DOMAIN:EU_REGULATION:CONTRACT_LAW¶
OWNER: eric
ALSO_USED_BY: julian, aimee, margot
UPDATED: 2026-03-26
SCOPE: EU digital services contract requirements for client onboarding
OVERVIEW¶
EU contract law for digital services is shaped by multiple directives and regulations.
Eric must ensure every client contract meets minimum EU requirements before onboarding proceeds.
Failure to include mandatory clauses can render terms unenforceable or trigger fines.
KEY_INSTRUMENTS:
- Consumer Rights Directive (2011/83/EU, amended by 2024/825 and 2023/2673)
- Unfair Contract Terms Directive (93/13/EEC)
- eIDAS Regulation (910/2014, amended by 2024/1183 — eIDAS 2.0)
- Digital Content Directive (2019/770)
- Digital Services Directive (2019/771 for goods with digital elements)
- EU Data Act (2023/2854 — unfair B2B terms from Sep 2025)
B2B vs B2C — CRITICAL DISTINCTION¶
B2C (BUSINESS-TO-CONSUMER)¶
APPLIES_WHEN: client's end users are natural persons acting outside trade/profession
REGIME: fully harmonised EU consumer protection — cannot contract out of it
MANDATORY_PROTECTIONS:
- 14-day right of withdrawal (distance/off-premises contracts)
- pre-contractual information (Art. 6 CRD — 20+ items)
- plain language requirement
- prohibition of unfair terms (Directive 93/13)
- conformity guarantee (2 years minimum for digital content)
- automatic renewal transparency
- prohibition of dark patterns in contract formation
B2B (BUSINESS-TO-BUSINESS)¶
APPLIES_WHEN: both parties act in course of trade/profession
REGIME: national law applies (less harmonised) + EU Data Act unfair terms rules
B2B_PROTECTIONS (since Sep 12, 2025 via Data Act):
- unilaterally imposed data access/use terms must pass fairness test
- black list: terms excluding liability for intentional acts or gross negligence
- grey list: inappropriate limitation of remedies (rebuttable presumption of unfairness)
- general clause: terms departing significantly from good commercial practice
- model contractual terms published by Commission (Apr 2025)
DUTCH_B2B_ADDITIONS:
- reasonableness and fairness test (Art. 6:248 BW)
- general terms and conditions rules (Afdeling 6.5.3 BW)
- filing requirement with KvK or court (Art. 6:234 BW)
ACTION: Eric must classify every client contract as B2B or B2C at intake.
IF_MIXED: consumer protection rules apply to the consumer-facing parts.
DISTANCE SELLING REGULATIONS¶
LEGAL_BASIS: Consumer Rights Directive 2011/83/EU
APPLIES_TO: contracts concluded without simultaneous physical presence (online, phone, email)
SCOPE: virtually all GE client projects are distance-sold digital services
PRE-CONTRACTUAL INFORMATION (Art. 6 CRD)¶
BEFORE contract conclusion, trader MUST provide in clear and comprehensible manner:
CHECK: identity and contact details (including email and phone)
CHECK: main characteristics of the digital service
CHECK: total price including taxes (or calculation method if not determinable)
CHECK: cost of using means of distance communication (if above basic rate)
CHECK: payment, delivery and performance arrangements
CHECK: right of withdrawal conditions, deadline, procedures
CHECK: model withdrawal form
CHECK: information that consumer bears cost of returning goods
CHECK: duration of contract and termination conditions
CHECK: minimum duration of consumer obligations
CHECK: existence and conditions of deposits or financial guarantees
CHECK: digital content functionality and interoperability
CHECK: complaint handling mechanism
CHECK: ADR information (see consumer-protection.md)
FAILURE_CONSEQUENCE: withdrawal period extends to 12 months + 14 days.
CONTRACT CONFIRMATION¶
MUST provide confirmation on durable medium within reasonable time after conclusion.
MUST include all pre-contractual information.
IF digital content delivered before withdrawal period expires THEN obtain explicit prior consent.
RIGHT OF WITHDRAWAL (14 DAYS)¶
LEGAL_BASIS: Art. 9-16 Consumer Rights Directive
PERIOD: 14 calendar days from contract conclusion (services) or delivery (goods)
EXERCISE: consumer need only make unambiguous statement — no reason required
WITHDRAWAL BUTTON — NEW FROM JUN 19, 2026¶
LEGAL_BASIS: Directive 2023/2673, new Art. 11a CRD
FROM Jun 19, 2026 online sellers MUST provide:
STEP_1: visible button labelled "withdraw from the contract here" (or similarly unambiguous)
STEP_2: confirmation page with "confirm withdrawal here"
STEP_3: consumer confirms identity details and target contract
MUST be at least as easy as contract conclusion — no dark patterns
MUST be visible throughout cooling-off period
NON_COMPLIANCE_RISK: withdrawal period may become unlimited if mechanism absent.
FRANCE: fines up to EUR 75,000.
EXCEPTIONS (Art. 16 CRD)¶
NO withdrawal right for:
- fully performed services (if consumer gave prior express consent + acknowledged loss of right)
- personalised/custom-made goods
- sealed goods unsealed after delivery (hygiene/health)
- digital content delivery started with prior express consent + acknowledgment
- urgent repairs or maintenance
FOR_GE: SaaS subscriptions — if service fully performed within 14 days with consent, withdrawal right lost.
ACTION: Eric must include explicit consent checkbox + acknowledgment text in onboarding flow.
CONSEQUENCES OF WITHDRAWAL¶
TRADER: refund all payments within 14 days using same payment method
CONSUMER: cease using digital service, delete/return any content
DIGITAL_CONTENT: if delivered before withdrawal, consumer owes proportionate amount
UNFAIR CONTRACT TERMS (Directive 93/13/EEC)¶
SCOPE: B2C contracts where terms not individually negotiated (standard terms)
GENERAL TEST¶
A term is unfair if it causes significant imbalance in parties' rights and obligations
to the detriment of the consumer, contrary to good faith.
BLACKLISTED TERMS (Annex — indicative list)¶
ALWAYS_UNFAIR:
- excluding/limiting trader liability for consumer death/injury
- inappropriately excluding consumer's legal rights on defective performance
- binding consumer to terms they had no real opportunity to review
- allowing trader to unilaterally alter contract terms without valid reason
- automatically extending fixed-term contract without reasonable notice
- requiring consumer to fulfil obligations while trader does not
TRANSPARENCY REQUIREMENT¶
All terms must be drafted in plain, intelligible language.
Ambiguous terms interpreted in favour of consumer (contra proferentem).
DIGITAL SERVICES SPECIFIC¶
WATCH: automatic renewal clauses — must be clearly disclosed, easily cancellable
WATCH: data licensing terms disguised as service terms
WATCH: limitation of liability for data loss or service unavailability
WATCH: unilateral modification of service features
WATCH: binding arbitration clauses (unfair in many Member States)
ACTION: Eric must review all client-facing T&C against Annex checklist before deployment.
ELECTRONIC SIGNATURES (eIDAS)¶
LEGAL_BASIS: Regulation (EU) 910/2014, amended by Regulation (EU) 2024/1183
THREE LEVELS¶
SIMPLE ELECTRONIC SIGNATURE (SES)¶
WHAT: any electronic data attached to or logically associated with other data used to sign
EXAMPLES: typed name, scanned signature, "I agree" checkbox, email confirmation
LEGAL_EFFECT: cannot be denied legal effect solely because electronic
EVIDENCE_WEIGHT: low — may need additional proof in disputes
USE_FOR: low-value contracts, internal approvals, non-regulated contexts
ADVANCED ELECTRONIC SIGNATURE (AES)¶
REQUIREMENTS:
- uniquely linked to signatory
- capable of identifying signatory
- created using data under signatory's sole control
- linked to signed data so any change is detectable
EXAMPLES: ZealID (SE), Signicat (NO), Scrive (SE) — EU preferred. DocuSign (US), Adobe Sign (US) with identity verification — secondary.
USE_FOR: commercial contracts, HR documents, B2B agreements
QUALIFIED ELECTRONIC SIGNATURE (QES)¶
REQUIREMENTS: AES created by Qualified Signature Creation Device (QSCD) + certificate from QTSP
LEGAL_EFFECT: equivalent to handwritten signature across all EU Member States
USE_FOR: real estate, government submissions, high-value regulated transactions
MANDATORY_FOR: certain financial services, public procurement in some Member States
eIDAS 2.0 — EU DIGITAL IDENTITY WALLET¶
REGULATION: (EU) 2024/1183, entered force May 20, 2024
WALLET_AVAILABLE: progressive deployment 2026, general availability 2027
MANDATORY_ACCEPTANCE (from 2028): banking, healthcare, telecom, transport, large online platforms
FEATURE: wallet can create QES as easily as unlocking phone
ACTION_NOW:
- design auth flows to be wallet-integration ready
- accept AES minimum for all client contracts
- use QES for contracts above EUR 10,000 or regulated sectors
- monitor QTSP list at eIDAS Dashboard (ec.europa.eu)
CONTRACT TEMPLATES — REQUIRED CLAUSES¶
MINIMUM CLAUSES FOR GE CLIENT CONTRACTS¶
Every contract Eric prepares MUST include:
- PARTIES: legal names, registration numbers, addresses
- SCOPE: clear description of digital service/deliverables
- DURATION: start date, term, renewal mechanism
- PRICING: total price incl. VAT, payment terms, late payment consequences
- WITHDRAWAL: 14-day right (B2C) with model form, or explicit waiver mechanism
- DATA_PROCESSING: reference to DPA (Art. 28 GDPR) — see privacy/data-processing-agreements.md
- INTELLECTUAL_PROPERTY: ownership, licenses, open-source disclosure
- LIABILITY: limitations (must pass unfair terms test for B2C)
- TERMINATION: grounds, notice periods, consequences
- GOVERNING_LAW: applicable law and jurisdiction
- ADR: dispute resolution mechanism reference
- FORCE_MAJEURE: definition and consequences
- CONFIDENTIALITY: obligations and duration
- COMPLIANCE: regulatory compliance responsibilities
- AMENDMENT: how contract may be modified (restrictions for B2C)
DIGITAL CONTENT DIRECTIVE ADDITIONS (Directive 2019/770)¶
IF delivering digital content or digital service to consumers:
CHECK: conformity requirements (Art. 7-8) — must match description, be fit for purpose
CHECK: update obligation — security and functionality updates for contract duration
CHECK: consumer remedies — repair, replacement, price reduction, termination
CHECK: burden of proof reversal — defect within 1 year presumed to have existed at delivery
CHECK: modification rights — only with valid reason, prior notice, free opt-out
DUTCH SPECIFICS (BW — Burgerlijk Wetboek)¶
DISTANCE SELLING¶
IMPLEMENTING_LAW: Art. 6:230g-230z BW
REGULATOR: ACM (Autoriteit Consument & Markt)
FINE_AUTHORITY: up to EUR 900,000 or 1% turnover
GENERAL TERMS AND CONDITIONS¶
RULES: Afdeling 6.5.3 BW (Art. 6:231-247)
REQUIREMENT: terms must be provided before or at contract conclusion
DELIVERY: electronic delivery permitted if contract concluded electronically
BLACK_LIST (Art. 6:236): terms always void — e.g., unilateral price increases without exit right
GREY_LIST (Art. 6:237): presumed unreasonable — e.g., unusually long notice periods
ELECTRONIC COMMERCE¶
IMPLEMENTING_LAW: Art. 3:15a-15e BW (electronic legal acts)
REQUIREMENT: electronic contracts valid if information requirements met
ORDERING_PROCESS: must allow review and correction before confirmation
CROSS-BORDER CONSIDERATIONS¶
APPLICABLE LAW (Rome I — Regulation (EC) 593/2008)¶
B2C: consumer's habitual residence law applies if trader directs activities to that country
CANNOT contract away from mandatory consumer protections of consumer's country
B2B: parties may choose governing law (freedom of contract)
LANGUAGE¶
No EU-wide language requirement for contracts.
HOWEVER: pre-contractual information must be in language of the Member State where consumer resides (some MS require this).
DUTCH: ACM expects Dutch-language T&C for Dutch consumers.
BEST_PRACTICE: provide T&C in local language of target market.
ENFORCEMENT TIMELINE¶
| Requirement | Date | Status |
|---|---|---|
| Unfair B2B terms (Data Act) | Sep 12, 2025 | IN_FORCE |
| Green transition info (2024/825) | Mar 27, 2026 | TRANSPOSITION_DUE |
| Withdrawal button (2023/2673) | Jun 19, 2026 | UPCOMING |
| eIDAS 2.0 wallet deployment | End 2026 | UPCOMING |
| Wallet mandatory acceptance | 2028 | FUTURE |
READ_ALSO: domains/eu-regulation/index.md, domains/eu-regulation/consumer-protection.md, domains/privacy/data-processing-agreements.md