Every online merchant is required to have terms and conditions in their online store. Few of them, however, have Terms and Conditions that actually protect them. The difference between the two lies not in the length of the document but in the specific clauses that are missing or incorrectly formulated. It is precisely these omissions that become a problem when a dispute arises with a customer, during an inspection by the Consumer Protection Commission (CPC), or following a complaint to a payment institution.
In this article we look at the five legal risks most online store merchants overlook and how to avoid them. The guest contributor is our partner Martin Penchev, who presents his expert perspective on the topic. He is a lawyer with experience and expertise in e-commerce. In partnership with digital agency BrainDonors, Martin Penchev is developing the new brand CraftPolicy, through which he provides specialised legal services for drafting legal documentation and consultancy for online merchants. The goal is to help businesses navigate the legal challenges associated with the current regulatory framework.
1. Terms Copied From Another Website — The Illusion of Protection
When Terms and Conditions are copied from another site, they reflect a different business model, processes and product categories. A clause valid for physical goods may be legally inapplicable to digital products or subscription services. More dangerous still, an invalid clause does not simply "not apply" — in a dispute it may be interpreted in the consumer's favour, i.e. against the merchant, as ambiguities in consumer contracts are interpreted in favour of the weaker party.
Properly written online trading conditions must be built around the specific product range, sales channel and applicable law. They must address questions such as: when is a contract deemed concluded; what are the conditions for exercising the right of withdrawal for the specific type of goods; what are the liability limitations; and what is the process for handling complaints. Each of these scenarios must be explicitly regulated.
2. Dynamic Pricing and the Omnibus Directive
The Omnibus Directive introduced an obligation to display the lowest price of the past 30 days during promotions, but the less-discussed problem is real-time dynamic pricing. When prices are synchronised between an ERP, a marketplace and a proprietary website, or when algorithmic pricing is used, it is entirely possible for a product's price to change between the moment the customer adds it to their cart and the moment the order is finalised. Current Bulgarian e-commerce legislation does not give a clear answer as to which moment is binding, and it is precisely this legal uncertainty that creates the risk.
Online store terms and conditions must contain an explicit clause defining the moment of contractual commitment. The safest approach is to set this as the dispatch of a confirmation by the merchant, rather than the placement of the order by the customer. It is also advisable to regulate how the merchant proceeds in the event of a technical pricing error — whether the order is cancelled, whether the customer is notified and within what timeframe. A clear procedure set out in advance in the terms is the only thing that protects the merchant from pricing discrepancies.
3. Chargeback Fraud and Claim Abuse
Abuse of the transaction dispute mechanism typically follows this pattern: the consumer receives the goods but initiates a chargeback with their bank, claiming they did not receive the order or did not authorise the transaction. In a card scheme dispute procedure, the burden of proof falls on the merchant. Without a documented chain of consent, delivery and communication, the chances of a successful defence are low regardless of the factual truth.
The Terms and Conditions are the first link in this evidentiary chain. They must explicitly regulate the complaint procedure: within what timeframe and through what channel the customer is required to report a problem, what documents are required and within what timeframe the merchant responds. When the customer has accepted these terms at the time of ordering and this is documented, the merchant has a legal basis for contesting the chargeback. Additionally, a clause explicitly requiring the customer to go through the internal complaint procedure before initiating any bank dispute further strengthens the merchant's position.
4. AI Tools and Liability for Automated Content
The use of AI chatbots, recommendation systems and automatically generated product descriptions creates a specific legal risk that is not yet widely recognised. Information provided by an AI system — price, availability, technical specification — may be inaccurate due to a data error or a model generating false content. If a consumer has acted on this information and suffered harm, the absence of an explicit clause means the merchant has no legal basis for limiting their liability.
How do you create terms adequate for an AI environment? An explicit clause is required informing users that some of the site's content is generated or processed automatically and does not constitute a binding commercial offer outside the official ordering process. The clause must also regulate the hierarchy of information: in the event of a conflict between AI-generated content and the official product page, the latter prevails. As the European AI Act develops, requirements in this area will become increasingly specific — merchants who address the issue now will have significantly less work to do when future compliance is required.
5. Terms and Conditions as a Living Document — When and How to Update Them Lawfully
Terms and Conditions are not a one-off document. They must be reviewed at least annually and whenever significant changes occur in the business model, product range, payment methods or applicable law. Changes must be communicated to existing customers in advance — typically via email with sufficient notice. Acceptance must be re-obtained for material changes that affect existing contractual relationships. Retroactive changes are invalid.
The Terms and Conditions must include a clause describing the update procedure itself: how customers are notified, what the notice period is and how the new terms are accepted. Without this, any update carries legal uncertainty.
Conclusion
Well-drafted Terms and Conditions are not a formality — they are a legal instrument that protects the merchant in disputes with customers, during regulatory inspections and in payment institution procedures. The five risks described above are not hypothetical: they are the most frequent sources of problems for online merchants who have T&Cs that exist on paper but do not actually protect them.
If you need legal documentation for your online store or a review of your existing terms, you can contact Martin Penchev through CraftPolicy.
