The EU “Withdraw Button” Becomes Mandatory (EU Directive 2023/2673)

Comply, or be fined for €50,000? (Read this before you spend $$$ on a legal consultant.)

Jun 16, 2026

New here? Subscribe on Substack and the next Rabbit Hole lands in your inbox.

Apollo and Frens social post (8.5k likes) announcing they will stop accepting EU merch orders over EU Directive 2023/2673, shown over a close-up of a gray African Gray parrot with a red WITHDRAW button and a blue GPSR EU flag pasted on top.

“I didn’t even want to buy a tee with a parrot… until that day”.

This totally happened: a YouTube creator I follow for parrot videos posted this. Read it twice, because almost every word is doing more work than it looks like:

“With the upcoming EU Directive 2023/2673 ‘withdrawal button’ coming into effect on June 19, we’re making the hard decision to no longer accept merch orders from the EU as of June 18th. Along with VAT taxes and other costs, this new legislation makes doing business in the EU unsustainable at our current size”. — Apollo and Frens, June 2026

If you’re not in the EU, you have probably never heard of Directive 2023/2673, and you have no particular reason to care.

If you are in the EU… well, you also likely never heard of it.

Unless you happened to discover that a cute parrot tee supporting your favorite blogger is, for reasons nobody quite explains, simply no longer for sale to you.

But that announcement gets one big thing wrong, and one big thing right.

The cursed “withdrawal button”—the literal subject of the long directive that gets named—costs zero dollars to add.

It is a button and a confirmation page. That’s it.

It does not: - collect tax, - involve talking to customs, - fine you if you don’t return goods at first demand, - require anyone physically in Brussels (or the other 26 countries in the EU).

On its own, it would never make a merch shop “unsustainable”.

Right?

Well, going dark on the EU is, honestly, a rational call.

Because “the withdrawal button problem” is not really about adding a button.

Behind it stands a stack of European rules that piled up for decades. That stack genuinely turns small cross-border selling into a pain.

“It’s called a”withdrawal button”, but the reality is… pages upon pages of paperwork?” — me while researching this

Exactly the confusion a small army of consultancies is, right now, being paid to amplify.

Go looking for a straight answer, and you get two kinds of result, both useless to a human actually selling to Europeans. First is AI-generated panic slop: enterprise blogs manufacturing fear, every one of them quietly funneling you toward a “compliance consultation”, starting at €20k in billable hours + retainer, promising to cure your pain.

AI-generated “compliance guide” screenshot calling the EU withdrawal button a prominent, frictionless way to cancel contracts and a mandatory compliance requirement, headlined “The EU Withdrawal Button: A Guide to Compliance”.

The slop in question: FOMO, AI tropes, “it’s not X, it’s Y”, et al.

The second is the primary source itself: a europa.eu directive written, with great care, for solicitors (that’s lawyers for you in America!), full of legalese and jargon. Nobody in the middle is just telling the hypothetical “parrot content creator”, the Shopify store, the SME, or the exec who got volunteered last Thursday to “fix this by end of week”.

So, in this Rabbit Hole: the grounded, slightly devil’s-advocate version. For the business owner, the enterprise exec, the manager, the SME, and yes, digital creators. Here’s what each rule actually is, who it really hits, and what you can do that isn’t “panic” or “abandon 450 million customers”.

This is not legal advice. Let’s dive in.

What is the EU’s problem?

Say “new EU regulation” out loud, and the room splits: half eye-roll at Brussels inventing another form to fill in, half assume the worst about whatever “European Communism” cooked up this quarter. Both reflexes skip the boring, inconvenient part.

As always, the EU is reacting to something real.

Canceling, online, has been quietly engineered to be hard. You subscribe in one tap, but leaving means:

a hunt through three settings menus,
an “are you sure?” guilt screen with 5 steps,
a phone line open Tuesdays from 6 to 8 AM,
a cancel link rendered in 8-point gray,
sending certified mail that will get lost anyway. Yes, not email—snail mail.

The Eagles “Hotel California” album cover: the Beverly Hills Hotel under palm trees at dusk.

“🎵 you can check out anytime you like, but you can never leave”

The EU’s own Fitness Check (its periodic review of whether existing consumer law still works) found that roughly 69% of consumers who tried to cancel an online contract hit some deliberate technical difficulty. It’s a design pattern with a name (the “roach motel”: easy in, impossible out) and a whole discipline, “dark patterns”, built to keep you paying.

Then the second thing it’s mad about: Temu and Labubus.

Yes, really.

Genuine concerns about fast fashion, ethics, and the environment aside—around 4.6 billion parcels under €150 poured into the EU in 2024, roughly 91% of them from China, most riding a duty-free loophole that EU retailers, who pay the VAT (value-added tax, Europe’s sales tax), the safety testing, and the duties, simply do not get.

From Brussels’ chair, that looks like its own shops being undercut by an ocean of untaxed, untested, semi-disposable stuff, sold to its own consumers through a dopamine loop tuned in a lab.

So the “problem”, stated fairly, is very real: a digital marketplace in China optimized to trap you in subscriptions, undercut domestic sellers, and outrun consumer protection faster than any regulator can file the paperwork. Even allergic-to-Brussels people can look at that and concede something is off.

And yes, it’s also the tariff war the US kicked off—chaotic enough that the Supreme Court struck the tariffs down in February 2026 and the White House slapped new ones on within days—and the fact that logistics get pricier by the week, fuel prices are up no thanks to the 2026 Iran war, the closed Strait of Hormuz, and a Red Sea nobody’s sailing through. Not just another “ban plastic straws” law.

Which makes the instinct defensible, but the implementation… not as much.

A basket of fuzzy rabbit-costumed Labubu collectible figures with toothy grins and big red eyes.

no, they weren’t a fad. we’re still facing the consequences today.

Every tool the EU reaches for: a mandatory cancel button, a named EU “responsible person” on every product, a universal right with no minimum price or size, is aimed at AliExpress, Shein and Temu, the actual villains of the story.

The catch is that the giant companies can absorb every one of them, and the small can’t.

Every one of those tools lands hardest on the person the EU was likely not trying to disadvantage: the one human in Florida selling tees of their genius parrot, the small Australian studio handcrafting shoes, and the small Ukrainian shop knitting hats and teddy bears.

The fast-fashion giant will absorb all of it without even noticing—as proved by the €40 million fine France handed Shein in 2025, which it shrugged off while staying open for business.

The proposed solutions so far

Here is the part almost nobody explains: the “withdrawal button” is not a new right.

First, the 101, because the word hides a lot. A “withdrawal” just means backing out of a purchase and getting your money back, no reason owed. It exists because, for most of shopping history, the moment a stranger had your money you were on your own. The doorstep salesman vanished, the mail-order catalog never shipped, the dodgy early websites transmitting your credit card information unencrypted to an offshore server. The right to change your mind was invented to end that era, and the “button” is just the newest way to claim that right.

The “change your mind” idea behind it—the cooling-off period—goes back to 1960s installment-credit law, and the EU has guaranteed a version of it since its 1985 Doorstep Selling Directive, back when “online shopping” still meant a mail-order catalog.

The “button” is merely the latest patch in a decade of EU attempts to solve one messy, multifront problem. So climb into the regulator’s chair for a minute and watch the parade of fixes, each one plugging a leak the last one sprang.

A committee room of the European Parliament in Brussels, rows of empty desks beneath a high ceiling.

“ladies and gentlemen, what shall we regulate today?”

(Image credit: JLogan on Wikimedia Commons, licensed CC BY-SA 3.0.)

What buying used to be

To see what each fix was actually for, follow one man through all of them.

Say I’m Bruno.

I live in Fürth (Bavaria, Germany). I order more off the internet than I’d admit at dinner, and above everything I like my life in order.

It’s 2008. The world financial crisis is making prices go uncomfortably up, and I want a phone charger for my Nokia. I’m well aware at this point that prices of goods on the Internet are often much cheaper, and it’s easy to order online, then collect at my post office. So I find a webshop (eBay, anyone?), type in my card details, wait a week, it shows up.

That’s the entire transaction: no “cooling-off”, no “responsible person”, no cookie banner, no “you owe us tariffs” note on a €4 trinket.

Beautifully simple… and beautifully unprotected. If it never arrived, came broken, or the shop evaporated overnight, Bruno was on his own. Every rule below is the EU trying to keep that simplicity while deleting the “you’re on your own; good luck!” part.

2014: Bruno gets buyer’s remorse

Bruno orders a jacket, hates it in the mirror, and ships it back inside two weeks for a full refund, no reason required. That is the Consumer Rights Directive: a 14-day “change your mind” window on anything bought at a distance.

Anything? Almost. There’s a short list of things you can’t send back, for common sense reasons.

Obvious exceptions: bespoke items, perishables, unsealed hygiene goods, and a handful more, software or a CD once you break the seal, that day’s newspaper, a hotel or flight booked for a specific date. The full list is longer and duller; the point is that a standard printed parrot tee is nowhere on it.

Clean, humane… and immediately leaky.

A jacket is easy to send back. A download is not. Watch what happens the first time that tidy little right collides with something digital.

Bruno buys a video game on Friday. Plays it all weekend. Then, next week, on a Monday morning he clicks “refund, I changed my mind”. According to the new law, he keeps the game; the seller eats the refund. You cannot un-sell a played download. The 14-day right, written for jackets, sprang a hole the instant it touched anything digital.

So Brussels and the platform lawyers bolt on a fix. A trader may switch the 14 days off for digital content if the buyer gives “express consent to immediate performance” and acknowledges they forfeit the right (the legal hook is Article 16(m)).

That box, “start my download now, I understand I lose my right to cancel”, is the one Bruno (and you) have clicked on Google Play, Steam, the App Store, and the Nintendo eShop for over a decade. A real, working solution, for digital. Physical goods got no such escape hatch.

Ubisoft Connect dialog headed “Right to withdraw” that has the user consent to immediate download and acknowledge they lose their right of withdrawal, with Cancel and Accept-and-continue buttons.

these little guys.

Hold that thought.

Meanwhile, Bruno’s socks follow him around the internet

Different leak, same digital era.

It’s 2015. Bruno leaves a pair of socks in an online shop cart without buying them.

For three weeks every site he visits shows him socks while his inbox fills with “still thinking about these? you left something in your cart 🧦”.

That is the leak GDPR (2018) went after, the law Americans mostly meet as “the cookie banner law”.

It is far bigger than banners and cookies, but the part Bruno feels is the restrictions companies now must adhere to on exactly this: who gets to hoard his data and chase him across the web over one abandoned cart. And a “no, I don’t consent to tracking” decision is typically not ground for denying service.

“Did you know you can (and, arguably, should) click “Reject All” or “Manage Options - Only mandatory” on most cookie banners?

The fact that the EU’s own fix then saddled him with a cookie pop-up on every page is its own Rabbit Hole. So before we veer too deep…

2019—2022: name the friction

Somewhere in here the whole economy quietly rewires itself around “recurring revenue”.

Everything becomes a subscription.

Davos gleefully lands the now infamous “you’ll own nothing and be happy”, dishwashers suddenly start offering “monthly plans”, and a generation discovers the special joy of a “free” trial that auto-renews at €99 a year.

Bruno likes the convenience, though. He has a Spotify subscription for music, an iCloud subscription for his photos… and a new Xbox with a Game Pass membership. 100 games for only €9 a month, baby!

Until Bruno wants to switch, or the service stops suiting him.

Sellers honored Bruno’s right to cancel… but the “your subscription is now canceled” outcome had him go through cancel-by-phone, guilt screens, and 8-point-gray “cancel” links. So the EU passed the Omnibus Directive (2022). An “omnibus” law means one that amends several others in one fell swoop.

It did not ban “dark patterns” wholesale; that fight is still coming. What it actually outlawed was a specific menu of tricks: fake reviews (and deleting negative ones), undisclosed paid search rankings, surprise fees at checkout, and fake “was €99, now €9” discounts. It also forced sellers to admit when a price had been personalized just for you.

Those were the headline bans, the consumer-facing stuff. But two quieter moves in the same law mattered more for Bruno. First, it redefined “price” to include personal data, so the “free” apps he pays for with his data finally count as real contracts, carrying the same 14-day right and the same disclosure rules as anything bought with euros. That way, a “free” account, your Meta login, a games app, legally becomes a contract Bruno can walk away from, with the same rights as anything bought with euros. Second, it put a number on cheating: fines up to 4% of a company’s annual turnover, the same GDPR-scale stick that turns a wrist-slap into a line on the earnings call. The friction finally had a name and a price.

Remember: none of this is only digital. The same directive, the same right, the same 4% stick covers Bruno’s physical orders too—the jacket, the parrot tee, the Nokia (now iPhone) charger.

Which sets up the move every regulator went on to copy.

2022: Germany hands Bruno a button

The Omnibus told sellers what they must not do—hide the exit—but never what they must build instead. A vague “don’t bury the cancel” still leaves a thousand ways to make “easy canceling” ambiguous.

So Germany stopped describing the bad behavior and mandated the good one: not “make it easy”, but “put this exact button, here”. A permanent, clearly-labeled, two-click Kündigungsbutton (“cancel here”), written into law as §312k BGB.

Bruno cancels his gym in two clicks instead of a registered snail-mail letter.

Retailers howled, and a wave of competitor and consumer-group warning letters followed (a year in, a consumer-group sweep still found barely 40% of subscription sites compliant). But the sky stayed up, and Brussels took notes.

The other front: Bruno’s €4 phone charger

Cancellation was only half the headache. Now let’s address the other elephant in the room.

The deluge of 4.6 billion cheap parcels a year.

Little to none of them had to undergo the duty, safety, and tax checks. Most of them landed on doormats exactly like Bruno’s.

Back in 2008, Bruno’s €4 charger sailed in untaxed thanks to an old rule: any parcel declaring a value of €22 or less owed no import VAT at all.

That floor vanished in 2021.

VAT from the first cent means every parcel now owes tax, even the €4 one, and the seller remits it through IOSS (the Import One-Stop Shop): one EU portal and one monthly tax return instead of registering in 27 countries.

So why do you, a European, still feel like you pay zero tax on your Temu hauls?

You don’t.

Either the seller used IOSS and quietly baked the VAT into the price you already paid at checkout, or it under-declared the parcel’s value to skip it—which is rampant, and is the whole reason the rules below exist.

Then came the DSA (Digital Services Act, 2024). It put the platforms themselves on the hook: Brussels opened proceedings against Shein, fined Temu €200 million, and pinned AliExpress to binding commitments, all for letting illegal and unsafe products (counterfeits, banned goods) flood their feeds. The shift was philosophical: stop chasing millions of dodgy sellers one at a time, and make the marketplace itself legally answer for what it lists.

The GPSR (General Product Safety Regulation, 2024) demands a named, EU-based “responsible person” accountable for every product’s safety. The catch is in “EU-based”: it has to be a real legal entity inside the EU, an importer, a distributor, or a paid representative, who takes on liability for the goods. A one-person shop in Ohio can’t just type in their own name and address; it has to find and pay an EU company to stand behind every product. For a hobby seller, that overhead alone is the difference between shipping to Europe… and quietly switching it off. This was the quiet patch that actually killed small cross-border shipping: the week it took effect, small sellers paused EU and Northern Ireland orders rather than fund a compliance agent most had only just heard of.

Have I mentioned Bruno also loves importing odd novelties from Japan or the US? A Blu-ray box set of the Pokémon anime, a new PlayStation Portal, that fancy American BBQ sauce Reddit won’t shut up about. Here’s the rule he’s leaned on without knowing its name. The €150 “de-minimis” law meant a parcel worth €150 or less skipped customs duty, the import tax that sits on top of VAT. (Not VAT itself; that’s been due on everything since 2021. This is the extra layer.)

Anything above €150, like that $199 gaming device, always paid full duty plus VAT, so nothing there changes. What changes in 2026 is the lower end: killing the de-minimis rolls out a flat €3 charge on the small parcels that used to ride free. On Bruno’s €4 charger, that €3 is almost the price of the thing again. Trivial on one parcel, brutal across four billion of them—which is exactly the point.

2026: the fronts collide

Germany’s cancel button goes EU-wide as Directive 2023/2673, scaled to all 27 member countries.

That, in a nutshell, tells you everything about how Brussels moves, smuggled into a bill about the distance marketing of financial services. Bruno can now hit “Withdraw” on almost anything he buys online. The cancellation button patch and the parcel spam patches are all inside the same eighteen months. What reads like a coordinated assault is really a decade of separate meetings finally getting approved all at once.

Already coming: the next patch

Two more bricks in the wall are already waiting. The Digital Fairness Act, a proposal the European Commission (the EU’s executive branch, the body that drafts and proposes its laws) is expected to table in late 2026.

It aims straight back at the dark patterns the whole saga started with, but where the 2022 Omnibus banned a fixed list of named tricks, this one goes after the design itself: cancellation made deliberately hard, manipulative interface design, addictive feeds, and surge pricing tuned to exploit what a platform already knows about you. And a second file—the Digital Omnibus (a separate, parallel EU proposal)—finally goes after the dreaded “cookie banner” the EU inflicted on the world in the first place—the plan is a one-click “reject all” that your browser can remember and send for you automatically, so you stop re-answering the same pop-up, plus a six-month ban on a site asking again once you’ve said no.

Twenty years in, Bruno can: - cancel in one click - send almost anything back - not provide a cancellation reason - and is about to stop clicking “accept” forty times a day

He still has no idea any of it has a name.

Nokia AC-11 compact travel charger with an EU plug and the old 2mm barrel connector, beside its retail box.

all of that for saving a few euros on a phone charger 20 years ago.

Where we have arrived in 2026 (the TLDR)

As you can see, the so-called “withdrawal button” didn’t arrive alone. It’s the newest brick in a wall the EU spent years building. One rule at a time, each aimed at the swarm of packages, each rule affecting everyone in the world.

Here’s the whole stack, in plain words and plain dates.

Rule; What it means, in one line; Live since

VAT from the first cent: The €22 tax-free floor is gone; VAT is due on everything, collected through one IOSS portal. 1 Jul 2021
DSA trader traceability: Marketplaces must verify who their sellers really are before listing them. 17 Feb 2024
GPSR, the “responsible person”: Every product needs a named, EU-based person liable for its safety. The brick that quietly ended small EU shipping. 13 Dec 2024
The Withdraw Button: Directive 2023/2673: one-click cancellation for EU buyers. The headline act. 19 Jun 2026
End of the €150 de-minimis: The duty-free pass on small parcels dies; a flat €3 duty per item replaces it. 1 Jul 2026
The Digital Fairness Act: Still a proposal: aims to ban dark patterns, addictive design, and unfair personalization. The next brick. Expected late 2026

Notice the headline act, the button, is the cheapest line on that list, and it’s the one everyone’s panicking about. The genuinely expensive bricks (GPSR, VAT) arrived quietly, eighteen months early, with no countdown.

So why does the parrot content creator blame this “cheap” law?

Put yourself in their chair.

VAT, which (unlike US sales tax, collected for you at the register) the seller has to register for in the EU and file every month
an EU rep—a person or company you pay to take legal responsibility for your products
the €3-on-everything duty

Each was a survivable annoyance he’d swallowed one at a time. The button is different in two ways: it is the one with a hard, named, on-the-calendar date, the deadline that forces the decision he’d been deferring through every brick before it.

And it is the one that makes returns frictionless—so any EU buyer can now un-buy a €25 tee with a tap while he eats the transatlantic postage both ways—in one (mandatory-to-implement) click.

On parrot-tee margins, that is the straw. The button finally tips the whole decision-making process into “not worth it”.

And because it’s a Directive, not a Regulation, each of the 27 countries had to pass its own version—and some were late after the deadline. So whether it’s actually in force still depends on where your customer lives.

Yes, now you have to figure out “which of the 27 countries enforce this, and which ones are waking up to smell the coffee?”.

And that last table row—the Digital Fairness Act—is still yet to be proposed and finalized.

So what can you do?

If you didn’t get it yet—there is no size exemption. The 14-day right applies whether you turn over €5, €500, or €5 million a year. So the real question is never “comply or don’t”, but “which of three things you can afford to spend”.

Pick your poison below. It’s a triangle—your time, your margin, and your control—and you only get to keep two. You’re choosing the one you’ll give up.

Keep Europe and keep your evenings—pay in margin

This is the option nobody selling a compliance suite will mention, and it’s the one most small sellers actually want.

Hand the entire legal-seller job to a partner whose whole business is being the seller, and let them eat the VAT, the rep, the button, and the returns.

Selling digital goods? A merchant-of-record like Lemon Squeezy or Paddle—a company that legally becomes the seller—absorbs essentially all of it: EU VAT in every member state, the consumer-law duties, even the chargeback liability.

Selling physical goods? A marketplace (Etsy, Amazon), a print-on-demand partner (e.g. Printful), or Shopify’s Managed Markets (where Global-e becomes the merchant of record and adheres to local law for you) does the same for a cut of each sale.

You keep your store and your 450 million customers—but give up some margin and control. You already subscribe (= pay rent) to your storefront, your payments, and your hosting—renting the compliance is the same trade, and if your bottleneck is time and attention rather than cash, it’s the smart move, not a cop-out.

Keep your margin and your independence—pay in time

Do it yourself: register for IOSS, appoint one cheap EU rep, add the button, reprice for the €3 duty. Every point of margin stays yours and you control the whole experience; what you spend is the setup and the monthly filings. Initially slow work, but once you’re out of the start-up cost purgatory it just works.

Keep your time and your cash—pay in market

Switch EU checkout off.

Cleanly and dated, the way Apollo and Frens did. Cheapest in both money and effort, and a fair call when Europe is a rounding error. Just price in what you’re actually giving up: not only the sales, but the audience you quietly alienate and the upside you forfeit if your EU following ever takes off.

No single right answer. The corner you sacrifice depends on whether your scarcest resource is time, money, or being your own boss.

Concrete examples

The five rules are the same everywhere. What changes, platform to platform, is how much of them somebody else already carries for you. Here is the honest split, from “they do almost all of it” to “it’s entirely on you”. Find your row.

Shopify: it’s your problem, politely

Shopify has a help page for exactly this, and the first thing it does is hand the obligation straight back to you. It lays out the 19 June 2026 requirement—a visible withdrawal function, reachable without logging in, with a confirmation sent on a “durable medium” like email—and then says, in as many words, that “you’re responsible for reviewing this information and applying it to your business”. Shopify surfaces the rule. Shopify does not build the button.

There’s no native “withdrawal button” toggle in your admin (if Shopify ever ships one, use it), so two honest options remain:

A Shopify app. The Shopify App Store already has purpose-built withdrawal-button apps that drop in a two-step form, match it to the order, and fire the confirmation email, several with a free tier. Fine, as long as you are not paying monthly rent forever on a glorified <form> tag.
Do it yourself. A footer link reachable from every page (with no mandatory login), a confirm page, and Shopify’s own order-notification email as the durable medium. That is the whole job.

GPSR is similar: Shopify tells you a named EU “responsible person” is required, then tells you to go find and pay for one yourself. No built-in rep marketplace, just a product field to display the details. Good luck.

The platform that makes selling effortless is, when it comes to EU compliance, mostly a very polite sign that reads “your problem”.

Shopify Help Center page on the EU right of withdrawal, stating the compliance obligation is the merchant’s.

WooCommerce: open source, so the community already fixed it

WooCommerce is the other half of the small-store world, and being open source, it punts even harder than Shopify. Its own guidance, published weeks before the deadline, ships no feature at all—it tells you to add a link, build a request form with any contact-form plugin, and process the refund through the order tools you already have. No native button, no “coming soon”.

The difference is that the ecosystem already solved it, for free. Germanized for WooCommerce, a free plugin with 70,000-plus installs, added a withdrawal button “in compliance with EU directive 2023/2673” in its current release—guest-accessible, with a timestamped confirmation email as the durable medium—and it carries the GPSR “responsible person” fields in the same free plugin. So on WooCommerce the honest answer is the cheerful one: install the plugin, fill in a couple of settings, done. Open source quietly hands you what Shopify wants you to rent.

Stripe: a refund is not a withdrawal

This is the most common mix-up, so let’s say it slowly: Stripe is your payments layer, not your consumer-law layer. There is no withdrawal button anywhere in Stripe, because that was never Stripe’s job.

When a customer withdraws and you push the refund through Stripe, the refund is the consequence of the withdrawal, not the withdrawal itself. The button, the two-step confirm, and the durable-medium email all have to exist before a single euro moves. Stripe’s customer portal can let subscribers cancel a plan in a click (handy, on by default), but that is a billing convenience, not the legally-labeled “withdraw from contract here” function that has to stay visible for the whole cooling-off period. Stripe’s one genuine EU-compliance footprint is SCA—the “confirm this in your banking app” step—which authenticates a payment rather than unwinds a contract. Different regime, different rulebook.

If you remember one line from this whole piece: “I refunded them in Stripe” is not “I was compliant”. The first is plumbing. The second is still yours to build.

There’s a darker corollary worth naming. A frictionless one-click withdrawal is also a one-click fraud surface: serial returners and fraudsters can withdraw, pocket the refund, and keep the goods (and the postage). So the moment you ship the button, fraud screening (Stripe Radar, a chargeback tool, a returns-abuse service) becomes the next thing you “need”. That’s the assimilation pattern again in miniature.

Etsy: the marketplace carries some of it

Etsy is the in-between case, and worth understanding, because “just move onto a marketplace” was the escape hatch from the last section: let a bigger platform absorb the compliance so you don’t have to. On Etsy you are still the legal seller, so the cancellation duty and the GPSR responsible person are technically yours—but Etsy quietly does a lot of the carrying.

It runs a built-in cancellation, refund, and case system, so the cancel mechanism already exists. For GPSR it lets you enter your “responsible person” once and applies it across every EU listing, and it partnered with EU-rep services so a maker in Ohio can actually appoint one instead of giving up. It even gives you a single switch to turn EU and Northern Ireland sales off entirely, which is how a lot of small shops “complied” in December 2024.

What Etsy had not, at the time of writing, shipped is a dedicated Directive-2023/2673 withdrawal button; it leans on its existing returns-and-refunds machinery instead. If that has changed by the time you read this, the underlying point has not: on a marketplace you inherit whatever the platform builds, for better and for worse.

The trade is the one from earlier: Etsy absorbs the painful parts, and in exchange takes its cut and its place between you and your customer. For many one-person shops that is the rational deal. It is also, precisely, becoming a tenant.

The App Store and Google Play: read the fine print on “who is the seller”

Selling a digital product through an app store? Whether the consumer-law machinery is yours hinges on one question—who is the legal seller—and the two big stores answer it differently.

On Apple’s App Store, the store is the seller. In the EU, Apple sells through an Irish entity, Apple Distribution International, which is the merchant of record: it takes the money, remits the VAT, and fields the cancellations, refunds, and the 14-day withdrawal. That part really is Apple’s problem, not yours.

Google Play is the trap. Google collects and remits the VAT for EU buyers, but its own terms say the purchase is “made from the developer of the app”. In other words, on Google Play you are usually the seller of record, and the consumer-law duty (including the withdrawal function) can land on you even though Google runs the checkout. Same kind of storefront, opposite answer. The plumbing is there, to be fair—Google gives you a one-click deep link to the Play cancel-and-manage-subscription screen you can wire straight to a button—so the mechanism was never the hard part; knowing the duty is yours is.

What both stores already give you, regardless, is the digital-goods escape hatch, the “I want this now, and I understand I waive my right to cancel” box from Bruno’s story, Article 16(m) in the flesh, plus built-in subscription cancellation in account settings. And the moment you take Apple’s or Google’s alternative EU payment terms and bill customers directly, every duty swings squarely onto you. So choose deliberately if you bill via Stripe in the EU.

An iOS Manage Subscriptions screen with a Cancel Subscription option, the built-in cancellation flow the store already provides.

Other digital storefronts

Steam, the Microsoft Store, the Nintendo eShop, Samsung’s and Xiaomi’s app stores, every other storefront collapses to the same single question: is the platform the legal seller, or just my payment processor?.

The big digital stores (Steam through Valve, Microsoft, Nintendo of Europe) generally sell as the principal, collect the EU VAT, and therefore carry the cancellation and withdrawal machinery for you, much like Apple. A thinner “we only process the payment” platform leaves it on you, like Google Play. Before you build anything, search your platform’s terms of service for the word “seller” and find out which one you are. That answer decides everything else in this article.

Your own storefront: the DIY route

If you run your own code, every piece is yours, which is also the good news—the whole thing is genuinely small. A visible “Withdraw from contract here” link on every page, a confirm step so nobody cancels by accident, a stored record with a timestamp, and a confirmation email as the durable medium. That is the entire spec.

Rather than paste a wall of code here, I built it once so you don’t have to: a free, open-source, copy-paste reference you can fork, at github.com/yuryv-info/parrot-tee-sample (with a live demo you can click through). It ships a plain button and confirm page and a tiny server handler. Ask your AI agent about wiring it into a Shopify theme or a mobile app’s settings screen—the notes and AGENTS.md are there for you.

View on GitHub — https://github.com/yuryv-info/parrot-tee-sample

If it’s still confusing

Yury, I just want to sell to Europeans and not leave my customers stranded. This is too complicated. What do I do, concretely?

Well, start by working out which of the five regulation packages even touch you—because most people owe far less than the panic implies.

If you sell physical goods to EU consumers from your own store, you owe four things:

Register for IOSS so VAT is handled in one place, through the EU’s One-Stop Shop portal (or let your accountant or an IOSS intermediary file it for you).
Appoint one shared EU “responsible person”. This is box-ticking, not a trust relationship: you are renting a name and an address that legally stands behind your product, usually for a flat annual fee in the low hundreds of euros. Search “GPSR authorized representative”, compare a few, pick one. You are buying compliance, not a co-founder.
Reprice for the €3 duty. Simplest path: fold it into your prices, or add a visible “EU import fee” line at checkout, the same way you already handle shipping.
Add the withdrawal button—an afternoon’s work with your web developer or an AI agent—or a free plug-in from your plugin’s app store.

That is the entire list. If you sell through a marketplace like Etsy or through the app stores, most of that is already carried for you, so check what they handle first (the per-platform breakdown is the section right above this one) before you build anything.

If Europe is a thin slice of your revenue, say under 5-10%, the honest answer might simply be to switch EU checkout off cleanly, the way Apollo and Frens did.

Just be clear-eyed that “off” is not free either: you are trading the compliance cost for the cost of alienating part of your audience and the upside you forfeit if your EU following ever takes off. Pick the cost you’d rather carry. (Product idea: you can add a waitlist for when you get a critical mass of European fans later in the future!)

What you do not do is buy a six-figure “compliance platform”, pay monthly rent on “withdrawal button as a service”, or panic in a lawyer’s office. Nobody is coming to fine a parrot merch shop on June 19th for a missing button. The real exposure is that 12-month cancellation window you trigger by never telling customers their rights at all, and that is fixed with one paragraph of plain copy that you asked ChatGPT to write for you.

The shameless plug

I’ll be honest about why this next section exists: untangling five overlapping EU rules for your specific shop is genuinely fiddly, and I find it weirdly fun, so I do it for people at yuryv.info.

I am not a lawyer, so I am not qualified to give legal advice on compliance and what you actually need to not get fined. What we can do is technical brainstorming—once you figure out what you need (a button, a cancellation flow, a rewritten copy, an IOSS signup), and the open-source code samples linked above are still too complicated, we here at Team YV can implement a compliant withdrawal flow in your store or app, then harden it with tests and automations.

“Consulting slots—and even discovery calls—run out fast. Don’t delay, buy today”

Book now on yuryv.info — https://book.stripe.com/6oU5kDcBb5MKcz67K58so01

Conclusion

The EU’s “withdrawal button” is actually a slow, deliberate squeeze. VAT, traceability, product-safety reps, dead duty thresholds, and yes—a cancel button. It is aimed at making the bloc a harder place to sell cheap—not by banning Shein and Temu, but by making the cheap fast fashion stuff stop being so cheap, and at making customers harder to trap. The button is the part with a name and a date, so it gets the blame—just like “cookie banners” took the blame for the whole of GDPR in the 2010s.

Most of you reading this owe an afternoon of work, one tax registration, and one honest “is the EU worth it” reflection where you choose A, B, or C.

Apollo and Frens made a reasonable call given their audience is mostly US-based, and if naming the right decision saves even one of you from either overpaying a consultancy or needlessly switching off 450 million customers, this was worth writing.

— Yury Vashchylau • yuryv.info A deep dive into how apps, games, people, and money interact. yuryv.info | yvinsights.com | YV Podcast

Subscribe on LinkedIn and send this to your boss: https://www.linkedin.com/newsletters/yv-insider-by-yuryv-info-7444467518737608704/
Subscribe on Substack: https://yvinsights.com/
The Rabbit Hole—out loud—on YV Podcast: https://yvpodcast.yvinsights.com/