June 01, 2026
Table of Contents
Share Blog
REGULATORY INSIGHT | E-COMMERCE COMPLIANCE
The Rulebook for Digital Commerce in India
Why the Consumer Protection (E-Commerce) Rules, 2020 are reshaping how platforms, sellers and D2C brands must operate online.
India’s digital commerce story has, in less than a decade, moved from novelty to necessity. From a household ordering grocery on a Tuesday evening to a student subscribing to an online learning platform or a consumer purchasing a digital service, transactions today are increasingly mediated by screens, algorithms and platforms. With this migration of commerce to the digital realm comes a harder question for regulators and businesses alike: who is accountable when something goes wrong, and what does fairness look like in a marketplace where the seller may be invisible, the price may shift by the minute, and consent is often a checkbox tucked beneath a scrolling banner?
The Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020, notified under Section 101 of the Act, together form India’s regulatory answer to that question. The Rules apply broadly to e-commerce entities offering goods or services over a digital or electronic network to consumers in India - including marketplace platforms, inventory-led D2C brands, edtech providers, online coaching businesses, app-based services and consumer-facing SaaS or subscription platforms. Their cumulative effect is a decisive shift away from caveat emptor (buyer beware) to caveat venditor (seller beware). The era of the passive intermediary defence, the comfortable position that a platform is merely a neutral host, is effectively over.
In this note, we set out the contours of the Rules, the obligations that businesses cannot afford to overlook, and the practical roadmap to compliance.
01 / SCOPE
The Rules adopt a deliberately wide scope. Two categories of entities are recognised, each carrying a distinct compliance burden:
MARKETPLACE ENTITY RULE 2(G) | INVENTORY ENTITY RULE 2(F) |
Provides an information technology platform on a digital network to facilitate transactions between third-party buyers and sellers. | Owns and sells goods or services to consumers directly. Bears both platform-level and seller-level obligations simultaneously. |
The point worth emphasising, and one that several inventory-led D2C brands continue to underestimate, is that an inventory entity is not merely a seller operating through a website. It must comply with the general obligations applicable to e-commerce entities, while also discharging the substantive duties imposed on inventory-led sellers in relation to representations, refunds, advertisements, product conformity and grievance handling. Non-compliance, in either capacity, exposes the business to action by the Central Consumer Protection Authority (CCPA), consumer commission awards and the reputational fallout that increasingly accompanies regulatory enforcement.
02 / CORE OBLIGATIONS
The Rules structure compliance around five irreducible pillars. Every e-commerce entity regardless of size, sector or business model, must address all five.
# | PILLAR | WHAT THE RULE REQUIRES | CONSEQUENCE OF DEFAULT |
1 | Nodal Contact Person Rule 4(1) | Appoint an Indian-resident nodal contact person or senior designated functionary responsible for compliance. Applies to foreign-linked entities as well. | CCPA directions, regulatory scrutiny and potential proceedings for non-compliance, depending on the nature and consequences of the breach. |
2 | Mandatory Disclosures Rule 4(2) | Prominently display: legal name, registered address, website, customer-care number and email, Grievance Officer contact, and importer details for imported goods. | CCPA direction; deficiency-of-service claim before consumer commissions; reputational enforcement. |
3 | Grievance Officer Rules 4(4), 4(5) & 4(6) | Appoint a Grievance Officer with name, designation and contact details displayed on the platform. Acknowledge complaints within 48 hours; resolve within 1 month. | May constitute deficiency in service and invite CCPA directions, consumer complaints, compensation orders and reputational scrutiny. |
4 | Express Consent Only Rule 4(9) | Consent for every purchase must be obtained through express, affirmative action. Pre-ticked checkboxes and default opt-ins are expressly prohibited - without exception. | Violation of Rule 4(9) read with unfair trade practice provisions of the Consumer Protection Act, 2019. |
5 | Fair Trade, Pricing, Cancellation Charges and Refunds Rules 4(3), 4 (7), 4(8), 4(10) and 4(11) | No unfair trade practices; no consumer discrimination; cancellation charges only if equally borne by the entity; no price manipulation for unreasonable profit. | Exposure may arise for unfair trade practices, defective disclosures, one-sided cancellation practices, price manipulation or discriminatory treatment of similarly placed consumers. |
03 / PENALTY ARCHITECTURE
Non-compliance under the consumer protection framework may trigger different consequences depending on the nature of the breach. These include CCPA directions, penalties for misleading advertisements, prosecution for non-compliance with directions, consumer compensation orders, product recall or withdrawal directions, and reputational consequences.
AREA OF RISK | POSSIBLE CONSEQUENCE |
Misleading advertisements or false claims | Direction to discontinue or modify the advertisement; penalty exposure under the Consumer Protection Act; possible prohibition on endorsement in appropriate cases. |
Non-compliance with CCPA directions | Proceedings for non-compliance, including statutory fine and/or imprisonment where applicable. |
Unfair trade practices / deficient service | Consumer complaints, compensation orders, corrective directions, refunds, replacement, withdrawal or discontinuation of harmful practices. |
E-commerce Rule violations | CCPA scrutiny, consumer commission proceedings, reputational impact and corrective compliance directions. |
Consumer litigation | Complaints before the appropriate District, State or National Consumer Commission depending on pecuniary jurisdiction. |
04 / COMPLIANCE ROADMAP
The cost of compliance is invariably lower than the cost of an enforcement action, and certainly lower than reputational damage in a market where consumers and regulators are alike attentive. A defensible compliance posture, in our experience, rests on three workstreams:
• Ensure appropriate legal presence / compliance structure in India, and formally designate an Indian-resident nodal contact person or senior designated functionary, where applicable.
• Appoint a visible Platform Grievance Officer with publicly displayed contact details.
• Implement a grievance mechanism that tracks and enables compliance with the 48-hour acknowledgement and one-month redressal timelines.
• Display the full price including taxes at the very first checkout stage - no drip pricing, no late additions.
• Eliminate every pre-ticked checkbox, default opt-in and forced action; redesign consent flows around express, affirmative input.
• Remove unilateral cancellation charges; align cancellation fees with parity for the entity.
• Anchor every marketing claim to actual service delivery as advertising substantiation is now a routine line of regulatory enquiry.
• For marketplace models, secure prior seller contracts and publish plain-language ranking and discoverability disclosures.
• Align technology infrastructure with broader privacy and cybersecurity requirements, including applicable obligations under the IT Act, SPDI Rules, CERT-In Directions, the DPDP Act, 2023 and DPDP Rules, 2025, supported by identified privacy, grievance and incident-response contacts.
The Consumer Protection (E-Commerce) Rules, 2020 are no longer a piece of standalone regulation to be ticked off at the time of platform launch. They sit at the centre of an interconnected compliance ecosystem that draws in the Information Technology Act and the SPDI Rules, the CERT-In Directions, advertising substantiation norms and increasingly the Digital Personal Data Protection Act, 2023. The platforms that thrive will be those that treat compliance as an architectural choice rather than a remedial response.
At Zentrum Law Partners, we work with founders, boards and teams to translate this framework into operating reality and cater to wide amplitude of challenges that e-commerce entities may face while doing business in India.
Empowering Excellence in Legal Services Since 2011.
Managed by The Internet Folks