Virtual AGM Compliance: A 2026 Checklist for Boards and Company Secretaries

Virtual AGM compliance has moved from a pandemic-era workaround to a recurring governance discipline that the board, the chair, and the company secretary are now expected to defend in writing. A produced shareholder meeting is no longer the soft part of the year. It is a regulated broadcast, with statutes in at least three jurisdictions reading over the secretariat's shoulder, and an audit trail that has to hold up years after the meeting closes.

This 2026 checklist is written for listed-company boards and company secretaries, not for production teams. It covers what the law actually requires of a virtual AGM, where the secretariat carries personal responsibility, and the evidence the auditors and the registrar will ask for when something is questioned. For the production side of the same meeting, see our virtual AGM production guide for listed companies.

What does virtual AGM compliance actually mean in 2026?

Virtual AGM compliance in 2026 means three things working in parallel: a statutory basis for holding the meeting electronically, evidence that every shareholder right was exercisable in real time, and an archive that satisfies the retention period set by local law. Skip any one of those and the meeting becomes legally fragile, even if the broadcast itself ran without a glitch.

The statutory landscape is now reasonably settled. Italian Civil Code Article 2370bis permits electronic participation and remote voting when the articles allow it. The UK Companies Act 2006 §307A governs notice and electronic communication, with §311 covering quorum. Germany's amended Aktiengesetz §118a recognises fully virtual AGMs, and the EU Shareholder Rights Directive II (SRD II, 2017/828) sets the cross-border floor for participation and identification.

None of these frameworks demand any particular technology. They demand that the rights exist, work, and are recorded.

Is a virtual AGM legally binding?

Yes — a virtual AGM is legally binding when it is convened under the company's articles, conducted in line with the applicable statute, and recorded as the law requires. The format is not the issue. The exercise of shareholder rights is.

In Italy, a fully electronic AGM is valid under Article 2370bis provided the articles permit it and the chair can identify attendees, secure voting, and preserve the minute. In the UK, the Companies Act 2006 has long allowed electronic communication, and updated guidance confirms a meeting "held wholly by means of electronic communication" is valid when shareholders can attend, speak, and vote in real time. Germany's AktG §118a route is explicit, and Delaware's DGCL §211 permits sole electronic meetings under specified conditions.

What turns a binding meeting into a contested one is almost never the format. It is a procedural slip — a notice that did not reach a holder, a vote that closed before the chair confirmed the call, a question filtered without record. Virtual AGM compliance is built around preventing those slips.

Can shareholders vote remotely, and on what conditions?

Yes — shareholders can vote remotely at a compliant virtual AGM, but the vote must satisfy four conditions: identification of the voter, association of the vote with a holding on the register, alignment with the ballot window the chair calls, and a tamper-evident record of the cast. Miss any one, and the resolution is open to challenge.

Identification ties back to the registrar's file on meeting day. The platform either authenticates against a beneficial-owner list pulled the morning of the meeting or against a proxy-service feed. SRD II hardens this for cross-border attendance, because the chain from intermediary to beneficial owner has to be traceable on demand.

The ballot window is the chair's responsibility. The chair opens the vote on a named resolution, the platform timestamps it, the chair closes the vote, and the platform timestamps the closing. Votes cast outside that window are not eligible, and an AGM platform for listed companies that does not enforce this with a server-side clock is not fit for purpose. Tamper evidence usually means a cryptographic hash chain over the ballot log, written to immutable storage the moment the vote closes.

What records must a company keep after a virtual AGM?

The required records vary by jurisdiction, but a defensible virtual AGM compliance file usually contains seven artefacts. The company secretary owns this file, and a serious production partner produces five of the seven as a matter of course.

Notice and proof of dispatch to every holder of record — twenty-one days for many UK listed companies, fifteen for many Italian SpAs.

Shareholder register reconciliation taken on meeting day — the single source of truth against which votes are tallied.

Full broadcast recording, unedited. Most jurisdictions require this to be the canonical record. Edits are permissible only with documented chain-of-custody.

Vote log with timestamps and hashes. One entry per ballot, signed against the register snapshot. ESMA guidance on shareholder identification under SRD II refers explicitly to verifiable records.

Question log. Every question received, the moderation decision, the chair's answer if any, and the rationale for any question filtered under the pre-agreed rubric.

Attendance roster. Who joined, when, from which jurisdiction, and whether they voted.

Certified minute signed by the chair and the company secretary, referencing the underlying artefacts by hash where possible.

Retention runs from five to ten years in most regimes, longer where litigation or regulator interest is foreseeable. Italian listed issuers face CONSOB scrutiny, and UK premium-listed issuers should plan around the FCA's expectations under the Listing Rules.

Do auditors need to attend a virtual AGM live?

The external auditor's right to attend is preserved in most regimes whether the meeting is physical, hybrid, or fully virtual. In the UK, Section 502 of the Companies Act 2006 grants the auditor a right to be heard at any general meeting where their report is on the agenda. In Italy, the equivalent right sits in the consolidated audit law and the Civil Code provisions on the collegio sindacale.

In practice, the audit team is provisioned with the same credentialed access as the board, with a documented path to the chair if a clarification is needed. A serious virtual AGM produces an audit trail that includes the auditor's login, presence, and any intervention, so the post-meeting minute reflects their role accurately.

How do you handle hostile or activist questions at a virtual AGM?

A moderated question queue is the standard answer, and the compliance value depends entirely on the rubric the chair signed off before the meeting. The rubric names which categories of question reach the chair, which are answered in writing, and which are out of scope. Once it is signed, the moderation team applies it mechanically, and every decision is logged.

Hostile questions are not automatically out of scope. A genuine shareholder asking an uncomfortable question about strategy, remuneration, or governance has every right to be heard, and a defensible AGM produces a transcript that shows the question was put and answered. What the rubric filters is duplication, off-topic submissions, and abusive language — narrow categories that an external counsel typically reviews in advance.

Activists sometimes submit questions through multiple nominees, expecting the moderator to filter duplicates and then citing the filter as evidence of suppression. A robust rubric attributes every question to its beneficial owner before deduplication, with the log preserved.

What about cross-border attendance and SRD II?

The EU Shareholder Rights Directive II, as transposed across member states, sets the floor for cross-border participation at virtual AGMs. The directive requires issuers to identify their shareholders, including those held through chains of nominees, and to facilitate the exercise of rights regardless of the holder's domicile. For a listed Italian issuer with a German custodian holding for a Luxembourgish fund, that chain has to be traceable on meeting day.

In practice, SRD II compliance at a virtual AGM means three operational decisions. The platform must accept authenticated entry against intermediary feeds, not just direct register entries. The voting record must store both the nominee and the beneficial owner. The evidence file must let the registrar respond to a shareholder identification request within the statutory window.

Issuers operating across multiple regimes face overlapping but not identical requirements. The defensive design is to pick the strictest standard across the regimes you touch and build the meeting to that bar. Our investor day broadcast production playbook covers a related cross-border format with similar evidentiary patterns.

What makes an AGM platform for listed companies fit for purpose?

A fit-for-purpose virtual AGM system has to do four things that ordinary webinar tooling does not. It has to authenticate against a registrar feed, not a public link. It has to synchronise voting windows to a server-side clock the chair controls. It has to log every event — entry, vote, question, moderation decision — to an immutable store. And it has to produce a post-meeting evidence file the company secretary can sign off without manual reconstruction.

Most generic virtual AGM solutions stop at authentication. The compliance gap shows up after the meeting, when counsel asks for the timestamped log and the file does not exist. Selecting an AGM platform for listed companies is therefore an audit question more than a video question, and the company secretary should be in the room when the vendor is selected.

A second filter is jurisdictional fluency. A vendor running Delaware AGMs may not understand the Italian Civil Code's collegio sindacale requirements, and a vendor running UK AGMs may not have built for SRD II shareholder identification calls. Ask for references in your regime and check that the vendor's evidence file would survive your own auditors.

For meetings that need broadcast-grade production on top of compliant infrastructure, AGM webcasting services and the underlying compliance layer should be procured as a single engagement, not two contracts that meet on meeting day.

A 2026 compliance checklist before the chair gavels in

A useful pre-meeting checklist for the company secretary covers the ninety days before the AGM. Day ninety: confirm the statutory basis under the articles and the applicable code. Day sixty: dispatch the notice and confirm receipt against the register. Day thirty: lock the resolution script with external counsel and sign off the question rubric. Day fourteen: test the platform end-to-end with synthetic shareholders, including a cross-border holder if relevant. Day seven: rehearse the board, including the chair's resolution language. Day one: reconcile the register a final time, brief the registrar's representative on duty, and run a failover drill on the live network.

On the day, the secretariat operates a tight cockpit. The chair calls the meeting open, the platform begins recording, the moderator opens the question queue, the chair calls each resolution, the platform opens and closes ballots on command, the registrar reconciles each tally before the chair announces it, and the platform writes the final minute hash before adjournment.

After the meeting, the company secretary files the certified minute, archives the evidence pack under the retention policy, and runs a post-mortem with counsel, the registrar, and the production partner.

Where most virtual AGMs still fail audit

Three failure modes recur, and none of them are technical. The first is a notice gap — a holder of record who did not receive the notice and surfaces after the meeting. The second is a moderation gap — a question filtered without a written rationale. The third is an archive gap — an evidence file assembled after the fact from screenshots because nobody owned the artefact list in advance.

All three are preventable with a checklist the board reviews before the AGM and the company secretary owns on the day. Companies that institutionalise the checklist treat the AGM as a recurring control rather than a one-off event.

Plan the next AGM with the secretariat in the room

A compliant virtual AGM is a board obligation and a secretariat workstream, not a production project that the comms team commissions in the last quarter. The companies that treat it that way produce meetings that hold up to challenge, with evidence files their auditors do not have to rebuild.

If your team is preparing the next annual general meeting, the cleanest first step is a conversation that includes the company secretary, external counsel, the registrar, and a production partner who understands both the broadcast and the compliance layer. Our virtual event production services and live streaming production services cover the production discipline that sits underneath a compliant virtual AGM. Get in touch to walk through the checklist for your register, your articles, and the regimes you operate in.