Introduction
A website's Terms and Conditions (T&C) - also called Terms of Use or User Agreement - is the legal contract that governs the relationship between the website operator and its users. In India, properly drafted website terms are not merely a good practice: for many categories of website they are a legal requirement, and for all businesses they represent a critical first line of risk management.
Despite this, many Indian businesses either launch without T&C, copy generic international templates, or fail to update their terms as their operations evolve. This article explains what Terms and Conditions must cover under Indian law, what the legal requirements are, and why fintech and digital businesses face heightened compliance exposure in this area.
Indian Legal Requirements for Website Terms and Conditions
Several Indian statutes impose disclosure and terms-related obligations on websites:
Information Technology Act, 2000 and IT (Amendment) Act, 2008
The IT Act is the foundational law governing electronic commerce and digital transactions in India. Key implications for T&C include:
• Section 79 - Intermediary liability protection requires platforms to publish terms of use that users acknowledge, along with rules and regulations prohibiting hosting of unlawful content.
• IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 - Intermediaries (including social media platforms and digital businesses) must publish rules, privacy policy, and user agreements and ensure users formally accept them. The Rules were further amended in October 2025 (effective 15 November 2025) to strengthen content takedown obligations under Rule 3(1)(d), and again in February 2026 to address synthetically generated content and deepfakes. Platforms using AI-generated content tools face additional labelling and due diligence requirements under the 2026 amendments.
Consumer Protection (E-Commerce) Rules, 2020
E-commerce entities operating in India are required under these Rules to disclose on their website or app: legal name and address of the entity, customer service contact information, grievance officer details, return, refund, and cancellation policies, payment and delivery terms, and information about applicable charges. These disclosures are mandatory and failure to include them constitutes a violation of consumer protection law.
Digital Personal Data Protection Act, 2023 (DPDP Act)
While the DPDP Act is primarily addressed through a separate Privacy Policy, Terms and Conditions should cross-reference and be consistent with the privacy policy. T&C should also address: what personal data the platform collects and for what purposes, user rights under the DPDP Act (subject to the Rules being fully notified), data sharing with third parties, and data breach notification commitments.
Reserve Bank of India / SEBI Requirements
Fintech platforms, payment aggregators, investment advisory websites, and other regulated digital financial services businesses face additional disclosure obligations under their respective regulators. T&C for such platforms must align with applicable RBI, SEBI, or IRDAI requirements including disclosures about regulated status, product risks, and complaint mechanisms.
Key Clauses Every Website T&C Should Include
1. Parties and eligibility
Clearly identify the company operating the website, its registered address and CIN/registration number, and the eligibility criteria for users (minimum age, geographic restrictions, account requirements).
2. Acceptable use policy
Define prohibited conduct including fraudulent use, data scraping, cyberattacks, uploading malicious content, intellectual property infringement, and harassment. A clear acceptable use policy supports the platform's right to suspend or terminate user access and reduces liability under the IT Act intermediary framework.
3. Intellectual property rights
State that all content, branding, software, databases, and tools on the website are owned by or licensed to the company. Specify what limited use rights, if any, are granted to users. Address user-generated content ownership where relevant.
4. Limitation of liability
This is among the most commercially important clauses. A well-drafted limitation clause should: cap the company's liability to a defined amount (typically fees paid in the preceding period), exclude indirect, consequential, and incidental losses, and note that technical interruptions and third-party content are beyond the company's control. Note that under Indian consumer protection law, companies cannot entirely exclude liability for deficiency in service - so clauses should be drafted with that in mind.
5. Disclaimers
For information-based and financial services websites, prominent disclaimers are essential: that website content does not constitute professional advice, that information is provided for general purposes only, that markets involve risk (for investment-related content), and that the company is not liable for reliance on content without professional consultation.
6. Governing law and jurisdiction
Specify Indian law as the governing law and a specific Indian court jurisdiction for dispute resolution. For cross-border platforms, consider whether arbitration is a more practical mechanism. Vague or absent governing law clauses are a common source of enforcement difficulties.
7. Grievance officer
Under the IT Rules 2021, intermediaries must appoint a Grievance Officer resident in India and publish their name and contact details. This is a legal requirement for qualifying platforms, not merely a best practice.
8. Privacy policy cross-reference
Terms and Conditions should reference the website's Privacy Policy and state that the two documents together constitute the complete agreement with users regarding data and platform use.
9. Amendment rights
Reserve the right to amend the T&C with appropriate notice to users. Specify how notice will be given (email, website notification) and the timeframe before amendments take effect.
10. Termination and suspension
Specify the company's right to suspend or terminate user access for policy violations, non-payment,
security incidents, or regulatory requirements, and the consequences of termination for ongoing obligations.
Common Mistakes Indian Businesses Make
Using foreign templates without localisation
Many Indian websites copy T&C from US or UK templates. These will typically miss IT Act and Consumer Protection Rules requirements, lack mandatory grievance officer disclosures, reference foreign governing law, and fail to address DPDP Act obligations.
Not updating terms after product or regulatory changes
T&C must be reviewed whenever the business adds new services, changes its data practices, updates its pricing model, or faces new regulatory requirements. Outdated terms can be used against the company in disputes.
Inadequate user acceptance mechanisms
For T&C to be enforceable as a contract under the IT Act, users must affirmatively accept them - a 'click-wrap' checkbox or positive confirmation is far stronger than a 'browsewrap' arrangement where the link to T&C is buried in a footer.
Frequently Asked Questions
Are Terms and Conditions legally mandatory for Indian websites?
For intermediaries (as defined under IT Rules 2021), e-commerce entities (under Consumer Protection E-Commerce Rules 2020), and regulated financial services platforms, specific disclosures and terms are legally required. For other websites, T&C are strongly advisable as a matter of legal protection and risk management even where not strictly mandated.
Can Terms and Conditions protect against all liability?
No. Indian consumer protection law limits the extent to which businesses can exclude liability for deficiency in services. Unreasonable exclusion clauses may be challenged before consumer forums.
Conclusion
Terms and Conditions for Indian websites serve multiple functions: satisfying legal requirements under the IT Act, Consumer Protection Rules, and sector-specific regulations; protecting intellectual property; managing liability exposure; and building user trust through transparency. For fintech, e-commerce, and digital financial services businesses, robust and regularly reviewed T&C are a compliance necessity, not an afterthought.
At KP Regtech, we help businesses build comprehensive website compliance frameworks, legal documentation, digital governance structures, and risk management systems aligned with India's evolving regulatory landscape.