Mandatory E-commerce Legal Notices: Checklist 2026

In 2026, legal compliance for an e-commerce website is no longer limited to a simple "Legal notices" page in the footer. Between the LCEN, GDPR, the Digital Services Act (DSA) fully applicable since February 2024, and the Omnibus regulation transposed into French law, obligations have multiplied. A failure to provide legal notices exposes e-commerce retailers to penalties of up to €75,000 for individuals and €375,000 for legal entities (article 6-VI-2 of the LCEN). Here is the comprehensive up-to-date checklist to secure your online shop.

1. Complete identification of the editor

Any online shop must state clearly and accessibly the identity of the editor, in accordance with article 19 of law no. 2004-575 (LCEN). For a legal entity: company name, legal form, share capital, registered office address, RCS number, VAT identification number and name of the publication director. For a self-employed person: name, surname, address, SIREN number, and mention of "Exempt from registration" where applicable. Article L.221-5 of the Consumer Code also requires a non-premium rate telephone number and an email address enabling quick contact.

Since the DSA, platforms must also designate a single point of contact for authorities and users, with a declared communication language.

2. Hosting provider and technical service providers

The name, business name, address and telephone number of the hosting provider must appear on the site (article 6-III of the LCEN). For websites using a CDN or European cloud services (OVH, Scaleway, AWS Europe), specify the location of servers — information that has become critical since the CJEU's decisions (Schrems II) on data transfers.

3. General Terms and Conditions of Sale

Terms and Conditions are mandatory in B2C (article L.441-1 of the Commercial Code). They must detail: price including VAT, payment methods, delivery timescales, right of withdrawal of 14 days (article L.221-18 Consumer Code), legal guarantee of conformity extended to 2 years, guarantee against latent defects, and consumer mediation procedure (article L.616-1). Since the Omnibus directive, any promotion must display the lowest price practised over the previous 30 days.

4. Data protection and cookies

The privacy policy must comply with articles 13 and 14 of the GDPR: purposes, legal basis, retention periods, recipients, individual rights (access, rectification, erasure, portability, objection) and DPO contact details. A cookie banner compliant with the CNIL guidelines of 2020 is mandatory: refusal as simple as acceptance, no third-party cookies before consent (except exempt technical cookies).

5. New obligations 2026

The DSA now requires algorithmic transparency on product recommendations, traceability of third-party sellers (merchant KYC) for marketplaces, and a mechanism for reporting illegal content. The AI Act, applicable progressively, requires users to be informed when a chatbot or recommendation tool uses generative AI.

Conclusion

A rigorous checklist of legal notices protects your business legally and builds customer confidence — a measurable conversion factor. Audit your site every six months and document updates to demonstrate your compliance in the event of a DGCCRF or CNIL inspection.