On 12 June, a critical change affected energy sales in Spain operations under the General Regulation on Electricity Supply (RD 88/2026). The articles regulating how consumer consent must be requested, captured, and verified before any telephone sales contract are now legally enforceable.

For international companies managing clients, expats, or corporate entities residing in Spain, adapting to new energy sales in Spain frameworks marks a major operational shift. The ultimate goal of the regulation is to put a definitive stop to unsolicited and abusive outbound marketing calls within the Spanish territory.

In this new regulatory landscape, non-compliance is no longer just a matter of customer annoyance; it is a severe legal risk. If a commercial call is made without meeting the strict criteria for energy sales in Spain, or if the consumer is misinformed about tariffs or terms, the resulting contract can be declared null and void under Spanish law.

This creates a brand-new operational environment, further reinforced by Spain’s well-known Customer Service Act (Ley SAC). Together, these regulations aim to protect consumers and eradicate aggressive sales tactics. As a result, companies involved in energy sales in Spain channels, regardless of where their headquarters are based, must fundamentally rethink how they engage with local prospects to build sustainable, trust-based relationships.

This is precisely where Lleida.net trust services come into play. Every single step of the process, every communication, every agreement, and every sign-off now needs to be recorded, securely stored, and irrefutably certified as if prepared for a court of law. The era of mere data accumulation is over; we are now firmly in the era of digital evidence.

What the Regulation Demands: Proving prior consent in energy sales in Spain

RD 88/2026 is built upon a premise that completely flips traditional outbound marketing strategies on their head: companies managing energy sales in Spain no longer choose whom to call; consumers in Spain choose whether they want to be called. The regulation strictly prohibits unsolicited telephone marketing and contracting directed at individuals within the country, allowing only two strict exceptions:

1. A prior, express, unambiguous, and informed request from the user for a specific, defined purpose.
2. When the consumer initiates the call themselves.

Gathering express consent has evolved from an industry best practice to a strict legal obligation, with rigorous validity requirements for energy sales in Spain. Consent must stem from a direct, conscious action by the user, free from intermediaries or external incentives unrelated to the energy supply itself. Furthermore, once the call is underway, it must be recorded in its entirety, the consumer must be clearly informed of how and where to file complaints, and they must explicitly authorise the recording from start to finish.

The Legal Evidence Required for Energy Sales in Spain Compliance

Requesting consent correctly is only half the battle; the other half is proving it. Crucially, under Spanish law, the burden of proof rests entirely on the company driving the energy sales campaign in Spain, never on the consumer.

The Regulation is highly specific about the documentation required for energy sales compliance in Spain, which must be retained in a durable medium when dealing with individual consumers. According to Article 13.ah).1.º of RD 88/2026, the digital trail required to prove valid consent includes:

• User Identification Data: Unless the user signs the contract using a qualified digital certificate or confirms the transaction via electronic means certified by a trusted third party.
• Proof of Pre-Contractual Disclosure: Irrefutable evidence of the exact time the offer summary document was sent to the consumer or, if not delivered in writing, the exact moment it was read by them.
• The Completed and Signed Contract: Executed by the consumer.
• The Full Call Recording: When contracting takes place over the phone, the complete audio recording must be securely stored and made readily available to the consumer upon request.

From a legal perspective, the shift is absolute. It is no longer enough to simply inform the consumer. The regulations demand a robust, traceable, and verifiable chain of custody, a complete audit trail that proves every interaction and validates consent before any sales contact takes place.

How Lleida.net Solves It: One Process, One Single Provider for International Operations

As an EU-Qualified Trust Service Provider, Lleida.net has spent years certifying the exact processes that RD 88/2026 now mandates. We help international companies manage secure energy sales in Spain, onboarding and contracting workflows that protect the business without disrupting the user experience, ensuring compliance teams don't have to manually piece together evidence files across borders every time a local dispute arises.

Here is how our fully deployed, step-by-step workflow operates in practice:

1. Inbound Intent: The consumer fills out a form on the provider's landing page, entering their details and phone number to request a callback, granting explicit consent. This transaction is immediately timestamped and certified as immutable from the very first click. This proves, from the source, that the consumer initiated the interaction.

1. Instant Registered Delivery: The offer summary document is dispatched either during or immediately after the call via Registered SMS or Registered Email. This generates irrefutable proof of sending, delivery, and, if the customer clicks the link, the exact moment it was read. This single, automated step fulfils the Spanish disclosure requirement without relying on sales agents to manually log data into a CRM.
2. Seamless Digital Execution: Both consent confirmation and contract execution are captured via Click & Sign, our advanced electronic signature solution. All metadata and digital evidence (date, time, IP address, device details, and signer actions) are linked to a single, tamper-proof certificate. The customer approves everything directly from the SMS or email link they received, no downloads or external portals required.
3. Enhanced Security: When a more robust identity verification is required, especially for international users, corporate signers, or expats living in Spain, the onboarding process seamlessly integrates with eKYC Video, our secure video-identification tool.

Every stage of this workflow is anchored by a Qualified Electronic Timestamp. The date and time of each piece of evidence do not rely on internal company servers, but are verified by an EU-qualified trust entity under the strict guidelines of the eIDAS Regulation, making it fully valid across Europe and within Spain.

The final output is not a scattered collection of files spread across different vendors, but a comprehensive, legally binding audit trail securely stored in a single, durable medium. In a single streamlined flow, you have airtight proof that the consumer requested contact, received the required pre-contractual information, verified their identity, and signed the contract.

Why Waiting is a Risk for Your Energy Sales in Spain Strategy

Moving forward, any commercial call placed to prospects regarding energy sales in Spain without an ironclad, verifiable consent process will be deemed an irregular practice, exposing your organisation to severe financial penalties and reputational damage under local regulations. Do not jeopardise your commercial strategy by delaying necessary operational updates for your compliance systems.

If you want to evaluate how to integrate Spanish compliance seamlessly into your existing telephone onboarding channels, let's talk.

You might also like:

https://blog.lleida.net/en/compliance-with-spain-energy-regulation-rd-88-2026-for-electricity-suppliers-obligations-penalties-and-how-to-prove-customer-consent/

We’ve all heard the cliché: "Data is the new oil." It sounds great in a presentation, but it falls apart the moment you actually have to prove something. In the era of global compliance, digital identity verification has changed the game. Just like crude oil, raw data is just potential; if you can't verify it, it’s just digital clutter. This is why modern organisations must implement a reliable framework for digital identity verification to turn raw information into a certified, strategic corporate asset.

It doesn’t matter if your company is sitting on a mountain of emails, files, and server archives. When a dispute hits, volume means nothing. What actually is relevant for your business is whether that data has a name, a timestamp, a signature, and a bulletproof legal audit trail.

This is undoubtedly where most businesses get it wrong.

There is a huge difference between collecting data and certifying it. Having a WhatsApp thread or a standard email is fine for daily chat, but can you legally defend its origin? Can you link it to a verified identity? Without automated digital identity verification, proving the true source of a digital message becomes impossible during a legal challenge.

In today’s market, value isn't found in hoarding data. It’s found in proof. It requires a "legal-by-design" mindset, using tools that certify every digital handshake and building a team culture that understands data isn't "done" when you collect it; it’s only done when it can hold up in court.

Shifting the Conversation: Insights from Europe’s Credit Leaders

This exact shift from simple data collection to true legal certainty was the core debate at the IV ANGECO Development Forum, a premier European summit where financial, legal, and regulatory leaders met to map out the future of credit management and debt recovery. During the panels, experts agreed that integrating seamless digital identity verification into every financial transaction is the single best way to mitigate fraud and ensure operational transparency

The takeaway from these industry heavyweights? Technology is no longer an optional add-on. It is the very backbone of how businesses and customers interact in a digital-first world.

In this new landscape, having "lots of data" isn't enough to be a competitive advantage any more. The real edge belongs to companies whose data is:

• Reliable and tamper-proof.
• Traceable from start to finish.
• Anchored to a verifiable identity.

A basic "tick-box" on a landing page, or a simple e-signature without a trusted third-party, might have worked in the past. Today? They are corporate liabilities. They simply lack the teeth to protect you when things go wrong. Using basic tools without an advanced digital identity verification system exposes companies to significant financial losses.

Credit Management and Digital Identity Verification

If you work in a sector like credit management, you already know that reaching the right person is everything, and regulations are only getting tighter worldwide. In this environment, a proper strategy for digital identity verification, like using digital certificates and two-factor authentication (2FA), isn't a luxury. It’s the spine of your entire operation.

When companies deploy robust digital identity verification tools, they can contact debtors with absolute precision, protecting themselves against regulatory penalties. As a trusted global service provider, this is undoubtedly what we do: we help you turn raw, vulnerable data into ironclad, legally binding proof through seamless digital identity verification workflows.

The Road Ahead: The Global Rise of Digital Identity

Wallet (driven by new European standards) will soon allow users to identify themselves in digital transactions with the same legal weight as a face-to-face ID check. Spain is already leading this transition with the recent rollout of its MiDNI system, setting a benchmark for international digital trade.

The message leaving the industry forums mirrors what we’ve been saying at Lleida.net for years: a robust framework for digital identity verification isn't a bureaucratic chore. It’s the foundation of trust. As regulations evolve, adopting a secure digital identity verification standard will become mandatory for all cross-border business transactions.

Any business that hasn't built a robust identity verification process and fails to focus on compliance is in for a rude awakening. And it will happen much sooner than they think.

Stop just collecting data. Start building evidence.

Get in touch with our team today, and let’s secure your business operations with total legal certainty and enterprise-grade digital identity verification

Digital authentication is no longer just about convenience; it is about survival. Managing customer onboarding, contracts, or remote transactions online requires a shift in strategy, as static security measures cannot keep up.

Ever since Spain's anti-money laundering authority (SEPBLAC) pioneered remote video identity verification back in 2016, the adoption curve has skyrocketed globally. Today, the world's leading financial institutions and fast-scaling digital brands have completely replaced manual checks with frictionless, camera-first video identification.

The modern standard is simple: a secure, compliant onboarding process completed in under five minutes from any device. This setup delivers flawless compliance with European AML directives, international KYC protocols, and stringent SEPBLAC mandates, all while tackling the single biggest threat to your bottom line: identity fraud.

The threat landscape is changing fast. Recent cybersecurity data shows that identity theft now accounts for 33% of digital fraud in Spain.

Thanks to the democratisation of generative AI, bad actors are deploying incredibly realistic deepfakes to bypass traditional security perimeters. To protect your business from catastrophic financial and legal fallout, upgrading your digital authentication posture is an urgent priority.

Winning the war against digital fraud requires an interconnected ecosystem:

• Biometric Authentication & Liveness Detection: Ensuring a real human is present, not a photo or video loop.
• Automated Document Verification: Real-time analysis of international ID patterns.
• Multi-Factor Authentication (MFA): Adding dynamic verification layers to every high-risk action.

At Lleida.net, we engineer these exact frameworks, built for rapid deployment, high conversion, and total compliance.

Identity validation is no longer a compliance checkbox; it is a critical revenue-protection layer.

High-security onboarding doesn't have to mean high-friction development. Lleida.net's eKYC Video engine integrates into your existing digital ecosystem in under 48 hours with minimal coding required.

Your users only need a camera-enabled smartphone or laptop, an internet connection, and a valid ID. To match your specific business model, the platform operates across two flexible modalities:

• Real-Time Assisted Video: A live verification expert guides the user through a secure video consultation.
• Automated Unassisted Video: The user completes a self-service workflow, while our advanced Back Office verifies documents and biometric markers in the background.

To maximise conversions, you can trigger automated SMS or email invites to push users directly into this secure digital authentication funnel. The entire experience is fully white-labelled, meaning your customers enjoy a seamless, trusted journey under your own corporate brand.

While identity verification checks who a user is upfront, digital authentication ensures they remain that same person across every interaction. It goes way beyond initial video onboarding, solving a critical security puzzle: how do you guarantee there's a legitimate user on the other side of that screen?

To keep your platform secure without destroying the user experience, deploying a robust digital authentication strategy means choosing the right methods:

• Two-Factor Authentication (2FA): Also known as two-step verification, this combines two independent security layers, such as a standard password and a one-time SMS code.
• Multi-Factor Authentication (MFA): Takes security a step further by adding additional layers of validation, usually requiring a physical token or biometric data.
• Biometric Authentication: Uses unique physical traits for instant verification, relying on fingerprints, facial recognition, or voice tech

Lleida.net provides a versatile suite of authentication tools designed to secure electronic signatures and shield sensitive portal entry points. When choosing a digital authentication method to secure electronic signatures, businesses can deploy several advanced frameworks to shield sensitive portal entry points.

Securing the Electronic Signature Journey

1. Direct-to-User OTPs (SMS, Email, or WhatsApp)

The backbone of modern Two-Factor Authentication (2FA). Lleida.net generates and delivers One-Time Passwords directly to your users' preferred messaging channels, without exposing them to third parties. For high-stakes operations, this delivery can be fully certified to provide ironclad admissible evidence in court.

2. Pre-Arranged Access Codes

Perfect for closed enterprise environments or B2B transactions. Signees authenticate using a confidential, pre-established code that is never transmitted over vulnerable communication channels.

3. Dynamic Smart Attachments

An adaptive security layer that prompts users to upload specific evidence (such as a payslip, identity document, or reference contract) mid-workflow to validate eligibility before signing.

4. eIDAS-Compliant Digital Certificates

Authenticate both individual users and corporate entities instantly, zero passwords required. By pulling certified electronic IDs, the system handles automated, real-time validity and revocation checks (via OCSP/CRL lookups) against eIDAS-trusted Certification Authorities (TSL). It's the ultimate way to deliver secure digital authentication without compromising on strict European regulatory compliance.

5. Instant Biometric & Document Profiling

A complete verification suite triggered by a simple ID scan and a selfie to complete the digital authentication journey

• AI Document Parsing: Instant OCR data capture and MRZ code analysis covering documents from over 240 countries.
• Graphic Verification: Automated integrity checks on embedded signatures, fingerprints, and holographic features.
• Facial Matching: Advanced algorithms compare the document asset against a live liveness check in real-time.

6. Pre-Signature Video Auditing

The absolute gold standard for high-risk corporate actions, financial service activation, and digital banking. Capturing a full audio-video record of the signing intent provides ironclad compliance with the Spanish Anti-Money Laundering Act (PBC/FT) and with strict SEPBLAC and Banco de España mandates.

It guarantees your platform is fully covered across all major European regulatory frameworks, including:

• KYC & AML (Know Your Customer / Anti-Money Laundering)
• GDPR (Data Privacy)
• PSD2 (Open Banking)

Securing Gateway and Customer Portal Access

Protecting user login pages is just as critical as verifying identities during the signing process. Lleida.net delivers two frictionless methods to deploy two-factor digital authentication across your portals:

• SMS & Email 2FA (One-Time Passwords): Users log in with their standard credentials and instantly verify their identity using a secure, single-use OTP code delivered straight to their preferred channel (SMS or email).
• Certvalidator: Complete passwordless ecosystem entry using pre-verified digital certificates aligned with global eIDAS frameworks.

Every workflow is unique. Let our solutions team analyse your processes and architect the optimal, conversion-friendly security mix for your brand.

Which verification method fits your needs? Let us analyse your process and recommend the ideal setup. Book your personalised demo today

YOU MIGHT ALSO BE INTERESTED IN:

The Top 5 Digital Frauds to Watch in 2025 and How to Stop Them