The rapid growth of e-commerce has transformed the way businesses operate in India. However, amidst this digital revolution, it is crucial for e-commerce businesses to prioritise legal compliance. In this article, we will first delve into understanding the legality of the term "e-commerce entity" and the nature of operations of an e-commerce business. Secondly, we will discuss the key aspects of legal compliance that e-commerce entities in India must consider. This will include the prevalent registration and business structure mandates, Goods and Service Tax (GST) compliance, applicable Foreign Direct Investment (FDI) compliances, consumer protection and competition laws, data protection and security compliances, payment gateways, and Intellectual Property Rights (IPR(s)) and marketing legal compliances.
Understanding the nature of E-Commerce business
An e-commerce business refers to a commercial enterprise that operates online, primarily involved in buying and selling products or services over the Internet. The Consumer Protection (E-Commerce) Rules, 2020 ("E-Commerce Rules") defines an e-commerce entity as an individual or entity that owns, operates, or manages a digital or electronic platform or facility for conducting electronic commerce. However, it does not include a seller who offers their goods or services for sale on a marketplace e-commerce platform. 1
E-commerce businesses leverage technology and the Internet to facilitate transactions, reach customers globally, and provide a convenient shopping experience. They typically operate through websites, mobile applications, or other digital platforms, allowing customers to browse and purchase products or services from the comfort of their own homes.
In India, the e-commerce sector follows two distinct models as per E-Commerce Rules;
Inventory e-commerce entity 2: This type of e-commerce entity owns the products they sell and directly sells them to customers. They can be single brand retailers, selling products from only one brand, or multi-channel single brand retailers, selling products from one brand through different online platforms.
Marketplace e-commerce entity 3: This type of e-commerce entity doesn't own the products themselves. Instead, they run a website or app where many sellers can offer their products. Buyers can go to this virtual marketplace, compare different products and make purchases from various sellers.
As now our understanding of e-commerce has evolved, it is imperative to acknowledge that the regulations of this industry in India remain highly fragmented. There is a wide array of statutory laws that have been either amended or newly enacted to oversee the functioning of this sector. Despite this complexity, e-commerce activities are governed by various statutes, as elucidated below.
- Registration and Business Structure
Subject to applicable laws, every business operating in India is legally required to register with the Ministry of Corporate Affairs. The registration process involves incorporating the business under the Companies Act, 2013 for Indian companies. 4 Foreign companies or those with offices, branches, or agencies outside India must comply with additional regulations.
E-commerce businesses in India can choose from different business structures, each with its own characteristics and implications. A sole proprietorship is the simplest and most common structure, but it offers no separation between the individual and the business, exposing the owner to personal liability. A partnership involves two or more individuals sharing responsibilities and liabilities; a private limited company offers separate legal status and limited liability protection to shareholders; a limited liability partnership 5 combines partnership benefits with limited liability 6; and a one person company is designed for sole proprietors, providing limited liability without the need for multiple shareholders. 7 It is important that an e-commerce business owner considers factors such as business scale, ownership, liability protection, and future growth, with professional guidance for choosing the most suitable structure for their business.
- Taxation and GST Compliance
In order to effectively establish an e-commerce business, it is essential to complete the registration process for Goods and Services Tax (GST). Regardless of the turnover, every e-commerce business is obligated to obtain compulsory registration under the Central Goods & Service Tax Act, 2017 (CGST). 8
- FDI Compliances
FDI refers to investments made by foreign entities in companies located in India. This can be done through various means such as opening a subsidiary, acquiring a controlling interest in an existing foreign company, or engaging in a merger or joint venture. The Ministry of Commerce and Industry, along with the Department for Promotion of Industry and Internal Trade (DPIIT) governs FDI policy in India.
The latest policy issued by the DPIIT introduces specific regulations based on the type of investment and brand ownership. 9 These regulations aim to facilitate foreign investment in India's e-commerce sector while ensuring compliance with the country's FDI policy. There are two routes for investing in India through FDI: the "approval route" which requires prior permission from the central government for investment in specific sectors, 10 and the "automatic route" which allows direct investment without prior permission. 11 By understanding and adhering to these regulations, e-commerce entities can navigate the complexities of cross-border investments.
- Consumer Protection and Competition Laws
Consumer protection laws in India, primarily governed by the Consumer Protection Act, 2019, aim to safeguard consumer rights and ensure fair trade practices. These laws prohibit unfair trade practices, 12 introduce product liability, 13 and establish consumer forums for dispute resolution. 14 It further emphasizes consumer awareness and education, and specific regulations for e-commerce to protect consumers. Businesses must comply with these laws, provide accurate information, 15 maintain product quality, 16 and address consumer complaints promptly.
E-commerce entities must comply with the E-Commerce Rules. These rules mandate that e-commerce entities must follow strict guidelines, including but not limited to regulating price manipulation, ensuring the mandatory display of product details like country of origin, return policies, refund, exchange, warranty, delivery, shipment information and appointment of a grievance officer for addressing consumer complaints. Quality control is also required to empower consumers to make well-informed decisions before purchasing.
The primary purpose of the E-Commerce Rules is to safeguard consumer rights and interests by preventing unfair trade practices, fraudulent transactions and the sale of counterfeit products. Failure to comply with these rules by any e-commerce entity will be considered a violation of the Consumer Protection Act, 2019, and will be subject to penalties stipulated therein.
Furthermore, an e-commerce business must also be compliant with the Competition Act, 2002. It is imperative for e-commerce business owners that they be mindful when entering into any agreement which prevents, restricts, or distorts competition 17; any agreement which might lead to an abuse of their dominant position 18; or any agreement that has the effect of substantially lessening competition. 19 If an e-commerce business is found to be engaging in anti-competitive practices, it could face a number of penalties, including fines, imprisonment and the dissolution of the business.
- Data Privacy and Security
Data privacy and security are critical for e-commerce businesses in India. Compliance with the upcoming Digital Personal Data Protection Bill, 2022 and IS 17428 Standard, is crucial. E-commerce entities must obtain explicit user consent, 20 provide transparent notices, 21 and implement robust data protection measures. 22 Data breach notification is necessary, 23 along with incident response plans. 24 Regular audits and compliance ensure adherence to evolving data protection laws.
The operation of e-commerce is governed by a series of provisions outlines inthe Information Technology Act, 2000("IT Act"). Section 43A of the IT Act encompasses provisions concerning data protection. In order to safeguard sensitive data and protect user privacy, the IT Act stipulates penalties for unauthorized activities. Individuals found guilty of stealing passwords and other sensitive data can face penalties of up to INR 1 lakh and imprisonment for a period of up to 2 years 25. These strict measures are put in place to deter cybercrimes and ensure the integrity of the e-commerce landscape.
In furtherance, e-commerce entities are obligated to comply withthe Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, which governs provisions relating to processing, collection and usage of personal information 26 and sensitive personal information 27. These rules aim to ensure the security and protection of the personal information of users in the e-commerce sector in India.
Prioritising data privacy and security enhance customer trust and loyalty. E-commerce businesses should continually evaluate and enhance their practices to stay ahead of threats and regulations.
- Payment Gateway
Having a payment gateway is essential for e-commerce websites to facilitate payment processing. It enables the website to accept payments through different means, including credit cards, debit cards, net banking and internet banking from various banks.
Payment gateway regulations in India are governed by the Reserve Bank of India (RBI) guidelines. These regulations ensure the security, integrity, and transparency of payment systems. Payment gateway operators must obtain necessary authorisations, 28 comply with security standards such as PCI DSS, 29 and monitor transactions for fraudulent activities. 30 They need to have effective dispute-resolution mechanisms 31, comply with Know Your Customer (KYC), Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT) requirements, 32 and adhere to settlement timelines 33 and data localisation rules. Customer protection and transparency in fees and terms are also important. E-commerce businesses should choose compliant payment gateway partners to ensure secure transactions and build customer trust. Keeping up with regulatory changes is crucial for compliance and smooth operations.
- IPR and Marketing Legal Compliances
IPRs are essential for e-commerce entities in India to protect their intangible assets and innovations. Key IPRs include trademarks, copyrights, patents, and trade secrets. E-commerce businesses should register trademarks 34, mark copyrighted content 35, and consider patent protection for technological advancements. 36 Safeguarding domain names and combating counterfeiting and piracy are crucial. Infringements can be addressed through legal remedies like injunctions and damages. Developing an IP strategy and conducting audits are vital for comprehensive IP protection.
Furthermore, advertising and marketing are vital for the success of e-commerce entities in India. Digital advertising, content marketing, SEO, influencer marketing, email marketing, and social media marketing are key strategies. Compliance with advertising standards set by the Advertising Standards Council of India (ASCI) is essential. 37 Customer reviews and ratings, data-driven marketing, mobile marketing, and targeted messaging play significant roles. E-commerce businesses must focus on building brand awareness, engaging with customers, and driving conversions. Regular monitoring, analysis, and adaptation of marketing efforts are crucial for sustained success in the competitive e-commerce landscape.
For e-commerce entities in India, legal compliance is of utmost importance. From registration and business structure to intellectual property rights, consumer protection, data privacy, payment gateway regulations, advertising and marketing, taxation, and international trade, there are various legal aspects that e-commerce businesses need to navigate. Adhering to these legal requirements not only ensures smooth operations but also builds trust among consumers and protects the interests of all stakeholders involved. E-commerce businesses must stay updated with the evolving legal landscape, seek professional advice when needed, and proactively address compliance obligations. By doing so, they can thrive in the dynamic e-commerce industry while safeguarding their reputation and long-term success.
1. Section 3(1)(b), The Consumer Protection (E-Commerce) Rules, 2020.
2. Section 3(1)(f), The Consumer Protection (E-Commerce) Rules, 2020.
3. Section 3(1)(g), The Consumer Protection (E-Commerce) Rules, 2020.
4. Section 3(1), The Companies Act 2013.
5. Section 3(1) The Limited Liability Partnership Act, 2008.
6. Section 26-28, The Limited Liability Partnership Act, 2008.
7. Section 3 (1), The Companies Act 2013.
8. Section 24(ix), (x) and (xi), The Central Goods and Service Tax, 2017.
9. Department for Promotion of Industry and Internal Trade Ministry of Commerce and Industry,Consolidated FDI Policy, Government of India https://dpiit.gov.in/sites/default/files/FDI-PolicyCircular-2020-29October2020_0.pdf dated 15th October, 2020.
10. Ibid, Section 3.4.2.
11. Ibid, Section 2.1.4.
12. Section 2(47), Consumer Protection Act, 2019.
13. Section 2(6)(viii), Consumer Protection Act, 2019.
14. Section 6 and 8, Consumer Protection Act, 2019.
15. Section 2(9)(ii), Consumer Protection Act, 2019.
17. Section 3, The Competition Act, 2002.
18. Section 4, The Competition Act, 2002.
19. Section 5, The Competition Act, 2002.
20. Section 4.2.3,Part I : IS 17428, Bureau of Indian Standards, 2020; Section 5, Digital Personal Data Protection Bill, 2022.
21. Section 4.2.2,Part I : IS 17428, Bureau of Indian Standards, 2020; Section 6, Digital Personal Data Protection Bill, 2022.
22. Chapter 2, Digital Personal Data Protection Bill, 2022
23. Section 5.9,Part I :IS 17428, Bureau of Indian Standards, 2020.
25. Section 66C, The Information Technology Act, 2000.
26. Section 2(i),The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
27. Section 3, The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
28. Reserve Bank of India, Guidelines on Regulation of Payment Aggregators and Payment Gateways, https://rbidocs.rbi.org.in/rdocs/notification/PDFs/NT17460E0944781414C47951B6D79AE4B211C.PDF dated 17th March, 2020.
29. Ibid, Section 1.2 and 1.5, Annexure 2.
30. Ibid, Section 10.
31. Ibid, Section 5.3.
32. Ibid, Section 6.
33. Ibid, Section 8.4.
34. Section 18, The Trade Marks Act, 1999.
35. Section 45, The Copyright Act, 1957.
36. Section 3, The Patent Act, 1970.
37. The Advertising Standards Council of India, The Code For Self-Regulation Of Advertising Content In India https://www.ascionline.in/wp-content/uploads/2023/05/asci-code-of-self-regulation.pdf last accessed on 1st July, 2023.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.