Website Terms and Conditions South Africa: ECTA, CPA, and POPIA Requirements

Running a website in South Africa that sells goods, provides services, or collects information from users triggers obligations under at least three pieces of legislation: the Electronic Communications and Transactions Act 25 of 2002 (ECTA), the Consumer Protection Act 68 of 2008 (CPA), and the Protection of Personal Information Act 4 of 2013 (POPIA). A comprehensive terms and conditions document — combined with a separate privacy notice — is how you satisfy these obligations and protect your business.

Why Generic International Templates Are Insufficient

Most free website T&C templates are drafted for US or EU audiences. They reference US state law, GDPR Article numbers, or US consumer protection frameworks that do not apply in South Africa. SA-specific legislation creates different obligations, and using a foreign template leaves you exposed to the parts of SA law that the template does not address.

ECTA: Mandatory Disclosures for SA Websites

The Electronic Communications and Transactions Act requires any website that offers goods or services electronically to consumers to disclose certain information before or at the time of concluding a transaction. Section 43 requires disclosure of:

• The full name and legal registration details of the business
• The physical address where legal notices can be served
• Contact details: website, email address, and phone number
• The description of the goods or services available
• The full price including VAT and any additional fees or charges
• The payment methods accepted
• The security procedures and privacy policy
• The terms of any guarantee or warranty
• The return and cancellation policy
• Delivery terms and timeframes

Failure to provide these disclosures gives the consumer the right to cancel the transaction within 14 days under ECTA.

CPA: Consumer Rights That Must Be Reflected in Your T&Cs

The Consumer Protection Act applies to every supplier who offers goods or services to consumers in South Africa in the ordinary course of business. Key CPA rights that your T&Cs must acknowledge (because you cannot contract them away):

Right to Cancel Distance Transactions (Section 44)

Consumers have the right to cancel a distance transaction (including online purchases) within five business days of receiving the goods without penalty, other than the cost of returning the goods. Your T&Cs must not contradict this right.

Cooling-Off Period

For fixed-term service contracts, the CPA gives consumers 20 business days to cancel a direct marketing arrangement.

Implied Warranty of Quality (Section 56)

Suppliers warrant that goods are safe, of good quality, free from defects, and fit for the purpose for which they are generally intended. You cannot disclaim this warranty for consumer transactions.

Right to Plain Language (Section 22)

All consumer-facing documents must be in plain language that the average consumer can reasonably understand. Dense legalese in your T&Cs may be unenforceable.

Prohibited Clauses

The CPA prohibits certain contract terms as unfair or unconscionable. These include terms that:

• Waive the consumer's CPA rights
• Give the supplier unlimited discretion to determine price after the contract is concluded
• Limit the supplier's liability for death or bodily harm caused by their own negligence

POPIA: Privacy Notice Requirements

POPIA requires that you notify data subjects (your users, customers, subscribers) when you collect their personal information. This notification must include:

• What information you are collecting
• Why you are collecting it (the purpose)
• Whether it is mandatory or voluntary
• The consequences of not providing it
• Whether it will be shared with third parties (and who they are)
• The data subject's rights (access, correction, deletion, objection)
• How to contact your Information Officer

This notification is typically delivered through a Privacy Policy (separate from the T&Cs) and a cookie consent notice. However, the T&Cs should reference the Privacy Policy and confirm that users accept both.

What Your SA Website T&Cs Should Cover

Acceptance and Effective Date

State how users accept the T&Cs (browsing, creating an account, making a purchase) and when the current version took effect. Users must be able to print or save the T&Cs.

Limitation of Liability

While you cannot disclaim the CPA's implied warranties for consumer transactions, you can limit liability for:

• Accuracy of information on the site
• Availability of the website
• Third-party links and content
• User-generated content

Intellectual Property

Assert your rights over website content, trademarks, and software. Prohibit unauthorised copying, scraping, or redistribution.

Governing Law and Jurisdiction

Specify that South African law governs the agreement and that disputes will be resolved in South African courts (typically the Magistrate's Court or High Court depending on the value).

Dispute Resolution

Consider including a mediation or arbitration clause before litigation. The Consumer Goods and Services Ombud handles CPA complaints at no cost, and your T&Cs should acknowledge the consumer's right to access the Ombud.

Changes to Terms

Describe how you will notify users of material changes. Under POPIA, changes to data processing practices require updated consent.

Website Compliance Checklist

For a South African website, ensure you have:

• ECTA Section 43 disclosures (business details, prices, returns policy)
• Terms and Conditions (with CPA-compliant provisions)
• Privacy Policy (POPIA notification and data subject rights)
• Cookie consent notice (if you use tracking cookies)
• A nominated Information Officer registered with the Information Regulator (if you process personal information)

Related Guidance

• Explore related guides: Blog hub
• Use our free tools: Free Tools

Official References

• ECTA Act 25 of 2002 - www.gov.za
• Consumer Protection Act 68 of 2008 - www.gov.za
• Information Regulator - www.inforegulator.org.za

Last Reviewed

Last reviewed: 2026-03-03. This article is informational only - verify requirements with official sources before acting.