Virtual AGM Compliance: A 2026 Checklist for Boards and Company Secretaries

Virtual AGM compliance has moved from a pandemic-era workaround to a recurring governance discipline the board, the chair, and the company secretary are now expected to defend in writing. A produced shareholder meeting is no longer the soft part of the year. It is a regulated broadcast with statutes in at least three jurisdictions reading over the secretariat's shoulder.

This 2026 checklist is written for listed-company boards and company secretaries, not for production teams. It covers what the law requires, where the secretariat carries personal responsibility, and the evidence auditors and the registrar will ask for. For the production side, see our virtual AGM production guide for listed companies.

What does virtual AGM compliance actually mean in 2026?

Virtual AGM compliance in 2026 means three things working in parallel: a statutory basis for holding the meeting electronically, evidence that every shareholder right was exercisable in real time, and an archive that satisfies the retention period set by local law. Skip any one of those and the meeting becomes legally fragile, even if the broadcast itself ran without a glitch.

The statutory landscape is now reasonably settled. Italian Civil Code Article 2370bis permits electronic participation and remote voting when the articles allow it. The UK Companies Act 2006 §307A governs notice and electronic communication, with §311 covering quorum, and the UK Corporate Governance Code maintained by the FRC sets the comply-or-explain bar for premium-listed issuers, including AGM best-practice guidance. Germany's amended Aktiengesetz §118a recognises fully virtual AGMs, and the EU Shareholder Rights Directive II (SRD II, 2017/828) sets the cross-border floor for participation and identification.

None of these frameworks demand any particular technology. They demand that the rights exist, work, and are recorded.

Is a virtual AGM legally binding?

Yes — a virtual AGM is legally binding when it is convened under the company's articles, conducted in line with the applicable statute, and recorded as the law requires. The format is not the issue. The exercise of shareholder rights is.

In Italy, a fully electronic AGM is valid under Article 2370bis provided the articles permit it and the chair can identify attendees, secure voting, and preserve the minute. In the UK, updated guidance confirms a meeting "held wholly by means of electronic communication" is valid when shareholders can attend, speak, and vote in real time. Germany's AktG §118a route is explicit, and Delaware's DGCL §211 permits sole electronic meetings under specified conditions.

What turns a binding meeting into a contested one is almost never the format. It is a procedural slip — a notice that did not reach a holder, a vote that closed before the chair confirmed the call, a question filtered without record. Virtual AGM compliance is built around preventing those slips.

Can shareholders vote remotely, and on what conditions?

Yes — shareholders can vote remotely at a compliant virtual AGM, but the vote must satisfy four conditions: identification of the voter, association of the vote with a holding on the register, alignment with the ballot window the chair calls, and a tamper-evident record of the cast. Miss any one, and the resolution is open to challenge.

Identification ties back to the registrar's file on meeting day. The platform either authenticates against a beneficial-owner list pulled the morning of the meeting or against a proxy-service feed. SRD II hardens this for cross-border attendance, because the chain from intermediary to beneficial owner has to be traceable on demand.

The ballot window is the chair's responsibility. The chair opens the vote on a named resolution, the platform timestamps it, the chair closes it, and the platform timestamps the close. Votes cast outside that window are ineligible, and an AGM platform that does not enforce this with a server-side clock is not fit for purpose. Tamper evidence usually means a cryptographic hash chain over the ballot log, written to immutable storage the moment the vote closes.

What records must a company keep after a virtual AGM?

The required records vary by jurisdiction, but a defensible virtual AGM compliance file usually contains seven artefacts. The company secretary owns this file, and a serious production partner produces five of the seven as a matter of course.

Notice and proof of dispatch to every holder of record — twenty-one days for many UK listed companies, fifteen for many Italian SpAs.

Shareholder register reconciliation taken on meeting day — the source of truth against which votes are tallied.

Full broadcast recording, unedited. Most jurisdictions require this as the canonical record. Edits are permissible only with documented chain-of-custody.

Vote log with timestamps and hashes. One entry per ballot, signed against the register snapshot.

Question log. Every question received, the moderation decision, the chair's answer if any, and the rationale for any filter applied.

Attendance roster. Who joined, when, from which jurisdiction, and whether they voted.

Certified minute signed by chair and company secretary, referencing the underlying artefacts by hash.

Retention runs five to ten years in most regimes, longer where litigation or regulator interest is foreseeable. Italian listed issuers face CONSOB scrutiny; UK premium-listed issuers should plan around the FCA's Listing Rules.

Where does the company secretary carry personal liability?

The company secretary's exposure at a virtual AGM is not abstract. In the UK, a secretary who certifies a minute that misrepresents the meeting can face removal under the Companies Act and, in extreme cases, disqualification under the Company Directors Disqualification Act 1986. In Italy, a segretario whose verbale omits a material procedural step can be challenged by any shareholder under Civil Code Article 2377, and the verbale itself annulled. A fully virtual meeting tightens the standard, because the platform produces machine evidence that contradicts a sloppy minute the moment the file is opened.

The defensible posture treats the evidence pack as the primary record and the certified minute as a faithful summary of it. The secretary signs the minute against the hashes in the vote log, the question log, and the broadcast archive, and the minute references those artefacts by identifier. A secretary who signs a minute they cannot defend against the underlying logs is exposed personally — and an external counsel reviewing weeks later will spot the gap before any shareholder does.

This is where vendor selection becomes a personal-protection question. A vendor who delivers the broadcast but cannot produce a hash-anchored evidence pack within the retention window leaves the secretary signing an attestation they cannot independently verify.

Do auditors need to attend a virtual AGM live?

The external auditor's right to attend is preserved in most regimes whether the meeting is physical, hybrid, or fully virtual. In the UK, Section 502 of the Companies Act 2006 grants the auditor a right to be heard at any general meeting where their report is on the agenda. In Italy, the equivalent right sits in the consolidated audit law and the Civil Code provisions on the collegio sindacale.

In practice, the audit team is provisioned with the same credentialed access as the board, with a documented path to the chair if clarification is needed. The audit trail captures the auditor's login, presence, and any intervention, so the post-meeting minute reflects their role accurately.

How do you handle hostile or activist questions at a virtual AGM?

A moderated question queue is the standard answer, and its compliance value depends on the rubric the chair signs off before the meeting. The rubric names which categories of question reach the chair, which are answered in writing, and which are out of scope. Once signed, the moderation team applies it mechanically and every decision is logged.

Hostile questions are not automatically out of scope. A genuine shareholder asking about strategy, remuneration, or governance has every right to be heard, and a defensible AGM transcript shows the question was put and answered. The rubric filters duplication, off-topic submissions, and abusive language — narrow categories an external counsel reviews in advance.

Activists sometimes submit questions through multiple nominees, then cite the moderator's deduplication as evidence of suppression. A robust rubric attributes every question to its beneficial owner before deduplication, with the log preserved.

What about cross-border attendance and SRD II?

The EU Shareholder Rights Directive II, as transposed across member states, sets the floor for cross-border participation at virtual AGMs. The directive requires issuers to identify their shareholders, including those held through chains of nominees, and to facilitate the exercise of rights regardless of the holder's domicile. For a listed Italian issuer with a German custodian holding for a Luxembourgish fund, that chain has to be traceable on meeting day.

In practice, SRD II compliance at a virtual AGM means three operational decisions. The platform must accept authenticated entry against intermediary feeds, not just direct register entries. The voting record must store both nominee and beneficial owner. The evidence file must let the registrar respond to a shareholder identification request within the statutory window.

Issuers operating across multiple regimes should pick the strictest standard across them and build to that bar. Our investor day broadcast production playbook covers a related cross-border format with similar evidentiary patterns.

What makes an AGM platform for listed companies fit for purpose?

A fit-for-purpose virtual AGM system has to do four things ordinary webinar tooling does not: authenticate against a registrar feed rather than a public link, synchronise voting windows to a server-side clock the chair controls, log every event to immutable storage, and produce an evidence file the company secretary can sign off without manual reconstruction.

Most generic virtual AGM solutions stop at authentication. The compliance gap shows up after the meeting, when counsel asks for the timestamped log and the file does not exist. Selecting an AGM platform for listed companies is therefore an audit question, not a video question.

Jurisdictional fluency is the second filter. A vendor running Delaware AGMs may not understand the Italian collegio sindacale, and a UK-only vendor may not have built for SRD II shareholder identification. Ask for references in your regime, and procure AGM webcasting services and the compliance layer as a single engagement. For the procurement-side walk-through, our 2026 AGM webcasting platform selection guide for listed companies breaks down the 14-criterion scorecard, the six RFP red flags, and the buy-vs-bundle decision for company secretaries running a competitive platform RFP.

A 2026 compliance checklist before the chair gavels in

A useful pre-meeting checklist for the company secretary covers the ninety days before the AGM. Day ninety: confirm the statutory basis under the articles and the applicable code. Day sixty: dispatch the notice and confirm receipt against the register. Day thirty: lock the resolution script with external counsel and sign off the question rubric. Day fourteen: test the platform end-to-end with synthetic shareholders, including a cross-border holder if relevant. Day seven: rehearse the board, including the chair's resolution language. Day one: reconcile the register a final time, brief the registrar's representative on duty, and run a failover drill on the live network.

On the day, the secretariat operates a tight cockpit. The chair calls the meeting open, the platform begins recording, the moderator opens the question queue, the chair calls each resolution, the platform opens and closes ballots on command, the registrar reconciles each tally before the chair announces it, and the platform writes the final minute hash before adjournment.

After the meeting, the company secretary files the certified minute, archives the evidence pack under the retention policy, and runs a post-mortem with counsel, the registrar, and the production partner.

Where most virtual AGMs still fail audit

Three failure modes recur, and none of them are technical. The first is a notice gap — a holder of record who did not receive the notice and surfaces after the meeting. The second is a moderation gap — a question filtered without a written rationale. The third is an archive gap — an evidence file assembled after the fact from screenshots because nobody owned the artefact list in advance.

All three are preventable with a checklist the board reviews before the AGM and the company secretary owns on the day. Companies that institutionalise the checklist treat the AGM as a recurring control rather than a one-off event.

Plan the next AGM with the secretariat in the room

A compliant virtual AGM is a board obligation and a secretariat workstream, not a comms-team project commissioned in the last quarter. Companies that treat it that way produce meetings that hold up to challenge, with evidence files their auditors do not have to rebuild.

If you are preparing the next annual general meeting, start with a conversation that includes the company secretary, external counsel, the registrar, and a production partner who understands both broadcast and compliance. Our virtual event production services and live streaming production services cover the production discipline beneath a compliant virtual AGM. Get in touch to walk through the checklist for your register, your articles, and the regimes you operate in.