When is a Contract Concluded? Online Stores and SaaS Services Explained
The time of the conclusion of the contract in online stores and for SaaS services is of great importance for providers. This is because it dictates when General Terms and Conditions (GTC) become effective, how order confirmations must be formulated, and precisely when a customer is contractually bound.
For customers, it is equally important to understand when their order becomes binding and can no longer be easily canceled. In traditional retail, contract conclusion is usually unambiguous: the customer brings goods to the checkout, pays, and takes them. The purchase contract is thus concluded.
However, in online trading and with SaaS services, the exact moment of contract conclusion is not always obvious. Providers must precisely identify when, within their ordering or registration process, the contract is legally formed. This clarity ensures that their General Terms and Conditions (GTC) apply correctly and that confirmation emails are properly issued. Furthermore, the revocation instruction must be communicated at the latest by the time the contract is concluded.
Customers benefit from knowing when they are bound by a contract and can no longer withdraw from a purchase or registration without repercussions. The time and place of contract conclusion can also be decisive for determining which country's law applies, especially if the buyer and seller are in different jurisdictions.
This article will therefore clarify how contracts are concluded in online shops and for SaaS services. It will highlight key considerations for providers and explain the implications for customers.
Conclusion of Contract Through Offer and Acceptance
In principle, a contract is concluded by two concurring declarations of intent – offer and acceptance. In online trading and SaaS services, however, the legal classification is not always clear.
The product presentation in the web store or the description of the SaaS service generally constitutes an "invitatio ad offerendum," i.e., an invitation to submit an offer. The customer then submits the binding offer with his order or registration.
However, from the customer's point of view, the expectation may now have formed that the conclusion of the contract only depends on their own actions as soon as they have moved the purchase item to the digital shopping cart. From the perspective of the objective recipient horizon, this would be tantamount to an unconditional commitment on the part of the seller at the moment of releasing an item for the shopping cart.
The release of the order button by the seller could also be understood as a binding offer. From the customer's perspective, it might seem that the seller has little interest in delaying commitment beyond the ordering situation. Therefore, the customer might expect to commit to a contract as soon as an item is available for the shopping cart or, at the latest, when the order button is released.
This understanding is often reinforced by the labeling of the order button, in accordance with Section 312j (3) BGB. While the European legislator generally leaves the exact time of contract conclusion to member states, the explicit labeling of the button implies the seller's commitment at that moment.
Specifically, the order button must be clearly and legibly labeled with "order with obligation to pay" or a similarly unambiguous phrase. Previously, terms like "Send order," "Register now," or "Binding registration (travel contract subject to payment)" were deemed insufficient by courts. Additional symbols or graphics are permissible, provided they do not alter the required text. The button itself must also be visually highlighted.
It is important to note that these strict requirements apply primarily to consumers. In B2B transactions, online retailers have more flexibility in designing their ordering process. Less explicit formulations like "buy" or "order" are generally sufficient. Nevertheless, indicating that a fee is payable is advisable for clarity.
Ultimately, the precise legal classification hinges on the specific design of the ordering process and the customer's expectations. Store operators should diligently consider this when developing their online store, ensuring clarity in all critical areas. Particular attention must be paid to the order button's labeling. Mistakes here can lead to an ineffective contract conclusion. In such cases, seeking legal advice can help mitigate liability risks.
Acceptance by the Provider
The provider can then accept this offer, for example, by an express declaration of acceptance, by activating the account, or by sending the goods. It is crucial to choose the right wording in the General Terms and Conditions and confirmations.
An immediate confirmation of receipt of the order or registration should not yet be formulated as acceptance. Instead, it is advisable to state that the contract only comes into effect with a separate order confirmation, activation of the account, or shipping confirmation.
For acceptance to be effective, it must be declared to the customer. The principles governing the receipt of an acceptance declaration mirror those for receiving an offer: the customer must have the opportunity to acknowledge the acceptance.
In an automated ordering process, acceptance can also be implied through the dispatch of goods. The contract is then concluded when the goods are handed over to the shipping company. Nonetheless, it is prudent to inform the customer about the contract's conclusion via email beforehand.
If the provider does not respond to an offer made by the customer, this shall not be deemed acceptance in case of doubt. However, alternative interpretations may arise from the circumstances or a prior agreement. If the provider does not respond to an order at all, the customer can cancel the order as long as the contract has not yet been concluded.
Should an order confirmation deviate from the original order, for instance regarding price or delivery date, it constitutes a new offer. The customer must explicitly accept this new offer. If the customer does not respond to such a diverging confirmation, it does not imply acceptance, and thus no contract is concluded.
To prevent confusion, providers should design their ordering process to make the moment of contract conclusion unambiguous for the customer. A precisely worded contract clause in the General Terms and Conditions (GTC), along with clear email confirmations, is highly recommended. The labeling of the order button is also crucial.
Special care is required for advance payments in online stores. As previously noted in our article on prepayment in online stores, a GTC clause stating that contract acceptance occurs "at the time the customer pays in advance" is considered anti-competitive. Contract conclusion must not be conditional on receiving payment. Instead, the GTC should clarify that the contract is concluded irrespective of payment, and advance payment is simply a chosen payment method.
Special Features of the Order Button Labeling
To prevent internet providers from concealing that their offers are subject to a charge, the law mandates clear labeling of the order button. If an order is placed by clicking a button, this button must be clearly labeled with "order with obligation to pay" or a correspondingly clear formulation. If this requirement is violated, the contract is not concluded, and the customer is not obliged to pay. However, formulations in other languages that equally clearly indicate a payment obligation, such as "order with obligation to pay" or "acheter avec obligation de paiement," are permissible.
Additional symbols or graphics are permitted, provided the prescribed text remains unaltered. The button must also be visually highlighted, for example, with a high-contrast color. Simply underlining or bolding the text is not sufficient.
These stringent requirements primarily protect consumers. For B2B transactions, online retailers have more leeway in their ordering process design, and less explicit phrases like "buy" or "order" are generally acceptable. Nonetheless, it remains advisable to clearly indicate that a fee is payable for better transparency. Historically, court rulings have rejected labels such as "Send order" or "Register now" for consumer contracts, emphasizing the need for unambiguous wording like "order with obligation to pay."
In a landmark ruling (Case C-249/21, Fuhrmann-2-GmbH), the European Court of Justice (ECJ) clarified that only the direct wording on an order button determines compliance with labeling requirements, making the broader website context irrelevant.
The key criterion is whether the wording is "necessarily and systematically associated with the justification of a payment obligation," as understood by an average, reasonably informed consumer. The EU Commission's guidelines provide examples of acceptable phrases like "buy now," "pay now," or "confirm purchase." Conversely, terms such as "register," "confirm," or "order now," along with overly lengthy formulations that obscure the payment obligation, are generally insufficient.
Special Features of SaaS Contracts
When dealing with SaaS contracts, several special considerations arise beyond the contract conclusion itself. These include service availability regulations within a Service Level Agreement (SLA) and crucial data protection aspects.
Given that SaaS services frequently process customers' personal data, a data processing agreement (DPA), in accordance with Art. 28 GDPR, is mandatory. The DPA outlines how the provider, acting as the processor, may handle data on behalf of the customer (the controller). It specifically defines the provider's obligations regarding technical and organizational data protection measures and support for safeguarding data subjects' rights.
Data transfers to third countries outside the EEA are another critical point, often requiring additional safeguards. Following the ECJ's Schrems II ruling, the EU Commission's standard contractual clauses alone are no longer sufficient to legitimize transfers to the USA and many other third countries.
Providers must implement supplementary measures to ensure an adequate level of protection. This involves a thorough "transfer impact assessment" (TIA) to examine the legal landscape and practices in the third country. Data transmission based on standard contractual clauses is only permissible if the provider can demonstrate adequate protection against governmental access. Otherwise, further technical, contractual, or organizational safeguards are essential.
Therefore, the DPA must clearly specify if and to which third countries data is transferred, along with the legal basis for such transfers. All additional protective measures implemented must also be documented. This enables the customer, as the controller, to fulfill their accountability obligations under GDPR.
Furthermore, the DPA should include provisions for when the provider engages sub-processors for services like hosting or support. The customer's agreement to their use is mandatory, and the provider must establish DPAs with these sub-processors that reflect at least the same obligations as the primary DPA between the provider and the customer.
Fazit
Providers of online stores and SaaS services must meticulously determine the precise moment of contract conclusion within their ordering or registration processes. This clarity is vital for ensuring the legal compliance of their General Terms and Conditions and withdrawal instructions. Unambiguous confirmations and careful labeling of the order button are paramount to prevent ineffective contract conclusions and avoid liability risks.
The right of withdrawal also deserves special attention. The revocation instruction must be issued in text form at the latest when the contract is concluded. It must be formulated clearly and comprehensibly and contain all legally required information. Errors or omissions may mean that the withdrawal period does not begin to run, and the customer can still withdraw from the contract years later.
In the case of SaaS contracts, the special requirements for the service description in the SLA and for data protection must also be observed. The DPA must clearly regulate which data is processed where and how. The rights and obligations of both parties, for example with regard to instructions, controls and support, must also be defined in detail. With careful contract design, providers can set the course for a successful customer relationship.
Despite all the care taken in legal research, some questions regarding the conclusion of contracts in e-commerce remain unanswered. For instance, it is debated whether the release of an item for the shopping cart or the release of the order button already constitutes a binding offer by the seller. The exact time of receipt of electronic declarations of intent is also a subject of controversial debate. However, many of these uncertainties can be mitigated through clear and unambiguous design of the General Terms and Conditions and the ordering process. By explicitly stating when and how the contract is concluded, the provider creates clarity for both themselves and their customers. Such a transparent and legally compliant design ultimately forms the best foundation for long-term satisfied customers and successful business relationships in e-commerce.