E-Commerce & Digital Business
E-commerce and digital businesses in India operate within a multi-layered regulatory framework that has grown substantially over recent years. Key legislation includes the Information Technology Act, 2000; the Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020; the Foreign Exchange Management Act, 1999 (FEMA); the Payment and Settlement Systems Act, 2007; and the Digital Personal Data Protection Act, 2023.
Regulatory Framework
Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
These Rules impose compliance obligations on “intermediaries” — including e-commerce platforms, social media intermediaries, and online marketplaces. Obligations include publishing terms of service and privacy policies, establishing grievance redressal mechanisms, and (for “significant social media intermediaries”) additional requirements including appointment of a Resident Grievance Officer and a Chief Compliance Officer in India.
Consumer Protection (E-Commerce) Rules, 2020
These Rules regulate marketplace e-commerce entities and inventory e-commerce entities. Key requirements include display of seller information, disclosure of return and refund policies, prohibition on manipulative pricing practices, and prohibition on suppression of reviews. The Rules were amended in 2021 to impose additional obligations on e-commerce entities including flash sales restrictions and mandatory registration with the Department for Promotion of Industry and Internal Trade (DPIIT).
Foreign Direct Investment in E-Commerce
FDI policy in India permits 100% FDI under the automatic route in the marketplace model of e-commerce, but prohibits FDI in inventory-based e-commerce. The distinction between the two models — and structuring transactions to comply with FDI policy — is a significant consideration for e-commerce businesses with foreign investment.
Key Areas of Practice
Platform Contracts and Terms of Service
Drafting and reviewing terms of service, terms of use, seller agreements, and buyer agreements for e-commerce platforms, ensuring compliance with the Consumer Protection Rules, IT Rules, and applicable consumer law.
Payment and Fintech Compliance
Advising on compliance with RBI guidelines for payment aggregators, payment gateways, and prepaid payment instruments. Drafting agreements between merchants, payment gateways, and acquiring banks.
Cross-Border E-Commerce
Advising on FEMA implications of cross-border sales, digital taxation obligations (including Equalisation Levy and GST on cross-border digital services), and compliance with applicable export/import laws.
Digital Advertising Compliance
Advising on compliance with ASCI guidelines for digital advertising, Consumer Protection Act provisions on misleading advertisements, and IT Rules obligations in relation to advertising on platforms and intermediaries.
Frequently Asked Questions
What is the difference between a marketplace and an inventory e-commerce entity?
A marketplace e-commerce entity provides an online platform on which third-party sellers list and sell goods or services to buyers. An inventory e-commerce entity owns the goods and sells them directly to buyers. The distinction is significant for FDI compliance (100% FDI is permitted only in the marketplace model) and for the application of consumer protection obligations.
Are e-commerce platforms liable for goods sold by third-party sellers?
Under the Consumer Protection (E-Commerce) Rules, 2020, marketplace entities are required to ensure that sellers on their platforms comply with applicable laws. The Consumer Protection Act, 2019 contains provisions on product liability that may apply to e-commerce entities. The extent of platform liability for seller conduct is fact-specific and depends on the degree of control exercised by the platform.
What are my obligations under the IT Rules, 2021 as an online platform?
All intermediaries (including e-commerce platforms, apps, and websites that host user-generated content) must: publish terms of service and privacy policies; appoint a Grievance Officer resident in India; acknowledge user complaints within 24 hours and resolve them within 15 days; and not knowingly host unlawful content. “Significant social media intermediaries” (with more than 50 lakh registered users in India) have additional obligations.