In the current context of corporate digitalization, the legal validity of corporate resolutions no longer relies exclusively on physical minute books.

The effectiveness of resolutions adopted at the General Shareholders’ Meeting or Partners’ Meeting is significantly conditioned by the proper availability of the mandatory documentation through the corporate website and by the company’s ability to demonstrate, with full evidentiary effect, compliance with such obligation.

Royal Legislative Decree 1/2010, of 2 July, approving the revised text of the Spanish Companies Act (hereinafter, the “LSC”), authorizes and promotes the use of the corporate website for the publication of notices and relevant documentation.

However, such authorization is accompanied by a stringent evidentiary requirement which, if not properly fulfilled, may compromise the validity of the corporate resolutions adopted.

This article analyzes the applicable regulatory framework, outlines the risks associated with internal document management, and describes how the reliable verification services provided by EADTrust, in its capacity as a Qualified Trust Service Provider, offer a technically and legally robust response to these requirements.

The legal framework governing the corporate website and the burden of proof

The corporate website as an instrument of corporate disclosure (Articles 11 bis and 11 ter of the LSC)

Article 11 bis of the LSC regulates the creation and maintenance of the corporate website, establishing that companies may have a corporate website for publishing the information required by law.

In turn, Article 11 ter of the LSC, introduced by Law 1/2012 of 22 June on the simplification of information and documentation obligations in mergers and spin-offs of capital companies, and supplemented by Law 31/2014 of 3 December amending the LSC to improve corporate governance, establishes the evidentiary regime applicable to publications made on such website, expressly providing that:

«La carga de la prueba del hecho de la inserción de documentos en la página web y de la fecha en que esa inserción haya tenido lugar corresponderá a la sociedad.» 

This express allocation of the burden of proof to the company constitutes a determining element of legal risk.

Pursuant to the same Article 11 ter of the LSC, if the corporate website suffers an interruption lasting more than two consecutive days or four non-consecutive days during the period in which the documentation must remain available, the General Shareholders’ Meeting may not be validly held, unless the interruption is attributable to the shareholder seeking to exercise their rights.

Specific obligations regarding publication on the corporate website

The LSC requires the publication on the corporate website of a broad range of corporate documents, non-compliance with which may result in the nullity of corporate resolutions or give rise to directors’ liability. The most relevant obligations are as follows:

• Notice convening the General Meeting (Article 173 LSC): the notice must be published within the legally established minimum notice period — one month for listed companies; fifteen days for non-listed companies — and must remain continuously available until the meeting is held.
• Financial and audit documentation (Articles 272 and 279 LSC): the annual accounts, management report, and audit report must be made available to shareholders from the date the notice convening the meeting is published.
• Annual directors’ remuneration report (Article 541 LSC): in listed companies, this report must remain available on the website for a minimum period of ten years, and the company may at any time be required to prove the exact version published on a given date.
• Announcement of material related-party transactions (Article 529 vicies of the LSC, introduced by Law 5/2021 of 12 April): related-party transactions exceeding the established thresholds must be published on the corporate website prior to their execution, with the publication date constituting a critical element for the protection of directors.
• Documentation relating to structural modifications (Articles 286, 318, and related provisions of the LSC): proposed amendments to the bylaws and the mandatory reports must be published sufficiently in advance, and proof of their timely publication constitutes a validity requirement for the procedure.

The evidentiary limitations of internal document management

n the absence of an external and independent certification system, proof of compliance with website publication obligations usually relies on forms of evidence with limited procedural value: statements made by the company’s own directors or technical staff, who have the status of interested parties.

This also includes screenshots taken by company employees without the intervention of an independent third party, and access records (logs) generated by the company’s own servers, which may technically be modified by internal personnel.

From a procedural perspective, such evidence constitutes free evidence, the effectiveness of which is subject to the court’s discretionary assessment pursuant to Article 316 of the Spanish Civil Procedure Act (LEC). Its evidentiary value will necessarily be interpreted restrictively when the party submitting the evidence is also the party that generated it, in application of the principle nemo testis in causa propria. This evidentiary weakness contrasts with the presumption of accuracy associated with qualified trust services.

Reliable web verification: legal nature and technical process

Concept and regulatory framework

Reliable web verification is a trust service based on qualified services that acts as an independent third party in the process of certifying the publication of documents on the corporate website.

Its provision falls within the framework of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market (the eIDAS Regulation), and Law 6/2020 of 11 November regulating certain aspects of electronic trust services.

The service combines automated monitoring of the specified URL with the application of qualified electronic timestamps to the verified content, generating a chain of custody of digital evidence with full evidentiary effectiveness against third parties.

Technical certification process

The procedure followed by EADTrust for the certification of website publication comprises the following phases:

1. Access simulation: EADTrust’s systems access the specified URL by replicating the behavior of an ordinary shareholder, verifying both the availability of the webpage and the effective download of the document.
2. Integrity verification: it is verified that the document is fully legible and that its content is identical, bit by bit, to that verified in previous checks, thereby guaranteeing the absence of modifications.
3. Generation of a digital fingerprint: the cryptographic hash value of the document is calculated. This function acts as a unique identifier of the content: any modification, however minor, produces a radically different hash value, making concealed alteration impossible.
4. Qualified electronic timestamping: the resulting digital fingerprint is subjected to qualified electronic timestamping in accordance with Articles 38 to 42 of the eIDAS Regulation, irrefutably proving that the exact document existed at that precise moment and has not been modified thereafter.

This process is automatically repeated several times a day, at random intervals, throughout the entire legally required document publication period, thereby generating a continuous chain of certified evidence.

Qualified evidentiary value: Article 326 of the LEC and the eIDAS Regulation

The use of a qualified trust service for certifying website publication entails a major procedural advantage arising from the combined application of Article 326 of the LEC and Articles 41 and 42 of the eIDAS Regulation.

Article 326.4 of the LEC establishes that where a qualified trust service has been used, it shall be presumed that the document possesses the challenged characteristic, such that documents incorporating a qualified electronic timestamp shall constitute full proof of the relevant fact.

If the electronic document is challenged, the burden of carrying out the verification shall fall upon the party who submitted the challenge. If such verifications produce a negative result, the costs, expenses, and fees arising from the verification shall be borne exclusively by the party that filed the challenge.

This privileged evidentiary regime results in the following legal consequences:

1. Presumption of authenticity and integrity: it is presumed that the certified document meets the requirements of authenticity, integrity, and accuracy of the publication date, without the need for additional proof by the company.
2. Reversal of the burden of proof: where the company provides a reliable verification certificate issued by a Qualified Trust Service Provider, it is the challenging shareholder who must rebut the validity of such evidence.
3. Consequences for bad-faith challengers: if the technical verification confirms the authenticity of the submitted certificate and that the trust service appeared, at the relevant time for the purposes of the dispute, on the trusted list of qualified trust service providers and services, the challenging shareholder shall bear the costs, expenses, and fees arising from the verification. Furthermore, if the court finds recklessness or bad faith, it may impose a fine ranging from EUR 300 to EUR 1,200.

Comparative overview: internal management versus reliable verification

Characteristic	Internal Management (director’s declaration)	Reliable Verification (EADTrust)	Legal Basis
Proof of date	Sworn statement or internal logs (interested party).	Qualified electronic timestamp (issued by a Qualified Trust Service Provider).	Articles 41–42 of the eIDAS Regulation; Article 326 of the LEC.
Document integrity	Not demonstrable (the file may be replaced).	Cryptographic digital fingerprint (hash): any modification is detected.	Article 326 of the LEC; Article 3(33) of the eIDAS Regulation.
Monitoring frequency	Sporadic or manual.	Automatic, daily, and random (2–4 times/day) throughout the legally required period.	Article 11 ter of the LSC.
Evidentiary value (LEC)	Free evidence: discretionary assessment by the court (Article 326.2 LEC).	Qualified evidence: presumption of accuracy of the date and integrity of the content.	Article 326.3 LEC; Recital 62 of the eIDAS Regulation.
Final report	Internal document with no enforceability against third parties.	Certificate/report admissible before a Notary, the Commercial Registry, and courts.	Law 6/2020 of 11 November.

Technical best practices for integrating the service

n order to ensure the maximum effectiveness of documentary protection, the company’s Technology and Legal departments should jointly adopt the following measures: publish documents in PDF format with clear and stable naming conventions, avoiding dynamic URLs (principle of referencability); refrain from modifying the file once certified monitoring has begun, since any alteration breaks the comparison with the document previously downloaded (principle of immutability); and ensure that the documents are accessible from the website homepage within a maximum of three clicks (principle of simplicity).

It is advisable to contract the service sufficiently in advance of the start of the legally required publication period (principle of foresight).

Conclusion: preventive legal certainty through qualified trust services

The proper application of qualified trust services should not be regarded as an additional cost, but rather as a mechanism for the preventive management of corporate legal risk. Reliable verification of the corporate website transforms the inherent fragility of digital environments into full and verifiable legal certainty.

This service enables directors and the Secretary of the Board to effectively comply with the evidentiary obligations imposed by Articles 11 ter, 173, 529 vicies, and 541 of the LSC, and provides the authorizing Notary and the Commercial Registrar with the evidence necessary for the registration of corporate resolutions without delays or incidents.

EADTrust, in its capacity as a Qualified Trust Service Provider listed in the Trusted List supervised by the Ministry of Economic Affairs and Digital Transformation, makes available to capital companies an active and certified monitoring service that guarantees full compliance with the requirements of Article 11 ter of the LSC and Regulation (EU) 910/2014, providing the company with the evidentiary protection necessary against any challenge.

Call us now or contact us here.