particularly near pricing information.
Cookie Consent and Privacy
UK websites must comply with the Privacy and Electronic Communications Regulations (PECR) and UK GDPR. This means:
- Informing users about cookies before they're set
- Getting consent for non-essential cookies
- Providing a clear way to accept or reject cookies
- Not using pre-ticked boxes for consent
Essential cookies (those needed for the website to function) don't require consent. Analytics, advertising, and tracking cookies do.
The ICO's view: In January 2025, the Information Commissioner's Office reviewed the top 200 UK websites and found that 134 failed to meet cookie compliance standards. Getting this right matters.
What Your Cookie Banner Must Do
- Appear before non-essential cookies are set
- Explain clearly what cookies you use and why
- Offer genuine choice (not just "Accept All")
- Make rejecting cookies as easy as accepting them
- Link to your full cookie policy
Privacy Policy
Every UK business website that collects personal data needs a privacy policy. This must explain:
- What personal data you collect
- Why you collect it (your lawful basis)
- How long you keep it
- Who you share it with
- How people can access, correct, or delete their data
- Your contact details for data protection queries
The ICO provides a privacy notice generator that helps small businesses create compliant privacy policies for free.
Accessibility Requirements
Under the Equality Act 2010, UK websites must be accessible to people with disabilities. While there's no specific technical standard mandated for private sector websites, failing to make reasonable adjustments could be discriminatory.
The European Accessibility Act comes into full effect in June 2025 and applies to many digital products and services. If you sell to EU customers, this affects you.
Practical Accessibility Steps
- Ensure text can be resized without breaking the layout
- Provide alt text for images
- Make sure the site works with keyboard navigation
- Use sufficient colour contrast
- Provide captions for video content
Terms and Conditions
While not legally required for all websites, terms and conditions are essential if you:
- Sell products or services online
- Allow user-generated content
- Provide a membership or subscription service
For e-commerce, the Consumer Contracts Regulations require specific information about returns, cancellation rights, and delivery.
Consumer Protection for Online Sales
If you sell to consumers online, additional requirements apply:
- 14-day cooling-off period for most goods and services
- Clear pricing including all taxes and delivery costs before checkout
- Confirmation emails with order details and cancellation information
- Accurate product descriptions
The Digital Markets, Competition and Consumers Act (2024) also bans fake reviews. If you display reviews, you must take reasonable steps to verify they're genuine.
What About HTTPS?
While not a strict legal requirement, running your site over HTTPS (with an SSL certificate) is effectively mandatory because:
- Browsers mark HTTP sites as "Not Secure"
- Google ranks HTTPS sites higher
- You can't legally collect personal data over an insecure connection under GDPR
Most hosting providers include free SSL certificates, so there's no reason not to use HTTPS.
Penalties for Non-Compliance
Failing to meet these requirements can result in:
- Companies Act breaches: Fines up to £1,000 per offence
- UK GDPR breaches: Fines up to £17.5 million or 4% of annual turnover
- Consumer protection breaches: Enforcement action from Trading Standards
- Accessibility failures: Potential discrimination claims
For small businesses, the ICO typically issues warnings and guidance before fines. But getting compliance right from the start avoids the hassle entirely.
Quick Compliance Checklist
- Company name and registration number in footer (if limited company)
- Registered address displayed
- VAT number shown (if VAT-registered)
- Cookie consent banner that works properly
- Privacy policy accessible from every page
- Contact information easy to find
- HTTPS enabled
- Basic accessibility measures in place
Need help making your website compliant? I build websites for UK businesses with all legal requirements handled from day one. Get in touch to discuss your project.