Website trading disclosures in Ireland: what the law requires in 2026

Every business website in Ireland must display a set of identification details. If these details are missing, you lose legal protection and face potential regulator intervention. The practical risk is not a headline fine. It is a weakened position in any contractual dispute and, for company directors, potential disqualification proceedings.

What the law requires

The disclosure obligation comes from multiple sources that overlap. Section 151 of the Companies Act 2014 requires every company to state prescribed particulars on its business letters, order forms and websites. S.I. No. 68/2003 (European Communities (Directive 2000/31/EC) Regulations 2003), regulation 8, adds e-commerce-specific requirements. The CRO Information Leaflet No. 7 consolidates the practical guidance.

1. Registered name. The full registered name of the company as it appears on the CRO register.

2. Legal form. The correct company designation: Limited (LTD), Designated Activity Company (DAC), Public Limited Company (PLC), Company Limited by Guarantee (CLG) or Unlimited Company (ULC). Using the wrong designation is itself an offence.

3. Company registration number. The CRO registration number. This is the primary identifier for verification against the Companies Registration Office register.

4. Registered office address. The address filed with the CRO. This must be a physical address in the State, not a PO Box.

5. Directors' names. The names of all current directors. If a director is not an Irish national, their nationality must also be stated. This nationality requirement is specific to Irish company law.

6. Place of registration. "Registered in Ireland" or the equivalent statement confirming the jurisdiction of incorporation.

7. VAT number. If the business is registered for VAT, the VAT identification number (format IE followed by 7 or 8 characters) must be displayed. This comes from the Value-Added Tax Consolidation Act 2010.

8. Email address. S.I. No. 68/2003, regulation 8, requires an email address or equivalent means of rapid, direct electronic communication. A contact form alone may not satisfy this requirement.

Sole traders and partnerships

Sole traders and partnerships are not covered by the Companies Act 2014 but are covered by S.I. No. 68/2003. Under regulation 8, every information society service provider must make the following available: the service provider's name, geographic address (not a PO box), email address and any relevant registration or authorisation numbers.

If you are a sole trader using a business name, the Registration of Business Names Act 1963 (as amended) requires you to register that name with the CRO and display the registration.

Data protection and sole trader disclosures

For sole traders, the trading disclosures contain personal data within the meaning of the GDPR. The legal basis for publishing your name and address is compliance with a legal obligation (Article 6(1)(c) GDPR). The scanner does not flag the publication of these details as a data protection issue because the law requires it.

Privacy-minimising measures you can take: use a business address rather than your home address, use a business email address rather than a personal one and use a business phone number.

Digital Services Act: not applicable to ordinary business websites

The DSA (Regulation 2022/2065) targets intermediary services, online platforms, marketplaces and very large online platforms (VLOPs/VLOSEs). Article 19 exempts micro and small enterprises from most platform obligations. A standard SME website that sells its own products or services is not an online platform within the meaning of the DSA. The scanner does not flag DSA requirements for ordinary business sites. This point is worth noting because some competing content incorrectly attributes DSA obligations to SMEs.

Enforcement in practice

Non-compliance with s.151 of the Companies Act 2014 is a category 4 offence carrying a class A fine of up to EUR 5,000. In practice, the CRO and the Corporate Enforcement Authority (CEA) focus on director disqualification for persistent and serious non-compliance rather than pursuing fines for missing website disclosures. Prosecutions specifically for website disclosure failures are exceptionally rare.

The more concrete risk is civil. If your website does not identify your company correctly and a customer disputes an invoice or seeks a refund, the absence of proper disclosures weakens your position. Terms and conditions that reference an unidentified or incorrectly identified entity are more easily challenged.

For most Irish business websites, adding the correct trading disclosures is a matter of ten minutes in the footer. Those ten minutes protect the enforceability of every contract you conclude through your website.

How the scanner checks your disclosures

TrustYourWebsite detects patterns in the footer and on contact, about and legal pages. The scanner looks for a company registration number (CRO format), a VAT number (IE prefix pattern), a geographic address and a valid email address.

The scanner reports "company number not found" if the pattern does not appear in the page HTML. The scanner cannot verify whether the company number matches the business operating the website or whether the directors' names listed are current. Those checks are not automatable.

Findings are technical signals, not legal verdicts.

Comparison table

The cheapest protection on your website

Trading disclosures are the simplest and least expensive compliance measure on your website. Ten minutes of footer updates protect the enforceability of every contract you conclude online. The risk of missing disclosures is not a record fine but the loss of legal protection at the moment you need it most.

---

This article is technical analysis, not legal advice. Consult a solicitor for advice specific to your situation.