Digital evidence in Spanish civil procedure: cadena de custodia under article 326 LEC and eIDAS
This article walks through how article 326 LEC, Ley 6/2020 de servicios electrónicos de confianza, and the eIDAS Regulation interact in Spanish civil procedure. It is written for international litigation counsel handling Spanish disputes, in-house lawyers at multinationals operating in Spain, and compliance officers at Spanish utilities, banks and public-sector vendors. The operational question is straightforward: what presumption applies under article 326.3 LEC, and how do you structure your evidence so the burden of proof flips to the challenger? For an introduction to how civil-law courts treat digital records generally, see the general admissibility framework we published earlier this year.
Evidence Box
A cross-border litigation team is preparing a contractual dispute before the Audiencia Provincial of Madrid. The defence relies on three years of email exchanges, two recorded video calls, and a series of screenshots from a customer portal. Opposing counsel has already announced a challenge to authenticity. The presiding judge will look for four things before admitting the records into the case file: a qualified electronic seal or signature applied at source, an unbroken cadena de custodia documented from capture to courtroom, archival aligned with the Esquema Nacional de Seguridad (ENS) where applicable, and the statutory presumption of authenticity under article 326.3 of the Ley de Enjuiciamiento Civil. Miss any of these and the records fall back to free judicial assessment under sana crítica, where probative value is no longer presumed and the burden stays with the producer.
Definition Box
Cadena de custodia (chain of custody) is the unbroken, documented sequence of capture, sealing, preservation, and presentation of an electronic record from origin to courtroom. Each link records who handled the record, when, what was done, and with which tool. A break in any link gives opposing counsel grounds to challenge authenticity, integrity or temporal accuracy.
What article 326 LEC requires for digital evidence to be admissible
Article 326 LEC, codified within the Ley de Enjuiciamiento Civil (Ley 1/2000), governs the evidentiary force of private documents in Spanish civil procedure. Paragraph 3 of article 326 LEC, as amended by Ley 6/2020, applies a presumption of authenticity to electronic documents when a qualified trust service has been used to generate the relevant feature. Paragraph 4 of article 326 LEC then completes the regime by flipping the burden of proof onto the challenger when that qualified service is in place.
The text of article 326 LEC (Ley 1/2000)
Apartado 1 of article 326 LEC sets the baseline rule for private documents. The Spanish text reads verbatim as follows:
"Los documentos privados harán prueba plena en el proceso, en los términos del artículo 319, cuando su autenticidad no sea impugnada por la parte a quien perjudiquen."
EN gloss: "Private documents shall constitute full proof in proceedings, under the terms of article 319, when their authenticity is not challenged by the party against whom they operate."
Source: BOE-A-2000-323.
The structure is straightforward. If no party challenges authenticity, the private document is admitted with full probative force. The hard cases begin once a challenge is filed. Apartado 2 then governs that contested scenario for non-electronic records: the producing party can request cotejo pericial de letras (expert handwriting comparison) or propose any other useful means of proof. If neither cotejo nor alternative proof yields authenticity, the court falls back to sana crítica and weighs the document on its own merits, without statutory presumption.
Article 326.3 LEC (Ley 6/2020 amendment)
Ley 6/2020, de 11 de noviembre, introduced paragraphs 3 and 4 into article 326 LEC, transforming Spanish civil procedure for electronic documents. Paragraph 3 governs documents bearing non-qualified trust services, which fall back to sana crítica review. Paragraph 4 grants a presumption of authenticity to documents sealed or timestamped through an eIDAS-qualified service whose provider is listed in the EU LOTL.
"Cuando la parte a quien interese la eficacia de un documento electrónico lo solicite o se impugne su autenticidad, integridad, precisión de fecha y hora u otras características del documento electrónico que un servicio electrónico de confianza no cualificado de los previstos en el Reglamento (UE) 910/2014 del Parlamento Europeo y del Consejo, de 23 de julio de 2014, relativo a la identificación electrónica y los servicios de confianza para las transacciones electrónicas en el mercado interior, permita acreditar, se procederá con arreglo a lo establecido en el apartado 2 del presente artículo."
In plain terms: a non-qualified service produces no statutory presumption. The dispute reverts to sana crítica under apartado 2. The producing party must prove authenticity through cotejo pericial, an expert IT report, hash comparison, witness testimony, or any combination the judge accepts as relevant.
Article 326.4 LEC (Ley 6/2020): the qualified service presumption
Apartado 4 is the operative rule for digital-evidence strategy. Verbatim:
"Si se hubiera utilizado algún servicio de confianza cualificado de los previstos en el Reglamento citado en el apartado anterior, se presumirá que el documento reúne la característica cuestionada y que el servicio electrónico de confianza se ha prestado correctamente si figuraba, en el momento relevante a los efectos de la discrepancia, en la lista de confianza de prestadores y servicios cualificados. Si aun así se impugnare el documento electrónico, la carga de realizar la comprobación corresponderá a quien haya presentado la impugnación."
EN gloss: "If a qualified trust service under the Regulation cited in the preceding paragraph has been used, the document shall be presumed to meet the challenged feature and the electronic trust service shall be presumed to have been provided correctly, provided the service was listed in the trusted list of qualified providers and services at the relevant time. If the electronic document is still challenged, the burden of verification shall fall on the party that filed the challenge."
This is the burden-flip. Once a qualified electronic signature, qualified electronic seal or qualified timestamp from a prestador cualificado de servicios electrónicos de confianza is in place, and the provider was on the trusted list at the relevant moment, the presumption favours the producing party. The challenger has to rebut it.
Articles 299, 333 and 384 LEC: medios de prueba audiovisuales y soportes electrónicos
Article 299 LEC enumerates the means of proof admissible in civil procedure: documents (public and private), expert reports, witness testimony, medios de reproducción de la palabra, el sonido y la imagen, and instrumentos que permiten archivar y conocer datos. Article 333 LEC and article 384 LEC govern, respectively, copies of documents and the means of reproducing audio, video and electronic archival instruments. Together with article 326 LEC, these provisions form the procedural backbone for admitting electronic records.
Article 318 LEC: documentos públicos electrónicos
Public electronic documents operate under article 318 LEC and carry a stronger presumption than private documents. The category covers notarial acts in electronic form, electronic public-administration records, and judicial electronic certifications. Where a notary issues a digital instrument with the sello electrónico cualificado of the Consejo General del Notariado, that record has the evidentiary force of a documento público, not a documento privado. The article 326 LEC framework, in apartados 3 and 4, applies primarily to private electronic documents: contracts, communications, internal records, screenshots, and audiovisual files captured outside notarial intervention.
How sana crítica differs from the article 326 LEC presumption
Sana crítica (free judicial assessment) is the residual evaluation rule for evidence that does not benefit from a statutory presumption. Where article 326 LEC does not apply, articles 316 and 348 LEC tell the judge to weigh reliability case by case, looking at the source, the means of capture, expert reports and any corroborating evidence.
Sana crítica under articles 316 and 348 LEC
Article 316 LEC governs party interrogation; article 348 LEC governs the evaluation of expert reports. Both set out sana crítica as the assessment standard. The judge is not bound by any single piece of expert testimony or by any pre-fixed weight. They compare the report against the case file, the cross-examination, the credibility of the expert, and the coherence of the technical conclusions.
For digital evidence captured without a qualified trust service, sana crítica is the regime. The producing party can still win on authenticity, but they have to build it: pericial informática, hash verification, witness testimony, log analysis, or comparison against independently held copies.
Indicios y prueba indiciaria for unsigned electronic records
Spanish doctrine on circumstantial digital evidence has matured through Supreme Court rulings. STS 300/2015 (Sala de lo Penal, 19 May 2015, ponente Manuel Marchena Gómez) is the canonical precedent on screenshot and WhatsApp evidence. The court held that when authenticity is challenged, the party producing the screenshot bears the burden, normally through pericial informática. The judges flagged three risks: identity spoofing at the messaging-account level, content editing of the captured data, and direct manipulation of the screenshot image. The doctrine applies by analogy in civil proceedings, since the evidentiary question (how do we trust an unsigned digital record?) is structurally identical. STS 195/2014 is a useful cross-reference for the broader principles on digital-evidence handling.
Practical implications: who bears the burden
The article 326 LEC split between apartados 3 and 4 turns on a single procedural decision: was a qualified trust service used at capture, or not?
"la carga de realizar la comprobación corresponderá a quien haya presentado la impugnación."
EN gloss: "the burden of verification shall fall on the party that filed the challenge."
Cited in Banacloche Palao, J., "Reflexiones sobre el artículo 326 LEC", El Notario del Siglo XXI.
When the qualified seal is missing, the producer fights uphill: cotejo pericial, expert witness, hash comparison, often with months of procedural delay. When the qualified seal is present and the QTSP was on the trusted list at the relevant moment, the producer cites article 326 LEC, paragraph 4, and the work shifts to opposing counsel.
For litigation teams advising on cross-border disputes with a Spanish nexus, the operational rule is simple: capture and seal at source through a qualified trust service, document the digital chain of custody from origin to courtroom, and the article 326 LEC presumption follows.
Archiving compliance: ENS, ENI and Ley General Tributaria for digital records
The article 326 LEC presumption under paragraph 4 gets you in the door at trial, but it does not solve preservation. Evidence has to survive years of retention without losing its qualified seal or its operation log. Spanish law layers preservation rules on top of capture-time qualification, and three regimes matter most for sustaining article 326 LEC compliance over time.
ENS (RD 311/2022): Esquema Nacional de Seguridad
The Esquema Nacional de Seguridad (Royal Decree 311/2022) defines the security baseline for information systems in the Spanish public sector. It sets five core principles relevant to evidence preservation: integrity (data is not altered after capture), authenticity (the source can be verified), confidentiality (access is restricted to authorised parties), traceability (every operation is logged), and availability (records can be retrieved when needed). ENS is mandatory for the Administración General del Estado, Comunidades Autónomas, local entities, public-law bodies and contracted-out services that handle public-sector information. Private vendors selling to those entities inherit ENS obligations through their contracts.
ENS guidance is published through the Centro Criptológico Nacional (CCN) at the ENS portal CCN.
ENI (RD 4/2010) and NTI Documento Electrónico
The Esquema Nacional de Interoperabilidad (Royal Decree 4/2010) governs format, preservation metadata and signature policies for electronic documents in the Administraciones Públicas. The Norma Técnica de Interoperabilidad de Documento Electrónico (Resolution of 19 July 2011) sets the metadata schema, the signature formats and the preservation requirements. ENI is formally addressed to the public sector, but private vendors handling public-sector records (including utilities under public-service obligations and banks managing State-related transactions) are de facto bound by extension.
LGT 58/2003 and Reglamento de facturación electrónica
For electronic invoices and supporting accounting records, the Ley General Tributaria 58/2003 (article 29 on retention duties) and the Reglamento de facturación electrónica (Royal Decree 1619/2012) set a four-year retention floor under tax law. The Código de Comercio (article 30) extends retention to six years for commercial records. Foreign companies with a permanent establishment in Spain are subject to the same retention regime. For litigation purposes the practical takeaway is simple: records must be preserved with their qualified seal, qualified timestamp and trust-service-listing evidence intact for at least the longer of those windows, so the article 326 LEC presumption survives the full retention horizon.
Table: ENS principles mapped to article 326 LEC
| ENS principle | What it requires | How it maps to article 326 LEC | Practical impact |
|---|---|---|---|
| Integrity | Records cannot be altered after capture; any modification is detectable. | Supports the *autenticidad* and *integridad* features under article 326 LEC, paragraphs 3 and 4. | Cryptographic hash at capture, qualified seal locks the artefact. |
| Authenticity | The source of the record can be reliably attributed. | Direct match with the *autenticidad* feature in article 326 LEC. | Qualified electronic signature or seal of a third-party QTSP applied at source. |
| Traceability | Every operation on the record is logged with who, when, what. | Underpins *cadena de custodia* documentation accepted by the court. | Operation log linked to the qualified-timestamped artefact. |
| Availability | Records can be retrieved on demand throughout the retention period. | Allows the producing party to bring the record to court within procedural deadlines. | Long-term preservation aligned with eIDAS art. 34 qualified preservation service. |
| Confidentiality | Access to the record is restricted to authorised users. | Indirect: protects against tampering and reduces challenges to integrity. | Role-based access control; encrypted storage and transport. |
The Spanish supervisor of qualified trust service providers and what they certify
eIDAS requires every Member State to designate a supervisory body for trust service providers operating on its territory. Spain does this through Ley 6/2020.
Ministerio para la Transformación Digital y de la Función Pública
Article 14 of Ley 6/2020 assigns supervisory responsibility to the Ministerio para la Transformación Digital y de la Función Pública (formerly the Ministerio de Asuntos Económicos y Transformación Digital). Operational duties run through the Secretaría de Estado de Telecomunicaciones e Infraestructuras Digitales (SETID). The supervisor maintains the Spanish Trusted List of qualified providers, audits qualified service providers periodically, and submits the national list into the EU LOTL.
Article 3, Ley 6/2020 (verbatim):
"1. Los documentos electrónicos públicos, administrativos y privados, tienen el valor y la eficacia jurídica que corresponda a su respectiva naturaleza, de conformidad con la legislación que les resulte aplicable. 2. La prueba de los documentos electrónicos privados en los que se hubiese utilizado un servicio de confianza no cualificado se regirá por lo dispuesto en el apartado 3 del artículo 326 de la Ley 1/2000..."
EN gloss: "1. Public, administrative and private electronic documents have the value and legal effect corresponding to their nature, in accordance with the applicable legislation. 2. The proof of private electronic documents in which a non-qualified trust service has been used shall be governed by article 326.3 of Ley 1/2000..."
Source: BOE-A-2020-14046.
The Ministerio's portal is reachable at digital.gob.es.
Verifying a Spanish QTSP via the EU LOTL
Counsel preparing for a Spanish trial should verify the trust-service listing at the relevant moment. Article 326 LEC, in its paragraph 4, ties the presumption to whether the provider was on the list when the seal or signature was applied, not to whether they are on the list today. Two tools matter:
- The EU LOTL browser hosted by the European Commission, which aggregates all Member State trusted lists.
- The Spanish national list at sedeaplicaciones.minetur.gob.es, which provides historical entries and time-stamped status changes.
Step by step: open the LOTL browser, filter by Spain, locate the QTSP that issued the qualified service, open the historical view to confirm the status at the date of capture, and download the trusted list signature. Preserve those records alongside the artefact for evidentiary use.
Qualified electronic signatures, seals and timestamps as evidentiary anchors
Three qualified services trigger the article 326 LEC presumption when applied to a private electronic document. Qualified electronic signatures (FEC) bind a natural person to the document. Qualified electronic seals (sellos electrónicos cualificados) bind a legal entity. Qualified timestamps (sellos cualificados de tiempo) certify the moment a document existed in its present form. All three are enumerated in eIDAS Title III. For enterprise capture scenarios with automated workflows, the standard combination is the qualified seal of a legal entity (a utility, a bank, a notary, a service provider) plus a qualified timestamp.
Long-term preservation and eIDAS article 34
The Política de firma electrónica y de certificados de la Administración General del Estado sets the policy framework for long-term signature preservation. Combined with eIDAS article 34 (the qualified preservation service for qualified electronic signatures), Spanish counsel can keep the cryptographic strength of signed records intact well beyond the original certificate validity. For litigation that surfaces years after capture, qualified preservation is what keeps the article 326 LEC presumption alive when the case file is reopened.
How cadena de custodia works under Spanish civil and criminal procedure
Cadena de custodia is the operational backbone of digital-evidence strategy. The LEC does not define it expressly. The construct comes from Supreme Court doctrine and forensic standards built up over the past two decades. For the broader framework on documenting the unbroken sequence from capture to courtroom, see our digital chain of custody guide.
Cadena de custodia in operational terms
Every chain of custody for digital records under article 326 LEC moves through capture (acquisition of the artefact), sealing (cryptographic hashing and qualified-service application), preservation (storage with integrity controls), and presentation (delivery to court with the full operation log). Each step is logged with who acted, when (with qualified timestamp where available), what was done, and with which tool. Any gap in the log gives the opposing party a ground for challenge under article 326 LEC: the integrity and the accuracy of date and time become contestable.
ISO/IEC 27037:2012 alignment with Spanish forensic practice
International standard ISO/IEC 27037:2012 (Guidelines for identification, collection, acquisition and preservation of digital evidence) defines the roles of Digital Evidence First Responder (DEFR) and Digital Evidence Specialist (DES), plus the four operational stages: identification, collection, acquisition, preservation. Spanish forensic practice tracks ISO/IEC 27037 in pericial reports prepared for both civil and criminal proceedings, and the standard is routinely cited by peritos informáticos before Audiencias Provinciales.
STS 300/2015 and the chain-of-custody doctrine
STS 300/2015 (Sala de lo Penal, 19 May 2015, ponente Manuel Marchena Gómez) is the locus classicus for digital-evidence chain of custody in Spain. The court put the doctrine in plain terms:
"the computer expert report should be as mandatory for digital evidence as the chain of custody is for biological evidence."
The reasoning extends to civil litigation by analogy. STS 195/2014 reinforces the broader principles on digital-evidence handling. Lower courts have followed the line: civil and commercial chambers require either qualified-service-backed authenticity at source or a documented pericial informática with an unbroken cadena de custodia.
Audiencia Provincial rulings on email and screenshot evidence
Civil chambers of the Audiencia Provincial of Madrid and Barcelona have built a consistent line of decisions on email and screenshot evidence over the past decade. The pattern is stable. Where authenticity is challenged, the producing party must show either a qualified trust service backing the artefact, or a pericial informática setting out the cadena de custodia. Records lacking both fall to sana crítica, with predictable downward pressure on probative value.
For comparative reference, counsel handling parallel disputes in other common-law jurisdictions can review the UK ACPO chain of custody framework, which reaches similar conclusions through a different statutory route.
Five steps to maintain cadena de custodia in practice
A defensible chain of custody for civil litigation in Spain rests on five operational steps:
- Capture the artefact in a tamper-evident environment, with full session metadata recorded.
- Apply a cryptographic hash at the moment of capture, before any human review or processing.
- Apply a qualified electronic seal and a qualified timestamp from a third-party QTSP listed in the EU LOTL.
- Preserve the sealed artefact in an archival system aligned with ENS principles (integrity, authenticity, traceability, availability) and, where applicable, eIDAS article 34 qualified preservation.
- Present the artefact in court via a court-ready report that includes the artefact, its hash, the qualified seal, the qualified timestamp, the trust-service-listing snapshot, and the full operation log.
Platforms such as TrueScreen, the Data Authenticity Platform, enable counsel to record a session, app or video stream with the qualified seal of a third-party QTSP applied at capture, satisfying the article 326 LEC presumption. The Forensic Browser is one capture surface Spanish litigation teams use to lock screen-based evidence with qualified trust services in place from the first byte.
Cross-border evidence: eIDAS in Spain vs Germany vs Italy
Disputes with a multi-jurisdictional footprint (a Spanish parent suing a German subsidiary in Madrid, with evidence captured in both countries) require counsel to map the eIDAS presumption across all relevant Member States. Article 25 of Regulation 910/2014 is the bridge.
eIDAS article 25 in Spain (Ley 6/2020 transposition)
eIDAS Regulation 910/2014, article 25 (verbatim):
"1. An electronic signature shall not be denied legal effect and admissibility as evidence in legal proceedings solely on the grounds that it is in an electronic form or that it does not meet the requirements for qualified electronic signatures.
2. A qualified electronic signature shall have the equivalent legal effect of a handwritten signature.
3. A qualified electronic signature based on a qualified certificate issued in one Member State shall be recognised as a qualified electronic signature in all other Member States."Source: eIDAS Regulation.
In Spain, the transposition runs through Ley 6/2020 and feeds article 326 LEC. A qualified electronic signature issued by a German or Italian QTSP listed in the EU LOTL produces the same presumption in a Madrid courtroom under article 326 LEC as a signature from a Spanish QTSP.
eIDAS article 25 in Germany (§ 371a ZPO and VDG)
In Germany, the article 25 presumption is mirrored in § 371a (1) of the Zivilprozessordnung (ZPO), which grants the presumption of authenticity to private electronic documents bearing a qualified electronic signature. The Federal Network Agency (Bundesnetzagentur, BNetzA) supervises German QTSPs. The full German framework is set out in the equivalent German framework under § 371a ZPO.
eIDAS article 25 in Italy (CAD articles 20 and 21)
Italy implements eIDAS through the Codice dell'Amministrazione Digitale (CAD). Article 20 CAD governs the probative value of electronic documents; article 21 CAD addresses the legal effect of electronic signatures. A qualified electronic signature or qualified electronic seal carries the same effect as an autograph signature under Italian law, and a document signed with a qualified electronic signature satisfies the form requirement of article 2702 of the Codice Civile. The Italian supervisor is AgID (Agenzia per l'Italia Digitale).
EU instruments for cross-border taking of evidence
Two regulations matter most for civil and commercial disputes. Regulation (EU) 2020/1783 governs the taking of evidence between Member States in civil and commercial matters, replacing the 2001 instrument. Regulation (EU) 2023/1543 (the EU e-Evidence Regulation) governs cross-border production and preservation orders in criminal matters and applies from August 2026. Counsel handling civil disputes with a criminal overlap (fraud, market abuse, data-protection breaches with criminal exposure) should track both.
Table: Spain vs Germany vs Italy comparative
| Jurisdiction | Statutory presumption | Supervisor | Archival rule | Cross-border instrument |
|---|---|---|---|---|
| Spain | Article 326 LEC, paragraph 4: presumption of authenticity for qualified-service-backed electronic documents; burden flips to challenger. | Ministerio para la Transformación Digital y de la Función Pública (SETID). | ENS RD 311/2022 (public sector and contracted-out services); LGT/Código de Comercio retention. | Regulation (EU) 2020/1783; Regulation (EU) 2023/1543 from August 2026. |
| Germany | § 371a (1) ZPO: presumption of authenticity for private electronic documents with qualified electronic signature. | Bundesnetzagentur (BNetzA). | GoBD (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern). | Regulation (EU) 2020/1783; Regulation (EU) 2023/1543 from August 2026. |
| Italy | Article 20 CAD: probative value of electronic documents; qualified signature equates to autograph signature. | AgID (Agenzia per l'Italia Digitale). | DPCM 22 February 2013 (technical rules for electronic documents). | Regulation (EU) 2020/1783; Regulation (EU) 2023/1543 from August 2026. |
How does the Data Authenticity Platform satisfy article 326 LEC presumption of authenticity?
The Data Authenticity Platform satisfies the article 326 LEC presumption by sealing, timestamping and preserving each captured artefact at the moment of acquisition, then routing those operations through a third-party Qualified Trust Service Provider listed under eIDAS Regulation 910/2014. Three operations matter to a Madrid or Barcelona court. First, immutability at source: cryptographic hashing locks the artefact before any human review, so the cadena de custodia starts at capture, not at expert report. Second, qualified seal and qualified timestamp: the platform integrates a third-party QTSP's qualified electronic seal and qualified timestamp, which under article 326.4 LEC flips the burden of proof onto the challenger. Third, long-term preservation aligned with ENS RD 311/2022 and ENI archival principles. TrueScreen, the Data Authenticity Platform, is built around this three-layer model and integrates a third-party QTSP's qualified seal at the API level. See the platform overview for the full architecture.
Capture, seal, timestamp, preserve: a single workflow
A defensible workflow collapses the cadena de custodia into one continuous operation. Capture happens in a tamper-evident surface: a browser session, a mobile device, a video-call recording, a document upload. Sealing applies the qualified seal and qualified timestamp at the moment of acquisition. Preservation routes the sealed artefact into archival storage with integrity controls and operation logs. Presentation produces a court-ready report on demand. Each step records the metadata required by article 326 LEC, and the qualified service listing is preserved alongside.
Integration with eIDAS-listed QTSPs
TrueScreen relies on third-party QTSPs in the EU LOTL. The platform never claims direct issuance of qualified signatures or qualified seals: that role belongs to the QTSPs supervised by the Ministerio para la Transformación Digital in Spain, by BNetzA in Germany, by AgID in Italy. TrueScreen is the Data Authenticity Platform that captures and certifies digital content with the qualified seal of a third-party QTSP integrated via API, producing court-ready evidence aligned with article 326 LEC. The split is intentional: separation of concerns between the capture-and-certify platform and the qualified trust service is what keeps the evidentiary chain auditable.
Micro-use case: a Spanish utility under article 326 LEC pressure
Consider a Spanish electricity and gas utility distributing a contract amendment to 50,000 retail customers. Roughly 1% will end up in disputes before juzgados de primera instancia in Madrid, Barcelona, Valencia and Seville. Counsel needs each amendment to satisfy article 326 LEC if challenged. The utility integrates TrueScreen into its CRM. Every contract-amendment communication is captured, sealed with the qualified electronic seal of a third-party QTSP, qualified-timestamped, and preserved for six years to meet the Código de Comercio retention floor and the ENS principles for integrity, authenticity and traceability. When opposing counsel challenges integrity in court, the utility cites article 326 LEC and produces the QTSP listing on the EU LOTL at the date of capture. The challenger now bears the burden of rebuttal. Spanish utilities, regulated banks and ENS-bound vendors use TrueScreen to acquire and preserve digital records that withstand article 326 LEC challenges in civil litigation. The same workflow extends to lawyers and law firms capturing online evidence on behalf of clients.
Three-layer architecture summary
The three layers map directly to the three Spanish legal regimes. Statute (article 326 LEC) sets the presumption framework. Trust service (the eIDAS-qualified seal and timestamp issued by a third-party QTSP) triggers the presumption. Archiving (ENS-aligned preservation) keeps the presumption intact for the full retention window. One platform handles capture, sealing, preservation and court-ready report; the QTSP supplies the qualified seal and qualified timestamp; the archival regime keeps both alive.
Conclusion: a defensible cadena de custodia for Spanish civil litigation
The architecture of digital evidence in Spanish civil procedure rests on three layers. Article 326 LEC sets the presumption of authenticity for qualified-service-backed electronic documents and flips the burden of proof onto the challenger. Ley 6/2020 and the eIDAS Regulation supply the qualified trust services that trigger the article 326 LEC presumption, supervised by the Ministerio para la Transformación Digital and listed in the EU LOTL. ENS RD 311/2022 and ENI keep the records preservable across the retention windows demanded by tax law and commercial code. A defensible cadena de custodia threads through all three: capture in a tamper-evident environment, qualified seal and qualified timestamp at source, preservation aligned with ENS, presentation through a court-ready report. Build the three layers correctly, and article 326 LEC does the work in court.
FAQ: Article 326 LEC and digital evidence in Spain
What is article 326 LEC?
Article 326 of the Ley de Enjuiciamiento Civil governs the evidentiary force of private documents in Spanish civil procedure. Apartado 1 grants full probative force to private documents whose authenticity is not challenged. Apartados 3 and 4, added by Ley 6/2020, set the regime for electronic documents: non-qualified trust services revert to sana crítica, qualified trust services trigger a presumption of authenticity that flips the burden of proof onto the challenger.
What does article 326 LEC require for digital evidence to enjoy the presumption of authenticity?
Article 326 LEC, in its paragraph 4, requires that a qualified trust service under Regulation (EU) 910/2014 has been used, and that the QTSP was listed in the trusted list of qualified providers and services at the moment relevant to the dispute. When both conditions are met, article 326 LEC presumes that the document satisfies the challenged feature (authenticity, integrity, accuracy of date and time), and the challenger bears the burden of rebutting the presumption.
Does ENS apply to private companies or only to Spanish public administrations?
ENS RD 311/2022 is mandatory for the Spanish public sector: Administración General del Estado, Comunidades Autónomas, local entities and public-law bodies. Private vendors selling into those entities, including IT contractors, utilities under public-service obligations and banks managing State-related transactions, inherit ENS obligations through their contracts. For purely private commercial relationships ENS is not formally binding, but its five principles (integrity, authenticity, confidentiality, traceability, availability) align with article 326 LEC requirements and serve as best practice.
How does eIDAS article 25 interact with article 326 LEC?
eIDAS article 25(2) gives a qualified electronic signature the legal effect of a handwritten signature across all EU Member States. Article 25(3) establishes mutual recognition: a qualified electronic signature based on a qualified certificate issued in one Member State is recognised in all others. In Spain, Ley 6/2020 transposes these rules and channels them into article 326 LEC, which converts the eIDAS-level qualification into a domestic civil-procedure presumption with a burden-flip in litigation.
Who is the supervisory authority for qualified trust service providers in Spain?
The supervisory authority is the Ministerio para la Transformación Digital y de la Función Pública, with operational duties channelled through the Secretaría de Estado de Telecomunicaciones e Infraestructuras Digitales (SETID), under article 14 of Ley 6/2020. The Ministerio maintains the Spanish Trusted List, audits QTSPs and submits the national list into the EU LOTL.
What retention period applies to electronic invoices and supporting digital records under Spanish law?
The Ley General Tributaria 58/2003, article 29, sets a four-year retention floor for tax-related records, including electronic invoices regulated by the Reglamento de facturación electrónica (RD 1619/2012). The Código de Comercio, article 30, extends retention to six years for commercial records. Foreign companies with a permanent establishment in Spain are bound by the same regime. For litigation purposes, qualified seals and qualified timestamps must remain verifiable across the longer retention window, which typically calls for eIDAS article 34 qualified preservation.
¿Qué valor probatorio ofrece la firma electrónica cualificada en un proceso civil español?
La firma electrónica cualificada (FEC), regulada por el Reglamento (UE) 910/2014 y Ley 6/2020, tiene en España el efecto jurídico equivalente a una firma manuscrita conforme al artículo 25(2) del Reglamento eIDAS. Aplicada a un documento electrónico privado, activa la presunción del artículo 326.4 LEC: el documento se presume auténtico, íntegro y temporalmente preciso, y la carga de la comprobación se desplaza a la parte que impugne. La firma debe estar emitida por un prestador cualificado de servicios electrónicos de confianza incluido en la lista de confianza en el momento relevante.
¿Puede una empresa extranjera invocar la presunción del artículo 326.4 LEC en litigios transfronterizos?
Sí. El artículo 25(3) del Reglamento eIDAS establece el reconocimiento mutuo de las firmas electrónicas cualificadas emitidas por prestadores cualificados de cualquier Estado miembro. Una empresa alemana, italiana, francesa o de cualquier otro Estado miembro puede invocar la presunción del artículo 326.4 LEC ante un tribunal español si la firma o el sello cualificado proviene de un prestador listado en la EU LOTL y el prestador estaba activo en el momento relevante. El control se realiza a través del navegador EU LOTL y de la lista nacional española en sedeaplicaciones.minetur.gob.es, con verificación documentada en el expediente.
How do you authenticate digital evidence under Spanish civil procedure?
Under article 326 LEC, private digital documents enjoy full probative force when their authenticity is uncontested (paragraph 1). When challenged, paragraph 4 (added by Ley 6/2020) creates a presumption of authenticity if the document was produced through an eIDAS-qualified trust service whose provider was listed in the EU LOTL at the relevant time. The burden of disproving authenticity then shifts to the challenger. For unsigned electronic records, sana crítica under article 316 LEC governs evaluation, and counsel must prove integrity through cryptographic hash verification, qualified timestamps and an unbroken cadena de custodia aligned with ISO/IEC 27037.
¿Qué es la cadena de custodia digital y cómo se documenta en España?
La cadena de custodia digital es el procedimiento documentado que garantiza la identidad, integridad y autenticidad de una prueba electrónica desde la captura hasta la presentación judicial. En el proceso civil español opera bajo dos estándares interconectados: ISO/IEC 27037:2012 para los lineamientos forenses y el artículo 326.4 LEC para la presunción legal cuando se utiliza un servicio cualificado de confianza eIDAS. Una cadena rota o no documentada lleva al juez a aplicar sana crítica del artículo 316 LEC, debilitando el valor probatorio del documento electrónico.
¿Cuáles son las fases operativas de la cadena de custodia digital bajo el artículo 326.4 LEC?
La cadena de custodia digital en España se estructura en cinco fases alineadas con ISO/IEC 27037: (1) identificación de la fuente digital y registro del contexto de captura; (2) adquisición forense con cálculo de hash criptográfico (SHA-256); (3) preservación con sello cualificado eIDAS y sello de tiempo; (4) análisis pericial reversible documentado; (5) presentación judicial con pista de auditoría completa. Cuando estas fases se ejecutan a través de un servicio cualificado de confianza listado en la EU Trusted List, el artículo 326.4 LEC traslada la carga de la prueba al impugnante en virtud de la presunción iuris tantum.
