Annual e-commerce compliance review

Sales tax (most critical recurring risk for e-commerce) - Economic nexus rules now apply in nearly every state: remote sellers trigger collection obligations when they exceed state thresholds (sales dollar amount and/or transaction counts).

States vary in thresholds; many use either $100k or $200k in sales or a transactions test. When thresholds are met you must register, collect, and remit sales tax; filing frequency varies by state. - Marketplace facilitator laws mean large marketplaces (Amazon, Etsy, eBay) collect & remit for sellers in many states, but sellers must still track sales and may still have filing or reporting obligations in some states. - Practical annual-review steps: run a nexus analysis for the past 12 months, compare to state thresholds, register where required, verify if marketplace facilitator rules apply, centralize exemption certificates and resale certificates, confirm tax rates on product categories (including digital goods), and reconcile tax remittances. 2) Income/franchise tax nexus and multistate filings - Beyond sales tax, significant economic or physical presence can create income or franchise tax nexus.

Annual review should flag states where you have warehouses, 3PL footprint, employees, or substantial sales and consult tax counsel/accountant about state income/franchise filing requirements.

Sales tax (most critical recurring risk for e-commerce) - Economic nexus rules now apply in nearly every state: remote sellers trigger collection obligations when they exceed state thresholds (sales dollar amount and/or transaction counts).

States vary in thresholds; many use either $100k or $200k in sales or a transactions test. When thresholds are met you must register, collect, and remit sales tax; filing frequency varies by state.

- Practical annual-review steps: run a nexus analysis for the past 12 months, compare to state thresholds, register where required, verify if marketplace facilitator rules apply, centralize exemption certificates and resale certificates, confirm tax rates on product categories (including digital goods), and reconcile tax remittances. 2) Income/franchise tax nexus and multistate filings - Beyond sales tax, significant economic or physical presence can create income or franchise tax nexus.

Annual review should flag states where you have warehouses, 3PL footprint, employees, or substantial sales and consult tax counsel/accountant about state income/franchise filing requirements.

• Marketplace facilitator laws mean large marketplaces (Amazon, Etsy, eBay) collect & remit for sellers in many states, but sellers must still track sales and may still have filing or reporting obligations in some states.

Business entity maintenance (LLC annual reports / registrations) - Most states require annual or biennial reports, fees, and a registered agent. Include an annual calendar item

check state of formation and states of qualification for required filings to maintain good standing.

Licenses & permits - E-commerce sellers may need sales tax permits, reseller (seller’s) permits, local home-occupation permits, or industry-specific licenses depending on products (e.g., alcohol, medical devices). Confirm state and local licensing requirements annually.

Data privacy & breach obligations - U.S. privacy landscape is state-driven

California (CCPA/CPRA) set the template; by 2025/2026 multiple states (VA, CO, CT, UT, TX and others) have enacted consumer privacy laws with differing thresholds and obligations. Annual review should include: update privacy policy; map data collection and processors; verify consumer rights request procedures; and confirm breach response plan.

Payment & card security (PCI-DSS) - Any merchant accepting card payments must meet PCI-DSS obligations appropriate to their processing environment (and validate annually where required). Consider using PCI-compliant processors/gateways and document controls (encryption, MFA, least privilege).

Consumer protection, advertising, email, and marketing compliance - FTC rules and CAN-SPAM/TCPA impose obligations on advertising, endorsements, email marketing, and SMS. Maintain accurate product claims, clear influencer disclosures, unsubscribe mechanisms, and TCPA consent records for texts/calls.

Website accessibility (ADA/WCAG) - Website accessibility is an enforcement area

run annual accessibility checks against WCAG standards, remediate obvious barriers, and document remediation timelines to reduce legal risk.

Shipping, product safety, cross-border rules - Check shipping carrier requirements, hazardous materials rules, restricted/prohibited items, and customs duties when shipping internationally. Review product labeling and safety compliance for regulated goods.

Employment vs independent contractor classification - Annual review of worker classifications (employees vs contractors) and payroll/withholding registration where you have workers. Misclassification risk can trigger state and federal liability.

Recordkeeping & internal controls - Keep 3–7 years of key records (sales & tax filings, exemption certificates, PCI validation, privacy records, contracts, refund records). Add yearly reconciliations and evidence of compliance (policy updates, training, vendor due diligence). 12) Practical annual checklist (recommended calendar items) - Q1

Entity annual/biennial report filings; update registered agent and business address; renew state licenses. - Q2: Sales tax nexus re-check and registrations; reconcile and file returns; refresh exemption certificates. - Q3: Privacy & security review (privacy policy, DPIA/data map, vendor assessments, breach plan test); PCI self-assessment or scan. - Q4: Advertising & marketing compliance audit (disclosures, email opt-in lists, TCPA consents); ADA audit and remediation plan; year-end tax & financial close; prepare next-year compliance calendar.