top of page

Amending the Draft Consumer Protection (E-commerce) Rules, 2020: Regulatory Overreach?

Author: Anushri Uttarwar


This article discusses some of the key provisions of the draft amendments to the Consumer Protection (E-Commerce) Rules, 2020. It analyses them through three lenses, viz. excessive delegation, separation as well as conflation of inventory and marketplace e-commerce business models, and encroachment upon other Indian regulators’ ambits.


The Ministry of Consumer Affairs, Food and Public Distribution notified draft amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“Rules”), recently. The Rules were open for public consultations until August 5, 2021 and are set to be released soon.

This article will discuss some of the key provisions of the said proposal, their purpose, validity, and viability. It will do so through three arguments. First, the argument of excessive delegation. Second, the argument of separation as well as conflation of inventory and marketplace e-commerce business models. Third, the argument of encroachment upon other Indian regulators’ jurisdictions.

1. Venturing beyond the parent legislation’s mandate

The preamble of the Consumer Protection Act, 2019 (“CPA 2019”) indicates that its object is to ensure consumer protection. The Rules are issued under section 94 read with section 101(zg) of the CPA 2019. These provisions empower the Central Government to issue rules to prevent ‘unfair trade practices’ (“UTPs”) in e-commerce and to take measures that protect the rights and interests of the consumer.

The Rules and any suggested amendments to it must fit within the realm created by the aforesaid preamble and provisions of its parent legislation, i.e., the CPA, 2019. It is a settled legal position that there is no unlimited power of delegation. If the delegated legislation goes beyond the objects and scope of its parent legislation, it has been held that it will be rendered illegal and ultra vires its parent legislation.

Definition of an ‘e-commerce entity’

Under section 2(16) of the CPA 2019, ‘e-commerce’ is defined as buying or selling of goods or services including digital products over a digital or electronic network. It has been proposed that Rule 3(b) must be amended to broaden the definition of an ‘e-commerce entity’ to include (i) related parties under Companies Act, 2013 (“CA 2013”), and (ii) any entity engaged by owner, operator or manager of the e-commerce platform, to fulfil orders on such platform.

As per section 2(76) of CA 2013, a ‘related party’ to an e-commerce entity is defined as a director or their relative of such entity, the entity’s holding or subsidiary or associate company, among others. These categories can very well include entities that do not engage in ‘e-commerce’ activities.

Further, the category (ii) under the broadened definition seems to include logistic services providers and entities providing packaging services. Though these entities provide delivery, packing and other services that complement e-commerce platform services, such services are independent and distinct from online platform services. Additionally, these entities are often third-party delivery and packaging service providing Business to Business (“B2B”) services to the e-commerce entity itself. The definition of a ‘consumer’ under section 2(7) of the CPA 2019 indicates that CPA 2019 regulates Business to Consumer (“B2C”) services only. Under the said definition, a person purchasing a good or availing a service for ‘commercial purpose’ cannot be a ‘consumer’ for the purposes of CPA 2019.

All the aforementioned reasons point to the fact that the two categories sought to be introduced may not satisfy the eligibility criteria for falling under the ambit of the ‘e-commerce’ definition under the CPA. The category (ii) entities also seem to be violating the B2C services requirement under the CPA 2019.

It must be noted that these inclusions to the proposed definition are in severe contradiction to the corresponding ‘e-commerce entity’ definition under the Foreign Exchange Management (Non-debt Instruments) Rules, 2019 (“NDI Rules”). The definition of an ‘e-commerce entity’ under item 15.2 of Schedule I’s table in the NDI Rules states that an ‘e-commerce entity’ is a company incorporated under Companies Act, 1956 or CA 2013. Although not explicitly mentioned, it can be inferred here that this definition envisages a company under Indian company law regime that engages in ‘e-commerce’ activities. Additionally, the definition of ‘e-commerce’ is the same under the section 2(16) of CPA 2019 and under item 15.2 of Schedule I’s table in the NDI Rules, viz. purchasing and selling of goods and services, digital or otherwise, over electronic network. Further, the said provision under the NDI Rules specifically allow marketplace e-commerce entities to provide support services such as logistics, warehousing, order fulfilment, payment collection and other services.


Under section 2(47) of the CPA 2019, UTP has been defined as a trade practice that employs deceptive or unfair methods or practices, while promoting goods or services. The definition also includes certain illustrations of UTPs, viz. misrepresentation of the nature of goods and/or services, manufacturing or selling spurious goods, among others.

Proposed rule 5(12) stipulates that e-commerce entities are required to disclose both, (i) the name of the cross-selling data provider, and (ii) the data of such entity used for cross-selling. Cross-selling is undertaken by e-commerce entities to show consumers related products or other products that they might be interested in. It is unclear as to how these disclosures would prevent UTP or protect consumer interests. Perhaps a better approach here would be to prohibit e-commerce entities from manipulating the algorithms that display suggestions based on the cross-selling data, if such manipulation amounts to an UTP or harms the interests of consumers. This would prevent any undue and unfair advantages given a particular seller’s products or services. Interestingly, the Rajya Sabha’s report on the rules recommends that the definition of UTP must be clarified in a more comprehensive manner. Unless a favorable amendment to the definition of a UTP is made, the proposed rule in question would go beyond the intention of the CPA 2019.

Hence, the proposed amendments under rules 3(b) and 5(12) seem to go beyond the scope and objects of the CPA 2019. They are ultra vires their parent legislation, and ought to be removed or amended while notifying the finalized Rules.

2. Separating and conflating inventory and marketplace business models


Proposed rule 5(14)(d) prohibits marketplace e-commerce entities from permitting the use of its brand or name for the promotion or sale of any goods and/or services on its platform. Proposed rule 5(14)(f) prohibits e-commerce entities from using the information collected by marketplace e-commerce entities in promoting or selling any goods and/or services that have a common name or brand with that of the e-commerce entity in question. Additionally, the proposed rule 6(6) restricts the e-commerce marketplace from listing any of its related parties or associated companies as sellers on its platform. Further, the proposed rule 6(7) prohibits a marketplace e-commerce entity from selling goods and/or services to any registered seller on the platform.

The existing Rules, through different definitions and different duties for marketplace and inventory e-commerce business models, create a stark contrast between the two. Rule 3(g) defines a marketplace e-commerce entity as an e-commerce entity that provides a technology platform for facilitating digital e-commerce transactions between buyers and sellers. Rule 3(f) on the other hand, defines inventory e-commerce entities as those that own the inventory of goods and services in question and who sell them directly to the consumers. The existing Rules also provide for different set of duties for marketplace and inventory e-commerce entities under Rule 5 and 7, respectively.

There have been concerns in the past that marketplace e-commerce entities have been bypassing the aforementioned separation or the restriction on them regarding holding of inventories and selling directly to customers. A recent investigation uncovered that Amazon has been doing so by holding indirect equity stakes in some of the inventory-holding sellers on its platform. It was also found that the company has been giving preferential treatment to such sellers. To prevent such disguising practices, the aforementioned proposals within the Rules seek to cement the differentiation between marketplace and inventory e-commerce business models. This approach ties in neatly with the NDI Rules, which require the strict identification of the e-commerce entity’s business model. This is because, under item 15.2 of Schedule I’s table in the NDI Rules, subject to the other mentioned conditions, foreign direct investments are permitted only for e-commerce marketplaces.


On the other hand, some of the proposed amendments conflate the two kinds of business models. They do so by failing to assess the viability of certain obligations on each of the business models. They propose certain obligations for all kinds of e-commerce entities when such obligations would be more suitable for one particular business model.

Mis-selling and misleading advertisements

For instance, the proposed rules 5(11) read with 3(k) imposes a liability on all e-commerce entities, which mis-sell good and/or services, viz. misrepresent the information regarding such goods and/or services. Similarly, the proposed rule 5(4) imposes a liability on any e-commerce entity that displays or promotes misleading advertisements about the underlying products and/or services.

These obligations cannot bind all marketplace e-commerce entities as they are merely ‘intermediaries’ under section 2(w) of the Information Technology Act, 2000 (“IT Act”). Marketplaces which comply with the conditions under section 79 of the IT Act would be exempted from the liability that might arise from any third-party information, data, or communication link, that has been made available or hosted by them.

It is true that inventory e-commerce entities can be categorized as ‘intermediaries’ under the IT Act too. However, by their very nature, they cannot ever satisfy the requirement under section 79 of the IT Act of being a passive conduit, viz. where the ‘intermediary’ neither initiates nor selects the receiver of, nor selects or edits the information contained within, the transmission. Which is why, generally, inventory e-commerce entities cannot avail the safe harbor protection under the IT Act.

Hence, a carve-out for marketplace e-commerce entities that satisfy section 79 requirements must be made for the aforementioned two obligations.

Ban on ‘flash sales’

On the other hand, the ban on ‘flash sales’ under the proposed rules 3(e) read with 5(16) must not be made applicable to inventory-based e-commerce business models. Under the proposed rule 3(e), ‘flash sales’ are defined as online events that involve deep discounts on select goods and/or services, by fraudulently manipulating the technology to enable specified sellers to sell those select items.

Inventory e-commerce entities sell their own goods and/ services. Consequently, the aforesaid situation of fraudulently manipulating the technology to empower certain select sellers would not even arise.

Hence, it may be more prudent to include this restriction under the rule dedicated to marketplace e-commerce entities, viz. rule 6, or as a carve-out for inventory e-commerce entities under Rule 5 itself.

3. Invading the jurisdictions of other Indian regulators

Section 19(2) of the CPA 2019 authorizes the Central Authority to refer a matter to another regulator once a preliminary enquiry has been completed. However, this is a discretionary power, which may or may not be invoked by the consumer protection regulator. This factor, coupled with the other factors listed below may raise jurisdictional issues and concerns over institutional primacy.

Competition law

The preambles of the Competition Act, 2002 (“2002 Act”) and CPA 2019 insist upon the goal of consumer welfare. However, the 2002 Act additionally mentions sustaining the competition within the markets as one of its goals. Unsurprisingly, jurisdictions like the USA and the Netherlands have combined competition and consumer protection authorities. Further, the erstwhile Monopolies and Restrictive Trade Practises Act, 1969 regulated monopolies, restrictive trade practises, UTPs, among others. When the 2002 Act was enacted in its place, the provisions on UTPs were instead transferred to the former CPA of 1984. These factors indicate that overlaps between consumer protection and competition legislations in the country are inevitable.

The proposed rule 5(17) states that a dominant e-commerce entity shall not abuse its dominance. By merely cross-referring section 4 of the 2002 Act for the meaning of ‘abuse of dominant position’ under the said rule, the Rules retain the authority to regulate this compliance. This mandate on companies is explicitly covered under section 4 of the 2002 Act.

This is an elaborate overstep, as opposed to an aforementioned slight overlap. This would disrupt the regulatory balance in the country, especially since both the legislations are general in nature, viz. one deals with consumer protection as a whole, while the other deals with market conditions as a whole. Additionally, due to this generality within both the laws, one cannot use the lex specialis argument as used in Competition Commission of India v Bharti Airtel Limited & Ors(“CCI – TRAI case”). Lex specialis seeks the prioritisation of special rules over general rules under the law. It was held in the CCI – TRAI case that, in a competition law dispute, TRAI, the sectoral regulator and can proceed first, after which Competition Authority of India (“CCI”) may come in. Consequently, in our case, deciding the jurisdictional priorities of two general regulators under the CPA 2019 and the CCI would not be as straightforward.

Data protection law

The existing Rule 4(9) requires e-commerce entities to record a consumer’s consent for the purchase of goods and/or services only if the consent involves an ‘explicit and affirmative action’. The proposed rule 5(14)(e) prohibits an e-commerce entity from sharing any consumer information to third parties without prior explicit and affirmative consent from the consumer in question. Both these rules fall within the ambit of Indian data protection laws.

Currently, the IT Act read with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data) Rules, 2011 (“SPDI Rules”) are applicable when persons and body corporates engaging in commercial activities and located in India, undertake collection, processing, disclosure, or storage of ‘personal information’ (“PI”) and/or ‘sensitive personal information’ (“SPI”). PI is defined as any information that is directly or indirectly capable of identifying a natural person. On the other hand, SPI involves personal information in the nature of passwords, financial data, biometric information, medical records, among others, as provided to the body corporate in question. Consumer information may involve SPI (such as financial information), as well as general PI (such as name). Further, the upcoming Personal Data Protection Bill, 2019 (“PDP Bill”) raises the bar on the consent standard. A valid consent is required to involve the features of being free, specific, clear, informative. The bill requires such a valid consent at the time of various data processing activities, including collection, disclosure, use of data.

A more prudent approach with respect to the above-mentioned proposal seems to be a cross-reference that the consumer information will be regulated as per the existing and the upcoming personal data protection laws in the country. On a similar note, the said Rajya Sabha’s report on the Rules suggests that the Rules must include a provision that states that protection of personal data of consumers using e-commerce marketplaces would be regulated under the PDP Bill.


The analysis under the first argument of excessive delegation under the CPA 2019 indicates the continuing trend of the Indian law-makers of going over and beyond the power granted through the parent legislation while regulating digital issues. This is indeed worrisome, since this approach is going against one of the foundational principles of administrative law.

Upon analyzing the second argument of separation and conflation of e-commerce business models, it was found that, in some places, the draft Rules separated inventory and marketplace e-commerce business models. In other places, it was found that they conflated the same business models, thereby lacking a nuanced approach. It has been argued that the CPA 2019 and the Rules under it, coupled with other elements, had diluted the platform immunity privileges of a marketplace e-commerce entity under section 79 of the IT Act to a certain extent. The second argument’s analysis clearly indicates that the draft Rules might most likely cause further dilution of those privileges. The fall-back liability on marketplaces under proposed rules 6(9) read with 3(d) also seems to be on similar diluting lines.

As mentioned under the analysis of the third argument, regulatory overreaches under the proposed Rules may lead to jurisdictional conflicts and confusions among beneficiaries under the CPA 2019, 2002 Act and the IT Act.

The strand that interlaces the three arguments together seems to be that of unwarrantable consumer protection regulation of e-commerce entities. For an industry that is set to become 6.5 % of the total Indian retail market, regulations, including those related to consumer protection, cannot be disproportionate. As suggested throughout this piece, a review of the highlighted draft Rules seems to be imperative.

Anushri Uttarwar is a 5th year law student at Jindal Global Law School, Sonipat


bottom of page