Germany has some of the strictest e-commerce regulations in the world. What flies in the US or UK can get you fined thousands of euros in Germany before you've made your first sale. I've seen stores hit with Abmahnungen (cease-and-desist letters) within weeks of launching because they skipped what they thought were minor legal details.
Here's the uncomfortable truth: running a legally compliant Shopify store in Germany isn't optional, and it's not simple. The DSGVO (Germany's implementation of GDPR), the Impressum requirement, Widerrufsrecht, Preisangabenverordnung, and mandatory AGB all create a web of obligations that didn't exist in most other markets. Ignoring any one of them exposes you to fines from regulators and, more commonly, costly Abmahnungen from competitors or specialized law firms that make a business model out of finding violations.
This guide covers every legal requirement you need to address before selling on Shopify in Germany. I've built and audited dozens of German Shopify stores, and these are the exact issues that trip up merchants every single time.
The Impressum: Germany's Mandatory Legal Notice
Every commercial website in Germany must have an Impressum (legal notice). This isn't a suggestion or best practice -- it's required by Section 5 of the Telemediengesetz (TMG) and Section 18 of the Medienstaatsvertrag (MStV). Missing or incomplete Impressum pages are the single most common reason for Abmahnungen against online stores.
Your Impressum must contain: your full legal name (or company name with legal form, e.g., GmbH, UG, e.K.), a physical street address (no P.O. boxes), a direct contact email and phone number, your Handelsregisternummer (commercial register number) and the court where you're registered, your USt-IdNr. (VAT identification number), and the name of the person responsible for content under Section 18 MStV.
If you're a regulated profession (e.g., pharmacist, financial advisor), additional disclosures apply. If you have a Geschaeftsfuehrer (managing director), their name must be listed.
Critically, the Impressum must be accessible from every page of your store with no more than two clicks. The standard approach on Shopify is to link it in the footer navigation. Do not bury it behind dropdowns, accordions, or JavaScript-heavy elements that might not render for all users. Courts have ruled that an Impressum that requires more than two clicks to reach is effectively missing.
A common mistake with Shopify stores: founders use their home address initially, then move to a virtual office address. If your registered business address and your Impressum address don't match what's filed with the Handelsregister, you're technically non-compliant. Keep everything synchronized.
Use a free Impressum generator from a reputable source like e-recht24.de or the IHK (Chamber of Commerce) to ensure you don't miss required fields. Update your Impressum immediately whenever any business details change -- address, phone number, managing director, or registration numbers.
DSGVO/GDPR Compliance: Data Protection Done Right
The Datenschutz-Grundverordnung (DSGVO) is Germany's implementation of the EU General Data Protection Regulation (GDPR). Germany enforces it more aggressively than most EU countries. German data protection authorities (Datenschutzbehoerden) have issued fines ranging from a few thousand euros for small businesses to millions for larger violations. In 2023, Meta was fined EUR 1.2 billion by Irish authorities under GDPR for EU-US data transfers -- a ruling that directly impacts how German stores use Facebook Pixel, Google Analytics, and similar tools.
For your Shopify store, DSGVO compliance means several concrete obligations. First, you need a comprehensive Datenschutzerklaerung (privacy policy) that details exactly what personal data you collect, why you collect it, what legal basis you rely on (consent, contract performance, legitimate interest), who you share data with (including all third-party processors like Shopify, payment providers, email tools, analytics), and how long you retain data.
Second, you must maintain a Verzeichnis von Verarbeitungstaetigkeiten (record of processing activities) documenting every type of data processing your store performs. This isn't published on your site, but you must produce it on request from authorities.
Third -- and this is where most Shopify stores fail -- you need a proper Auftragsverarbeitungsvertrag (data processing agreement, or AVV/DPA) with every third-party service that processes customer data on your behalf. Shopify has a DPA built into their terms. But every app you install, every email tool, every analytics service also needs one. If you're using Klaviyo, Mailchimp, Google Analytics, or any review tool, you need DPAs with each of them.
Finally, if your store processes data at scale or you employ more than 20 people who regularly handle personal data, you're required to appoint a Datenschutzbeauftragter (data protection officer).
Use a specialized German privacy policy generator like those from e-recht24.de, IT-Recht Kanzlei, or Haendlerbund. Generic English-language GDPR templates don't cover German-specific requirements. Review and update your privacy policy every time you add or remove an app.
Cookie Consent: What's Actually Required
Since the German Bundesgerichtshof (Federal Court of Justice) ruling in May 2020 (the 'Planet49' case) and the Telekommunikation-Telemedien-Datenschutzgesetz (TTDSG) that took effect in December 2021, the rules on cookies in Germany are crystal clear: you need active, informed, prior consent for all non-essential cookies. No pre-checked boxes. No cookie walls. No 'by continuing to browse you agree' banners.
Essential cookies -- those technically necessary for your store to function, like the Shopify cart cookie or session cookies -- don't require consent. Everything else does. That includes Google Analytics, Facebook Pixel, Hotjar, Klaviyo tracking, TikTok Pixel, Pinterest Tag, Google Ads conversion tracking, and virtually every marketing or analytics tool you use.
Your cookie consent banner must meet specific requirements: it must clearly list the categories of cookies used, it must be as easy to reject all cookies as it is to accept them (the reject button must be equally prominent as the accept button -- no hiding 'reject' behind a 'manage preferences' link), and it must not load any non-essential cookies or tracking scripts until the user actively consents. This means you need a proper Consent Management Platform (CMP) that actually blocks scripts, not just a cosmetic banner.
For Shopify stores, this is technically challenging because many apps inject their own tracking scripts. A CMP must intercept these before they fire. Popular CMPs for German Shopify stores include Cookiebot (now Usercentrics CMP), Consentmo, and Borlabs (for custom setups). The CMP should also be IAB TCF 2.2 compliant if you run programmatic advertising.
The penalty for non-compliant cookie consent isn't theoretical. German data protection authorities actively check stores, and competitor-driven Abmahnungen targeting cookie violations are increasingly common. Fines under TTDSG can reach EUR 300,000.
Test your cookie implementation with a tool like Cookiebot's free scanner or the browser extension 'Ghostery' to verify that no tracking scripts fire before consent is given. Do this after every app installation, because new apps often inject scripts that bypass your CMP.
Widerrufsrecht: The 14-Day Right of Withdrawal
Under EU Directive 2011/83/EU, implemented in Germany through Sections 312g and 355 of the Buergerliches Gesetzbuch (BGB), consumers have a mandatory 14-day right of withdrawal (Widerrufsrecht) for online purchases. This is not a return policy you choose to offer -- it's the law, and you cannot restrict or waive it.
The 14-day period starts when the customer receives the goods, not when they place the order. For subscriptions or digital content, the rules differ slightly, but the principle remains: customers can cancel without giving any reason within 14 days.
You are legally required to provide a Widerrufsbelehrung (cancellation policy) that uses specific, government-prescribed wording. The German Federal Ministry of Justice publishes a model Widerrufsbelehrung that you should use almost verbatim. Deviating from the official template is risky -- courts have voided cancellation policies for even minor wording changes. You must also provide a model Widerrufsformular (cancellation form) that customers can optionally use.
Here's where it gets painful: if your Widerrufsbelehrung is defective or missing, the withdrawal period extends from 14 days to 12 months and 14 days. This means a customer could return a product they bought a year ago, and you'd have to accept it and refund them. This is not hypothetical -- it happens, and German courts enforce it.
Once a customer exercises their right of withdrawal, you must refund the full purchase price including the original outbound shipping costs within 14 days. You may withhold the refund until you've received the goods back. Return shipping costs can be charged to the customer, but only if you clearly stated this in your Widerrufsbelehrung before purchase.
Certain product categories are exempt from the Widerrufsrecht: sealed hygiene products that have been opened, perishable goods, custom-made products, sealed audio/video recordings or software that has been unsealed, and newspapers or magazines (except subscriptions). Digital content is exempt once download/streaming has begun, but only if the customer explicitly consented to losing their withdrawal right before that happened.
Use the exact model Widerrufsbelehrung from the German Federal Ministry of Justice. Don't rewrite it, don't simplify it, don't translate your English return policy. Display it prominently on product pages, in the checkout, and in the order confirmation email. Services like IT-Recht Kanzlei or Haendlerbund provide legally vetted German texts that auto-update when laws change.
Preisangabenverordnung: Price Display Rules That Catch Everyone Off Guard
The Preisangabenverordnung (PAngV), Germany's price display regulation, was significantly updated in May 2022 and now contains rules that many Shopify store owners are unaware of. Violations are a favorite target for Abmahnungen because they're easy to spot and technically straightforward to prove.
The core requirement: every price displayed to consumers must be a gross price (Bruttopreis) -- that is, including VAT and all mandatory charges. You must display 'inkl. MwSt.' (including VAT) next to or near the price. Shipping costs must be clearly stated or linked near the price. A common compliant format is: 'EUR 49,90 inkl. MwSt., zzgl. Versandkosten' with 'Versandkosten' linking to your shipping information page.
For products sold by weight or volume (food, cosmetics, cleaning products, etc.), you must display the Grundpreis (unit price) -- for example, EUR 39,80/kg or EUR 2,99/100ml. This applies even if you don't think of yourself as selling by weight. A 250g bag of coffee beans or a 200ml bottle of shampoo triggers Grundpreis requirements. The unit price must be displayed with the same visual prominence as the selling price.
The 2022 update introduced a critical new rule for sales and discounts: when you advertise a reduced price (Streichpreis or strike-through pricing), you must reference the lowest price the product was offered at in the last 30 days, not the original retail price. If your product was EUR 79,90 but you ran a EUR 59,90 promotion two weeks ago, your new sale can only strike through EUR 59,90, not EUR 79,90. This '30-day rule' (implementing EU Directive 2019/2161, the 'Omnibus Directive') prevents artificial inflation of original prices to make discounts appear larger.
Shopify's native compare-at-price feature doesn't enforce this automatically. You need to track price history yourself or use an app that does. Getting this wrong is one of the easiest ways to get an Abmahnung in 2026.
Create a spreadsheet or use a price-tracking app that records every price change with dates. Before running any sale, check what the lowest price was in the preceding 30 days. That's your maximum strike-through price. Automate this if possible -- manual tracking breaks down during busy sales periods like Black Friday.
AGB and Other Required Legal Pages
While Allgemeine Geschaeftsbedingungen (AGB, or general terms and conditions) are not strictly mandatory under German law -- you can technically sell without them -- operating without AGB in Germany is like driving without insurance. It's legal in the narrowest sense, but the risk is enormous. Without AGB, default statutory provisions under the BGB apply, and those default provisions tend to favor consumers in disputes. Having well-drafted AGB lets you define specific rules for your business within legal limits.
Your AGB should cover: scope and contract formation (when exactly does a binding contract form between you and the customer?), payment methods and terms, delivery conditions and shipping times, retention of title (Eigentumsvorbehalt), warranty and liability limitations (within legal bounds), and governing law/jurisdiction.
Critical: your AGB must not contain clauses that violate consumer protection law. German courts regularly invalidate AGB clauses that disadvantage consumers. A single invalid clause can make the entire AGB unenforceable. Do not copy AGB from another store or translate English terms of service. Have them drafted or at least reviewed by a German e-commerce lawyer, or use a service like IT-Recht Kanzlei, Haendlerbund, or Protected Shops that provides regularly updated, legally vetted AGB.
Beyond AGB, you need a dedicated shipping information page (Versandinformationen) showing delivery times and costs for each region, a payment methods page, and -- if you sell physical products -- a battery disposal notice (Batteriegesetz) if any of your products contain or are shipped with batteries. Since July 2022, sellers of electronics must also register with the stiftung ear (WEEE registration) and display the registration number.
All legal pages must be accessible from every page of your store, typically via footer links. On Shopify, create these as dedicated pages and add them to a footer navigation menu. Don't use pop-ups or modals for legal pages -- they need persistent, crawlable URLs.
Subscribe to a legal text service like IT-Recht Kanzlei (from about EUR 9.90/month), Haendlerbund, or Protected Shops. They provide all required legal pages (AGB, Widerrufsbelehrung, Datenschutzerklaerung, Impressum) and update them automatically when laws change. This is vastly cheaper than a single Abmahnung, which typically starts at EUR 1,000 in legal fees.
Essential Shopify Apps and Trust Seals for German Compliance
Shopify was built for the US market, and its default configuration doesn't meet German legal requirements out of the box. You need additional apps and configurations to close the compliance gaps.
For legal texts and compliance, the most-used solutions in the German Shopify ecosystem are German Market by Suspended (formerly 'Shopify German Market'), which handles Impressum, AGB, Widerrufsbelehrung, Datenschutzerklaerung, and other legally required pages. It also handles Grundpreis display, tax labels ('inkl. MwSt.'), and correct shipping cost references. The IT-Recht Kanzlei Shopify plugin is another strong option -- it syncs legal texts directly from their service and auto-updates when regulations change.
For cookie consent, Cookiebot (Usercentrics CMP) or Consentmo are the most commonly used CMPs on German Shopify stores. Both support IAB TCF 2.2, real script blocking (not just cosmetic banners), and produce the consent logs needed to demonstrate compliance during audits.
Trust seals matter enormously in Germany. The Trusted Shops seal is the most recognized trust mark in German e-commerce, with recognition rates above 75% among German online shoppers. Trusted Shops provides a Kaeuerschutz (buyer protection) guarantee and mediates disputes. The EHI seal is another well-recognized option. Both require an audit of your store's legal compliance before certification, which actually serves as a useful compliance check.
For invoicing, German tax law requires proper invoice generation with sequential numbering and all mandatory fields (USt-IdNr., invoice date, sequential invoice number, itemized net/gross amounts, VAT rate). Shopify's default order confirmation doesn't meet these requirements. Apps like Sufio, Order Printer Pro, or Billbee handle compliant German invoice generation.
Don't forget: every app you install needs a data processing agreement (AVV) and must be listed in your privacy policy. The more apps you add, the more compliance work you create.
Start with German Market (or a comparable all-in-one compliance app), a proper CMP like Cookiebot, and an invoicing app like Sufio. These three close the most critical compliance gaps. Then apply for Trusted Shops certification -- the audit process itself will reveal any remaining issues with your legal setup.
Conclusion
German e-commerce law is demanding, but it's not unknowable. The merchants who get into trouble are almost always the ones who assumed they could figure it out later or that their English-language legal pages were 'close enough.' They're not. A single Abmahnung typically costs EUR 1,000-5,000 in legal fees -- far more than the cost of getting compliant from day one.
Invest in proper legal text services, install the right compliance apps, and get your Trusted Shops certification. Then maintain it: review your legal pages whenever you add new features, apps, or marketing tools. German e-commerce law evolves constantly, and what was compliant last year may not be compliant today.
Key Takeaways
- 01An Impressum with full legal details is mandatory on every German commercial website -- missing or incomplete ones are the top cause of Abmahnungen
- 02DSGVO compliance requires a comprehensive Datenschutzerklaerung, data processing agreements with every third-party service, and proper consent management
- 03Cookie consent must use real script-blocking (not cosmetic banners) and make rejection as easy as acceptance since the TTDSG took effect
- 04The Widerrufsrecht gives customers a 14-day withdrawal right -- a defective cancellation policy extends this to over 12 months
- 05Price displays must include VAT, show Grundpreis for weight/volume products, and reference the lowest 30-day price for any strike-through pricing
- 06Subscribe to a legal text service like IT-Recht Kanzlei or Haendlerbund -- automated legal page updates are far cheaper than a single Abmahnung