Compliances of E-commerce operator

Some e-commerce platforms operate purely as marketplaces, while others — including many D2C brands and hybrid players — operate as sellers on their own platforms or third-party platforms. This dual role creates a unique stack of compliances under GST, the Income-tax Act, the Companies Act, the Consumer Protection (E-Commerce) Rules, and FEMA. For FY 2025-26, here is the consolidated playbook.

Step 1 — Map Operating Model Clearly

• Marketplace only — facilitates third-party sellers.
• Inventory model — owns inventory and sells directly to consumers.
• Hybrid — both marketplace and inventory through separate legal entities.
• Cross-border seller — sells to or from India via international platforms.

Step 2 — GST Compliance as Seller

• Regular GST registration in each state of business presence.
• Timely issue of tax invoices with mandatory e-invoicing where the turnover threshold is met.
• Monthly GSTR-1 and GSTR-3B; annual GSTR-9 and GSTR-9C if applicable.
• Reconciliation of TCS under Section 52 collected by other ECOs with the ECO seller's books.
• Reverse-charge GST on import of services and specified inward supplies.
• Refund applications for inverted duty structures or zero-rated exports where applicable.

Step 3 — Income-Tax and TDS Compliance

• Section 194-O TDS on sales facilitated by other ECOs, where the seller is the e-commerce participant.
• Quarterly TDS and TCS returns and timely deposits.
• Advance tax instalments based on actual turnover and margin.
• Tax audit under Section 44AB at the applicable turnover threshold.
• Transfer pricing reporting in Form 3CEB for cross-border related-party flows.
• ITR filing in the form applicable to the legal entity — ITR-3, 5, 6, or 7.

Step 4 — Companies Act and MCA

• Annual filing of AOC-4 and MGT-7 with the MCA.
• Board meetings, audit committee meetings (where applicable), and statutory audit.
• Disclosures under Section 188 for related party transactions.
• CSR compliance under Section 135 once thresholds are crossed.
• Maintenance of statutory registers and updating MCA V3 records.

Step 5 — Consumer Protection and Data Protection

• Display of country of origin, expiry, return and refund policy and seller details.
• Grievance redressal officer details with prescribed response times.
• Prohibition on dark-pattern interfaces and misleading advertisements.
• DPDP Act compliance — consent, data principal rights, breach notifications and DPO appointment where applicable.
• Maintenance of grievance and breach logs for regulatory inspection.

Step 6 — FEMA and Sectoral Considerations

• RBI reporting of FDI, ECB and ODI where applicable.
• Compliance with marketplace versus inventory FDI conditions.
• Sectoral licences — FSSAI for food, BIS for electronics, drugs and cosmetics licence for healthcare products.
• IEC for cross-border movement and AD bank reporting on receipts and payments.

Conclusion

An e-commerce operator who also acts as a seller wears multiple regulatory hats. Build a compliance map across GST, income-tax, MCA, consumer protection, DPDP, and FEMA at the start of each financial year, automate the recurring filings, and revisit the structure whenever the operating model evolves. That is the only way to scale digitally and stay clean across regulators in 2026.