The Multistate Tax Commission (MTC) adopted its long-awaited guidance interpreting Public Law (P.L.) 86-272 protections for internet businesses on August 4, 2021. P.L. 86-272 was passed by the U.S. Congress in 1959, and protects businesses from the imposition of state income tax when the business’s only activity in the state is the solicitation of orders of tangible personal property. While the guidance is not binding on MTC member states, it provides a framework for understanding the reach of P.L. 86-272 in the age of e-commerce. While soliciting orders of tangible personal property remains protected, whether done in person or online, the guidance also protects the use of “static text or photos” on a seller’s website from constituting a non-protected business activity. The guidance, however, includes numerous ways that a website or app may defeat a business’s P.L. 86-272 immunity, notably including the placement of “cookies” on computers or other electronic devices of in-state customers that are used to adjust production schedules and inventory, develop new products, or identify new items to offer for sale, as those cookies do not constitute protected in-state solicitation, and are not ancillary to that solicitation. On the other hand, cookies placed on computers or devices that are “only used for purposes entirely ancillary to the solicitation of orders for tangible personal property” such as remembering items in a user’s shopping cart, storing personal information, or reminding customers of items they had previously considered, do not defeat a business’s P.L. 86-272 immunity.