Digital Business in Argentina: Overview

The following apply to doing business online in Argentina:

In general, the National Congress is responsible for drafting both substantive codes and laws (section 75, National Constitution). The process consists of passing legislation through three stages:

The primary chamber (either the Chamber of Deputies or the Chamber of Senators) is involved at varying levels depending on the topic under consideration.

There are also administrative bodies, either secretariats and/or agencies with the power to issue Resolutions, Orders and Provisions governing the subject matter over which they have control.

Companies must take the following steps to set up a new business:

Depending on the goods or services offered by the provider, it can expect to contract with other businesses (if it provides business-to-business (B2B) services), or consumers (where it provides business-to-consumer (B2C) services). In addition, most businesses will find it necessary to contract with:

Order No. 18/2015 of the APIA implements the Privacy Good Practice Guide for the Development of Apps and Software.

Among other provisions, this Order establishes that a privacy policy should be clear and easily accessible for users.

Apart from Order No. 18/2015 mentioned in Question 5, there are no other specific regulations regarding the development and distribution of an app. However, it is worth considering the following:

Contractual matters in Argentina are governed by the principle of "freedom of forms". This means that there are no legal formalities required for contractual agreements unless specifically mandated by the law.

When the law requires the agreement to be in writing, this requirement is considered fulfilled if the contract with the consumer or user is in an electronic form or using similar technology (section 1106, NCCC).

Argentine law regulates different types of electronic signatures that can be applied to contracts (see Question 12).

See also Contract Formation and Enforcement in Argentina: Overview.

Every legally-executed contract is binding on the parties (section 959, NCCC). Its contents can only be modified or terminated by agreement of the parties or in the cases provided for by law.

The legal frameworks set out in Question 1 will apply depending on the specific business sector and any other applicable local laws will apply in a supplementary manner.

There are no general rules on the conservation of data under Argentinian law, nor specific terms for electronic contracting. However, certain regulations provide obligations that have an impact on the storage of data, which must be considered before deleting it. These include:

There are no specific Argentinian accreditation authorities that evaluate whether a website has complied with minimum cybersecurity standards.

The remedies for breach of an electronic contract are identical to those available for breach of any other type of contract. Typically, contracts include penalty clauses in case of breach. However, the NCCC provisions will also apply (that is, liability for remediation claiming an equivalent good and/or terminating the contract and liability for damages).

For more information on remedies under the CPL, see Question 30.

Argentinian law recognises both electronic and digital signatures.

The following legislation applies:

Both the DESL and NCCC expressly provide that a digital signature is equivalent to a written signature. Therefore, in circumstances in which the law requires that a document must be executed and signed in writing, the written signature can be legally replaced by a digital signature.

However, the law does not grant the presumption of authorship and integrity to electronic signatures in the same way that it does for digital signatures. This means that the burden of proving the validity of an electronic signature is on the person who invokes it.

Digital signature. A digital signature is the result of applying a algorithmic procedure to a digital document that requires information and exclusive knowledge of the signatory, and evidence that it is under their absolute control.

The digital signature must be verifiable by third parties, so that the verification simultaneously allows identification of the signatory and detection of any alteration of the digital document after execution.

Electronic signature. An electronic signature is the set of integrated electronic data, linked or associated to other electronic data, used by the signatory as its means of identification, but which lacks any of the legal requirements to be considered a digital signature.

If challenged, the validity of the electronic signature must be proved by the party who invokes it.

Under the DESL, a digital certificate must be used to verify a digital signature. This digital certificate is a document signed by a licensed certifier which links the signature verification data to its owner. A digital certificate must be issued by a licensed certifier and meet specific internationally recognised standards.

There are no specific format requirements for electronic signatures.

See Question 12.

The current legal framework regulating privacy is the DPL and various resolutions and orders issued by the APIA, which is the enforcement authority of the DPL.

The DPL applies to individuals or legal entities carrying out the controlling or processing of personal data belonging to Argentinian residents, regardless of where the controlling or processing is performed.

Personal data is defined by the DPL as any type of information that relates to identified or identifiable individuals or legal entities.

Sensitive data is defined by the DPL as any personal information revealing racial or ethnic origin, political views, religious beliefs, philosophical or moral stances, union affiliations or any information referring to the health or sexual life of an individual.

In principle, the processing of personal data is subject to the data holder's consent. This consent must be:

However, there are exceptions where informed consent of the data subject is not necessary.

Individuals cannot be compelled to provide sensitive data. Sensitive data can only be processed with the express consent of the data holder, in cases where there are circumstances of general interest authorised by law, or for statistical or scientific purposes, provided that data subjects cannot be identified.

Transfer. With regard to the transfer of personal data, except in specific circumstances, the personal data being processed can only be transferred for purposes directly related to the legitimate interest of the transferor and the transferee, and with the prior consent of the data subject, who must be informed of the purpose of the transfer and identify the transferee.

The transfer of personal data to countries which do not grant an appropriate level of protection according to the APIA standards is forbidden. Executive Order No. 1558/2001 states that this prohibition does not apply in the following situations:

The countries considered to have "adequate" levels of protection include EU and the European Economic Area (EEA) member states, Switzerland, Guernsey, Jersey, Isle of Man, Faroe Islands, Canada (only for the private sector), Andorra, New Zealand, Uruguay, Israel (only for automated data treatment) and the UK.

In addition to other exceptions, the DPL provides that consent for the disclosure of personal data is not necessary when the data is collected for the performance of governmental functions or under a legal obligation.

No consent is required for the transfer of data if carried out directly between government authorities to comply with their functions. This is the same when it is personal data related to health and it is necessary for reasons of public health, emergency or for the performance of epidemiological studies, as long as the identity of the data subjects is kept confidential/anonymised through adequate encryption mechanisms.

The use of cookies, pixels or other tracking technologies is not yet regulated, nor addressed in any of the APIA recommendations. However, applying the principles of the DPL, companies trying to obtain information through tracking technologies must obtain the user's consent to collect the information.

Data controllers and data processors holding personal data must adopt the necessary technical measures to guarantee its protection and confidentiality, and prevent any adulteration, loss or unauthorised access or processing. In 2018, the APIA issued Resolution No. 47/2018, approving two sets of recommended security measures for the processing and conservation of personal data (whether or not stored electronically).

The measures for the processing of personal data by electronic means deal with the following:

Some of the recommendations also include additional guidelines regarding the processing of personal data.

In principle, Resolution No. 47/2018 establishes a set of recommendations that can be adopted or replaced by others that are more effective, based on the practices and circumstances of the processing of personal data. Although the measures provided by Resolution 47/2018 are not strictly binding, in a compatible interpretation of section 9 of the DPL, and considering the accountability principle, the standards provided in the resolution are the minimum levels any controller or processor must meet to comply with the DPL.

The use of encryption in Argentina is generally permitted by law and is encouraged by current regulations. For example, Resolution 47/2018 provides for the use of encryption in specific tasks relating to the collection of personal data.

The BCRA has issued several communications regulating electronic payments.

The principal regulations governing electronic means of payment system issued by the BRCA in 1997 (MEP Regulations) were recently updated through BRCA communication "A" 7377.

The MEP Regulations:

In addition, the BCRA regulates payment service providers (PSPs), including in its scope all legal entities that, without being financial institutions, perform at least one function within a retail payment scheme.

Under the current BCRA regulations, PSPs that offer payment accounts must be registered in a special registry created for this purpose (Registro de proveedores de servicios de pago que ofrecen cuentas de pago). If they are not registered, they are not allowed to operate.

With the aim of ensuring a trustworthy financial system that complies with the highest international standards, the BCRA included PSPs in the regulations on the protection of users of financial services (which complement the provisions contained in the consumer protection laws and regulations.

Resolution No. 4/2019 of the APIA includes certain guidelines for controllers on the provision of express consent from children. In accordance with the principle of "progressive autonomy" (the individual exercise of legal rights in accordance with age or maturity) established in sections 26 and 639 of the NCCC, minors can give informed consent for the processing of their personal data considering their psychophysical characteristics, aptitudes, and development. If the minor does not have sufficient capacity to give informed consent, the holder of parental responsibility or guardianship of the minor can provide informed consent for the processing of their personal data.

Apart from this, there are no current national laws that provide rules on websites aimed at or accessed by children.

There are no specific laws protecting companies within Argentina that resell or market online digital content, services or software licences provided by a supplier outside Argentina. Under consumer laws, the company will be held jointly liable for any defective product or service.

There are no legal limitations on framing, caching, spidering and the use of metatags, as long as intellectual property and industrial property laws are complied with.

Although there are no specific provisions referring to the use of metatags or keywords and their limitations, Argentine doctrine and jurisprudence have repeatedly ruled on the use of metatags and keywords in relation to fair competition and trade mark law.

In this context, the courts consider that the use of metatags and keywords is common practice in online servers, but that there are limitations on the content assigned to these keywords.

For example, a well-known trade mark could not be used as a keyword because it is considered an infringement of trade mark law and an act of unfair competition.

Domain names are regulated by NIC Argentina's provisions. There are no specific limitations on the licensing of domain names. Specific rules can be found on the NIC website.

Domain names do not confer additional rights apart from the right to use that domain name. However, they can be used as evidence to establish the use of a trade mark or an IP right.

The procedure to register a company name within the jurisdiction of the City of Buenos Aires is regulated by the Public Registry of the City of Buenos Aires (Inspección General de Justicia) (IGJ) under General Resolution No. 7/2015. To identify whether the desired corporate name is available, the IGJ offers the possibility of performing an availability check through is website as well as reserving the name, if available.

When registering the incorporation of the company before the IGJ, a report on the reservation and its validity status must be issued. In all cases, the corporate name must be included in the bye-laws or articles of incorporation, indicating the type of company formed. It must also be published in the Official Gazette of the Argentine Republic and registered together with the incorporation of the company.

The company name must respect the provisions contained in the General Companies Law No. 19,550 according to each type of company and meet the requirements of truthfulness, novelty and distinctiveness. It must not contain terms or expressions contrary to the law, public order or good custom, or mislead as to the type or purpose of the legal entity.

The same jurisdiction rules apply to internet transactions and disputes as for other civil or commercial disputes, provided that the provisions of the CPL do not apply. Also, in general, choice of forum clauses in non-consumer online contracts are enforceable if they are fair and reasonable.

In electronically concluded consumer contracts, and under the provisions of the NCCC, the courts of the place of performance of the contract have jurisdiction. The place of performance is considered to be the place where the buyer received (or should have received) the goods or services. Any extension of jurisdiction clauses will be deemed void.

In addition, the courts of the following places have jurisdiction under the NCCC:

Further, when there are several defendants and the obligations are indivisible or joint and several, the courts of the domicile of any of them, at the choice of the claimant, can have jurisdiction (NCCC).

Parties can choose the substantive law that will govern potential disputes, especially in the context of an arbitration clause. However, in matters that involve consumer law regarding products or goods sold in Argentina, Argentine law will apply.

Platforms usually contain a customer service section where users can make complaints, and which include some method of dispute resolution provided by the platform itself.

Users can alternatively file a complaint with the consumer protection authority in their jurisdiction, which will settle the compensation payable to repair the material damage suffered by the consumer due to the goods or services that are the object of the consumer relationship.

The Consumer Protection Authority will promote the setting up of arbitration courts to act as mediators to resolve disputes arising from the provisions of the CPL.

In addition to all the above, consumers can choose to initiate legal proceedings for damages before the competent judge, which will be the judge of the place of performance of the contract (where the consumer received or should have received the good or service).

If the supplier does not comply with their legal or contractual obligations to the consumer, the judge can, at the request of the complainant, impose a civil fine in favour of the consumer, which will be graduated according to the seriousness of the act and other circumstances of the case, independently of any other compensation that may be due.

The following remedies are available for online disputes:

The following rules apply to advertising goods/services online or through social media and mobile apps:

The advertising and selling of products and services such as food, alcoholic drinks, medicine products, financial services, tobacco and cigarettes, and gambling are highly regulated, but not specifically with regard to online activities. These regulations apply to both online and offline sales and advertising.

In 2014, Law No. 26,951 created the National Do Not Call Registry, an opt-out mechanism that allows people to register their telephone numbers to avoid being called or contacted for advertising purposes. This regime also applies to text messages (SMS), as confirmed by the APIA in opinions on the matter.

Under the Email Marketing Regulation, all marketing communications must include a notification to recipients that they can request their exclusion from the relevant database.

A company must also implement effective mechanisms to receive and comply with opt-out requests. The way to exercise the right to opt-out and the transcription of certain legal provisions in Spanish (that is, section 27.3 of the DPL and section 27.3 of Executive Order No. 1558/2001, Annex I) must be expressly explained in the communication.

Under the CPL, any wording or document provided to a consumer through which rights and obligations are generated, and any other information that companies must provide to consumers, must be written in Spanish as it is the national language.

If the processing of personal data is subject to Argentinian law, the privacy policy must also be drafted in Spanish, including any mandatory wording.

Sales concluded online are generally subject to the same taxes as those concluded offline (including VAT, excise taxes, foreign market exchange tax (if the transaction is made in USD)). Tax withholding/collection regimes, customs-related duties and fees and other transactional taxes (like stamp tax, tax on debits and credits) may also apply in certain cases.

The tax system reform which took place in 2017 incorporated regulations on VAT treatment applicable to digital services rendered by non-residents from abroad which are effectively used within Argentine territory. Most Argentine local provinces have also incorporated similar regulations on turnover tax (local tax) in their respective tax codes.

Online companies must register for VAT (and any other applicable tax) only if they qualify as Argentine resident for tax purposes (that is, in general, regular companies incorporated in Argentina or foreign companies with a permanent establishment within the country). Registration should be made with the tax authorities (both federal and local ones) as soon as they start doing business.

Online companies that do not qualify as Argentine resident for tax purposes (with no permanent establishment in the country) are not obliged to register for any tax in Argentina. Any tax collection or withholding that may apply to transactions is usually made by the local party that participates in it. These include:

The VAT general rate is 21%.

Restrictions on the use of copyrighted works are established in the Intellectual Property Law, and the protections afforded vary depending on the type of work. In general, a licence should be granted by the copyright owner for the use of third-party content.

For defamatory and harmful content, there are no restrictions on what specific content can be published on a website, as this would be considered prior censorship and, therefore, unconstitutional, since it would limit the constitutional right to freedom of expression. However, this does not mean that people can publish harmful and defamatory content without consequences. After publication, they can be ordered to take down the defamatory or harmful content by a judge and, if it is proved that they acted with malice or gross negligence, to compensate the people harmed by the content.

There are no special laws on this matter, so regulation lies with the NCCC. In accordance with its general provisions on civil liability, relevant case law has determined the liability of the publisher of the illegal content, and, restrictively, of internet search engines.

If internet service providers do not know about the existence of illegal content, or there is doubt about its illegality as it had not been determined by a court, they cannot not be liable for the damage caused by it. However, if they act diligently by removing illegal content after it was brought to their attention, they must be exonerated from liability.

According to Mercosur Resolution No. 37/19, that was incorporated to the Argentine legal system by Resolution No. 270/20 of the Domestic Commerce Secretary, which regulates e-commerce, a website must provide the following information:

In addition, and under Resolution No. 271/20 of the Domestic Trade Secretary, when users contract with the supplier of goods or services through a standard-form agreement (for example, by accepting general terms and conditions), the content of the contract with all relevant details must be published on the website. Under the same conditions, the discounts and benefits offered must be disclosed, with a precise indication of the start and end dates, as well as their terms, conditions and limitations.

The website should also provide specific information in accordance with the NCCC, CPL and complementary rules.

If the website collects personal data, a privacy policy must be available for users, following the requirements of the DPL, and resolutions and orders of the APIA. In particular, the DPL establishes that when personal data is collected, the data subjects must be previously informed, expressly and clearly, of the:

There may be other legal information that should be provided on a website, depending on the kinds of activities and services provided.

In general, the individual or entity that provides the content is liable for it. However, an entity that requests content generated by someone else (such as an advertiser as part of an online promotion) may also be liable for the content, especially in consumer law matters. It is good practice for a trader to include disclaimers in relation to the accuracy and availability of content on its website to limit the expectations of users.

For further information see Question 38.

Argentina has adopted the "notice and takedown" system regulated in the US by the Digital Millenium Copyright Act. With regard to the obligation to close a website, remove content or disable links without authorisation, the National Supreme Court of Justice has made several rulings applying the system.

An ISP must close a website, remove content, or disable links when it has become aware that the link leads to harmful content, in two different situations:

In general, rules on the offline acquisition of products and services also apply to products and services supplied online. The general provisions of the NCCC apply to liability issues. In addition, if consumer rights are affected, the provisions of the CPL apply.

For products purchased online, a consumer can cancel the purchase without cost or liability within ten calendar days of receipt of the product, or at the conclusion of the contract, whichever occurs last (section 34, CPL).

All participants in the supply chain are jointly and severally liable for a defective product or service, and the consumer can choose which participant in the supply chain they make a claim against (section 40, CPL).

There are no specific types of insurance policies for online businesses. Generally, online businesses require the same sort of insurance as other businesses in the specific industry sector within which they operate. However, some insurers offer special products aimed at companies with a significant online presence.

The APIA (with the support of the government and the support of the opposition) is about to introduce before the Congress a Bill intended to replace the DPL, which was enacted in 2000, and has become outdated in relation to technological and legal developments, especially following the passing of the EU General Data Protection Regulation (GDPR). Among other changes, the Bill introduces:

In addition, in 2022, two bills relating to digital business were filed in the Chamber of Deputies: