Skip to content
Magist
AnalyzeRegulationsVendorsCounselUpdatesCompareAbout
← All Controls

Operator contact information disclosure

contact-information-disclosureDomain: consumer-protectionType: policy

Description

Contact-information disclosure is the regulatory descendant of the printed-imprint requirement that has run through European commercial law for a century. Any consumer-facing online service tells users who is operating it, where to reach them physically, and how to contact them through an electronic route in addition to whatever support channels the operator has chosen. The disclosure is a substantive obligation rather than a courtesy, and the visibility expectations have hardened over time: a regulator inspecting a service expects to find the disclosure from the homepage in a small bounded number of clicks, and the German jurisprudence has historically settled on two clicks as the practical maximum that survives challenge. The content set has converged across regimes onto roughly five elements. Legal name of the operating entity, in the form that matches its corporate registration, names who the user is dealing with. Registered address (or principal place of business) gives the regulator and a litigating user a service-of-process target. Registration number where applicable (Handelsregisternummer, Companies House number, business-license number, the equivalent in the operating jurisdiction) anchors the disclosure to the corporate registry. VAT identification where applicable lets cross-border consumers and tax authorities trace the entity through the VAT-information-exchange systems. The working electronic contact route is the part operators most often get wrong, because the obligation is for an email address that gets read; "info@" inboxes that bounce to nowhere have been cited specifically, and a contact form that drops user messages into an unmonitored queue does not satisfy the obligation any better than a non-functional email address would. The visibility piece is where most operators get tripped up: hidden imprints, imprints behind logged-in surfaces (a service that only shows the imprint after the user authenticates), and imprints that are technically present but visually buried have all drawn enforcement, because visibility is part of the obligation rather than separate from it. The statutory anchors layer multiple parallel regimes onto the same operator. DSA (Regulation (EU) 2022/2065) Article 11 covers points of contact for authorities, and Article 12 covers recipients-of-service contact. The EU Omnibus Directive (Directive (EU) 2019/2161) layers e-commerce information obligations on top. The e-Commerce Directive (2000/31/EC) Article 5 carries the foundational imprint provisions that the German Telemediengesetz and successor DDG transpose; German practice remains the most demanding on visibility, click-depth, and content completeness. The CCPA contact-disclosure rules at Cal. Civ. Code §§1798.100-1798.199.100 and the 11 CCR §7000 series cover California; Delaware DPDPA, Montana MCDPA, New Jersey NJDPA, Oregon OCPA, and the Colorado AI Act layer parallel state-level obligations. Saudi PDPL and Vietnam PDPD impose their own variants. Evidence formats that satisfy a regulator inquiry include the imprint or about page itself, the contact form configuration with response-time documentation, and the authority-contact register documenting the named point of contact for regulator inquiries under DSA Article 11.

Required by (9 regulations)

  • Colorado AI Act

    SB 26-189 requires deployers of ADMT in covered domains to disclose contact information for the deployer and to provide a mechanism for consumers to inquire about ADMT use in decisions affecting them. Operational mechanics pending AG rulemaking.

    Colorado AI Act (SB 26-189, repealing and replacing SB 24-205); effective 2027-01-01; codification sections pending Governor signature and AG rulemaking

    Source →

  • DE PDPA

    Del. Code Ann. tit. 6, ch. 12D

  • DSA

    Article 11 — points of contact for authorities; Article 12 — recipients-of-service contact.

    Regulation (EU) 2022/2065 of the European Parliament and of the Council (Digital Services Act)

  • Omnibus

    E-commerce information obligations.

    Directive (EU) 2019/2161

  • MCDPA

    Mont. Code Ann. §§30-14-2801 to 30-14-2817

  • NJDPA

    N.J. Stat. Ann. §§56:8-166 to 56:8-188

  • OCPA

    Or. Rev. Stat. §§646A.570 to 646A.604

  • PDPL

    Royal Decree M/19, dated 9/2/1443 AH (September 16, 2021), Personal Data Protection Law, effective September 14, 2023

  • Vietnam PDPD

Fulfilled by (1)

  • In-house build · low effort

Magist does not accept payment from vendors. Methodology.

Evidence formats

  • imprint / about page
  • contact form
  • authority-contact register

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions.

Magist

Pre-launch regulatory analysis for product teams. Built by a lawyer, designed for PMs.

Tools

  • Analyze
  • Guided walkthrough
  • Vendors
  • Find counsel
  • Saved analyses

Reference

  • Scope by business model
  • Scope by jurisdiction
  • App ratings
  • Regulations
  • Compare regulations
  • Enforcement
  • Browse Controls
  • Vendor coverage
  • Radar
  • Pulse
  • Changelog
  • Guides
  • Regulatory updates
  • Open data
  • Corpus license
  • Ontology
  • State of Compliance

Solutions

  • For legal teams
  • For engineering
  • For executives
  • For law firms
  • For investors
  • For teams →

About

  • About Magist
  • Methodology
  • Editorial standards
  • Reviewers
  • Coverage status
  • Corrections
  • Trust
  • Coverage scope
  • How we handle data
  • Sub-processors
  • FAQ

Built by Neel Patel, a practicing in-house games attorney. Games touch more compliance domains at once than anything else in tech — Magist was designed around that.

Magist provides legal information based on publicly available regulatory sources. It does not constitute legal advice and does not create an attorney-client relationship. Consult a licensed attorney in your jurisdiction before making compliance decisions. Operated by a Washington-licensed attorney. Not licensed in California or other US states. Magist provides legal information; consult a licensed attorney in your jurisdiction.

Magist is an instrument, not a consultancy. It does not sell compliance services or take payment from vendors for placement; the analysis is the same for everyone. No vendor, sponsorship, or referral fees, ever.

MethodologyLimitationsDisclosures

© 2026 Magist
TermsLicensePrivacySecurityLinkedIn