The development of new technologies is taking place at a rapid pace, inevitably outpacing the legal framework of the social relations associated with their use. At the same time, the number of community and national legislative acts regulating e-commerce is growing, intertwining issues of intellectual property, personal data protection, consumer rights, and competition.
What is E-commerce?
E-commerce is a broad concept. For some, it is simply the use of distance communication means; for others, it is an exclusively digital contracting process. Today, it goes beyond the traditional Internet and encompasses digital television (t-commerce), mobile platforms (m-commerce), and the convergence of telecommunications and media.
The main source of legal regulation at the EU level is Directive 2000/31/EC (the E-commerce Directive). Its aim is to create a general legal framework, eliminate differences in the legislations of Member States, and ensure legal certainty. In Bulgaria, this Directive has been transposed through the Electronic Commerce Act (ECA), which largely reproduces its European prototype.
1. What does the Directive NOT regulate? (Exceptions)
The Directive regulates only certain aspects of e-commerce. Excluded from its scope (and consequently from the ECA) are:
-
Taxation and the collection of public receivables.
-
Personal data protection (which is regulated by the GDPR and specialized directives).
-
Cartel law and competition.
-
The activities of notaries and other professions exercising public functions (e.g., private enforcement agents).
-
Gambling activities (with the exception of promotional games aimed at increasing sales).
Furthermore, Member States may exclude certain contracts from the possibility of being concluded electronically (e.g., the transfer of real estate, contracts under family and inheritance law) that require a strict written or notarized form.
2. Information Society Services
The objects of the Directive and the ECA are the so-called "information society services". For a service to qualify as such, it must possess several cumulative characteristics:
-
Electronic means: It is provided through electronic processing and data storage devices (offline services are excluded).
-
Commercial nature: At least one of the parties must be a trader (B2B or B2C).
-
Upon individual request: The service is provided at the individual request of a recipient (e.g., visiting a website). Radio and television broadcasts do not fall under this category.
-
At a distance: The parties are not simultaneously present in the same physical location.
-
For remuneration: It is usually provided for a fee, which indicates an economic activity.
3. Coordinated Field and the Country of Origin Principle
One of the central concepts in the Directive is the "coordinated field". These are the requirements laid down in the legal systems of the Member States applicable to information society service providers concerning the taking up and pursuit of their activity (behavior, quality, advertising, liability).
The coordinated field is closely related to the Country of Origin principle. According to this principle, information society services are provided in accordance with the law of the Member State where the provider is established (the country of origin).
The goal: The provider should be subject to control only once—in their home country. This prevents the requirement for businesses to comply with 27 different national regimes, which would block cross-border e-commerce. Restrictions from other states are permissible only in exceptional cases (e.g., to protect public policy or public health).
4. Concluding Contracts Electronically
The Directive obliges Member States to remove legal obstacles to the conclusion of contracts online (e.g., traditional written form requirements that would render them invalid).
How is an electronic contract concluded? An interesting specific of online stores is that the display of goods on the site is merely an invitation to treat (an invitation to negotiate). The actual process unfolds as follows:
-
Offer (Order): The customer (recipient of the service) makes a statement to conclude a contract by completing the order.
-
Acceptance (Confirmation): The trader (provider) confirms receipt of the order without undue delay. The contract is concluded only when this confirmation reaches (or is accessible in the information system of) the customer.
Important: When contracting via email, the rules for contracts between absent parties apply, whereas, with automated online forms (websites), the communication is instantaneous and is treated analogously to contracts between present parties.
5. Commercial Communications and SPAM
E-commerce requires clear rules for advertising. Every commercial communication must be clearly identifiable as such, and the identity of the sender must not be concealed.
Regarding unsolicited commercial communications (SPAM), the European framework has undergone an evolution:
-
Initially, the E-commerce Directive introduced an Opt-out system (a free regime)—messages could be sent until the recipient opted out.
-
Later, Directive 2002/58/EC introduced a strict Opt-in system (a prohibitive regime) for natural persons—SPAM can only be sent with prior consent.
In Bulgaria (through the ECA and the Personal Data Protection Act), the regime for consumers (natural persons) is strict (prior consent is required), whereas legal entities can receive communications unless they register in a special electronic opt-out register kept by the Consumer Protection Commission (CPC).
6. Liability of Intermediary Service Providers (ISP)
Internet service providers establish the connection between the sender and the recipient of the information. The general rule is that they do not have a general obligation to actively monitor the content they transmit (similar to the post office, which does not read the letters).
They are exempt from liability in three main scenarios, subject to strict conditions:
-
Mere conduit: The provider merely transmits the information; they do not initiate the transmission, select the receiver, or modify the content.
-
Caching: The automatic, intermediate, and temporary storage of information to make onward transmission more efficient. The provider is not liable if they do not modify the information and comply with updating rules.
-
Hosting and Linking: The storage of third-party information. The provider is not liable unless they have actual knowledge that the content is illegal. Upon obtaining such knowledge (e.g., a copyright infringement notice), they are obliged to act expeditiously to remove or disable access to the information.
Conclusion
Although Directive 2000/31/EC made a huge leap in creating a general legal framework for e-commerce in Europe, full harmonization has not yet been completely achieved due to the numerous exceptions and areas outside the coordinated field.
The Bulgarian Electronic Commerce Act strictly follows the European Directive. However, practice shows that certain issues (such as the exact time and place of concluding an electronic contract) could find an even clearer and more detailed regulation in our national civil law to guarantee maximum legal certainty.