E-Commerce Laws and Regulations In India

e-commerce laws and regulations in india

What are e-commerce laws in India? E-commerce in India is governed by a framework that ensures the regulation of online transactions. Key legislation includes the Information Technology Act, 2000, which addresses electronic governance and cybersecurity concerns and the Consumer Protection Act, 2019, which introduces specific rules for e-commerce entities to prevent unfair trade practices and protect consumer rights. 

E-commerce companies are also required to comply with the Foreign Exchange Management Act (FEMA) 1999, and the recently formulated Digital Personal Data Protection (DPDP) Act, 2023, which is poised to enhance data protection measures, while its rules are yet to be notified. These e-commerce laws in India collectively ensure a secure and legally compliant environment for the rapidly growing e-commerce sector, which is projected to reach US$ 350 billion by 2030[1].


E-Commerce Laws and Regulations In India

Navigating the intricate landscape of e-commerce regulations in India is essential for businesses operating in the digital marketplace. Following are a few regulations of e-commerce in India that one must comply with.

The Information Technology Act, 2000 (“IT Act”) 

The Information Technology Act, 2000 (IT Act)[2] is a foundational piece of legislation that governs internet usage and electronic commerce in India.

  • Legal Recognition of Digital Transactions

The IT Act provides legal recognition to transactions carried out through electronic data interchange and other means of electronic communication, commonly referred to as “electronic commerce” which involves the use of alternatives to paper-based methods of communication and storage of information.

  • Digital Signature and Electronic Authentication

Under the IT Act, digital signatures are legally recognized which validates the authenticity and integrity of electronic documents and transactions. It grants electronic records and digital signatures the same legal validity and enforceability as traditional paper documents and handwritten signatures.

  • Regulation of Cyber Activities

The IT Act outlines various cyber crimes and prescribes penalties including, hacking (Section 66), identity theft (Section 66C), violation of privacy (Section 66E) and publishing or transmitting obscene content online (Section 67). The IT Act makes it clear that such behaviours are punishable offences, thereby providing a legal framework to combat cybercrimes effectively.

  • Data Protection and Privacy

While the IT Act does address some aspects of data protection, especially in terms of defining reasonable security practices to be followed by corporate bodies (Section 43A), it has often been criticized for not providing a comprehensive framework for privacy and data protection. 

  • Regulatory Authorities

The IT Act establishes the role of various authorities in the regulation of activities under the Act. The most notable among these is the appointment of the Controller of Certifying Authorities (CCA), who regulates the issuing of digital signatures and ensures adherence to the standards and conditions governing them.

Consumer Protection Act, 2019 (CPA 2019) 

The Consumer Protection Act, 2019 (CPA 2019)[4] in India significantly overhauled the legal landscape for consumer rights, replacing the earlier 1986 law. This legislation was introduced to address the complexities of modern marketplaces, including e-commerce and provides a contemporary framework for the protection and enforcement of consumer rights. The act introduces several new regulatory bodies, broadens the scope of protection and includes specific provisions for electronic and digital transactions.

  • Broad Definition of Consumer

The Act broadens the definition of a consumer beyond the traditional sense. It includes any person who buys any goods, whether through offline or online transactions, teleshopping, multi-level marketing or direct selling.

  • Rights of Consumers

It reinforces and details consumer rights, including the right to be protected against the marketing of goods and services which are hazardous to life and property, the right to be informed about the quality, quantity, potency, purity, standard, and price of goods or services.

  • Consumer Disputes Redressal Commissions

The Act establishes Consumer Disputes Redressal Commissions at the district, state and national levels, which function as adjudicating bodies to resolve consumer disputes. 

  • Unfair Trade Practices

The Act expands the scope of unfair trade practices beyond the earlier norms, including false representation, misleading advertising, and unfair contracts.

  • Central Consumer Protection Authority (CCPA)

Establishes the CCPA to regulate matters relating to consumer rights, unfair trade practices, and false or misleading advertisements.

  • Product Liability & Recalls

Introduces a specific framework for product liability claims for any harm caused by defective products or deficiency in services.

Consumer Protection (E-Commerce) Rules, 2020 

The Consumer Protection (E-Commerce) Rules, 2020[5] (“E-Commerce Rules”) represent a framework designed to govern the marketing, sale and purchase of goods and services in the online domain. Applicable to all forms of e-commerce models, including marketplace and inventory models, the E-Commerce Rules encompass a broad spectrum of goods and services transacted over electronic or digital networks, including digital products. 

  • Transparency and Information Disclosure

E-commerce entities are required to disclose complete information about their return, refund and exchange policies; details about shipping, delivery and the breakdown of the total price including all compulsory charges. They must also ensure that all details related to the sellers, including legal name and contact information, are provided to the consumers.

  • Grievance Redressal Mechanism

E-commerce platforms must appoint a grievance officer and publicize their contact details. This officer is responsible for addressing consumer complaints promptly, acknowledging receipt of any complaint within 48 hours, and resolving it within one month from the date of receipt.

  • Prohibition of Unfair Trade Practices

These rules explicitly prohibit e-commerce entities from engaging in unfair trade practices such as manipulating prices, posting fake reviews and automatically recording consumer consent through pre-ticked checkboxes.

The Foreign Exchange Management (Non-Debt Instruments) Rules, 2019 

The Foreign Exchange Management (Non-Debt Instruments) Rules, 2019[6] (“NDI Rules”) constitute a vital regulatory framework governing e-commerce entities in India with Foreign Direct Investment (FDI). 

The NDI Rules meticulously regulate the inflow of foreign investment into the e-commerce sector, delineating permissible FDI percentages, sectors eligible for FDI and conditions for foreign investor participation. Additionally, the rules establish ownership and control criteria, safeguarding against undue foreign influence over e-commerce operations to protect domestic stakeholders and consumers.

Contract Act 1872

The Indian Contract Act, 1872[7} serves as the foundational legal framework governing e-commerce transactions and the formation of e-contracts in India. In the realm of e-commerce, e-contracts are prevalent, typically manifesting as standard form agreements. 

The Contract Act addresses various aspects pertinent to e-commerce transactions, including the conditions for the validity of contracts formed through electronic means, communication and acceptance of proposals, revocation of offers and contract formation among consumers, sellers and intermediaries. 

The Payment and Settlement Systems Act, 2007 (PSS Act) and the Settlement System Regulations, 2008

To facilitate online payment transactions for e-commerce operations, entities must obtain a license from the Reserve Bank of India (RBI).  According to Section 4 of the PSS Act[8], only the RBI is authorized to initiate or operate payment systems in India unless specifically authorized by the RBI. Consequently, the RBI has granted authorization to operators of various payment systems, including prepaid payment instruments, card schemes, cross-border money transfers, ATM networks and centralized clearing arrangements.

Final Thoughts

The e-commerce regulations in India are shaped by a complex interplay of various laws & regulations aimed at safeguarding consumer interests and fostering digital innovation. Businesses operating in this dynamic sector must navigate through a maze of legal requirements, from consumer rights to payment regulations. Staying updated with these laws is essential for e-commerce businesses to ensure compliance and build trust with consumers. By adhering to the regulations of e-commerce in India, businesses can not only mitigate risks but also create a conducive environment for sustainable growth and innovation in the digital marketplace.

Start Your E-Commerce Business Journey in India Today

For tailored guidance on navigating the intricate legal terrain of e-commerce laws in India, we encourage you to explore our “Setting up in India” service page. Our team at Burgeon Law specializes in e-commerce laws and regulations, offering expertise to streamline the process for your business. By leveraging our knowledge and experience, we ensure compliance with regulatory requirements while safeguarding your business interests. 


1. What are the key e-commerce laws and regulations in India?

Several key e-commerce laws & regulation activities in India. Here are some of the most significant ones:

  • Information Technology Act, 2000
  • Consumer Protection Act, 2019
  • Foreign Exchange Management (Non-Debt Instruments) Rules, 2019
  • Payment and Settlement Systems Act, 2007
  • Goods and Services Tax (GST) Act, 2017
  • Competition Act, 2002
  • Data Protection Laws (The Digital Personal Data Protection (DPDP) Act, 2023)

2. How do consumer protection laws affect e-commerce operations in India?

Consumer protection laws in India significantly impact e-commerce operations by ensuring fair practices, safeguarding consumer rights, and fostering trust in online transactions. These laws mandate transparency, honesty, and fairness in business dealings, prohibiting deceptive practices and requiring accurate product information disclosure. Moreover, they establish mechanisms for dispute resolution and address product safety concerns. Consumer protection laws play a pivotal role in shaping the conduct of e-commerce operations, promoting consumer welfare and maintaining trust in the digital marketplace.

3. What role does the Information Technology Act play in e-commerce regulation?

The Information Technology Act (IT Act) serves as a cornerstone in regulating e-commerce activities in India. It provides the legal framework for electronic commerce, addressing various aspects including electronic contracts, digital signatures, data protection, and liability of intermediaries. The IT Act ensures the validity and enforceability of electronic transactions, establishes guidelines for information security, and sets out provisions for addressing cybercrimes and data breaches in e-commerce. Additionally, the IT Act supplements other laws and regulations governing e-commerce operations, ensuring consistency and coherence in the regulatory landscape. 

4. How do data protection laws impact e-commerce in India?

Data protection laws profoundly influence e-commerce in India by necessitating the responsible handling of consumer data. These laws mandate strict compliance with regulations governing data collection, processing, and security, ensuring consumer trust and confidence. E-commerce platforms must implement robust security measures, respect user rights over their data, and adhere to legal obligations to avoid penalties and maintain a positive reputation in the digital marketplace.

5. What risks do e-commerce businesses face for legal non-compliance in India?

E-commerce businesses in India face several risks for non-compliance with e-commerce laws in India, which can have serious consequences for their operations and reputation. Some of the key risks include:

  • Fines and Penalties
  • Legal Liabilities
  • Loss of Trust and Reputation
  • Business Disruption
  • Cybersecurity Risks
  • Market Exclusion


Contact Us

    burgeon law white logo


    As per the rules of the Bar Council of India, law firms are not permitted to solicit work and advertise.

    By clicking the “Agree” button and accessing the website www.burgeon.co.in, the visitor fully understands and accepts that the contents herein are solely for informational purposes and should not be interpreted as solicitation or advertisement. The firm is not liable, in any manner, for the consequences of any action taken by a visitor relying on materials/ information provided on the website. The firm urges visitors to seek independent legal advice for any legal issues.