Your Shopify and WooCommerce dropshipping legal checklist. Cover taxes, policies, IP risks, and product safety. Launch faster and stay compliant today.
Starting a dropshipping store is fast and affordable, but the real wins come when your foundation is legally sound. From taxes and privacy to product safety and IP risks, this checklist keeps your Shopify or WooCommerce store safe from bans, fines, and chargebacks while you scale.
Register your business, pick a jurisdiction for taxes, and publish core legal pages. For a head start, WooDropship’s prebuilt Shopify dropshipping stores include essential legal pages, payment gateways, and conversion features for a one-time $49 fee. If you are building on WooCommerce, the WooDropship dropshipping plugin helps you import AliExpress products and optimize listings with AI, then fulfill via a Chrome extension.
Security and PCI come next. Shopify is Level 1 PCI DSS compliant by default, which reduces your scope if you use Shopify Payments or other integrated gateways. On WooCommerce, you must handle PCI basics yourself by using hosted, PCI-compliant gateways and HTTPS. The official guidance confirms that WooCommerce itself is not PCI certified and that store owners should enforce SSL, which Woo confirms in its SSL and HTTPS documentation. If this is new to you, the WooDropship wiki on SSL certificates is a quick primer.
If you sell to the United States, you may need to collect sales tax in states where you meet “economic nexus” thresholds. The Sales Tax Institute’s state-by-state guide explains that, after the Wayfair decision, every sales-tax state has adopted some form of economic nexus and many use a 100,000 dollar sales threshold or transaction count triggers. See the Sales Tax Institute’s Economic Nexus State Guide for current rules.
For the European Union, distance sales to consumers are subject to VAT where the customer resides. The EU created the Import One Stop Shop to simplify this for consignments up to 150 euros. The European Commission’s page on the VAT One Stop Shop explains how IOSS lets you collect VAT at checkout and remit via a single return, which can speed delivery and reduce surprise fees. The Commission also highlighted a new approach to VAT for e-commerce imports that encourages IOSS use to simplify trade.
Selling to the United Kingdom has its own rules. HMRC’s guidance on VAT and overseas goods sold to customers in the UK using online marketplaces clarifies when marketplaces are liable vs when the seller is liable, and how VAT is charged on imports. If you sell direct without a marketplace, review HMRC’s rule for overseas goods sold directly to UK customers.
If you collect personal data, you need a privacy policy and consent where required. The GDPR requires opt-in consent for non-essential cookies and clear disclosures, as summarized by GDPR.eu’s cookie guidance. In California, the Attorney General’s page on the CCPA outlines consumer rights, with enforcement and regulations overseen by the California Privacy Protection Agency. Make sure your privacy and cookie notices match your actual data use, and allow opt-out for targeted advertising in jurisdictions that require it.
If you use influencers or customer reviews in your marketing, the FTC’s endorsement and influencer rules require clear and conspicuous disclosure of material connections. This applies on TikTok, Instagram, YouTube, and websites. Avoid deceptive claims and keep documentation to substantiate any performance or health claims you make.
WooCommerce store owners can configure privacy features under Accounts and Privacy, as described in WooCommerce’s Accounts and Privacy Settings. If you need templates, WooDropship provides legal pages on its Legal hub, including a Privacy Policy and Terms of Service you can adapt.
In the United States, the FTC’s Mail, Internet, or Telephone Order Merchandise Rule requires you to ship by the time you advertise. If you cannot, you must get consent to a delay or issue a prompt refund. In the EU, EUR-Lex summarizes that consumers have a 14-day right of withdrawal for distance sales. Be explicit about delivery windows, returns, and who pays return shipping.
Some jurisdictions require you to publish refund terms. In California, Civil Code Section 1723 requires retailers with restrictive refund policies to post them conspicuously. If you sell cross-border, set expectations for customs duties and VAT at checkout and in your policy pages. For fast references, see WooDropship’s wiki on Return Policy, Shipping Delays, and Order Tracking.
Even as a dropshipper, you are responsible for product safety in the markets you sell to. In the United States, the CPSC’s Online Sellers’ Safety Guide explains seller obligations. Certain products require a General Certificate of Conformity for non-children’s items or a Children’s Product Certificate plus third-party testing for children’s products. Do not list items that fail safety standards or lack required labeling.
In the EU, the new General Product Safety Regulation updates obligations for sellers and online marketplaces. The EUR-Lex summary of the General Product Safety Regulation details responsibilities for economic operators and marketplace cooperation with market surveillance. Avoid restricted categories like medical devices without certification, and confirm CE, RoHS, or REACH compliance when applicable.
Using branded images, logos, or product names without authorization can trigger takedowns. Shopify’s IP help center explains process and expectations in its page on Legal removals and intellectual property. For WordPress hosting environments, Automattic outlines how DMCA claims are processed in its Copyright Policy.
Counterfeits are a real risk if you source carelessly. U.S. Customs reported that in fiscal year 2024, 97 percent of IPR seizures in the cargo environment occurred in de minimis shipments, a clear warning for small parcels common in dropshipping. Vet suppliers, request brand authorization when needed, and avoid obvious trademarks. WooDropship’s blog on AliExpress supplier vetting shows practical checks.
Payment providers expect timely shipping and verifiable tracking. According to PayPal’s Seller Protection, sellers should provide an online, verifiable tracking number and proof of shipment or delivery to qualify for protection. Stripe’s dispute best practices recommend documented communication and delivery evidence to fight chargebacks successfully.
Operationally, keep your dispute risks low by syncing tracking to payment processors, responding to customers quickly, and honoring refund rules. If you use WooCommerce, the WooDropship plugin can help you manage orders at scale, and you can streamline defenses with our wiki guides on Chargebacks, Customer complaints, and Tracking numbers. For PayPal specifically, our tutorial on syncing order tracking with PayPal can reduce holds and disputes.
You do not need to be a lawyer to launch a compliant store. If you prefer a hosted stack, you can start with Shopify and get PCI handled for you. If you want full control, combine WooCommerce with the WooDropship plugin for one-click imports, AI optimization, and automated fulfillment. Or skip the build altogether with our prebuilt Shopify stores that include legal pages, PayPal and Stripe setup, and 30 vetted products delivered in 7 days. Have questions about your situation or jurisdiction? Reach our team anytime via Contact Us.
Happy WooDropshipping!
To know more about dropshipping, refer to these articles
Your Shopify and WooCommerce dropshipping legal checklist. Cover taxes, policies, IP risks, and product safety. Launch faster and stay compliant today.
Josh Carter
General
WooCommerce vs Shopify for new dropshippers: real startup costs, launch speed, and growth tradeoffs. See budget scenarios and choose your best path. Start now.
Josh Carter
General
$49
Get your own dropshipping store for just $49 today!