If you build or maintain Shopify or WooCommerce stores that sell to German consumers, there's a hard deadline on your calendar: June 19, 2026. From that date, §356a BGB requires a Widerrufsbutton — a digital contract-withdrawal function with a legally defined flow — on every B2C storefront serving German customers.
This is an implementation problem more than a legal one, and the spec is stricter than it looks. Here's what you actually have to build, where the plugins break, and what's left as custom work.
The spec, as a flow
The law defines a four-step process. Every step is mandatory; skipping any one of them = non-compliant.
[Entry button: "Vertrag widerrufen"]
│ permanently visible, all pages,
│ 14-day window, NO login wall
▼
[Form: name + order ref + email ONLY]
│ any extra field (e.g. "reason")
│ is itself a violation
▼
[Confirm button: "Widerruf bestätigen"]
│ explicit second click required
▼
[Automatic email confirmation + timestamp]
this email IS the legal proof
Three constraints trip developers up:
No login wall. If the store supports guest checkout, the flow must work without an account. Court rulings after Germany's 2022 Kündigungsbutton law confirmed that gating the button behind login violates the requirement.
The form is a maximum, not a minimum. You can only collect what identifies the contract: name, order reference, email. A "tell us why you're leaving" field — standard UX everywhere else — is a legal violation here.
Email deliverability is a compliance requirement. The timestamped confirmation is the legal record. The common failure isn't send logic; it's the mail landing in spam or getting filtered by corporate clients. Test the full flow against multiple providers before go-live.
The stakes: fines up to €50,000 (or 4% of annual revenue for larger businesses), plus a nasty side effect — if the button is missing or broken, the customer's withdrawal window extends from 14 days to 12 months and 14 days. And based on how 2022 played out, Abmahnung warning letters from competitors and consumer associations start arriving within days of the deadline.
Subscription stores need TWO buttons
This is the part most teams miss. Germany already has a second, older requirement: the Kündigungsbutton (§312k BGB, in force since July 2022) for cancelling recurring contracts — subscriptions, memberships, meal kits, digital services.
FunctionLawCoversLabelsWiderrufsbutton§356a BGBWithdrawal from individual purchases"Vertrag widerrufen" → "Widerruf bestätigen"Kündigungsbutton§312k BGBCancelling ongoing subscriptions"Verträge hier kündigen" → "Jetzt Vertrag kündigen"
They are two separate legal obligations and cannot be merged into one button or one flow — law firms including Noerr have confirmed there's no grey area on this. A vzbv study in June 2023 found only 42% of ~3,000 subscription sites checked were compliant with the older law a full year in. The new one will not go better.
Scope check: this is not just for German companies
Both provisions apply to any business, anywhere, concluding B2C contracts with German consumers through an online interface — websites, mobile apps, and software platforms all count. A US, UK, Australian, or Indian store selling into Germany is in scope. What matters is where the customer is.
Exempt: pure B2B, custom/personalised products, digital goods already downloaded with explicit consent, and contracts concluded in-store or by phone.
Shopify: what exists, what doesn't
There is no native solution. No admin toggle, no official §356a documentation. Current state:
Händlerbund app (from Germany's largest ecommerce association) — activates via the Theme Editor, handles the full four-step flow.
Revoq — Built for Shopify certified, no theme code changes, supports guest orders, sends the timestamped confirmation.
Both break down on heavily customised themes: non-standard footers, custom account areas, and modified checkout pages can render the button incorrectly or in a non-compliant position. "Permanently visible" means verifying placement on every key page and viewport, not just the homepage.
Two things stay manual no matter which app you pick: the Widerrufsbelehrung (withdrawal policy) must reference the new flow's URL, and the AGB (terms) must be updated for §356a. If the Widerrufsbelehrung update is missed, the 14-day window doesn't apply at all — customers keep withdrawal rights for 12 months and 14 days.
Shopify Plus adds the interesting option: checkout extensibility lets you put the withdrawal entry point directly in the checkout flow — the placement most aligned with the law's "withdrawal as easy as purchase" principle. The trade-off is real development work plus a review of every existing checkout customisation for conflicts.
Subscription setups are where the apps stop. Revoq and Händlerbund cover the Widerrufsbutton only. The Kündigungsbutton has to live inside the subscription management area, and that implementation depends entirely on the stack — Recharge, Bold, and native Shopify Subscriptions all have different data structures and account surfaces. Custom subscription builds will need custom work for both buttons.
WooCommerce: better plugin coverage, same theme problem
The Woo ecosystem moved earlier:
vendidero EU Order Withdrawal Button — free, open source, on WordPress.org. Creates the withdrawal page, runs the two-step flow, emails customer and merchant.
Germanized ≥ 4.0 — withdrawal button built in (WooCommerce → Settings → Germanized → General → Withdrawal Button).
German Market (MarketPress) — announced for v3.58, planned before the deadline.
The recurring failure mode is placement in custom themes. The vendidero plugin can auto-embed in the footer, but its own docs note rendering depends on the theme — FSE themes, custom footers, and heavily modified Woo themes usually need manual placement. Getting the button positioned, styled, and visible on mobile and desktop is theme-level dev work, not plugin config.
Subscription stores: same two-button situation as Shopify. None of the compliance plugins auto-configure a compliant Kündigungsbutton for WooCommerce Subscriptions or third-party subscription plugins — its placement and behaviour depend on how the subscription system is built.
The 8 implementation failures that draw warning letters
Button gated behind login while guest checkout exists
Two-step flow compressed into one click
Confirmation email landing in spam → legal requirement unmet
One button serving both laws
Wrong label ("Cancel order", "Return request", "Contact us" don't qualify)
AGB not updated — a separate violation on its own
Widerrufsbelehrung missing the flow's URL — extends withdrawal to 12 months + 14 days
Button visible only on the account page instead of store-wide for the full 14 days
Pre-launch checklist
Button visible on all pages, no login required
Entry button → form → separate confirm button (two explicit steps)
Auto email with timestamp on submit
Email tested across Gmail/Outlook/corporate filters — not in spam
Works for guest orders
Form fields: name, order ref, email — nothing else
Subscriptions: Kündigungsbutton as a fully separate flow
AGB references §356a BGB
Widerrufsbelehrung includes the withdrawal flow URL
Tested on mobile and desktop
Datenschutzerklärung covers data collected by the form
If the deadline already passed
Abmahnung letters carry a response deadline, usually one to two weeks. Ignoring one can escalate to an interim injunction. The right move is the boring one: implement fast, respond within the window. Stores that fix compliance quickly after a warning are in a materially better legal position than those that wait.
Originally published on the Codingkart blog, where we cover custom Shopify and WooCommerce engineering for subscription stores.
Top comments (0)