Mandatory E-commerce Legal Notices: 2026 Checklist

In 2026, legal compliance for an e-commerce site no longer comes down to a simple "Legal Notices" page in the footer. Between the LCEN, GDPR, the Digital Services Act (DSA) fully applicable since February 2024, and the Omnibus regulation transposed into French law, obligations have multiplied. A lack of legal notices exposes e-commerce sellers to penalties ranging up to €75,000 fine for a natural person and €375,000 for a legal entity (article 6-VI-2 of the LCEN). Here is the comprehensive up-to-date checklist to secure your online store.

1. Complete identification of the editor

Any online store must clearly and accessibly mention the identity of the editor, in accordance with article 19 of law no. 2004-575 (LCEN). For a legal entity: business name, legal form, share capital, registered office address, RCS number, intra-community VAT number and name of the publisher. For a self-employed person: surname, first name, address, SIREN number, and mention "Exempt from registration" if applicable. Article L.221-5 of the Consumer Code also requires a non-premium rate telephone number and an email address allowing quick contact.

Since the DSA, platforms must also designate a single point of contact for authorities and users, with a declared communication language.

2. Hoster and technical service providers

The name, business name, address and telephone number of the hoster must appear on the site (article 6-III of the LCEN). For sites using a CDN or European cloud services (OVH, Scaleway, AWS Europe), specify the location of servers — information that has become critical since CJEU decisions (Schrems II) on data transfers.

3. General Terms and Conditions (T&Cs)

T&Cs are mandatory in B2C (article L.441-1 of the Commercial Code). They must detail: all-inclusive price, payment methods, delivery periods, right of withdrawal of 14 days (article L.221-18 Consumer Code), legal warranty of conformity extended to 2 years, warranty against hidden defects, and consumer mediation procedure (article L.616-1). Since the Omnibus directive, any promotion must display the lowest price practiced during the preceding 30 days.

4. Data protection and cookies

The privacy policy must comply with articles 13 and 14 of the GDPR: purposes, legal basis, retention periods, recipients, individuals' rights (access, rectification, erasure, portability, objection) and DPO contact details. A cookie banner compliant with CNIL guidelines from 2020 is imperative: refusal as simple as acceptance, no third-party cookies before consent (except exempt technical cookies).

5. New obligations 2026

The DSA now requires algorithmic transparency on product recommendations, traceability of third-party sellers (seller KYC) for marketplaces, and a mechanism for reporting illegal content. The AI Act, applicable progressively, requires informing users when a chatbot or recommendation tool uses generative AI.

Conclusion

A rigorous checklist of legal notices protects your business legally and strengthens customer trust — a measurable conversion factor. Audit your site every six months and document updates to demonstrate your compliance in case of DGCCRF or CNIL inspection.