Mandatory E-commerce Legal Notices: Checklist 2026

In 2026, legal compliance for an e-commerce site is no longer limited to a simple "Legal notices" page in the footer. Between the LCEN, GDPR, the Digital Services Act (DSA) fully applicable since February 2024, and the Omnibus regulation transposed into French law, obligations have multiplied. A lack of legal notices exposes e-merchants to penalties ranging from 75,000 € for a natural person to 375,000 € for a legal entity (article 6-VI-2 of the LCEN). Here is the comprehensive up-to-date checklist to secure your online store.

1. Complete identification of the publisher

Every online store must mention clearly and accessibly the identity of the publisher, in accordance with article 19 of law no. 2004-575 (LCEN). For a legal entity: business name, legal form, share capital, address of registered office, RCS number, VAT number and name of the publishing director. For a self-employed person: name, surname, address, SIREN number, and mention "Exempt from registration" where applicable. Article L.221-5 of the Consumer Code also requires a non-premium-rate telephone number and an email address allowing quick contact.

Since the DSA, platforms must also designate a single point of contact for authorities and users, with a declared communication language.

2. Host and technical service providers

The name, business name, address and telephone number of the host must appear on the site (article 6-III of the LCEN). For sites using a CDN or European cloud services (OVH, Scaleway, AWS Europe), specify the location of servers — information that has become critical since CJEU decisions (Schrems II) on data transfers.

3. General Terms and Conditions of Sale (T&Cs)

T&Cs are mandatory in B2C (article L.441-1 of the Commercial Code). They must detail: all-inclusive price, payment methods, delivery periods, right of withdrawal of 14 days (article L.221-18 Consumer Code), legal guarantee of conformity extended to 2 years, guarantee against hidden defects, and consumer mediation procedure (article L.616-1). Since the Omnibus directive, any promotion must display the lowest price practised over the preceding 30 days.

4. Data protection and cookies

The privacy policy must comply with articles 13 and 14 of the GDPR: purposes, legal basis, retention periods, recipients, rights of individuals (access, rectification, erasure, portability, opposition) and contact details of the DPO. A cookies banner compliant with CNIL 2020 guidelines is essential: refusal as simple as acceptance, no third-party cookies before consent (except cookies exempt as technical).

5. New obligations 2026

The DSA now requires algorithmic transparency on product recommendations, traceability of third-party sellers (merchant KYC) for marketplaces, and a mechanism for reporting unlawful content. The AI Act, applicable progressively, requires informing the user when a chatbot or recommendation tool uses generative AI.

Conclusion

A rigorous checklist of legal notices protects your business legally and strengthens customer confidence — a measurable conversion factor. Audit your site every six months and document updates to demonstrate your compliance in the event of a DGCCRF or CNIL inspection.