MageMe EU Withdrawal | Digital Content Waiver
This page explains how the module handles Article 16(m) — the digital-content exclusion from the right of withdrawal — and how to configure the checkout-time waiver that activates it. The flow is opt-in: when the master switch is off, no digital content is recognised and the storefront behaves as if all products are physical.
Before continuing, see Eligibility Rules for the other Article 16 exclusions and Legal & Compliance for the merchant-responsibility context.
Why Art. 16(m) needs a waiver
Article 16(m) of Directive 2011/83/EU allows traders to exclude the right of withdrawal from contracts for the supply of digital content not on a tangible medium — downloadable software, ebooks, music files, courses, extension licences — only if all three conditions are met:
- Performance has started with the consumer's prior express consent.
- The consumer has acknowledged that consent results in loss of the right of withdrawal.
- The trader has provided confirmation of that consent and acknowledgement on a durable medium.
A pre-checked checkbox does not satisfy condition 1 or 2. A buried T&C clause does not satisfy condition 2. An on-screen acknowledgement without a durable-medium copy (email, PDF) does not satisfy condition 3.
The module implements all three: a two-checkbox checkout step (consent + acknowledgement), and a confirmation email sent immediately after order placement.
If the confirmation email fails to deliver, the waiver is invalid and the customer retains the right of withdrawal regardless of the on-screen acknowledgement. Configure SMTP and monitor the dead-letter alert recipient (see Email Templates).
Detection — what counts as digital content
Detection is controlled in Stores → Configuration → MageMe Extensions → EU Withdrawal → Eligibility Rules → Detection (Art. 16(m)).
Enable Digital Content Detection is the master switch. When off, the module recognises no product as digital, the checkout waiver step is suppressed, and Article 16(m) does not apply anywhere.
When on, Detection Strategies is a multi-select of four heuristics. Pick the combination that matches how your catalogue is structured:
| Strategy | Triggers when… | When to use |
|---|---|---|
| Downloadable products | Product type is Magento downloadable | Default. Safe for stores that sell ebooks, software, downloadable templates. |
| Virtual products | Product type is Magento virtual | Use for service credits, gift cards (if you treat gift cards as digital — note that gift-card law varies by Member State), digital memberships. |
| Bundles containing digital children | Product type is bundle and at least one selected child is downloadable or virtual | Use when you sell bundles that mix physical and digital. |
| Custom attribute flag | EAV attribute (default is_digital_content) is Yes | Use when none of the type-based heuristics fit — e.g. a simple product representing an in-store-redeemable code. |
Custom Attribute Code defaults to is_digital_content (the boolean attribute created automatically by the module's setup patch — see Eligibility Rules → Setting up product attributes). The setting is read only when the Custom attribute flag strategy is selected.
The detection runs against the cart at checkout. A cart that contains at least one detected digital item triggers the waiver step. A cart with only physical items skips the waiver step entirely.
The checkout waiver step
Configured in Stores → Configuration → MageMe Extensions → EU Withdrawal → Digital Waiver (Art. 16(m)).
Enable Checkout Waiver Step activates rendering. The step has no effect unless Eligibility Rules → Detection (Art. 16(m)) → Enable Digital Content Detection is also on — these two switches sit in separate sections so you can configure and review the texts before exposing the step to customers.
The customer sees two unticked checkboxes between the payment step and the place-order button. Both must be ticked before the order can be placed.
- Consent —
I expressly consent to the immediate performance of this digital content / service.(text editable per locale — see below). - Acknowledgement —
I acknowledge that I lose my right of withdrawal once performance starts.
The customer's tick events are stored with timestamps in mm_eu_withdrawal_waiver_event, along with a content-hash of the exact text shown to them (see Hash snapshot).
What happens after order placement
| Step | Result |
|---|---|
| 1. Customer places the order | mm_eu_withdrawal_waiver_event row written with order ID, customer ID/email, tick timestamps, text hashes. |
| 2. Confirmation email queued | Template mageme_eu_withdrawal_digital_waiver_email_template sent immediately. Retries on failure (3 attempts default). |
| 3. Merchant BCC | If a BCC address is configured, a parallel copy goes to the audit inbox using template mageme_eu_withdrawal_waiver_confirmation_merchant_bcc. |
| 4. Withdrawal attempt | If the customer later visits /withdraw-contract/, the order is shown with the per-item digital-content exclusion in effect — provided steps 1–3 all succeeded. |
If step 2 permanently fails after retries, the waiver is invalid for that order. The customer retains the right of withdrawal for the digital items regardless of what they ticked at checkout.
Confirmation email (durable medium)
The waiver confirmation email is the durable-medium copy required by Art. 16(m) condition 3. It contains:
- The order number and item list (digital items only).
- The exact consent and acknowledgement text the customer ticked.
- Tick timestamps in UTC.
- A SHA-256 content-hash fingerprint identifying the text version.
- A reminder that the right of withdrawal does not apply for digital content the customer expressly consented to receive.
Email-related settings live under Digital Waiver → Confirmation Email (Art. 11a(4)) — a dedicated nested subgroup that consolidates everything for this email in one place:
| Setting | Purpose |
|---|---|
| Enabled | Send the durable-medium confirmation email. Default: Yes. Disable only if you deliver the confirmation through a different channel. |
| Email Template | Pick a custom template you created in Marketing → Email Templates (load MageMe EU Withdrawal — Digital Waiver Confirmation as base). |
| Email Identity | Which Stores → Configuration → General → Store Email Addresses identity sends the email. Default: General Contact. |
| BCC Merchant | Optional comma-separated audit address. Blind-copies every waiver confirmation. |
A sibling toggle under the parent Digital Waiver group controls a related corner case:
| Setting | Purpose |
|---|---|
| Mark Virtual-Only Items as Performance-Started on Confirmation | Virtual products have no download event. When on, the dispatch of the confirmation email itself counts as performance-start for virtual-only items. Off by default — turn on only if your virtual products are services that begin immediately on purchase. |
Per-locale text overrides
The consent and acknowledgement texts default to the localised strings the module ships in 22 EU locales. For most merchants the defaults are correct.
Some Member States — particularly Germany (§356 BGB digital-content specifics), France (Code de la consommation L.221-28 transposition wording), and the Netherlands (Bol.com 2024 precedent on consent precision) — may require non-default wording. The module exposes per-locale overrides in Stores → Configuration → MageMe Extensions → EU Withdrawal → Digital Waiver (Art. 16(m)) → Per-Locale Waiver Text Overrides.
Each locale offers two fields:
- Consent Text — the express-consent statement (condition 1).
- Right-Loss Acknowledgment Text — the right-loss acknowledgement (condition 2).
A blank override falls back to the module-bundled translation. To override the Annex I disclosure text itself rather than the consent checkboxes, see Annex I Translations.
Any override is your wording, not MageMe's. Have it reviewed by consumer-law counsel in the target jurisdiction before going live. The default texts are based on the Directive language — bundled translations are good-faith renderings but were not counsel-reviewed (see Legal & Compliance).
Hash snapshot of the text shown
Every time a customer ticks the waiver checkboxes, the module computes SHA-256 of the exact UTF-8 bytes of the consent text and of the acknowledgement text and stores both hashes alongside the tick timestamps. The bundled text and any merchant override are hashed identically — the hash is content-addressed, not source-addressed.
This means:
- Changing the text in admin does not retroactively change any existing waiver record.
- A dispute can be settled by re-computing the hash from the stored content snapshot and comparing to the customer's confirmation email footer.
- An audit can recover exactly which version of the wording was shown to each consenting customer, even across multiple merchant edits.
The Pro tier (mageme/module-eu-withdrawal-annex-i) extends this to immutable evidence-pack snapshots that include the full HTML the customer saw, not just the text hashes.
Subscriptions, streaming, SaaS — out of scope
The Art. 16(m) waiver flow this module ships is designed for one-time digital content purchases: extensions, ebooks, courses, software licences, downloadable templates.
For recurring subscription digital services affected by the Sky Österreich v VKI case (CJEU C-234/25), the Art. 16(m) waiver may not eliminate the right of withdrawal. Use your billing platform's own cancellation flow (Stripe Billing, Recurly, Chargebee, Adobe Commerce Subscriptions) rather than this module. See Legal & Compliance → Out of scope.