The Court of Justice of the European Union’s new ruling IS important for the practice of contracts based on so called “general terms and conditions”

The Court of Justice of the European Union („CJEU„) has once again ruled on the validity of jurisdiction clauses included in the general terms and conditions of contracts („GTC„). Such clauses serve to designate the state wherein the courts will have jurisdiction to hear cases arising out of given contracts. As a rule, if validly agreed, these clauses preclude pursuing claims in other states. The recent ruling confirms that under certain conditions, a jurisdiction clause contained in GTC available online can be considered agreed upon, even if one of the parties was not fully aware of the wording or even the existence of that clause.

Jurisdiction clauses in GTC

In both professional (B2B) and consumer (B2C) trade, it is common for transactions to be concluded using the standard contractual terms (GTC) of one of the parties. These terms are not separately negotiated between the parties. They can either be accepted, expressly or implicitly, by the other party or the transaction does not take place. Frequently, the GTC document forms an annex to
a written contract. Increasingly, however, the GTC of one party are referred to via a link inserted into contracts leading to the website where these terms are published. Such a link can often be found in the contract document, but it can also be located in other documents, such as the confirmation of an order placed or confirmation of an order accepted, or other correspondence exchanged between the parties in connection with a transaction.

A clause conferring exclusive jurisdiction to the courts of the state preferred by the party that drafted the GTC is one of the typical provisions. Clearly, such a provision may constitute a significant impediment to a party pursuing claims, which could significantly benefit the other. Therefore, the formal conditions for the validity of such a clause are of no small importance for the day-to-day practice of transacting business.

Formal requirements for the validity of a jurisdiction clause

Where a jurisdiction clause designates the courts of an EU Member State as having jurisdiction, the formal requirements for its effectiveness are set out in EU Regulation 1215/2012, customarily referred to as “Brussels I bis”. This regulation generally envisages four forms that such a clause can take:

  • written form, with communication by electronic means providing a durable record being equivalent to the written form,
  • another form, but with confirmation in writing,
  • a form that accords with practices established between parties,
  • a form according with a form of usage in international trade or commerce that the parties know or should have been aware.

As the situations described in the last three points are relatively rare, most often the validity of
a jurisdiction clause depends on whether the requirements of the written form have been met. These issues are therefore a relatively frequent subject of court rulings. This applies in particular to the validity of clauses contained in the GTC of one of the parties.

Earlier CJEU rulings

As early as the 1970s, the CJEU confirmed that a jurisdiction clause itself does not have to be inserted into a signed contract to be binding (Salotti case 24/76). Indeed, in the case of a contract concluded in the traditional written form, a precise reference to a GTC document including such a clause is sufficient. Such a reference does not have to mention a jurisdiction clause itself as part of the GTC. However, that condition for the effectiveness of such a reference is that the text of the GTC is actually communicated to the other party prior to the conclusion of the contract (Hőszig case 222/15).

The CJEU has also addressed the topic of contracts concluded online (El Majdoub case 322/14). Namely, it pointed out that a jurisdictional clause that is part of the GTC of one party may be deemed formally agreed to, if these terms are accepted by the other party by clicking the appropriate field on the website (so-called click-wrapping), where a transaction is concluded, provided, however, that the consenting party was able to print and save the text of these terms before concluding the contract. Whether or not the consenting party has actually taken the opportunity to review the conditions or record them is irrelevant to compliance with the formal requirements.

The ruling in Tilman case 358/21

In this recent case, the CJEU ruled on contracts concluded in writing, but referring via a link inserted in the contract documents to GTC available online (the ruling in Tilman case C-358/21 was delivered on 24 November 2022). In such situations, the CJEU held that the absence of additional acceptance of these conditions expressed by clicking on the website (as it was in the El Majdoube case) does not preclude the formal requirements from being considered fulfilled. The mere inclusion of a link to the GTC in the written contract is sufficient provided that this link functions and can be activated by
a party exercising ordinary diligence. In this scenario, it is also indifferent whether the other party made use of such an opportunity.

The CJEU stressed that the key point in this case was that it involved a B2B transaction. If the party accepting the GTC had been a consumer, the outcome might have been different. Thus the answer given in this case should generally be understood as limited to transactions concluded between business operators.

The ruling in Tilman comes as no surprise. There had already been rulings by the national courts of member states in a similar vein. In these rulings, further requirements were proposed for the manner in which the GTC containing a jurisdiction clause has to be made available. These are in particular:

  • the name of the GTC document indicated in the contract documents must be identical to the name of the document to which the link actually leads, and
  • the requirement that a link leads to a site where finding the relevant document does not involve difficulties for a diligent person, in particular it does not require poring over
    a number of documents.

These further conditions were not expressly mentioned by the CJEU in the ruling under discussion. Without going into the question of to what extent these additional requirements can actually be derived from the Brussels I bis Regulation, it seems reasonable to take them into account in the day-to-day practice of transacting business based on GTC documents with jurisdiction clauses.

Practical takeaways

The recent Tilman judgment and previous CJEU rulings provide important guidance for business operators. These include

  • in B2B relations, for a jurisdiction clause to be effectively agreed upon, it should be sufficient to include an explicit and clear reference in the contract with the use of a link to the online GTC containing such clause. If no separate contract is concluded, inserting such a reference in the order document, order acceptance or even in other correspondence, e.g. in the footer of an e-mail, may be considered a way to communicate the clause to the other party. In any case, however, such practice should be well thought over in advance and consulted on with lawyers;
  • before entering into any transaction, one should carefully review the links included in the contract documents, order placed, order acceptance, or other correspondence exchanged in connection with the transaction and the contents of the documents that these links lead to; the contents of the linked documents or the fact that a link does not work should be recorded and documented;
  • in order to ensure that the jurisdiction clause included in the GTC linked in the contract concluded with another business operator is effective, it is advisable that the linked site is designed in such a way that the relevant GTC applicable to the contract in question can be easily found; where possible, the link should lead directly to the relevant GTC. It is also important that it can be documented that a specific version of the GTC was available at the link prior to the conclusion of the contract and that the link indeed worked.


Privacy and cookies policy


The controller for personal data is LEGALIO Pietrzak Markowicz Lewandowska Lubaś sp. j. with its office registered in  Warsaw (00-342) at Topiel 23, and entered into the entrepreneurs’ register of the National Court Register held by the District Court for the Capital City of Warsaw in Warsaw, in the 13th Economic Division of the National Court Register, under KRS number 0000874696, tax identification number (NIP) 5272944924, and statistical number (REGON) 387767552 (“LEGALIO”).
LEGALIO processes personal data such as first and last names, e-mail addresses, phone numbers, and position names.
LEGALIO processes personal data on the terms specified in the provisions on protection of personal data, in particular those in the Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), as well as in the Act of 10 May 2018 on protection of personal data. LEGALIO keeps personal data confidential and secures the data against unauthorised access by third parties pursuant to the above-mentioned regulations.


Scope and purposes of personal data processing
In the course of its activities, LEGALIO collects and processes personal data for the following purposes:  
  • those resulting from legitimate interests pursued by LEGALIO as the data controller, in particular for purposes related to the provision of services to clients, informing clients or prospective clients about changes in the law or the practice of its application, conducting other correspondence, and initiating and maintaining contact with clients, potential clients, counterparts, and other persons, as well as enabling the use of LEGALIO’s profiles on social media – based on art. 6 section 1 letter f of the GDPR;
  • negotiating, concluding, and performing agreements with clients or other persons, as well as taking steps at the request of the data subject prior to concluding an agreement – based on art. 6 section 1 letter b of the GDPR;
  • conducting recruitment processes and performing legal obligations related to employment – based on, respectively, art. 6 sec. 1 letter a, art. 6 sec. 1 letter c, and art. 6 sec. 1 letter f of GDPR;
  • fulfilling obligations imposed by the law – based on art. 6 section 1 letter c of GDPR.
Transfer of personal data to other entities
In connection with the activities performed by LEGALIO, personal data may be disclosed to external entities providing services necessary for those activities, in particular to providers of accounting, IT, marketing, and postal services, courier operators, etc. Personal data will not be transferred to a third country.
Period of personal data processing
The period of personal data processing depends on the purpose of processing. In the case of processing personal data based on LEGALIO’s legitimate interest, personal data will be processed for the period enabling the implementation of this legitimate interest.
If personal data is processed for the purpose of negotiating, concluding or performing an agreement, personal data will be processed for the period of negotiating and concluding the agreement and, where applicable, also performing the agreement for the time necessary to determine and/or pursue a claim or make a defence against claims, and thereafter, in cases and to the extent required by law.
Where processing of personal data is carried out for the performance of legal obligations, the period of data processing shall be determined by the nature of these obligations.
Personal data will be processed until an effective objection is raised in this regard, respectively until the consent for the processing of personal data is withdrawn, in cases where such consent constitutes the sole basis for personal data processing.
Personal data processed as part of the profession of attorney at law (in Polish: adwokat or radca prawny) will be stored for 10 years from the end of the year in which the proceedings in which the personal data was collected ended.
Rights of persons whose personal data is processed
Persons whose personal data is processed have the following rights:
  • the right to access personal data and information about its processing, in particular information about the purposes and legal basis of the processing, categories of personal data processed, scope of personal data processed and entities to which the personal data is disclosed;
  • the right to obtain a copy of the personal data being processed;
  • the right to rectification of personal data;
  • the right to erasure of personal data the processing of which is not necessary for the purposes for which the data was collected;
  • the right to restriction of the processing of personal data;
  • the right to portability of the personal data processed by automated means under an agreement or consent, which consists of the ability to request the furnishing of the personal data provided by a given person and providing it in a structured manner and commonly used format;
  • the right to object to the processing of personal data for marketing purposes;
  • the right to withdraw consent to the processing of personal data at any time when the processing of the personal data is based on such consent, which, however, does not affect the lawfulness of data processing prior to the withdrawal of the consent;
  • the right to lodge a complaint to the President of the Personal Data Protection Office regarding the processing of personal data.
Some or all of these rights may not be available to a person whose personal data is processed insofar as their exercise could lead to a breach of legal professional privilege.
No requirement to provide personal data
Providing personal data is voluntary. However, providing personal data may be indispensable to establish and maintain contact, conduct correspondence, conclude or perform a given agreement, or receive information on changes in law or the practice of its application.
No profiling of personal data
Personal data is not subject to profiling or other automated decision-making.
Rules regarding cookies
Cookies are IT data, in particular text files which are stored in the end device of a website user and are intended to use subpages of this website. Cookies usually contain the name of the website from which they come, the time of storage on the device and a unique number.

Cookies are used for:


  • adapting the content of the website to the user’s preferences and optimizing the use of websites; in particular, these files allow for recognition of the website user’s device and appropriate display of the website, tailored to the user’s individual needs;
  • creating statistics which help to understand how website users use websites, which allows to improve their structure and content;
  • maintaining a website user session (after logging in), thanks to which a user does not have to re-enter login and password on each subpage of the website.

Two main types of cookies are used on this website: session cookies and persistent cookies. Session cookies are temporary files that are stored in the user’s device until logging out, leaving the website or switching off the software (web browser). Persistent cookies are stored in the end user’s device for the time specified in the parameters of cookies or until they are deleted by the user.

The website uses or may use the following types of cookies:


  • necessary cookies to enable the use of services available on the website, e.g. authentication cookies used for services requiring authentication on the website;
  • cookies used to ensure safety, e.g. used to detect misuse of authentication on the website;
  • performance cookies, enabling the collection of information about the use of the website;
  • functional cookies which make it possible to remember the user’s selected settings and personalize the user’s interface, e.g. with regard to the selected language or the region the user comes from;
  • analytical cookies – e.g. Google Analytics, which collect information about site visits, such as subpages, time spent on the site or transition between individual subpages. Google LLC cookies related to Google Analytics are used for this purpose.

In many cases, web browsing software (internet browser) allows the storage of cookies by default on the user’s device. Website users can change their cookie settings at any time. These settings can be changed in particular in such a way as to block the automatic handling of cookies in the settings of the web browser or inform on their placement in the device of the website user each time. Detailed information about the possibility and the ways of using cookies is available in the software (web browser) settings.

Using the website means consent to placing cookies on the user’s device. Restrictions on the use of cookies may affect some of the functionality available on the website.


Our website uses cookies in order to provide best user experience. You can change cookies storage setting in your browser Read more...