Mandatory E-commerce Legal Notices: Checklist 2026

In 2026, legal compliance for an e-commerce website goes far beyond a simple "Legal Notices" page in the footer. Between the LCEN, GDPR, the Digital Services Act (DSA) fully applicable since February 2024, and the Omnibus Regulation transposed into French law, obligations have multiplied. Failure to provide legal notices exposes e-commerce businesses to penalties ranging from €75,000 for individuals to €375,000 for legal entities (article 6-VI-2 of the LCEN). Here is the exhaustive and up-to-date checklist to secure your online store.

1. Complete identification of the publisher

Every online store must clearly and accessibly state the publisher's identity, in accordance with article 19 of Law No. 2004-575 (LCEN). For a legal entity: business name, legal form, share capital, registered office address, RCS number, intra-community VAT number, and name of the publication director. For a sole trader: name, surname, address, SIREN number, and mention "Exempt from registration" if applicable. Article L.221-5 of the Consumer Code also requires a non-premium-rate telephone number and an email address enabling quick contact.

Since the DSA, platforms must also designate a single point of contact for authorities and users, with a declared communication language.

2. Hosting provider and technical service providers

The name, business name, address, and telephone number of the hosting provider must appear on the site (article 6-III of the LCEN). For sites using a CDN or European cloud services (OVH, Scaleway, AWS Europe), specify server location — information that has become critical since CJEU decisions (Schrems II) on data transfers.

3. General Terms and Conditions of Sale

Terms and Conditions are mandatory in B2C (article L.441-1 of the Commercial Code). They must detail: price including tax, payment methods, delivery times, 14-day withdrawal right (article L.221-18 Consumer Code), legal conformity guarantee extended to 2 years, guarantee against latent defects, and consumer mediation procedure (article L.616-1). Since the Omnibus Directive, any promotion must display the lowest price offered during the preceding 30 days.

4. Data protection and cookies

The privacy policy must comply with articles 13 and 14 of the GDPR: purposes, legal basis, retention periods, recipients, individual rights (access, rectification, erasure, portability, objection) and DPO contact details. A cookie banner compliant with CNIL's 2020 guidelines is mandatory: refusal as simple as acceptance, no third-party cookies before consent (except exempt technical cookies).

5. New obligations 2026

The DSA now requires algorithmic transparency on product recommendations, traceability of third-party sellers (merchant KYC) for marketplaces, and an illegal content reporting mechanism. The AI Act, progressively applicable, requires user notification when a chatbot or recommendation tool uses generative AI.

Conclusion

A rigorous checklist of legal notices protects your business legally and strengthens customer trust — a measurable conversion factor. Audit your site every semester and document updates to demonstrate your compliance in the event of an inspection by DGCCRF or CNIL.