In this article, Perin Gandhi an Advocate in Mumbai and who is currently pursuing Diploma in Entrepreneurship Administration and Business Law from NUJS, Kolkata, discusses the legal compliances involved in starting an Online Store. Legal compliances for online stores.

Myntra, Ebay, Amazon, Flipkart….. who hasn’t heard of these names before!

Legal compliances for online stores

A decade ago who would have thought that online stores would be successful in replacing the old fashioned retail stores. More than 80% people worldwide would have shopped online at least once in their lifetime. The number of online stores are evolving with each passing day and pushing online shopping to a new height. Gone are the days when the customer were at the mercy of the salesman at the store and had to pick the product from a limited option. E-commerce which is Electronic Commerce has revolutionized in recent years and has become a customer oriented market. India has the fastest growing market for e-commerce. In 2014, E-commerce created a buzz in the global market when the formal sales crossed 1 trillion.

The Information Technology Act 2000 governs the matter whenever there are online disputes in India but the act lacks in many aspect. E-commerce laws and regulations are still evolving in India which has created confusion among many entrepreneurs. There is a misconception that there are less legal compliances for e-commerce companies as compared to the offline counterparts. However, selling online does not actually spare you or lessen your burden of meeting up with the compliances. The law treats both online as well as offline companies as the same. Let’s find out what steps to follow to start an online store:

Structuring Of Business

The first step is to choose the correct business structure for your company and register it. Without registration, the entrepreneur would be exposed to plenty of risks. So it is important to register the company and limit the liability to the amount of investment. E-commerce company can operate in any one of the following structure.

1) Sole Proprietorship, 2) Partnership, 3) Limited Liability Partnership (LLP), 4) Company (Public/Private) and 5) One Person Company.

Raising funds is the ultimate aim of the e-commerce entrepreneur so the most popular choice of business structure for them is opening a private limited company. The process of incorporation of the business is entirely online and can be done through the website http://www.mca.gov.in/. To incorporate a private limited company, the entrepreneur has to approve its name and registered office address. It must have at least two directors with director identification numbers (DINs) and digital signature certificate (DSCs) of the directors. The authorized share capital of the company must be Rs. 1 Lakh. Memorandum of Association (MOA), Article of association (AOA) are also required to complete the formalities of incorporation. Once all these requirements are fulfilled, a certificate of incorporation is issued to the company at its registered office address by the Registrar of Companies (ROC). There are different requirements for different business structure.

Domain Name

Once the business structure of the company is decided they must register the Domain name for their company. For an E-commerce company it is not only important to protect their own intellectual property but also to ensure that they are not violating anyone else’s intellectual property. So while choosing the name one must see to it that it is not similar to an already registered name. Most of the e-commerce companies choose a unique name and file it with Trademark Registry so as to acquire exclusive right over that name.

Recently, a California based PayPal founded by Silicon Valley bigwigs in 1998 filed the objection against the Alibaba backed Indian Company PayTM on November 18th with the registrar of trademarks contesting on the grounds that there were similarities between the logos of the two brands. They registered the complaint on the final day of the four-month time frame given on the PayTM’s advertisement of its trademark application. They were accused of adopting the two-tone blue colour scheme of its logo which could cause confusion among the consumers.

Protection of data

Another crucial task for an e-commerce entity is protecting the data of its customers. Ensuring privacy to every potential customer who visits the Website or portal is utmost important for every E-commerce entrepreneur for building trust with the customers. A  customer is often asked to provide personal and sensitive information while completing the digital payment transaction and other formalities. This has led to a great responsibility upon the online ventures to pay more attention and adhere to the rules related to ‘Data privacy’ and ‘Data protection’. Sensitive Personal Data or Information (SPDI) such as Passwords, Medical records and history, Financial information such as Bank account details and credit card details etc. as provided by the customer has to be protected by reasonable means by such entity as per the Section 43A of the Informational Technology Act, 2000. An online entity has to satisfy the requirement of implementing a reasonable security practice and a standard procedure for ensuring the protection of sensitive datas. The International Standard IS/ISO/IEC 27001 relating to ‘Information Technology-Security Techniques-Information Security Management System–Requirements’ is considered to be the standard required for securing sensitive datas. For the purpose of protecting the data if any entity uses a standard other than the prescribed one then it would require their codes to be approved by the Government of India. As per the rules provided in the Informational Technology Act, 2000 before the E-commerce entity collects personal information of the customers while transacting with them, it is imperative for that entity to get the prior express consent of such customers. The Sensitive and personal information shall only be collected if it is utmost required for the attainment of the purpose and is lawful in nature and shall not be retained by that entity for a period longer than required. The E-commerce entity has to make sure that the customer has the knowledge about the collection of information, the purpose for which it is collected, the agency retaining such information etc.Disclosure of any personal information of the customer to any third party other than a government agency or as required to be disclosed as per the provisions of law, would require the prior permission of the customer. When the E-commerce entity transfers the SPDI for the purpose of fulfilling the commitment towards the customer or where the customer consented for such transfer, they would have to ensure that the third party located anywhere in the world would follow the same level of privacy and adhere to all the rules prescribed in the act. The E-commerce entity would also have to make provisions for dealing with the grievance of the customers reported to them within a specified time. Little negligence on the part of the E-commerce entity in the protection of SPDI would result in loss of reputation and goodwill of that entity.

Privacy Policy And Terms Of Service

Whenever we visit any E-commerce website we often come across disclaimers, privacy policy and terms & conditions. Ever wondered why is it so important to draft such documents? Well, terms of service and Privacy policy are the two most important document for any e-commerce website. The terms and conditions of any website helps to make the customers aware about the rights and responsibilities of the concerned website. It helps in the smooth functioning and also provides a legal cover to the entrepreneur or promoters in case of any liability incurred from any agreement entered with the user or another company. The privacy policy, on the other hand, communicates to the customers of how the e-commerce companies would use the information submitted by the customers and ways in which they would protect their personal information. The Privacy Policy has to be comprehensively published on the e-commerce website so that it is readily available to all the customers visiting the website. Such documents protect the entrepreneurs from being sued under section 43A of the Informational Technology Act, 2000 where the penalty could go up to Rs. 5 Crores.

Vendor/Supplier Agreement

It is utmost required for all the online stores to maintain an agreement with the vendors which are listed in their portal. However, in case one is only selling their goods in such stores and is not running an online store then in that case it is essential to have in place an agreement with their suppliers. It should specifically define the role and responsibility of each party and must include all the relevant clauses and terms to cover issues like default, quality of the product, late delivery, payment etc as per the business model of the company.

Vat/Sales Tax Registration

Whether online or offline, these taxes are applicable in case of sale of tangible goods. For becoming a seller on the e-commerce portal i.e. if someone wants to sell their product on snapdeal, flipkart etc or to run an e-commerce website, Value added tax (Vat) registration is a must for both. The registration for the same should be obtained from the State’s Sales Tax Department once the operation of the e-commerce company begins or soon after registering the business. Central sales tax (CST) is also applicable in case of inter-state trade. Collection of VAT depends on the turnover of the business and it varies from state to state whereas CST can be collected irrespective of the turnover.

Payment Gateway And Related Compliance

Payment gateway is a service used by the e-commerce website to process the payment of the
customers. Payment gateways like PayPal, PayUmoney etc accepts the credit card, debit card, net banking from multiple banks and transfers the money to the bank account of the e-commerce
 company within 2-3 days. However, in order to avail the service of payment gateways, e-commerce entrepreneurs have to submit documents like Bank account in the name of the company, certificate of incorporation, Memorandum of Association, Articles of Association, PAN card of the company, Address proof, Privacy policy and terms of service of the concerned website.

Further, Banking and Financial requirements are to be complied with for such transfer and online shopping in India. For example, say if PayPal has to allow online receipt and other expenditure for any e-commerce activity, it has to first obtain the license from Reserve Bank of India (RBI).

Other Compliances

E-commerce Companies are required to comply with the provisions of contract law, Indian Penal Code, Labour laws etc. Various states have implemented the obligation of obtaining Shop and Establishment license for opening offices. The registration under the Shop and Establishment Act has to be done within 30 days from commencing the work.

The Cyber laws of India has become very stringent and which requires e-commerce entrepreneurs to ensure cyber law due diligence in India. Many online websites, foreign companies, and even Indian companies are frequently prosecuted for non-compliance of the same.

Legal compliance for e-commerce companies differ with each category of business. Say for example the legal compliance in case of an e-commerce company undertaking electronic trading of medical drugs is more stringent as compared with other e-commerce activity. Digital trading of any health products attracts more scrutiny than other products. Failing to comply with the legal requirements would lead to legal notice to the company.

The Information Technology (Intermediary Guidelines) Rules 2011 lays down stringent liability for e-commerce sites in India. So a proper digital due diligence is advisable before commencing any e-commerce websites.

This was all on legal compliances for online stores. Any doubt on legal compliances for online stores? Comment below and let us know.