It's kind of a "yes and no". It's possible to (and is often done this way) add items to the Cart without being logged in. After all, the Cart ($cart) is usually just a session value which is an array, although you could go ahead and stick it in the DB if you wanted to, the problem being the chicken/egg issue of associating a user ID with it if you have no token (email address, cookie, etc.).

However, to make a purchase, or to even "save" a cart, most sites want to know who they're dealing with. There are several reasons for this; for purchases, it should be fairly obvious; assuming any kind of customer service (for example, in order to send package tracking information) you must have an email address. They're also not going to authorize an RMA (return merchandise authorization) without an email address ... they'd lose their shirt dealing with false return claims.

Plus, they really want to market to you in the future....

At any rate, I would suggest that most ecommerce sites require a login/account in order to make purchases. In fact, one trend in the B2B sector (wholesale, etc.) is to only allow access to "members" at all ... you can't even see inventory if you're not "logged in".

However, there are sites that allow you to checkout as a "guest", because they realize that registration is a put-off to some people and at the very least a "time hurdle" for busy surfers. But they still have to collect basic card information in order to make a purchase, unless they're using a bolt-on 3rd party solution (that usually involves a redirect ... I'm looking at you, PayPal), and their privacy policy is probably written to allow them to retain the email address, which they typically collect for the purpose(s) described above.

There ya go, clear as mud now, eh?