Legal issues in India


The general consensus of the ecommerce community in India about the current state laws impacting ecommerce is that they are rather fragmented, and in some places terribly outdated (especially in the area of consumer protection). The following summarises key areas that are likely to affect retailers/brands contemplating India as a cross-border destination.

General advice would be to watch this space. There is broad agreement that updating is needed, and some update is in flight. In practice, however, such updates are likely to be modelled on legislation already in place in other countries, and are unlikely to be onerous if you are already compliant at home.

Data protection, cookies, storing information

India has a formal Data Protection Act in place, although it was only fully established in respect of I.T. systems in 2011. It covers what you would expect: if you (as a typical retailer/brand) are already compliant in your home country, you are probably compliant with Indian requirements. (As a general indication of the relative immaturity of the legal framework around ecommerce in India, the EU doesn’t accept that the Indian code is sufficiently strong.) Opt-in/opt-out is required when storing personal data. The law is less strict than in many countries. It does, however, restrict sharing this data with 3rd parties, so you cannot, for example, collect email addresses and then share them without explicit consent at the time of collection.

There is no formal cookie law.


There is presently no formal e-mail anti-spam legislation, although it is a topic currently under active discussion. The very strict Canadian system appears to be a likely preferred template.

SMS (and nuisance call) spam, which had reached plague levels, has resulted in a nationwide, regulated system of opt-out, generally known as DND – do not disturb. Its relative effectiveness, compared to many other countries, is reflected in the switch of preferred e-marketing channel from SMS back to email.

Distance selling, consumer protection and returns

India has existing laws covering consumer protection. They are generally considered outdated (they were promulgated in 1986 and the most recent update was in 2002), and an updated framework is making its (slow) way towards becoming law.

Although the law is outdated and evolving, a current basic working assumption should be that the consumer has a 7-day cooling off period during which no-fault returns are possible.

And, apart from totally standard provisions about not misrepresenting your goods and services – if you are compliant at home, you’ll definitely be compliant in India – well, that’s about it.

Local practice is increasingly to make returns easy for the consumer, but there’s no legal need to do so.


This document is provided for general information purposes only and does not constitute legal, investment or other professional advice on any individual matter. Whereas every effort has been made to ensure that the information given in this document is accurate, IMRG accepts no liability for any errors, omissions or misleading statements, and no warranty is given or responsibility accepted as to the standing of any individual, firm, company or other organisation mentioned. Publication as well as commercial and non-commercial transmission to a third party is prohibited unless prior permission is obtained from IMRG. The views expressed in this publication do not necessarily reflect the views of IMRG.


• The legal framework covering ecommerce in India is rather weak. Broadly speaking, if you are compliant at home, you are compliant in India

• The exception is controls on SMS marketing, where India has a relatively effective system which has led marketers to prefer email as a communication channel

• 7-day cooling off is required, but otherwise consumer protection in areas around returns is weak

• There is no cookie law




India's demographics

India's retail landscape

Connectivity and internet usage in India

Marketing in India

Payment methods in India

Logistics in India