Finally, China is about to approve a much-awaited and needed “E-commerce Law”. An official draft (the “Draft”) has been released on 27 December 2016 by the National People’s Congress of China for public comments – according to the standard lawmaking process in China. Comments were submitted until 26 January 2017, after which the legislator started the review of the final version of the law. No timeline can be foreseen for this process (few months up to more than one year).

Based on the Draft – which however will be somewhat different from the final version of the law – the scope of the E-commerce Law encompasses both domestic e-commerce and cross border e-commerce (to which a specific Chapter, the fifth, is reserved), and sets specific obligations for both platforms (which are defined as “ legal person or other organization providing cyber space, virtual business premises, transaction matching, information distribution and other services to two or more parties to an e-commerce transaction so that the parties may engage in independent transactions”, such as Taobao and Tmall) and e-commerce operators (which are defined as “any natural or legal person or other organization, other than an e-commerce business entity, that sells goods or provide services through the Internet or other information networks”).

The Draft does not apply to financial products and service as well as the services of broadcasting audio and video programs in the information network and online publication.

In particular, the draft Regulation seems to focus on:

  • Real name registration: Person engaged in e-commerce activities should provide their genuine identity and valid contact information. An e-commerce third party platform shall examine and register business operator’s information and process to a regular update.
  • Privacy: The Draft encourages the exchange and sharing of data and information to ensure the orderly information flow and reasonable use. It also requires that e-commerce entity should take appropriate safeguards to protect user’s personal information.
  • Termination of services: Where an e-commerce business operator intends to terminate its e-commerce activities, it shall announce the relevant information at a conspicuous position of its homepage at least 60 days in advance, and take necessary measures to safeguard the rights and interests of consumers. For the third party platforms, this deadline is 90 days.


Platforms shall use service agreements and trade policies to regulate their relationship with e-commerce operators and customers, which shall include provisions on the way out, quality guarantee, and consumers’ protection. These contracts shall be clearly displayed and made available on the platform website and filed with authorities. Any amendment shall be publicized at least 7 days before their effective date. Any stakeholder may be able to make comments; moreover, a way out shall be given to business operators who do not agree with these modifications.

Under the Draft, parties to a contract are presumed to possess the appropriate capacity for civil conduct and express their genuine intent, unless there is evidence to the contrary. The e-contract shall be deemed to have been validly entered into when information on commodities and services released by an e-commerce business entity complies with the terms of an offer and the consumer submits the order.

According to the wording of Article 28 of the Draft, the determination of the time of arrival of the acceptance submitted by the consumer appears to be “when the recipient [i.e the business operator] can retrieve and identify the offer or promise” which seems unclear and might be not perfectly consistent with the provision under Article 16 of the Contract Law, which more specifically states the time of arrival ”as the time when the electronic message enter in the specific system designated by the recipient; if no specific system has been designated, the time when the electronic message first enters into any of the recipient's systems is deemed its time of arrival.”

The Draft also considers the case that a consumer wrongly submits an order into an automated transaction system: in such a scenario, the consumer shall be entitled to withdraw the part of its order which includes the mistake provided that (i) he notifies immediately the vendor about the error; and (ii) the user has not already obtained any substantial benefits or value. This clause might have deserved maybe more detail, to have a crystal clear scenario and ease its implementation.


The Draft sets out the requirements concerning electronic payments, defined as transfer of monetary funds though an electronic payment order between a payer and a payee for e-commerce purposes, which include rights and obligations of payment institutions, electronic payment service provider and recipient, pay confirmation, wrongful and unauthorized payments.

If an online payment service provider violates any related statutory requirements for financial information security management, the service provider will be liable for the corresponding losses. For any losses caused by unauthorized payment, the online payment service provider will automatically be held liable, unless it can prove that such losses are caused by the recipient of the online payment service. In contrast, the electronic payment service recipient shall be responsible for the correctness of payment orders issued by it.


During the performance of express and logistic services, in case of delay in the delivery, damage or loss, the logistics service provider must indemnify the customers. Where express logistic services are provided by franchise, the franchisee and franchiser shall assume jointly liabilities.

Under the Draft, where the subject matter of an e-contract is a service, the time of delivery shall be as stated on the certificate produced.


The Draft bolsters the protection of IP rights and lists the prohibited activities that constitute unfair competition and undermine the credit trading system. E-commerce entities that fail will face fines of up to RMB 500,000, and could have their business licenses revoked, for violations.

IP rights owners can report to the platform IP abuses by e-commerce operators; platform shall then take unspecified protective measures and meanwhile inform the operator which can reply; upon a declaration of non-infringement by the operator, the platform shall promptly terminate the measures taken. At this point the IP owner can only report the case to the authorities.

The IP rights are particularly exposed to aggression in the cyberspace, damaging both legitimate businesses and consumers.

While the Draft provisions  seems aimed at balancing interests of both IP owner and operators, in practice this procedure seems to leave a heavy burden upon IP owners, which might be frequently pushed to litigation to solve IP abuses. We would have appreciated seeing provisions banning – for example – blurred photos of products/brands on the e-shops (which too many times offer a safe harbor to infringers to claim that they were not actually displaying a fake product…)


The Draft emphasizes the importance of personal data protection by specifying the requirements for utilizing data generated in e-commerce activities. Any collection of personal information must be based on the user’s consent. Further, upon expiration of a statutory or agreed-upon retention period, an e-commerce entity is required to cease its processing and use of relevant personal information, or delete or destroy such information.

E-operators must ensure personal information security for consumers. In the case of leakage, loss or damage of personal information, the e-commerce entity must immediately take remedial measures, promptly notify the users and submit a report to the relevant authorities. Those that fail will face fines of up to 500,000 RMB and could have their business certificate revoked.


E-commerce operators are responsible for the quality of goods and services they provide, whereas the e-commerce services providers shall be responsible for the service provided. Both shall be jointly liable in case of damages caused to consumers due to the purchasing of goods or receiving services through e-commerce third-party platform.

The e-commerce platform shall also be liable in case they could not provide the consumer with the e-commerce operator’s valid identity and contact. Based on the current wording of the Draft, this provision seems less stringent than Article 44 of the Law on the Protection of Consumer Rights and Interests (which states that if an online trading platform clearly knows or should know that a business operator uses it platform to commit acts infringing the legitimate rights and interests of consumers but fails to take necessary measures, shall bear joint liability with the e-commerce operator).


The Draft included a section dedicated to cross-border e-commerce. Its programmatic provisions state that it will increase the digitalization and convenience level of customs clearance, tax collection, inspection and quarantine procedure, meaning electronic receipts and certificates will have the same legal force as paper ones. The business operators shall be submitted to the Chinese Regulation, especially regarding the protection of personal information and business data when they carry out cross-border e-commerce activities. Nothing is said on the – very important issue – products compliance (in terms of product features, quality, labeling).

The New Regulation will better regulate the cross-border e-commerce which features an exponentially growth in recent years. According to the statistics from IResearch Consulting Group, China cross-border imports grew from 600 billion RMB in 2014 to 900 billion RMB in 2015, and are forecast to hit 1.9 trillion RMB in 2018[1].