Skip to content

Lebanese legal + compliance baseline

Reference for the legal posture 961tech ships with at launch. Produced for Foundation: legal + compliance review (#40). Pairs with RFC-0005 compliance baseline — that's where the five operational decisions live; this is the underlying research.

Research-grade, not legal advice

This doc is a research-grade baseline produced by reviewing primary statute references and reputable secondary commentary. It is not a substitute for a Lebanese lawyer's review. The §1.4 register lists every claim that should be confirmed by counsel before launch. Where Lebanese law is silent, ambiguous, or unenforced in practice, the doc says so explicitly rather than guessing.

1. Scope & method

1.1 What this is / isn't

What this is. A Lebanese-first compliance baseline for 961tech as it stands today: an English-only (ADR-0004) affiliate-monetised price-comparison + compatibility-checked PC builder that drives outbound clicks to Lebanese retailers and earns commission. Three legal surfaces: affiliate / commerce, consumer protection, privacy / data protection.

What this isn't. Not legal advice. Not a final ToS / Privacy Policy / cookie banner draft — those follow RFC-0005 sign-off. Not an EU- or US-targeted compliance design — Lebanese law leads; GDPR / FTC / EU UCPD enter only as comparators or as the safer engineering target where Lebanese law is silent. Not a tax-residency decision for MASTER personally.

1.2 Method

Three parallel research subagents (one per surface), each constrained to:

  • Prefer primary Lebanese sources (official gazette, Ministry of Economy and Trade, Ministry of Finance, Beirut Bar Association, Lebanese law-firm publications) over generalist commentary.
  • Treat EU/US references as comparators only — they don't bind Lebanese behaviour, but they're the safer engineering target where Lebanese law is silent.
  • Label every claim by confidence: Verified (primary source cited), Probable (multiple secondary sources align, no statute found), Uncertain — needs lawyer review (single-source or absent).
  • Never fabricate statute numbers, article numbers, or court decisions. "Couldn't verify" is a legitimate finding.

1.3 Honest limits

  • Lebanese statutes are poorly digitised. Most are scanned PDFs in Arabic or French only. Some article numbers cited below are reproduced from secondary sources and have not been cross-checked against the original gazette text — these carry an explicit confidence label.
  • Caselaw is sparse. Lebanese commercial / consumer / data-protection caselaw is largely unpublished. Where a question turns on judicial interpretation, the doc says so and routes to the §1.4 register.
  • Enforcement reality differs from statutory text. The Ministry of Economy and Trade's Directorate of Consumer Protection enforces against physical retailers, not aggregators, in observable practice as of April 2026. Law 81/2018 has no operationally-active supervisory authority for personal data. These gaps create practical room that statutory room would not — flagged where relevant.
  • The privacy-surface research subagent returned a structured report without verifying every cited article number of Law 81/2018 against primary text. Article-number specifics in §4 are labelled Probable or Uncertain rather than Verified unless the §4 sources confirm them. The functional findings (no cookie statute, hashed-IP unsettled, no cross-border-transfer enforcement) are independently corroborated by DLA Piper / IAPP / CMS comparative trackers.

1.4 "Needs lawyer review" register

The questions a Lebanese lawyer should sign off on before public launch. Aggregated from §2-§4 and deduplicated.

# Question Surface Why it matters Statute reference
L1 Is recurring affiliate income from 3+ Lebanese retailers a "commercial act" requiring registration with the Beirut Commercial Register, even below the VAT threshold? Affiliate The "freelance cash" norm is widespread but technically non-compliant; clean answer determines whether MASTER incorporates pre-launch Code of Commerce Decree-Law 304/1942 arts. 6–9
L2 Does Law 659/2005's "merchant" definition (Art. 3) reach a non-selling, affiliate-monetised aggregator? Consumer Scope decision — determines whether Art. 4 / Art. 36 information-accuracy duties bind 961tech directly Law 659/2005 art. 3
L3 Is there a statute or MoET circular requiring online consumer disclosures (price, ToS, return policy info) to be in Arabic? Consumer If yes, directly conflicts with ADR-0004 Law 659/2005 arts. 4, 8, 11, 36 + any MoET regulation post-2018
L4 Does Law 659/2005 Art. 5 (LBP price display) bind a non-seller display website, or only physical retailers? Consumer Determines USD-only display risk Law 659/2005 art. 5 + MoET Circular 4/1/E.T.
L5 Is Decree 3380/2016 (advertising / comparative advertising) enforced against neutral product-comparison tables, or only against trademark-disparaging ads? Consumer Determines whether the core comparison product carries any baseline regulatory risk Decree 3380/2016
L6 Does Law 81/2018's "network service provider" liability shield cover a price-aggregator displaying retailer offers? Affiliate / Consumer Liability allocation if a retailer's listing turns out to be misleading Law 81/2018 (article number to confirm)
L7 Has the Ministry of Economy and Trade issued implementing decrees under Law 81/2018 Title IV (personal data) since 2020? Privacy Determines whether any pre-authorisation regime is live Law 81/2018 Title IV + MoET decree register
L8 Lebanese position on HMAC-hashed IP as personal data Privacy Determines retention + processing regime for click logs Law 81/2018 personal-data definition
L9 Cross-border transfer of personal data to Cloudflare / Vercel — enforcement reality Privacy Determines hosting strategy + privacy-policy content Law 81/2018 cross-border transfer clause
L10 Place-of-supply for affiliate service rendered to a Lebanese retailer by a Lebanese resident — any 2024 / 2026 Budget Law nuance changing 11% standard rate? Affiliate Determines invoicing posture if revenue scales past VAT threshold VAT Law 379/2001 + Budget Laws
L11 February 2026 cabinet-approved VAT hike from 11% to 12% — track Parliamentary enactment date Affiliate All post-effective-date affiliate invoices must charge the new rate Pending Budget Law amendment

2. Affiliate / commerce surface

2.1 Statutes / official sources

  • Decree-Law No. 304 of 24 December 1942 (Code of Commerce / قانون التجارة البرية) — defines the "commerçant" (merchant), commercial register obligation, individual trader vs. SAL/SARL structures. Amended by Law 126/2019. Verified.
  • VAT Law (Law 379/2001 + amendments via Budget Laws) — current standard rate 11%; February 2026 cabinet approved a hike to 12% but not yet enacted by Parliament as of 2026-04-28. Verified for current rate; pending for enactment.
  • Income Tax (Decree-Law 144/1959 + amendments) — Chapter I (BIC) progressive 4–21% on profits of individual traders / non-commercial professions. Verified.
  • Law No. 81 of 10 October 2018 — Electronic Transactions and Personal Data. Articles on online price display and merchant identity disclosure are the affiliate-relevant slice (privacy slice covered in §4). Verified statute; specific article numbers Probable.
  • Decree No. 8861 of 25 July 1996 — general advertising regulation (excludes radio/TV/magazines). Probable relevance to printed/outdoor; web applicability Uncertain — needs lawyer review.

2.2 What this requires of 961tech

Obligation Trigger Confidence
Beirut Commercial Register entry as individual trader (commerçant individuel) Code of Commerce arts. 6–9 — "habitually carrying out commercial acts as profession." Recurring affiliate commissions plausibly qualify once activity is regular. Probable
VAT registration Service turnover > LBP 5 bn over four consecutive quarters (raised by 2024 Budget Law). At LBP 89,500/USD ≈ USD 55,866 over 4 quarters. Verified (PwC Worldwide Tax Summaries)
Charge 11% VAT on affiliate-service invoices to Lebanese retailers once registered Standard rate; export-of-services zero-rating does not apply because the retailer paying us is Lebanese (place-of-supply analysis). Verified for rate; Probable for place-of-supply analysis
Annual income tax (BIC Chapter I) on profits Progressive 4–21% for individuals; annual declarations to MoF. Verified
Issue an invoice for each affiliate payout received Standard practice; required for the retailer to deduct as expense. Must carry seller's TIN; if VAT-registered, VAT number (TIN+601 suffix) and 11% line item. Electronic invoicing not yet mandated in Lebanon as of 2026-04-28. Verified
Bilateral affiliate contract No statute mandates a written contract or notarisation. Code of Commerce permits commercial contracts in any form. Law 81/2018 makes e-signature equivalent to wet ink. Probable
"Featured / Sponsored" labelling on paid placement Law 81/2018 + Law 659/2005 set a general no-misleading principle. No FTC-style prescriptive disclosure form exists. Probable — needs lawyer review for specific format
Surface operator's TIN publicly? Practice does not require public TIN on websites. Commercial-register extract is publicly searchable but not required to be posted. Probable

2.3 Gap vs EU / US norms

EU UCPD (Dir 2005/29/EC) and FTC 16 CFR Part 255 prescribe explicit, conspicuous affiliate / sponsored disclosure language ("#ad", "Sponsored", "Paid link") and reverse the burden onto the publisher to prove non-deception. Lebanon's framework sets a general no-misleading principle but has no prescriptive disclosure form, no enforcement guidance, and no published case law on aggregator paid placement. EU VAT B2B services use reverse-charge to the customer's place of business; Lebanon has no such mechanism for purely-domestic B2B service flows — the supplier charges 11% directly. There is no Lebanese equivalent of the EU Platform-to-Business Regulation 2019/1150 (transparency to retailers about ranking).

  1. Register as commerçant individuel at the Beirut Commercial Register before the first paid affiliate contract, even if revenue is far below the VAT threshold. ~LBP-denominated fees, defensible against any "habitual commercial acts" argument, makes invoicing legally clean. Defer SARL/SAL until revenue justifies it.
  2. Stay below VAT threshold (LBP 5 bn ≈ USD 56k/yr) deliberately for v1, track turnover quarterly. Above that, register and add 11% (or 12% post-enactment) to retailer invoices.
  3. Issue itemised invoices for every affiliate payout with TIN, retailer TIN, period, gross commissions, click/conversion counts. The reconciliation report (UC-L, #17) is the source of truth for the line items.
  4. Bilateral affiliate contract template (English; Arabic translation optional but recommended for retailer trust): parties + TINs, commission %, attribution window + deep-link spec (UC-2), reporting cadence, payment terms (net 30 / 60), term + termination, governing law (Lebanese), forum (Beirut). File under #41 monetisation.
  5. Label "Featured" listings explicitly: visible badge ("Sponsored") on every paid placement, plus a one-line disclosure in the listing card and a /transparency page explaining the model. Defensible under Law 81/2018 transparency principle and pre-empts any future Lebanese enforcement that follows EU/FTC norms.
  6. Do not publish operator's personal TIN on the public site. Reference "registered with Beirut Commercial Register No. ___" in the footer/ToS once registered. The CR number is already public.
  7. Income tax: file annual BIC declaration; treat affiliate revenue as commercial-profession income.

2.5 Open questions for MASTER + lawyer

See L1, L6, L10, L11 in §1.4.

Additional surface-specific:

  • Does Decree 8861/1996 apply to web advertising at all, or only print/outdoor? Could impose pre-clearance or content-moderation rules. Need: Beirut Bar Association memorandum or recent law-firm article.
  • Hold affiliate revenue in a Lebanese bank account or via crypto / foreign account? Matters for FX, capital controls, and tax declaration. neo by Bank Audi accepts USD service-income deposits but compliance varies. Need: bank compliance opinion + tax-advisor.

3. Consumer protection surface

3.1 Statutes / official sources

  • Law No. 659 of 4 February 2005 (Consumer Protection Law / قانون حماية المستهلك) — in force 10 May 2005, amended by Law 265/2014. Administered by MoET, Directorate of Consumer Protection (DCP). Hotline 1739. Verified.
  • Law No. 81 of 10 October 2018 (Electronic Transactions and Personal Data) — articles on online price display, distance contracts, merchant identity disclosure for e-commerce. Verified statute; specific article numbers Probable.
  • Decree No. 3380 of 5 May 2016 (Lebanese Advertising Decree) — secondary sources report it forbids comparative advertising and use of third-party trademarks in ads. Probable — primary source not directly verified.
  • MoET Circular 4/1/E.T. — mandatory price display in Lebanese pounds for sellers. Verified by MoET announcement.
  • General Lebanese labelling rule (imported physical goods): label info in Arabic, English, or French is acceptable (US Trade.gov country guide). Verified for physical goods; not a binding rule for online services.

3.2 What this requires of 961tech

Treating 961tech as a non-selling aggregator that links out to retailers and earns affiliate commission:

  • Scope under Law 659 — likely outside the strict "merchant" definition. Probable. Article 3 targets distributors / sellers / lessors. A pure aggregator that does not sell, hold inventory, or take payment does not cleanly fit. There is no platform-liability concept in Law 659. Uncertain — needs lawyer review whether a court would treat affiliate-monetised display as "provision of services" to the consumer (see L2).
  • Information accuracy (Art. 4 / Art. 36). Verified principle. Even if 961tech is outside the strict "merchant" scope, the "exact, sufficient and explicit information" standard is what a Lebanese court would reach for if a misled consumer sued. Stale-price exposure is real if no disclaimer is shown. Article 118 fine band: LBP 30M–50M.
  • Price display in LBP (Art. 5 + MoET circulars). Verified for sellers. Whether this binds a non-seller display website is Uncertain — needs lawyer review (L4). Enforcement targets retailers, not aggregators. Industry practice (PCAndParts, Macrotronics) is USD-only and has not been prosecuted as of April 2026.
  • Misleading / comparative advertising. Probable. Decree 3380/2016 reportedly forbids comparative advertising. A neutral side-by-side price table sourced from public retailer pages is unlikely to be treated as "comparative advertising" in the trademark-disparagement sense, but paid placement / "featured" slots without clear labelling could be challenged (L5).
  • Language of disclosure. Uncertain — needs lawyer review (L3). No primary source verifying that Law 659 mandates Arabic-only online consumer disclosures. The labelling rule for imported physical goods accepts Arabic / English / French. Court interpretation under Art. 4 ("exact, sufficient, explicit") could read in a "language the consumer understands" requirement. English-only is defensible at M1/M2 risk-tier but not provably safe.
  • Affiliate / sponsored disclosure. Probable — no specific Lebanese rule. No FTC-equivalent endorsement guide. Decree 3380 and Art. 4/36 could reach undisclosed paid placement under "misleading" principles, but no caselaw verified.
  • Distance-contract obligations (Law 81/2018). Verified for sellers. These bind the retailer of record at checkout, not 961tech.
  • Dispute / complaint surface. Probable. Art. 83 (mediation, MoET-appointed mediators) and Art. 98 (Dispute Settlement Committee) are seller-facing. An aggregator is not statutorily required to publish a complaint contact, but doing so reduces exposure.

3.3 Gap vs EU / US norms

EU UCPD (2005/29/EC) and the EU Consumer Rights Directive impose explicit pre-contractual information duties on online intermediaries (identity, total price, right of withdrawal, complaint route) — Lebanese Law 659 has no parallel "platform" tier. The EU's Modernisation Directive (2019/2161) and Omnibus rules require price-comparison sites to disclose ranking criteria and paid placement; Lebanon has no equivalent. FTC 16 CFR §255 mandates affiliate / endorsement disclosure ("we earn from purchases"); Lebanon has no equivalent. The Berlin Regional Court's €465M Idealo-vs-Google ruling on self-preferencing has no Lebanese applicability but is the right comparator for any future "Sponsored / Featured" labelling design. Net: Lebanon is a thinner regulatory surface than EU/US, but the EU/US baseline is the safer engineering target if 961tech ever expands beyond Lebanon.

Regardless of strict requirement:

  1. Persistent disclaimer near every price (UC-2 deep-link card, #28 page design): "Prices scraped from at . Final price, currency, taxes, and stock state confirmed at retailer checkout. 961tech is not the seller." This is the single most load-bearing liability allocator.
  2. Affiliate disclosure (FTC-style, sitewide footer + on UC-2 card, #28): "961tech earns commission on qualifying purchases via partner links." Cheap, defensible, future-proof.
  3. "Sponsored / Featured" labelling if any paid placement is ever introduced — pre-emptive against Decree 3380/2016 risk. Visible badge + textual disclosure on every paid card, plus a /transparency page.
  4. Currency display: keep USD primary (matches retailer reality) but show LBP equivalent at MoET central rate where engineering cost permits. Defers L4 risk and matches consumer expectation. Defer to M3 if engineering cost is high — see RFC-0005.
  5. Complaint contact in footer (e.g. support@961tech once domain is settled): "For complaints about a retailer's price, stock, or returns, contact the retailer. For 961tech display issues, email us." Not statutorily required, but a free defensive layer.
  6. Email collection (#14 price-drop alerts): Privacy / consent surface lives in §4 and Law 81/2018 territory — explicit-consent checkbox + clear unsubscribe path on every signup, regardless of strict requirement.
  7. Language (ADR-0004 conflict assessment): No verified statute conflict at M1/M2. English-only is defensible as a risk-accepted choice. Recommend translating only the disclaimer + affiliate disclosure + complaint contact sentences into Arabic, even while the rest of the UI stays English. ~3 sentences of translation; neutralises the "exact, sufficient, explicit information" Art. 4 attack vector; does not contradict ADR-0004's "no full i18n at M1/M2" position. Flag for MASTER + lawyer (L3) — the cleanest single move that buys defensibility without scope creep. Decided in RFC-0005.
  8. Surface retailer return-policy info via "Returns: see retailer" link, not a copied policy. UC-L (affiliate reconciliation) retains timestamps for any dispute.

3.5 Open questions for MASTER + lawyer

See L2, L3, L4, L5 in §1.4.

4. Privacy / data protection surface

4.1 Statutes / official sources

  • Law No. 81 of 10 October 2018 (Electronic Transactions and Personal Data / المعاملات الإلكترونية والبيانات ذات الطابع الشخصي). The personal-data title (Title IV / Title V depending on numbering) covers consent, lawful basis, data subject rights, cross-border transfer, security obligations. Verified statute exists; specific article numbers Probable; implementing decrees and operational supervisory authority status Uncertain. Official text in Al Jarida Al Rasmiyya issue 46, 18 Oct 2018.
  • Law No. 140/1999 (Confidentiality of Communications) — telecoms interception only; not applicable to a web aggregator's first-party logs. Verified out of scope.
  • Lebanese Penal Code Arts. 579–581 — unauthorised access / disclosure of secrets. Tangential criminal backstop. Verified existence; application to web data Uncertain — needs lawyer review.
  • Bank Secrecy Law (1956) — banking only; out of scope. Verified.
  • No standalone ePrivacy / cookie statute. Lebanon has not enacted an ePrivacy-Directive analogue. Probable — corroborated across DLA Piper / IAPP / CMS comparative trackers, no primary source contradicts.
  • Supervisory authority. Law 81/2018 contemplates pre-authorisation under MoET for certain processing (sensitive data, automated decision-making). No independent DPA has been operationalised as of April 2026. Probable based on consistent secondary commentary; Uncertain whether MoET has issued implementing decrees currently enforced (L7).

4.2 What this requires of 961tech

Per the data flows planned for M1 / M2:

Data flow Lebanese-law obligation Confidence
build_session cookie (signed, functional, ADR-0003) No cookie-banner statute. Law 81/2018 requires "consent" for processing personal data, but a signed session cookie tied to a build state is borderline whether it qualifies as personal data at all. Probable no banner required
Auth.js account (#11) — email + password / OAuth Consent + purpose limitation + security duty. Privacy notice at collection. Right of access / rectification. Verified in principle; specific timeline silent
Price-drop email subscription (#14) Affirmative opt-in is the safe reading; consent is the default lawful basis under Law 81/2018. No statutory unsubscribe-link mandate equivalent to CAN-SPAM, but commercial-communications doctrine and consumer-protection law point the same way. Probable
Click log with HMAC-hashed IP (UC-2, #17) Law 81/2018 does not define "personal data" with GDPR Art. 4(1) granularity and is silent on pseudonymisation. No Lebanese guidance on whether hashed IP is in or out of scope. Uncertain — needs lawyer review (L8)
Affiliate postback (click ID → conversion, no PII) Out of personal-data scope on its face. Verified
Cross-border hosting (Cloudflare / Vercel) Title IV contains a cross-border transfer provision requiring "adequate protection" or consent — text exists but no implementing regulation, no adequacy list, no SCC mechanism has been published. In practice unenforced. Probable unenforced; Verified statutory text exists (L9)
Breach notification No general statutory breach-notification duty comparable to GDPR Art. 33. Probable silent
Children's data Lebanon has no COPPA-analogue. General civil-capacity rules apply. Verified absence
Data subject rights Access and rectification recognised in principle. No statutory response deadline equivalent to GDPR's 30 days. Probable
Privacy policy content No prescribed content list. Practice converges on a GDPR-Art-13-shaped notice. Probable

4.3 Gap vs EU / US norms

Lebanon's framework is materially thinner than GDPR + ePrivacy. Lebanese law does not require: a cookie consent banner, a 30-day DSAR response window, a 72-hour breach notification, a DPO, a Record of Processing Activities, SCCs or an adequacy mechanism for cross-border transfers in practice, mandatory unsubscribe links (CAN-SPAM-style), DPIAs, or age-gating for minors. It also has no operational DPA issuing fines. The functional regulatory pressure on a Lebanese-only consumer site is close to zero in 2026; the real pressure comes from (a) any EU visitor traffic triggering GDPR extraterritorially under Art. 3(2), and (b) reputational / contractual pressure from payment processors and affiliate networks who impose their own privacy clauses.

Ship a GDPR-shaped baseline anyway, scaled to M1 reality. Lebanese law won't punish over-compliance, and it future-proofs against EU traffic, affiliate-network audits, and the day a Lebanese DPA actually starts enforcing.

(a) Cookie banner — defer past M1. The build_session cookie is functional / strictly-necessary in shape (per ADR-0003 it carries the build state or a session ID; no advertising, no cross-site tracking). Under Lebanese law, no banner is required. Under GDPR/ePrivacy, strictly-necessary cookies are also exempt from consent. Ship M1 with no banner. Add a banner only when one of these triggers fires:

  • We add analytics / advertising / non-essential third-party cookies.
  • EU traffic crosses the ADR-0004-shape 5% threshold (or any equivalent post-launch telemetry signal).
  • An affiliate network's terms require it.

A short cookie-disclosure section in the privacy policy is sufficient at M1.

(b) Per-data-flow retention windows (write into #29 DB architecture):

Data Retention Rationale
build_session cookie / server session 365 days from last activity (matches ADR-0003 cookie expiry); purge inactive server-side rows nightly Matches user expectation; bounded
Auth.js account Lifetime of account + 30 days post-deletion grace, then hard-delete Issue #11
Price-drop email subscription Until unsubscribe + 30 days for audit Issue #14
Click logs (hashed IP, retailerId, listingId, ts, UA) 90 days rolling Long enough for affiliate reconciliation cycles (UC-L typically 30–60 days), short enough to limit exposure
Affiliate conversion records 24 months Tax / accounting + dispute window

© Hashed-IP classification — treat as personal data. GDPR post-Breyer (CJEU C-582/14) treats rejoinable hashed identifiers as personal data. Lebanese law is silent (L8), so we adopt the conservative reading: HMAC-SHA-256 with IP_HASH_SECRET is pseudonymisation, not anonymisation. Document this in the privacy policy. Operational consequences: secret rotation policy (rotate yearly or on suspected compromise), 90-day click log retention, no joining click logs to user accounts beyond what UC-L requires.

Other baseline items. Privacy policy in English (matches ADR-0004; revisit once L3 has a confident answer on Arabic). Single contact email for data subject requests. Plain-text unsubscribe link in every price-drop email. No third-party analytics at M1 — defers the cookie-banner question entirely. Cloudflare / Vercel hosting disclosed in the policy with a "data may be processed outside Lebanon" line.

4.5 Open questions for MASTER + lawyer

See L7, L8, L9 in §1.4.

Additional surface-specific:

  • Affiliate-network privacy clauses (Awin / Impact / CJ / Amazon Associates) typically impose obligations exceeding Lebanese law. Evidence needed: read whichever network we onboard for #17 before signing.
  • Auth.js password storage compliance. Law 81/2018 has a generic "appropriate security measures" duty, no algorithm mandate. Confirm bcrypt / argon2 default is documentary-defensible. Evidence needed: lawyer sign-off on security-measures clause in privacy policy.

5. Cross-references

6. Sources

Affiliate / commerce

  • Lebanese Code of Commerce (Decree-Law 304/1942), full text — http://data.infopro.com.lb/file/CodeofCommerce.pdf
  • Aldic — Law 126/2019 amending the Code of Commerce — https://www.aldic.net/law-no-126-of-29032019-modifying-certain-provisions-of-the-lebanese-code-of-commerce-legislative-decree-no-304-of-24121942/
  • PwC Worldwide Tax Summaries — Lebanon Corporate (VAT 11%, threshold LBP 5 bn) — https://taxsummaries.pwc.com/lebanon/corporate/other-taxes
  • PwC Worldwide Tax Summaries — Lebanon Individual (BIC 4–21%) — https://taxsummaries.pwc.com/lebanon/individual/taxes-on-personal-income
  • VATupdate — Lebanon VAT rise to 12% (Feb 2026 cabinet, pending Parliament) — https://www.vatcalc.com/lebanon/lebanon-vat-rise-to-12-feb-2026/
  • The National — Feb 2026 VAT/petrol hike context — https://www.thenationalnews.com/news/mena/2026/02/17/anger-in-lebanon-as-government-raises-vat-and-petrol-prices/
  • Law 81/2018 Official Gazette (English) via SMEX — https://smex.org/wp-content/uploads/2018/10/E-transaction-law-Lebanon-Official-Gazette-English.pdf
  • Dentons commentary on Law 81/2018 — https://www.dentons.com/en/insights/alerts/2019/january/21/new-lebanese-law-on-etransactions-and-data-protection
  • Kallas Law Firm — consumer protection / online promotions Q&A — https://www.klfi.net/consumer-protection-in-lebanon/
  • HG.org — Lebanese advertising law / Decree 8861/1996 — https://www.hg.org/legal-articles/advertising-law-in-lebanon-31866
  • TaxDo — Lebanese TIN format / 601 VAT suffix — https://taxdo.com/resources/global-tax-id-validation-guide/lebanon
  • OECD AEoI Lebanon TIN brief — https://www.oecd.org/content/dam/oecd/en/topics/policy-issue-focus/aeoi/lebanon-tin.pdf
  • Ministry of Economy & Trade — legislation index — https://www.economy.gov.lb/en/what-we-provide/intellectual-property-right/legislation/

Consumer protection

  • Lebanese Consumer Protection Law 659/2005 — https://www.economy.gov.lb/en/publications/consumer-protection-law-
  • Tohme Law summary of Law 659 (Articles 1, 3, 4, 5, 36, 83, 98, 118) — https://tohmelaw.com/publications/lebanon-consumer-protection-law
  • Kallas Law Firm Q&A on online / social-media promotions in Lebanon — https://www.klfi.net/consumer-protection-in-lebanon/
  • MoET Circular 4/1/E.T. on mandatory LBP price display — https://economy.gov.lb/en/announcements/minister--mansour-bteish-issued-today-circular-n-41et-regarding-the-mandatory-displaying-of-prices-in-lebanese-pounds
  • Law 81/2018 (Electronic Transactions and Personal Data), English — https://alp.unescwa.org/legislations/law-81-2018-electronic-transactions-and-personal-data-english-version
  • Sader Law / HG.org on Lebanese advertising law and Decree 3380/2016 — https://www.saderlaw.com/publicationstudy.php?pubid=8 ; https://www.hg.org/legal-articles/advertising-law-in-lebanon-31866
  • Trade.gov country guide — Lebanon labelling / marking — https://www.trade.gov/country-commercial-guides/lebanon-labelingmarking-requirements
  • UNESCWA archive on Lebanese Consumer Protection — https://archive.unescwa.org/lebanese-consumer-protection-law

Privacy / data protection

  • Law 81/2018, Al Jarida Al Rasmiyya issue 46, 18 Oct 2018 (French / Arabic; English at the SMEX archive above) — see Affiliate sources.
  • DLA Piper Data Protection Laws of the World — Lebanon — https://www.dlapiperdataprotection.com
  • CMS Data Law Navigator — Lebanon — https://cms.law/en/int/expert-guides/cms-expert-guide-to-data-protection-and-cyber-security-laws
  • IAPP Global Privacy Law Library — Lebanon entry.
  • Obeid Law Firm and BSA Ahmad Bin Hezeem & Associates commentaries on Law 81/2018.
  • GDPR Reg. (EU) 2016/679 Arts. 4, 6, 13, 33; ePrivacy Dir. 2002/58/EC Art. 5(3); CJEU C-582/14 (Breyer); 15 U.S.C. §§7701–7713 (CAN-SPAM).