Mandatory Legal Notices E-commerce: Checklist 2026

In 2026, the legal compliance of an e-commerce site is no longer limited to a simple “Legal notices” page at the bottom of the page. Between the LCEN, the GDPR, the Digital Services Act (DSA) fully applicable since February 2024, and the Omnibus regulation transposed into French law, the obligations have multiplied. A lack of legal notices exposes e-merchants to sanctions of up to €75,000 fine for a natural person and €375,000 for a legal entity (article 6-VI-2 of the LCEN). Here is the exhaustive, up-to-date checklist to secure your online store.

1. Complete identification of the publisher

Any online store must state the identity of the publisher in a clear and accessible manner, in accordance with article 19 of law no. 2004-575 (LCEN). For a legal entity: company name, legal form, share capital, head office address, RCS number, intra-community VAT number and name of the publication director. For a self-employed person: name, first name, address, SIREN number, and mention “Exempt from registration” if applicable. Article L.221-5 of the Consumer Code also requires a non-premium rate telephone number and an email address allowing rapid contact.

Since the DSA, platforms must also designate a single point of contact for authorities and users, with a declared language of communication.

2. Host and technical service providers

The name, company name, address and telephone number of the host must appear on the site (article 6-III of the LCEN). For sites using a CDN or European cloud services (OVH, Scaleway, AWS Europe), specify the location of the servers – information that has become critical since the decisions of the CJEU (Schrems II) on data transfers.

3. General Conditions of Sale (CGV)

The General Conditions of Sale are mandatory in B2C (article L.441-1 of the Commercial Code). They must detail: price including tax, payment terms, delivery times, 14-day right of withdrawal (article L.221-18 Consumer Code), legal guarantee of conformity extended to 2 years, guarantee of hidden defects, and consumer mediation procedure (article L.616-1). Since the Omnibus directive, any promotion must display the lowest price charged during the previous 30 days.

4. Protection of data and cookies

The confidentiality policy must comply with Articles 13 and 14 of the GDPR: purposes, legal basis, retention periods, recipients, rights of individuals (access, rectification, erasure, portability, opposition) and contact details of the DPO. A cookie banner in compliance with the 2020 CNIL guidelines is imperative: refusal as simple as acceptance, no third-party cookies before consent (except exempt technical cookies).

5. New obligations 2026

The DSA now imposes algorithmic transparency on product recommendations, traceability of third-party sellers (merchant KYC) for marketplaces, and a mechanism for reporting illicit content. The AI ​​Act, applicable gradually, requires user information when a chatbot or recommendation tool uses generative AI.

Conclusion

A rigorous legal notice checklist legally protects your business and builds customer trust — a measurable conversion factor. Audit your site every six months and document updates to demonstrate your compliance in the event of a DGCCRF or CNIL inspection.