Website Compliance in Germany
German websites must comply with the DSGVO (GDPR), the Telemediengesetz (TMG), the Impressumspflicht (mandatory imprint), the European Accessibility Act, and strict cookie consent requirements. The Bundesdatenschutzbeauftragte (BfDI) and the 16 Landesdatenschutzbehörden actively enforce data protection rules. Germany also has uniquely strict Abmahn-culture: third parties, including competitors, can sue for Impressum violations, privacy-policy deficiencies, and unlicensed images.
Data protection authority:
Bundesbeauftragte für den Datenschutz und die Informationsfreiheit
(BfDI)
Requirements
5
country-specific rules
Guides
12
guides available
Specific requirements for Germany
Impressumspflicht (mandatory imprint)
Every German commercial website must have an Impressum listing the full name and address of the responsible person or company, contact email, phone number, and where applicable the Handelsregisternummer and USt-IdNr. Violations are aggressively pursued via Abmahnungen (cease-and-desist letters) by competitors.
Datenschutzerklärung (privacy policy)
German websites must have a comprehensive Datenschutzerklärung under the DSGVO and BDSG. It must name every service that processes personal data (Google Analytics, fonts, CDN, contact forms), the legal basis for each, and contact details of the responsible controller.
Cookie consent (TTDSG)
The Telekommunikation-Telemedien-Datenschutz-Gesetz (TTDSG) requires prior informed consent for non-essential cookies. German courts have ruled that nudging users (e.g. pre-ticked boxes, hard-to-find reject buttons) violates consent requirements.
Google Fonts self-hosting
In January 2022 a Munich court (LG München I) ruled that embedding Google Fonts via Google servers without consent violates the DSGVO by leaking visitor IP addresses to the US. German websites should self-host fonts or use privacy-compliant CDN configurations.
European Accessibility Act (EAA) from June 2025
From 28 June 2025 the EAA requires e-commerce and financial-services websites in Germany to meet WCAG 2.1 AA accessibility standards. Violations can be reported to Marktüberwachungsbehörden.
Enforcement in Germany
The Hamburg DPA fined a company €105,000 for embedding Google Fonts without consent. The LG München I ordered a website to cease embedding Google Fonts via Google servers and pay €100 in damages to an individual complainant. Abmahnwellen (mass cease-and-desist campaigns) for missing Impressum or cookie-consent non-compliance are common, with typical Abmahnung costs of €500–€1,500.
Official resources
Guides for Germany
Are Copytrack and PicRights Claims Legitimate? (EU Guide)
How to verify whether a Copytrack or PicRights copyright claim is legitimate under EU law: the mandate test, the originality test and what to do next.
Contact Form GDPR Requirements: Article 13 Compliance
What a GDPR-compliant contact form needs: Article 13 information, the right legal basis (legitimate interest vs precontractual), unchecked boxes, retention.
Google Analytics and GDPR: Is GA4 Legal in the EU? (2026)
Can you use Google Analytics 4 in the EU? The consent requirement, the EU-US DPF transfer mechanism, Consent Mode v2 limits and cookieless alternatives.
How Much Does a Copyright Claim Actually Cost? (EU)
How much a copyright claim costs in the EU: real settlement ranges for Getty Images, Copytrack and PicRights demands plus what drives the price up or down.
Product Liability Directive 2024/2853: 9 Dec 2026
Directive (EU) 2024/2853 makes software and AI 'products' for strict liability on 9 Dec 2026. What it means for SMBs, and what it does not change.
The EU AI Act for Website Owners (2026)
Article 50 applies 2 Aug 2026. For most SMB sites it creates almost no new obligations. Here's the honest checklist before the deadline.
YouTube Embed and GDPR: Cookie-Free Approaches
Standard YouTube embeds place tracking cookies before consent. Two compliant patterns under GDPR: youtube-nocookie.com and click-to-load facade, with code.
Cookie Banner Requirements Under EU Law (2026 Guide)
Cookie banner requirements in the EU 2026: reject equal to accept, no dark patterns, prior consent. EDPB Guidelines 05/2020 explained.
Data Breach Reporting Under GDPR: 72-Hour Notification
Report a personal data breach under GDPR Article 33: the 72-hour clock, when notification is required, what to file and when to tell affected individuals.
Data Processing Agreement (DPA): Article 28 GDPR Guide
When a third-party service needs a Data Processing Agreement under GDPR Article 28: required clauses, common processors and how to handle DPA refusal.
Do I Need a Cookie Banner? EU Decision Guide
Simple decision guide for EU businesses: when does your website actually need a cookie banner? Three questions to find out, with the legal basis explained.
GDPR Data Retention Periods: Article 5(1)(e) Guide
How long can you keep personal data under GDPR? The Article 5(1)(e) storage limitation principle and retention periods by data category for EU businesses.
Check your website for Germany requirements
Our scanner checks for Germany-specific requirements automatically.
I understand this is a technical scan, not legal advice, and I accept the Terms.