What Changed in 2024 That B2B Platform Operators Missed
Law 18-05 (Electronic Commerce Law) was originally enacted in 2018 but became operationally binding only with the 2024 implementing decrees. The 2018 text set out principles; the 2024 decrees set out procedures. Most Algerian tech media coverage focused on the consumer-facing provisions — CNRC registration for online merchants, consumer cooling-off periods, dispute resolution channels. The B2B marketplace layer received almost no coverage.
A B2B marketplace in this context is any digital platform that connects Algerian businesses as buyers and sellers and takes a commission, subscription fee, or data monetization revenue. This includes: industrial procurement platforms (connecting manufacturers to suppliers), SaaS reseller portals (connecting Algerian businesses to cloud software vendors), vertical B2B directories with transactional capabilities (agriculture, pharmaceuticals, construction materials), and logistics marketplaces connecting shippers to carriers.
The 2024 decrees clarified three things that directly affect platform operators:
First, the CNRC commercial registration obligation extends to platform operators — not just the merchants who use the platform. The platform itself must register as an “e-commerce intermediary” with the CNRC and display its registration number on the platform’s homepage. Previously, many operators interpreted the registration requirement as applying only to direct sellers.
Second, electronic contracts concluded through the platform are valid under Algerian law provided the platform stores a verifiable audit trail: acceptance timestamps, IP address or authenticated user session identifiers, and contract version hash. Contracts that cannot be reconstructed from platform logs are unenforceable.
Third, the 2024 decrees require B2B marketplace operators to provide annual transactional data reports to business clients who request them. The report must include: total transaction volume (in DZD), VAT amounts transacted through the platform, and a counterparty list (company name, registration number, total value). This is not optional — it is an enforceable obligation under Law 18-05 Article 23.
Advertisement
The Four Obligation Sets Every B2B Marketplace Must Address
1. CNRC E-Commerce Intermediary Registration and Annual Renewal
CNRC registration for e-commerce intermediaries requires: proof of Algerian legal entity registration, platform domain name, registered address, and a description of the intermediary service being offered. The registration category is “intermédiaire en commerce électronique” (ICE). Annual renewal is required; failure to renew within 30 days of the anniversary date constitutes a violation of Law 18-05 punishable by an administrative fine of 200,000 DZD to 500,000 DZD per violation.
Operators must display the CNRC registration number on the platform homepage and in every electronic contract generated through the platform. Operators who have not registered because they classified themselves as “software providers” rather than “commerce intermediaries” should seek legal advice immediately — the CNRC and DGI are applying the intermediary definition broadly to any platform that facilitates commercial transactions between Algerian entities.
2. Electronic Contract Audit Trail Requirements
Every contract concluded through a B2B marketplace must generate a cryptographically verifiable audit trail stored for a minimum of five years. The standard that satisfies Law 18-05 requirements is: SHA-256 hash of the contract document at acceptance time, ISO 8601 timestamp with UTC offset, authenticated user session ID (not just IP address for high-value contracts above 1 million DZD), and storage in an immutable log that cannot be modified post-acceptance.
For platforms operating on commercial cloud infrastructure, the immutable log must be stored either in Algeria (data residency requirement for platforms with more than 10,000 active Algerian business users) or in a jurisdiction with a data transfer agreement recognized by the ANPDP. As of May 2026, France and the UAE are the only non-Algerian jurisdictions where major cloud providers have received ANPDP transfer clearance.
3. Annual Transactional Data Reports for Business Clients
Law 18-05 Article 23 requires B2B marketplace operators to provide, upon written request from any business client, an annual statement of transactions covering the previous 12 months. The statement must include: DZD value of all transactions by the requesting entity, VAT amounts collected and remitted on transactions facilitated through the platform, counterparty identification (company name plus NIF/NRC number), and timestamp range.
This obligation is new for most platforms. Building the reporting infrastructure is not technically complex — it is a standard SQL query against transactional records — but operators who stored transactions in a way that makes VAT-separation difficult (flat fee models, barter-style value exchanges) may need to rebuild their data models. Start this work now: the DGI has begun issuing data report requests to B2B marketplace operators as part of its 2026 digital economy compliance sweep.
4. Data Residency and the Cloud Sovereignty Intersection
Platforms storing personal data of Algerian business users — even business contact data: name, professional email, phone number of a named individual at a company — are subject to Algeria’s data residency requirements under Law 18-07 (Data Protection) and the 2024 Cloud Sovereignty implementing decree. Business contact data is personal data under Algerian law; it cannot be stored outside Algeria or an ANPDP-recognized jurisdiction without explicit consent.
For platforms built on AWS, Google Cloud, or Azure, this means either: (a) routing Algerian user data to the nearest data center in an ANPDP-recognized jurisdiction (France for AWS/Azure/Google Cloud), or (b) deploying a hybrid architecture with Algerian data stored locally. Platforms that host entirely on servers in the United States, without routing Algerian data to an EU or ANPDP-recognized tier, are currently non-compliant.
What This Means for B2B Marketplace Operators in 2026
The combination of CNRC registration, electronic contract audit trails, annual reporting obligations, and data residency requirements creates a four-dimensional compliance stack that most Algerian B2B platform operators have not fully addressed.
The good news: compliance is achievable within 60 to 90 days for most platforms. CNRC ICE registration takes approximately 15 business days with a properly prepared dossier. Audit trail implementation on modern cloud platforms typically requires two to four weeks of engineering work. Annual reporting is a one-time data model review. Data residency routing is a configuration change for major cloud providers.
The risk: the DGI cross-referencing sweep is underway. Platforms that have been earning commission revenue from Algerian B2B transactions without CNRC registration and without VAT compliance are already flagged. The penalty regime — 200,000 DZD to 500,000 DZD administrative fines plus retrospective VAT assessment plus potential license revocation — is severe enough that a voluntary compliance review is strongly preferable to an audit-triggered enforcement action.
Algerian B2B marketplace operators should immediately appoint a compliance officer (internal or external) to run through all four obligation sets and produce a written compliance gap report by end of Q2 2026. That report becomes both the remediation roadmap and the evidence of good-faith compliance effort if an audit occurs.
Frequently Asked Questions
Does Law 18-05 apply to a SaaS platform that resells foreign software to Algerian businesses but doesn’t take a transaction commission?
Yes, if the SaaS platform facilitates the commercial relationship between a foreign software vendor and Algerian business buyers — even through a flat subscription model — it qualifies as an “e-commerce intermediary” under the 2024 implementing decrees. The CNRC and DGI apply the intermediary definition to any platform that enables a commercial transaction to occur, regardless of fee structure. Reseller portals, partner marketplaces, and white-label distribution platforms all fall within scope.
What constitutes a valid electronic contract under Law 18-05 for B2B transactions above 1 million DZD?
For B2B transactions above 1 million DZD, Law 18-05 requires an authenticated user session ID (not just an IP address) in the audit trail. This means the user must have authenticated via a verified identity mechanism — at minimum, an email/password login with session token, and for transactions above 5 million DZD, two-factor authentication is recommended. The contract document must be hashed with SHA-256 at acceptance time, and the hash stored in an immutable log alongside the authentication record. Electronic signatures using the ANPDP-recognized certificate authority infrastructure are strongly recommended for contracts above 10 million DZD.
How long does the CNRC e-commerce intermediary registration take?
CNRC ICE (intermédiaire en commerce électronique) registration typically takes 10 to 15 business days with a complete dossier. Required documents include: company CNRC extract (less than 3 months old), platform domain name registration certificate, description of intermediary services, and proof of registered Algerian address. Online submission via the CNRC portal is available; in-person submission at the relevant wilaya CNRC office is required for first-time registrations.
—
Sources & Further Reading
- Algeria E-Commerce Law 18-05 — Official Gazette of the People’s Democratic Republic of Algeria
- Algeria Digital Policy Framework — Digital Policy Alert
- Algeria’s Fintech Ecosystem 2026: Building Momentum — The Fintech Times
- Algeria PSP Regulation Instruction 06-2025 — Launch Base Africa
- Algeria Open Banking API Regulation and Fintech Framework — AlgeriaTech
