Join
6
8 Comments

EU, Getting Started

by David Klein

So this is somewhat a tricky one and I know I cannot expect any real legal advice, but for the sake of the argument: how do you approach the dilemma of kickstarting a new venture without being personally liable for it?

In the EU, you need to have a legal notice (impressum in germany), a privacy policy and terms and conditions (terms of use, or something like it), in which you need to add all sorts of information about yourself (name, email, phone, address, etc.). This is fine if it weren't for all the legal stuff. Many law firms and sharks out there just scraping new websites to send costly bills, because you have a typo, a wrong sentence or missed something, somewhere in one of the legal pages.

There are online generators out there, but they do not cover special use cases (such as the endeavours I would like to kickstart).

So I can either take a lawyer, pay a couple of grand to get it done (with no real guarantee that some other lawyer will go after me anyway and be personally liable with all my personal assets), or form a company for a couple of grand, take a lawyer for a couple of grand and still be personally liable (to some extent - depends on the possible wrongdoing) and have the newly formed company go bankrupt, since it hasn't built up enough ressources to pay any claim by any lawyer.

This system seems broken AF. Or I am missing something. Please get my spirits up again (without relocation to another country please).

Avatar for David Klein David Klein
posted to Icon for group Legal, Tax, and Accounting
Legal, Tax, and Accounting
 on December 12, 2019
Say something nice to dakl…
Post Comment
  1. 1

    You're not missing anything—this is a real structural problem for bootstrapped founders. A few points:

    Liability: Incorporation doesn't fully insulate you, but it does reduce exposure significantly for most claims (the 95% case). Personal liability creeps back mainly if you've personally guaranteed something or acted negligently.

    The "sharks": Mass threat letters are usually low-signal noise. Real risk comes from competitors or users with actual claims—so the quality of your legal docs does matter, but typos alone won't sink you.

    Middle ground: Before paying €8k, clarify your actual exposure: What data are you collecting? IP risk? Who's your user? What's your revenue model? This might let you find a boutique firm for €1.5-2.5k instead of a full corporate setup.

    You're thinking about this before something breaks. That's the right reflex.

    User Avatar olyroad
    ·
    3 months ago
    ·
    Reply
  2. 3

    I feel you! Don't get me started on this topic.

    To quote myself: in the EU, we’re keeping ourselves busy through regulation, not innovation. It all makes sense, in a way, and as a consumer I value the rights that I have and feel really empowered to go after bad players.

    But as a diligent founder, it's bad. B2C more than B2B due to the strong end consumer rights, and of all regulations GDPR is the biggest PITA. Not just because of the privacy policy visible on the outside, but because of the obligations and processes on the inside. The upfront time and monetary investment into setting this up right eats up all your momentum building a product, particularly as a single Indie Hacker, and typically you're still far from validation aka your first paying customer.

    I started my most recent company in August 2018 and the lawyer's quote for terms and privacy policy was around 1.500€ before VAT. Given the inevitable cost of notarization for an LLC (GmbH) and some additional cost required to get me started, I wasn't too keen on spending this upfront. Eventually, I paid 99€ for a GDPR compliant privacy policy generator which had plenty of options and created my own terms, to the best of my knowledge. I've seen plenty of contracts in my other ventures, though, so I'm not too worried about that.

    Another thing is taxation. I've just recently asked here on IH how other founders deal with VAT regulations when selling digital B2C products in the EU – personally, I think these rules are obstructive, to say the least. And taxation gets worse when you decide to start and invest into joint ventures outside your home country...

    Back to your original issue. I assume with the "sharks and law firms" you're referring to possible cease and decist letters ("Abmahnung") that might be sent out as a business model. To get your spirits up: my oldest company (which is also the one with the most exposure) will turn ten next year and in all these years of launching side projects, starting companies and working in B2B and B2C, I've never seen one.

    I think the EU needs a regulatory sandbox for startups to operate in, which reduces the bureaucratic burden and provides a decent "standard toolkit" to use freely.

    User Avatar digitalbreed
    ·
    6 years ago
    ·
    Reply
    1. 1

      Amen brother, and thank you for the good spirits. I am at a point where this is really stressing me out more than it should. I want to do good projects, good work and give something back to the community, but I now witness first hand that starting up in Europe is - as you laid out so elegantly - a major PITA. No wonder the big unicorns are mostly from non-EU countries (USA, Israel, Canada, etc.).

      My last project (hopefully out on December 24) was an attempt to get a Micro-SaaS out the door within 2 weekends, or 6 days in total. Of which I have spent 3 days on managing the legal shit needed to hopefully not get sued into the ground.

      And yes, $1500 for legal t&c's and privacy policies are outrageous. And even then, you are still betting on your lawyer being any good at it...

      Avatar for David Klein dakl
      ·
      6 years ago
      ·
      Reply
  3. 1

    Hey David,

    sorry for digging up this 4 month old thread. As a fellow German i can confirm that not only the EU, but especially Germany with it's federal and state wide data protection regulations is unnecessarily strict.

    Even if you pay a lawyer, you're still going to be liable for any inconsistencies in your T&Cs. I know the GDPR fines seem high in writing, but it's really enforced on an individual basis. In the case of a new start up it's going be next to nothing, based on approximations of your audience reach by the GDPR council IF someone reports you.

    I highly doubt that any court in Germany will fine you, a small scale business, 50.000€ for making a minor mistake regarding the GDPR. I'd say just go for it, acquire customers and put away some money just in case there are legal fees.

    AFAIK the UG is also very popular with startups in Germany
    https://de.wikipedia.org/wiki/Unternehmergesellschaft_(haftungsbeschränkt)

    User Avatar Nikoisonfire
    ·
    6 years ago
    ·
    Reply
  4. 1

    Where did you get this "lawyers going after you" and predatory law firms "scraping new websites to send costly bills"?

    I've co-founded 5 companies within EU and newer had any issues like that, or heard anything remotely resembling that.

    Even in theory what you write doesn't compute. Law firms are not parking enforcement officers. They simply don't have any authority to send you bill just because you miss some legal stuff.

    But if you are actually guilty of some unspecified "wrong doing", then that is a completely different matter. There is no way to avoid personal liability caused by "wrong doing", and that is how it should be.

    User Avatar HenriNext
    ·
    6 years ago
    ·
    Reply
    1. 1

      Thanks for replying. I was a bit unspecific here. I agree with what you said, but law firms actually do this. There are law firms, companies and even groups specialized in doing just that. Wrong doing is one thing, another one how to decide when to invest in proper lawyering up versus a fresh business idea which hasn’t yet generated a single dollar...

      How do you deal with these things? I currently feel stuck here. I can’t risk investing a couple of grand in every business idea I want to “test”. Do you all just let all ideas run on a single business entity (like an LLC) and then create another one of it seems promising and reusing default legal texts, basically hoping that it covers all specifics of your fresh business idea?

      Avatar for David Klein dakl
      ·
      6 years ago
      ·
      Reply
      1. 1

        If law firms would actually do that, they would get sued. It would be criminal offense in most jurisdictions to send illegal threats or misleading bills. I still think that your information about this is incorrect, but if it is not, then provide link?

        To get the legal stuff done: many online generators have additional paid options (e.g. +$10 to add some clause), and for others the main business is manual customization on top of their standard terms. Alternatively if you want completely custom stuff there are some fairly affordable legal services marketplaces.

        And for the company side, what would be the point of having separate company for each validation you try? You'd really found a company, do a landing page which nobody visits, and then you'd found a new company for next validation, just because you might get sued due to an old landing page that nobody visited?

        Overall, I think you are just spectacularly over blowing these legal and liability issues.

        What is the exact scenario that you are afraid of?

        User Avatar HenriNext
        ·
        6 years ago
        ·
        Reply
        1. 1

          Maybe I am blowing this out of proportion... From my understanding, basically everyone can have a lawyer send cease and desist letter (with a cost note) to any business for the slightest incorrectness in any legal page (even for a missing or changed fax number!). Legislation is constantly changing and just keeping up with it seems crazy and/or expensive. I am surprised you don't know this if you are from the EU. The costs attached to these Cease and Desist letters are mostly regulated, and they are in the 50k€ range. Usually they send you one with a reduced rate (because of "in good faith")... around 2-5k€.

          Proof from a gazillion of different sources, readily available doing a quick Google search:

          https://www.privacypolicies.com/blog/privacy-policy-google-analytics/#Complying_With_Clause_7:_Example
          -> This one is nice, since you need to have super specific legal texts, privacy policies and cookie policies. Your texts and technical setup need to be flawless and waterproof. As much as a missing comma somewhere may get you penalized heavily by potential competitors. And this is just scratching the surface.

          Or maybe this one may be satisfactory:
          https://gdpr.eu/article-30-records-of-processing-activities/
          So, you are not allowed to keep server logs without prior consent, if you have to have them in place, you need to be able to hand them to authorities. And if you do, you need to make sure they are anonymized. Okey then. Good luck if someone asks to see the data your webserver automatically accepts by just accepting a connection request to an IP address (this is how the internet works). Also the wording need to be absolutely bulletproof for you not getting sued by competitors.

          Maybe it's just me that had bad experiences with it before, so I am naturally sceptical. Maybe I am just fiddling in hyper-competitive spaces, where competitors are happy to lawyer up the second they see competition on the horizon. I don't know...

          I now decided to form a Holding company to hold all my company assets and then spin off separate LLCs under the Holding if they bear fruit.

          Avatar for David Klein dakl
          ·
          6 years ago
          ·
          Reply
Trending on Indie Hackers
AI runs 70% of my distribution. The exact stack. User Avatar 187 comments I'm a solo founder. It took me 9 months and at least 3 stack rewrites to ship my SaaS. User Avatar 153 comments I used $30,983 of AI tokens last month in Claude code on $200/mo plan User Avatar 74 comments 30 days ago I posted here with $0 revenue. Here's what actually happened next. User Avatar 42 comments my reddit post got 600K+ views. here's exactly what i did User Avatar 42 comments I turned someone’s tweet into an app idea and it has made ~$3000 so far in 4 months. User Avatar 35 comments