Describes what a company needs to know to take advantage of e-commerce in the local market and covers prominent B2B websites.
The global health pandemic triggered significant activity in Ireland’s online economy with growth in total online spend estimated at 30-40% since 2019. Market value estimates vary significantly, ranging from €4 billion to €7 billion. Strong household internet access (92%) and smartphone usage (90%) are driving Irish online retailing activity. Mobile commerce is becoming especially strong with consumers being particularly willing to make purchases via their smartphones. Prior to 2020, travel, hotel accommodation, event ticketing and apparel were the principal goods and services bought online, however, the global health pandemic generated a significant spike in consumer online activity for Irish food retailers and other goods and services.
According to EuroMonitor International, eCommerce activity in Ireland continues to expand rapidly with mobile internet retailing becoming especially significant. Retailers are launching functional mobile apps while store-based retailers are increasingly utilizing multi-channel options. Click-&-collect services have become more widely available, allowing retailers to maximize retail potential without incurring delivery fees, while the consumer has almost immediate access to purchases without having to plan for deliveries.
Amazon remains the leading player in internet retailing locally, however the popularity of UK-based online marketplaces is being tested through Brexit in January 2021 and new EU VAT rules since July 2021. Ahead of Brexit, Amazon opened its first delivery station in Ireland in October 2020 and will open its first eCommerce fulfilment center in Spring 2022 together with a second delivery station. These investments represent the company’s first use of direct-hire staff in Ireland to handle online orders. The Dublin facility will receive shipments from Amazon’s large fulfilment centers across Europe with packages sorted for ‘last mile’ delivery to Irish customers. UPS launched ‘last mile’ bike delivery service in Dublin city center in 2019.
The Irish government is currently supporting SMEs in their efforts to develop online sales portals through a package of support measures. Leading U.S. digital and fintech innovators including Google, Amazon, Facebook, MasterCard, Stripe and Square are also supporting Irish SMEs with their evolution to online retailing.
In 2015, the European Union, launched the Digital Single Market Strategy, of which e-commerce was a priority area. Since then, the Electronic Commerce Directive has provided rules for online services in the European Union, including requiring providers to abide by regulations in the country where they are established (the country of origin); to meet certain consumer protection rules, such as indicating contact details on their website, clearly identifying advertising, and protecting against spam. The Directive also grants exemptions to liability for intermediates that transmit illegal contact by third parties and for unknowingly hosting content.
Value Added Tax (VAT)
The EU VAT system is semi-harmonized. While the guidelines are set out at the EU level, the implementation of VAT policy is the prerogative of Member States. The EU VAT Directive allows Member States to apply a minimum 15 percent VAT rate. However, they may apply reduced rates for specific goods and services or temporary derogations. Irish VAT rates are available from Irish Revenue at https://www.revenue.ie/en/vat/vat-rates/search-vat-rates/current-vat-rates.aspx.
In addition, the EU applies VAT to sales by non-EU based companies of Electronically Supplied Services (ESS) to EU-based non-business customers. U.S. companies that are covered by the rule must collect and submit VAT to EU tax authorities. Since 2015, all supplies of telecommunications, broadcasting and electronic services are taxable at the place where the customer resides. In the case of businesses this means either the country where it is registered or the country where it has a fixed premise receiving the service. In the case of consumers, it is where they are registered, have their permanent address, or usually live.
As part of the legislative changes of 2015, the Commission launched the Mini One Stop Shop (MOSS) scheme, the use of which is optional. It is meant to facilitate the sales of ESS from taxable to non-taxable persons (B2C) located in Member States in which the sellers do not have an establishment to account for VAT. In 2021, this service was extended to cover online sales of goods and services other than ESS. For more information please check the official guide on MOSS issued by the European Commission.
The mini One Stop Shop scheme allows taxable persons (namely, sellers) to avoid registering in each Member State where the product would be sold. A taxable person who is registered for the mini One Stop Shop in a Member State (the Member State of identification) can electronically submit quarterly mini One Stop Shop VAT returns detailing supplies of electronically supplied services or other sales to non-taxable persons in other Member States (the Member State of consumption), along with the VAT due. On February 12, 2020, the European Union adopted Commission Implementing Regulation (EU) 2020/194 concerning VAT on e-commerce. This regulation provides details for the registration in the VAT One Stop Shop and the Import One Stop Shop (see below).
In November 2019, the Council adopted new regulations that will pave the way for a smooth transition to new VAT rules for e-Commerce: Council Directive (EU) 2019/1995, which amends Directive 2006/112/EC regarding provisions relating to distance sales of goods and certain domestic supplies of goods, and Council Implementing Regulation (EU) 2019/2026, which amends Implementing Regulation (EU) No 282/2011 regarding supplies of goods or services facilitated by electronic interfaces and the special schemes for taxable persons supplying services to non-taxable persons, making distance sales of goods and certain domestic supplies of goods.
July 1, 2021 VAT Changes
As of July 1, 2021, changes were introduced to the way that VAT is charged on online sales, whether consumers buy from traders within or outside the European Union:
Prior to these changes, goods imported into the European Union valued at less than 22 euro by non-EU companies were exempt from VAT. This exemption has now been lifted so that VAT is charged on all goods entering the European Union – just like for goods sold by EU businesses. (Under the previous system, certain unscrupulous sellers from outside of the EU mislabeled the consignment of goods to benefit from this exemption, which led to an estimated seven billion year in fraud annually).
Previously, e-commerce sellers needed to have a VAT registration in each Member State in which they have a turnover above a certain overall threshold, which varies from Member State to Member State. With these changes, these thresholds were replaced by one common threshold of 10,000 euro above which VAT must be paid in the Member State where the goods are delivered (that threshold already applied for electronic services sold online). An online seller would register for the One Stop Shop to address all of their VAT obligations for their sales across the entire European Union. Once registered, the seller could pay VAT in the One Stop Shop for all of their EU sales via a quarterly declaration, and the One Stop Shop system would transmit that VAT remittance to the respective Member State. Sellers outside of the European Union can also take advantage of this system, and prices should include VAT.
From July 1, 2021, the Mini One Stop Shop (MOSS) became the One-Stop Shop (OSS). The VAT OSS simplifies Value-Added Tax (VAT) obligations for businesses selling goods and services cross border to final consumers in the European Union (EU). Within the OSS, there are two schemes, the Union scheme, at https://www.revenue.ie/en/vat/vat-ecommerce/union-scheme/index.aspx and the non-Union scheme at https://www.revenue.ie/en/vat/vat-ecommerce/non-union-scheme/index.aspx.
The Union scheme simplifies VAT obligations for businesses selling goods and services cross border to final consumers in the EU. Once registered for the Union scheme, a taxable person can:
- declare and pay EU VAT due on supplies made under the scheme in a single electronic quarterly return
- communicate with Revenue in relation to these returns, even where the sales are taxable in another Member State.
The following supplies can be declared in the Union scheme:
- Cross-border supplies of telecommunications, broadcast and electronically supplied (TBE) services to non-taxable persons within the EU (as was previously the case under MOSS).
- All other cross-border supplies of services to non-taxable persons within the EU.
- Intra-Community distance sales of goods
- certain domestic supplies of goods (in specific circumstances).
Union scheme registration
Where a business registers for the Union scheme, it must declare and pay all EU VAT due on all supplies covered by the Union scheme. A taxable person currently registered for the Union scheme under MOSS will not need to register for the expanded Union scheme under OSS. Their registration will migrate to the new OSS. It should be noted that, once registered for the Union scheme, all supplies within the scope of that scheme must be declared through the scheme. This includes registrations which have migrated from MOSS to the OSS.
A supplier established in Ireland can register for the Union scheme through the VAT OSS section in Revenue Online Services (ROS). A non-EU established supplier can register in Ireland for the Union scheme using the non-Union registration portal. Where a non-EU established supplier has already registered for another scheme under the OSS in Ireland, their registration for this scheme can be completed through the VAT OSS section in ROS. A non-EU established supplier can only register in Ireland for the Union scheme where they are making intra-Community distances sales of goods from Ireland. See Union Scheme OSS at https://www.revenue.ie/en/tax-professionals/tdm/value-added-tax/part10-special-schemes/vat-ecommerce-rules/union-scheme-one-stop-shop-oss.pdf for in-depth guidance.
The extended non-Union scheme builds on the existing legislative framework established by MOSS. From 1 July 2021, the scope of the non-Union scheme under MOSS is extended to cover all services supplied to non-taxable persons in the EU under the OSS. This scheme can be availed of by suppliers who are not established and have no fixed establishment in the EU.
Non-Union scheme registration
Taxable persons who register for the non-Union scheme will be able to pay EU VAT in a single Member State. This registration can be used in respect of all B2C supplies of services made to consumers across the EU. The use of the non-Union scheme is optional. A taxable person required to be VAT registered in the EU for supplies not covered by the scheme, can still opt to apply the scheme to supplies of B2C services.
taxable person who opts to register in Ireland for the non-Union scheme must register through the non-Union OSS registration portal. Where a non-EU established supplier has already registered for another scheme under the OSS in Ireland, their registration for this scheme can be completed through the VAT OSS section in Revenue Online Service (ROS). A taxable person currently registered for the non-Union scheme under MOSS will not need to register for the expanded non-Union scheme under OSS. Their registration will automatically migrate to the new OSS. VAT due on Telecommunications, Broadcasting and Electronic (TBE) supplied services can continue to be accounted for using the extended non-Union scheme. It should be noted that, once registered for the non-Union scheme, all supplies within the scope of that scheme must be declared through the scheme. This includes other services supplied B2C by traders whose registrations have migrated from MOSS to the OSS. See non-Union Scheme OSS at https://www.revenue.ie/en/tax-professionals/tdm/value-added-tax/part10-special-schemes/vat-ecommerce-rules/non-union-scheme-one-stop-shop-oss.pdf for detailed guidance.
Data Privacy and Protection
General Data Protection Regulation
The General Data Protection Regulation (GDPR), which governs how personal data of individuals in the European Union may be processed, went into effect on May 25, 2018. The GDPR, which replaces the Data Protection Directive 1995/46, is a comprehensive privacy legislation that applies across sectors and to companies of all sizes. Personal data as defined by the GDPR as any information that relates to an identified or identifiable living individual (a “data subject”) such as a name, e-mail address, tax ID number, or online identifier. Processing of data as defined by the Regulation includes actions such as collecting, recording, storing, or transferring data.
A company that is not established in the European Union may need to comply with the Regulation when processing personal data of residents of the European Union, European Economic Area residents (i.e., Norway, Lichtenstein, and Iceland), and Switzerland, if the company offers goods or services to data subjects in the European Union; or if the company is monitoring data subjects’ behavior, which is taking place within the European Union. The European data protection authorities published Guidelines 3/2018 on the territorial scope of the GDPR (see Article 3), to help companies determine whether they fall within the GDPR’s territorial scope. For example, the mere accessibility of a company’s website in the European Union is insufficient to subject a company to the GDPR, but other evidence of the intent to offer goods or services (such as advertising) to data subjects in the European Union might mean that the Regulation is applicable.
Generally, companies that are not established in the European Union but that are subject to the GDPR must designate in writing an EU representative for purposes of GDPR compliance. There is an exception to this requirement for small scale and occasional processing of non-sensitive data. Fines in case of non-compliance can reach up to four percent of the annual worldwide revenue or twenty million euros – whichever is higher.
The European Data Protection Board released official guidelines to help companies with their compliance process.
Transferring Data Outside of the European Union
The GDPR not only provides for the free flow of personal data within the European Union but also for its protection when it leaves the region’s borders. The Regulation sets out obligations on data controllers (those in charge of deciding what personal data is collected and how or why it is processed), on data processors (those who act on behalf of the controller) and gives rights to data subjects (as mentioned, the individuals to whom the data relates). These rules were designed to provide a high level of privacy protection for personal data and were complemented by measures to ensure that the protection is maintained when data leaves the region, and whether it is transferred to controllers, processors, or to third parties (e.g., subcontractors). In addition, restrictions on transfers of personal data outside of the European Union specify that such data could only be exported if “adequate protection” is provided.
The European Commission is responsible for assessing whether a country outside the European Union has a legal framework that provides enough protection for it to issue an “adequacy finding” to that country. There has not been an adequacy finding with respect to the United States, such that U.S. companies can only receive personal data from the European Union if they provide appropriate safeguards (e.g., standard contractual clauses or binding corporate rules), or refer to one of the GDPR’s derogations.
The EU-U.S. Privacy Shield
The EU-U.S. Privacy Shield Framework was established by the U.S. Department of Commerce and the European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. On July 16, 2020, the Court of Justice of the European Union issued a judgment declaring as invalid the European Commission’s Decision (EU) 2016/1250 of July 12, 2016, on the adequacy of the protection provided by the EU-U.S. Privacy Shield. As a result of that decision, the EU-U.S. Privacy Shield Framework is no longer a valid mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. This decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the Privacy Shield Framework. For more information, consult the website of the U.S. Department of Commerce, Privacy Shield Framework.
Network and Information Systems (NIS) Directive
The Directive on security of network and information systems (NIS), applicable since 2016, sets baseline requirements to ensure better protection of critical infrastructures in the European Union. The NIS Directive sets basic principles for Member States for common minimum capacity building and strategic cooperation. It also directs operators of essential services and digital service providers to ensure that they apply basic common security requirements. Obligations for operators of both groups include taking technical and organizational measures for risk management; to prevent and minimize the impact of security incidents; and to notify, without undue delay, incidents having a significant impact on the continuity of the essential services they provide. Member States have implemented this directive in different ways, particularly with respect to operators of essential services, which led to a proposed legislative modification of the NIS Directive (the NIS 2 Directive) in December 2020. If adopted into law, the NIS 2 Directive would obligate more entities and sectors to strengthen security requirements, address the security of supply chains, streamline reporting obligations, and introduce more stringent supervisor measures and stricter enforcement requirements.
The March 2019 Cybersecurity Act set up a mechanism to develop a voluntary certification scheme for information and communications technology security products, processes, and services. The European Commission has not yet proposed the specific areas that would benefit from certification schemes, and the European Union Agency for Cybersecurity has created ad-hoc stakeholder groups to help it create certification schemes, which includes industry participation in accordance with the Act.