The main legal and tax issues to take into consideration regarding e-commerce, digital economy and privacy are discussed in this Chapter.

In Spain, as in neighboring countries, e-commerce-related activities are currently the object of specific regulation. In transactions involving e-commerce, regard should be had to the legislation on distance sales, advertising, standard contract terms, electronic signatures, data protection, intellectual and industrial property, and e-commerce and information society services, among others. Apart from these specific laws, it is also necessary to examine the general legislation on civil and commercial contracts and, in the case of e-commerce addressed to consumers (B2C), the specific regulation on consumers’ protection should also be considered.

E-commerce raises tax issues that can be addressed with difficulty from a purely Spanish perspective. For this reason, the Spanish tax authorities have preferred to wait until a consensus is reached on the measures to be adopted regionally and even worldwide. Fair progress has been made in reaching a consensus on the VAT treatment of “on-line e-commerce”. As for the direct taxation issues, it is foreseeable that any consensus will take the form of a coordinated, uniform interpretation of the various criteria determining the tax treatment of e-commerce, rather than a legislative change. A good example of this is the amendments made to the commentaries on the OECD Model Convention.

1. Introduction

E-commerce-related activities are regulated by diverse rules contained in Spanish legislation. Moreover, a fundamental point to bear in mind when undertaking any initiative in the area of electronic transactions is that the applicable legislation varies depending on the potential recipient of the related offer. Consequently, there is greater leeway for the parties to agree if the transaction takes place between companies (business to business, B2B) than if the commercial dealings are between a company and a private consumer as the final recipient (business to consumer, B2C), since, among others, consumer protection legislation will apply in the latter case.

In the tax sphere, e-commerce raises issues that are difficult to address from a purely Spanish perspective. Perhaps for that reason, the Spanish tax authorities have not seen fit to adopt unilateral measures, preferring to wait until a consensus is reached on the measures to be adopted regionally and even worldwide.

2. Defining regulatory principles

2.1. Civil and Commercial Legislation

2.1.1. Civil and Commercial Codes

Electronic contracts are fully subject to the rules established by the Spanish Civil Code on obligations and contracts and by the Commercial Code.

Electronic contracts are also subject to EC Regulation 593/2008, of June 17, 2008, on the law applicable to contractual obligations (Rome I) which will apply to contractual obligations in the civil and commercial area in situations involving a conflict of laws.

2.1.2. Distance sales

Equally applicable to electronic sales are the rules related to distance sales and other related relevant rules:

  1. Regarding commercial operations in which the buyer is an undertaking or a business man, Act 7/1996 ordering the Retail Trade should be taken into consideration, in particular the Chapter regarding Distance Sales, which makes a specific referral to Title III of Book II of the Legislative Royal Decree 1/2007, of 16th of November, which approved the Revised General Consumer and User Protection Law and other supplementary laws.

  2. Whenever e-commerce activities are targeted at consumers, it is necessary to comply with consumer protection legislation, regulated in the mentioned Legislative Royal Decree 1/2007, of November 16, 2007.

    This Law defines “distance sales” as sales concluded without the simultaneous physical presence of the buyer and the seller, where the seller’s offer and the buyer’s acceptance are conveyed exclusively by a means of distance communication of any nature and within a distance contract system organized by the seller.

    This Law establishes that distance sale offers (either to consumers or to undertakings) must contain at least the following:

    • The seller’s identity.
    • The special features of the product, the price, and the shipping expenses and, if applicable, the cost of using the distance communication technique if it is calculated on a basis other than the basic rate basis.
    • The payment method, and form of delivery or types of fulfillment of orders.
    • The period for which the offer remains valid and, if applicable, the minimum term of the contract.
    • The existence of a right to withdraw or terminate the contract and, if applicable, the circumstances and conditions in which the seller could supply a product of equivalent price and quality.
    • The out-of-court dispute resolution procedure, if applicable, in which the seller participates.
    • Reminder of the existence of a legal guarantee depending on the type of goods or services.
    • Information of the cases in which the costs of returning the goods must be borne by the Seller.

    This Royal Decree sets out, among other matters affecting the consumers, the rules governing unfair conditions of contracts concluded with consumers, and the right to withdraw that consumers have in distance sales (fourteen calendar days).

  3. It should also be noted that Law 22/2007, of July 11, 2007, on the distance marketing of consumer financial services, shall also be taken into consideration when dealing with consumers in the financial sector. The Law specifically regulates the protection granted by the general law to the users of remote financial services by establishing, among others, the generic requirement to provide the consumer with precise and exhaustive information on the financial contract prior to its signature and by granting the consumer a specific right to withdraw from the distance contract previously concluded.
  4. In making the contract, where there is an intention to incorporate predisposed clauses into a plurality of contracts, regard must be had to Standard Contract Terms Law 7/1998.
  5. If the activity carried out is related to the sale of consumer goods, the aforementioned Legislative Royal Decree must be taken into consideration regarding the warranties on consumer goods, because it establishes the measures aimed at ensuring a minimum uniform standard of consumer protection. The Royal Decree establishes a free 2-year warranty for consumers on all consumer goods and offers consumers a range of possible remedies when the goods acquired are not in keeping with the terms of the contract, enabling consumers to demand their repair or substitution.

2.1.3. Other applicable regulations

  1. In accordance with Law 56/2007, enterprises that provide services of special economic significance to the general public and that are of a certain size are required to provide their users with an electronic means of communication which, through the use of qualified electronic signature certificates, enables them to perform at least the following steps: (a) conclude contracts electronically and amend and terminate them; (b) consult their customer data (including a record of billing covering at least the past 3 years) and the concluded contract, with its general conditions; (c) submit complaints, incidents, suggestions and claims (while guaranteeing a record of their submission and direct personal assistance); and (d) exercise the rights of access, rectification, cancellation and objection (known as “ARCO” rights) provided for in the data protection legislation.

    This requirement applies to enterprises providing services of special economic significance to the general public provided that they employ more than 100 workers or have an annual turnover (according to the VAT legislation) of more than €6,010,121.04. The enterprises that Law 56/2007 includes in this category are those operating in the following industries: (i) electronic communications services to consumers; (ii) financial services aimed at consumers (banking, credit or payment, investment services, private insurance, pension plans and insurance brokerage); (iii) supplying water to consumers; (iv) supplying retail gas; (v) supplying electricity to final consumers; (vi) travel agencies; (vii) carriage of travelers by road, railway, by sea, or by air; and (viii) retail trade (although for these last-mentioned ones, the electronic means of communication need only enable what is set out in points 3 and 5 above).

  2. Due to their particular importance in electronic commerce, it is worth noting some legal provisions concerning payment services:

    • Payment Services Law 16/2009, of November 13, 2009, which mainly affects the payment transactions that are most commonly used in an electronic commerce environment: transfers, direct debiting and cards, establishing as a general rule that the payer and the payee of the transaction must each bear the charges levied by their respective payment services providers. In any event, in the case of transactions with consumers, the specific legislation (Legislative Royal Decree 1/2007) prohibits the trader from charging the consumer fees for the use of payment methods that exceed the cost borne by the trader for the use of such payment methods.

      Lastly, both the Payment Services Law and the consumer protection legislation envisage for distance contracts that, where the amount of the purchase or of a service has been charged fraudulently or incorrectly using the number of a payment card, the consumer may request the immediate cancellation of the charge.

    • The legislation on interchange fees has been introduced by Royal Decree-Law 8/2014, of July 4 and Law 18/2014, of October 15. This legislation establishes a system of caps on interchange fees in transactions with credit or debit cards in Spain (applying them to POS terminals located in Spain), regardless of the trade channel used (that is, including physical and virtual POS terminals), provided that they require the involvement of payment services providers established in Spain.

      The caps applicable on or after September 1, 2014 are as follows:

      • Debit cards: the interchange fee per transaction may not exceed 0.2% of the value of the transaction, subject to a cap of 7 euro cents. But if the amount does not exceed twenty euros, the interchange fee may not exceed 0.1% of the value of the transaction.

      • Credit cards: the interchange fee per transaction may not exceed 0.3% of the value of the transaction. But if the amount does not exceed twenty euros, the interchange fee may not exceed 0.2% of the value of the transaction.

        These caps do not affect transactions performed with company cards or withdrawals of cash from automatic teller machines. In addition, three-party payment card systems are excluded from the application of these caps, except for certain cases identified by the legislation.

  3. Lastly, worthy of note is Law 29/2009, of December 30, 2009, modifying the legal regime governing unfair competition and advertising in order to enhance consumer and user protection. Special mention should be made of the unfair practice status to be granted to the making of unwanted and reiterated proposals by telephone, fax, e-mail and other means of long-distance communication, unless such proposals are legally justified for the purpose of complying with a contractual obligation. Moreover, when issuing such communications, traders and professionals must use systems that enable consumers to place on record their opposition to continuing to receive commercial proposals from such traders or professionals. Thus, when making such proposals by telephone, calls must be made from an identifiable number.

2.2. Electronic invoicing

Article 88.2 of Value Added Tax Law 37/1992 states that VAT shall be charged on an invoice, on the conditions and with the requirements determined by regulations. A clear indication that the new invoicing regulations approved by Royal Decree 1619/2012, of November 30, 2012, aim to promote electronic invoicing is that they establish the same treatment for electronic invoices as for paper invoices. A new definition is provided for electronic invoice, i.e., an invoice that meets the requirements established in the Royal Decree but which has been issued and received on electronic format.

Therefore, this equal treatment for paper and electronic invoices broadens the possibilities for the supplier to be able to issue invoices electronically without needing to use specific technology to do so.

Moreover, Order EHA/962/20071, issued by the Ministry of Finance and Civil Service establishes and further develops particular obligations regarding, telematic invoicing. That Order clarifies that any Advanced Electronic Signature based on a certain certificate and generated through safe signing procedures will be valid in order to guarantee the authenticity and origin of the bill. The Order also clarifies the legal requirements that electronic invoices issued abroad must meet in order to be validly accepted in Spain.

Since January 15, 2015, there has been an obligation in Spain (by application of Law 25/2013, of December 27, 2013, on the promotion of electronic billing and the creation of a public sector accounting register of invoices) to issue invoices in electronic format that affects enterprises operating in certain industries (according to a list included in the Law) and providing services “of special economic significance” to the general public.

This obligation to issue electronic invoices applies regardless of the contracting channel used (face-to-face or distance, electronic or non-electronic), provided that the customer agrees to receive them or has expressly requested them.

However, travel agencies, carriage services and retail trade businesses are only required to issue electronic invoices where the contracting has taken place by electronic means.

In any event, it is the recipient of the invoices who has the power to give his or her consent to the issuance and sending of invoices in electronic format and to revoke such consent in order to receive them on paper again. In the absence of consent, the trader should issue and send the invoices on paper.

2.3. Electronic signature

The Electronic Signature Law 59/2003 of December 19 aims to promote more widespread use of electronic signatures as an instrument that generates trust and security in telematic communications, thereby contributing to the development of e-commerce and of the “e-government”.

“Electronic signature” is defined by the Law as a set of data, in electronic form, attached to or associated with other electronic data, which can be used as a method for identifying the signatory. A separate class of electronic signature is the “advanced electronic signature,” which is recognized as a signature which permits the signatory to be identified and the integrity of the data signed to be verified, since it is linked exclusively to the signatory and to the data to which it relates and since it has been created by means that the signatory can keep under his sole control.

The Law includes the concept of “recognized electronic signature”, defining it as an advanced electronic signature based on a certificate recognized and generated through a secure-signature-creation device.

Under the referred Law, both individuals and legal entities can act as signatories. In this way, the Law aims to encourage the placing of orders and issuing of invoices by telematic means, while at the same time safeguarding legal certainty for the entity holding the electronic signature and for the third parties who have dealings with it. However, electronic certificates of legal entities will not alter civil and commercial legislation as regards the provisions governing the concept of the hierarchical or voluntary representative.

Furthermore, the Electronic Signature Law regulates the activity of certification service providers issuing certificates that link signature verification data to a certain signatory. The Government also has a service to publicize information on the certification service providers operating in the market.

Furthermore, in order to be able to offer their services, certification service providers must arrange liability insurance of at least €3 million to cover any risk of liability for damage or loss.

Lastly, Electronic Signatures Law 59/2003 contains provisions regulating the electronic national identity card, which is defined as a recognized electronic certificate intended to popularize the use of secure electronic instruments capable of conferring the same integrity and authenticity as currently surround communications on physical medium.

On the 28th of August 2014 the European Regulation on Electronic Signature was published in the Official Journal. This Regulation came into force on the 17th of September of the same year and it is obligatory since the 1st of July 2016. Directive 1999/93/CE was then automatically repealed.

2.4. Personal data protection

Another aspect that may have e-commerce implications is the possible processing of any personal data in transactions of this nature.

Constitutional Law 15/1999, of 13 December, on Personal Data Protection, regulates the processing of an individual’s personal data.

On May 4th 2016 the General Data Protection Regulation of the European Union (GDPR) was published in the Official Journal; it will come into force on May 25th 2018. Until then, the local Data Protection Law will continue to be obligatory.

The Organic Law applies to “personal data,” meaning any information concerning identified or unidentified individuals. Accordingly, it does not apply to data concerning legal entities; in addition, it does not apply to data concerning individual entrepreneurs or individuals being the contact person of a legal entity where the personal data is used exclusively in a “B2B” framework and where such data is limited to the following: name and surname(s), functions or jobs performed, as well as the postal or e-mail address and professional telephone and fax numbers.

Personal data protection legislation revolves around the following principles:

  • The data subject must give prior consent to the processing of his or her personal data, with the exceptions envisaged by the Law.
  • The processing of specially protected data (i.e., data referring to ideology, labor union membership, religion, beliefs, ethnicity, health, and sex life) require the data subject’s express consent (in writing in the first four cases).
  • The data subject must be informed of a number of matters in relation to the envisaged processing of his or her personal data.
  • Personal data may only be processed where they are adequate, relevant and not excessive in relation to the purpose for which they have been obtained.
  • Personal data may only be communicated to a third party if the data subject has given his or her prior consent for such purpose, unless such communication is permitted by the Law.
  • When the communication is addressed to a third party classified by the Law as a data processor, which provides a service entailing access to such data, prior consent by the data subject is not required, but the relationship must be regulated in a contract for services that includes a number of provisions established by the Law.
  • Data subjects are afforded the rights of access, rectification, cancellation, and opposition to and of the processing of their personal data.
  • The creation of personal data filing systems must be previously notified to the Spanish Data Protection Agency2, the agency in charge of enforcing this legislation.
  • The establishment of minor, serious or very serious infringements as a result of breaches of the obligations imposed by this Law, with penalties of up to €600,000 for each data unlawfully processed.

It should also be noted that communications of data involving the international movement of personal data require the prior authorization of the Director of the Spanish Data Protection Agency, when such data is to be sent to countries without a level of protection comparable to that of Spain, except in a number of specific cases such as, for example, when the data subject gives his or her unambiguous consent to the transfer of his or her data. In this connection, it is assumed that States that are part of the European Economic Area ensure an adequate level of protection. In other cases, a decision in this connection is required from the EU Commission3, or a ruling from the Spanish Data Protection Agency, that the data protection offered by the country in question is appropriate.

In relation to penalties, worthy of note is the power of the Spanish Data Protection Agency not to commence, in certain exceptional cases, disciplinary proceedings and, instead, require the party responsible for the offense to evidence that it has taken the corrective measures applicable in each case

Also of special note are the Regulations implementing Personal Data Protection Organic Law 15/1999, approved by Royal Decree 1720/2007, of December 21. These Regulations include many of the standards and recommendations that the Spanish Data Protection Agency has been issuing in recent years on the practical application of, and ways to execute, the various principles that govern personal data protection. In this respect, the Regulations govern matters such as ways of obtaining consent, in particular where data is processed for marketing purposes, the outsourcing of personal data processing or the way in which data subjects can exercise their rights of access, cancellation, rectification and opposition. The Regulations also include a chapter on the security measures that must be taken by data controllers, regardless of whether the data is processed by automatic or manual means.

Most of the formal obligations in Organic Law 15/1999 will disappear when the GDPR is obligatory, which bases its regulatory structure on the “accountability”, which implies the obligation for the data controller to assess the processing that it carries out and the risks attached thereto, adopting the security measures that are more accurate for each case.

2.5. Intellectual and industrial property and domain names 

2.5.1. Intellectual property

The legal protection of intellectual property is hugely important when engaging in e-commerce in the “information society”, since digital content protected by intellectual property (copyright, trademarks, image rights, etc.) constitutes the real value added of the internet.

The Copyright Law4 establishes in Article 10 that all original literary, artistic or scientific creations expressed by any means or on any medium, whether tangible or intangible, currently known or invented in the future, are copyrightable. Accordingly, all original creations are subject to protection, including graphic designs and source codes of, and information contained on, websites.

Website content will be afforded such protection as pertains to the specific category of the content (graphics, music, literary works, audiovisual, databases, etc.) and, therefore, the person in charge of the website must hold the related rights, either as the original owner (of the collective work under his management or developed by employees) or as a licensee.

In protecting intellectual property, the owner may seek both civil and criminal remedies. The Copyright Law affords the holder of the rights of exploitation the possibility of applying for the cessation of unlawful activities (e.g., a website unlawfully disseminating a protected work could be closed down) and of seeking damages. From a criminal law standpoint, the protection of intellectual property on the Internet is based on Article 270 of the Criminal Code, which imposes prison sentences or fines for crimes against intellectual property.

Directive 2001/29/EC on the harmonization of certain aspects of copyright and related rights in the information society, was implemented in Spain through Law 23/2006, which amends the Copyright Law in order to harmonize the economic rights of reproduction, distribution and public communication (including new forms of interactive on-demand availability of works), with the rest of EU Member States and to adapt the rules governing these rights to the new operating procedures existing in the Information Society. Recently, Spain has placed itself at the forefront of the fight to strengthen copyright protection on the Internet in Europe. Law 21/2014, of November 4, broadens the powers of the administrative body within the Ministry of Culture (the “Second Section of the Copyright Commission”), strengthening an expedited hybrid procedure of administrative and judicial nature to fast-track action for copyright infringement on the Internet. The purpose of this amendment is to force Internet Service Providers (ISPs) to take down unlawful content and, in some cases, to shut down websites which openly violate copyright legislation (including websites which actively provide lists of links to unlawful content). However, the amendment is not focused on individuals who share unlawful content through “peer to peer” networks.

Lastly, we must underline the elimination of the private copying levy, applied in Spain until January 1, which required collaboration from manufacturers, distributors and retailers of products “suitable for reproducing copyrighted works”. The former system was replaced in 2012 with a new form of compensation which shall be satisfied directly by the State to the copyright owners. Law 21/2014 consolidates the State-funded system.

2.5.2. Industrial property

When engaging in e-commerce, regard should also be had to industrial property matters. Article 4.c of Patents and Utility Models Law 11/19865 provides that plans, rules, and methods for conducting a business, as well as software, cannot be patented.

2.5.3. Domain names

Another essential issue to take into account is the registration and use of domain names. In this respect, Order ITC/1542/2005 approved the National Plan for Internet Domain Names under the country code for Spain (“.es”). The function of assigning domain names under the “.es” code is performed by the public for-profit entity

Order ITC/1542/2005, following international trends, simplified the system for assigning “.es” domain names, which can be requested directly from the granting authority or through an agent.

Thus, second-level domain names under the code “.es” are assigned on a “first come, first served” basis. This assignment can be requested by individuals or legal entities and entities without legal personality that have interests in or ties with Spain. However, those which coincide with a first-level domain name or with generally known names of Internet terms will not be assigned.

It is also established that domain names under the codes “,” “,” “,” “” and “” may be assigned in the third level. The persons or entities that can apply for the domain names will vary according to the codes. Thus, for example, the Spanish Public Authorities and public law entities can request domain names under the “” code.

Furthermore, the National Plan establishes that the right to use a domain name under the currently in force “.es” code is transferable provided that the acquiror meets the requirements necessary to own the domain name and that the transfer is notified to the assigning authority.

Also, one of the main features of Order ITC/1542/2005 is the establishment of an extrajudicial body of mediation and arbitration for the resolution of disputes concerning the assignment of “.es” domain names.

2.6. Law 34/2002 on E-Commerce and Information Society Services

Law 34/2002 on E-Commerce and Information Society Services (ECISSA) defines as “information society services” any service provided for a valuable consideration, long-distance, through electronic channels and upon individual request by the recipient, also including those not paid for by the recipient, to the extent that they constitute an economic activity for the provider. Specifically, the following are deemed to be information society services:

  • Contracting for goods and services through electronic means;
  • Organization and management of auctions using electronic means or of virtual shopping centers or markets;
  • Management of purchases on the network by groups of persons;
  • Sending of commercial communications;
  • Supply of information through telematic channels; and
  • Video upon demand, as a service that the user may select through the network and, in general, the distribution of contents upon individual request.

The ECISSA applies to information society service providers established in Spain. In this respect, the provider is considered to be established in Spain when its place of residence or registered office is located in Spanish territory, provided that it coincides with the place where its administrative, management and business administration are actually centralized. Otherwise, the place where such management or direction is performed will be considered.

Likewise, the ECISSA will apply to services rendered by providers who are resident or have a registered office in any other State when the services are offered through a permanent establishment located in Spain. Therefore, the mere use of technological means located in Spain to provide or access the service will not of itself determine that the provider has an establishment in Spain.

The above notwithstanding, the requirements of the ECISSA will apply to service providers established in another State of the European Union or the European Economic Area when the recipient of the services is located in Spain and the services affect:

  • intellectual or industrial property rights;
  • advertising issued by collective investment institutions;
  • direct insurance activities;
  • obligations arising from contracts with consumers; or
  • the lawfulness of unsolicited commercial communications by e-mail.

The ECISSA establishes the basic legal regime for information society service providers and e-commerce activities, including:

  • The principle of freedom to provide services not subject to prior authorization applies to information society services, except in certain cases. In the case of service providers established in States that do not belong to the European Economic Area, this principle will apply in accordance with the applicable international agreements.

  • The following obligations are imposed on information society service providers:

    • To put in place the means to permit the recipients of the services and the responsible bodies to access easily, directly and free of charge, the information on the provider (corporate name, registered office, registration particulars, tax identification number, etc.), on the price of the product (stating if it includes applicable taxes and shipping costs) and on the codes of conduct to which it has adhered.

    • For providers of intermediation services, to cooperate with the responsible authorities in interrupting the provision of information society services or in withdrawing contents.

      Please note that depending on the specific services that these intermediation service providers carry out (access to the internet, e-mail services), they are obliged to furnish certain information such as, for example, the security measures in place, the filters for certain persons to access the site or the responsibility of the users.

  • A specific system of liabilities is established for information society service providers, without prejudice to the provisions of civil, criminal and administrative legislation.

  • A specific system is established for commercial communications through electronic channels, without prejudice to the legislation in force on commercial, publicity and personal data protection matters. In this regard, commercial communications through electronic channels must be clearly identifiable, stating the individual or corporation for whom they are made, and spelling out the conditions for access and participation, in the case of discounts, prizes, gifts, competitions or promotional games.

    Additionally, advertising or promotional communications sent by e-mail or similar form of communication that have not been previously requested or expressly authorized by the recipients are prohibited. Express consent will not be necessary when there is a pre-existing contractual relationship, provided that the supplier had lawfully obtained the recipient’s contact data and that the commercial communications refer to goods or services of the provider’s own company which are similar to those for which the recipient initially made a contract. In any case, the provider must offer the recipient the possibility to object to the processing of his data for promotional purposes, through a procedure that is simple and free of charge, both at the time the data is collected and in each of the commercial communications sent to him. Where the communications have been sent by e-mail, that medium shall necessarily include a valid e-mail address where the recipient can exercise this right, it being prohibited to send communications that do not include such address.

  • Service providers may use devices for storage and recovery of data on computer terminals of the recipients (commonly known as “cookies”), on the condition that the recipients have given their consent after having received clear and complete information on their use.

    Where technically possible and efficient, the recipient may give his consent to the processing of his data through the use of the appropriate parameters of the browser or of other applications, provided that the recipient must configure it during installation or updating through express action for that purpose.

    The foregoing will not prevent the possible technical storage or access for the sole purpose of transmitting a communication through an electronic communications network or, to the extent that it is strictly necessary, providing an information society service expressly requested by the recipient.

    The Spanish Data Protection Agency is the body with authority to impose monetary penalties on the information society providers for the use of cookies without the proper informed consent from users of an information society service. The fines can reach the amount of €30,000.

  • Contracts through electronic channels are regulated, recognizing the effectiveness of the agreements made through electronic channels when consent has been granted and other requirements necessary for their validity are met. Additionally, the following provisions are established for contracts made through electronic channels:

    • The requirement that a document should be placed on record in writing is considered to be met when it is contained on electronic medium.

    • The admission of documents on electronic medium as documentary evidence in lawsuits.

    • Determination of the legislation applicable to the contract made through electronic channels will be governed by the provisions of international private law.

    • Establishment of a series of obligations to be met prior to commencement of the contracting procedures, relating to the information that must be furnished on the formalities for the making of the contract, the validity of offers or proposals of contracts and the availability, if any, of general contracting conditions.

    • Obligation on the offeror to confirm receipt of the acceptance within 24 hours after its receipt, by an acknowledgement sent by e-mail or equivalent means to that used in the contracting procedure which enables the recipient to give such confirmation.

    • Assumption that agreements made through electronic channels in which the consumer participates have been made in the place where the consumer has his customary place of residence. When these contracts are made between entrepreneurs or professionals, they will be assumed to have been made, in the absence of a provision on the matter, in the place where the service provider is established.

      When dealing with agreements entered into with customers, the Revised General Consumer and User Protection Law should be taken into account, in particular in connection with distance sales.

  • Recognition of a ground to claim cessation against conduct that contravenes the ECISSA which is detrimental to collective or general consumers’ interests, and promotion of out-of-court settlement of disputes.

  • Establishment of minor, serious and gross infringements due to failure to comply with the obligations imposed by the ECISSA, with penalties of up to €600,000.

3. Tax implications of e-commerce in Spain

3.1. Problems, general principles and initiatives taken in relation to taxation

Except for Spain’s commitments to the European Union (“EU”) on value added tax (“VAT”), at present there is no tax regime in Spain that specifically regulates the trading of goods and services on the Internet. Therefore, the same taxes and the same rules as those for other forms of commerce apply to e-commerce. This approach is in tune with the principles enunciated by the Spanish Tax Agency in the Report of the Commission analyzing the impact of e-commerce on the Spanish tax system, prepared by the Office of the Secretary of State for Finance.

Below is a list of the basic pieces of VAT legislation emanating from the EU:

  • Council Directive 2006/112/EC of 28 November 2006 on the common system of value added tax. Council Directive 2008/8/EC of 12 February 2008 has amended Directive 2006/112/EC as regards the place of supply of services, introducing, in particular, rules applicable to telecommunications, broadcasting and electronically supplied services, with effect from January 1, 2015.
  • Council Implementing Regulation (EU) No. 282/2011 laying down implementing measures for Directive 2006/112/EC on the common system of value added tax. This Regulation has been amended by Council Implementing Regulation (EU) No. 1042/2013 of 7 October 2013 as regards the place of supply of services.
  • Council Regulation (EU) No. 904/2010 of 7 October 2010 on administrative cooperation and combating fraud in the field of value added tax, which recast Council Regulation (EC) No. 1798/2003 of 7 October 2003 on administrative cooperation in the field of value added tax and repealing Regulation (EEC) No. 218/92 on administrative cooperation in the field of indirect taxation (VAT), in respect of additional measures regarding electronic commerce.
  • Council Regulation (EU) No. 967/2012 of 9 October 2012 amending Council Implementing Regulation (EU) No. 282/2011, as regards the special schemes for non-established taxable persons supplying telecommunications services, broadcasting services or electronic services to non-taxable persons. Among other matters, this Regulation regulates the existence, starting January 1, 2015, of a single point of electronic contact for suppliers of EU electronic, telecommunications, and broadcasting services which will enable enterprises to declare and pay over the VAT in the Member State where they are established rather than doing so in the customer’s country.

The provisions of these pieces of legislation and their transposition into Spanish law are examined in Section 3.3. on the indirect taxation of e-commerce.

Member countries of the Organisation for Economic Co-operation and Development (OECD) and the G20 are currently working on the developing and implementing of international standards in tax matters. This work has its origin in the 15 measures of the Action Plan against of the Base Erosion and the Profit Shifting (BEPS Action Plan) published in 2013. Action 1 of this project (Addressing the Tax Challenges of the Digital Economy, OECD, 2015) addresses the current fiscal challenges of the digital economy.

The EU has also been concerned about the growing digital economy of our day. In this sense, it has long promoted the European Strategy eEurope2020 (now eEurope2020) which encourages e-commerce. It has also set up a group of experts on taxation of the digital economy whose first report entitled Commission Expert Group on Taxation of the Digital Economy, was issued in May, 2015. This report refers, among others, to the BEPS Action Plan, as well as, in tax matters, to Corporate Income Tax and VAT.

It is also worth noting that last December 2016, the European Commission published four legislative proposals relating to different aspects of the tax treatment of e-commerce transactions in their broadest sense, in the context of the Action Plan contained in the Communication to the European Parliament, to the Council and to the Economic and Social Committee dated 7 April 2016.

The proposals put forward by the Commission have a dual aim: on the one hand, in light of the successful functioning of the special reporting regime system applicable to services provided electronically, telecommunications, radio broadcasting and television services, through the Mini One-Stop Shop, it proposes extending this system to other types of e-commerce transactions (with both goods and services); on the other hand, it seeks to improve and simplify the system in light of the experience of the last two years.

3.2. Direct taxation

Despite there being no differences in the tax treatment of income obtained electronically, the following chart shows the main potential issues of contention in the area of e-commerce:

Table 1


a) The permanent establishment problem

b) Legal characterization of the income generated from the sale of goods and services on the Internet

c) Determination of taxable income and transfer pricing problems

d) Application of the place-of-effective-management rule to determine the tax residence of taxable persons engaging in e-commerce activities

The most relevant considerations and the progress made in analyzing those issues are summarized below:

3.2.1. The permanent establishment problem

The issue concerns whether the paradigmatic elements of e-commerce, such as a server, a website, etc., can be deemed a permanent establishment (“PE”) in the country where a company supplying a good or service on the Internet is located.

The Commentary published in July 2014 on article 5 of the OECD Model Tax Convention (concerning the definition of permanent establishment) remains unchanged from that published in 2003, in which the elements defining the new forms of commerce were already foreshadowed. Based on the observations made in the Commentary, the following chart shows the scenarios in which a PE can be deemed to exist and those in which it cannot:

Table 2

Can constitute a PECannot constitute a PE




ISP (Internet Service Provider)


The reasons justifying the characterization of a PE in each case are as follows:

  • A computer or server can constitute a PE whereas the software used by that computer cannot. This distinction is important because the entity that operates the server hosting the website is normally different from the entity that engages in the online business (hosting agreements).

    In order to characterize a server as a PE, regard must be had to the following considerations:

    • A server will constitute a fixed place of business only if it is permanent and located in a certain place for a sufficient length of time. What is relevant here is whether it is actually moved from one place to another, rather than whether it can be moved. A server used for e-commerce can be a PE regardless of whether or not there is personnel operating that server, since no personnel is required to perform the operations assigned to the server.

    • In determining whether or not the server installed by a given enterprise in a country constitutes a PE, it is particularly important to analyze whether the enterprise engages in business activities specific to its corporate purpose through that server, or whether, on the contrary, it only engages in activities of a preparatory or auxiliary character (such as advertising, market research, data gathering, providing a communications link between suppliers and customers, or making backup copies).

  • A website does not, in itself, constitute tangible property and, therefore, cannot be deemed a “place of business,” defined as facilities, equipment, or machinery capable of constituting a PE. ISPs do not generally constitute a PE of enterprises that engage in e-commerce through websites since ISPs are not generally dependent agents of those nonresident enterprises.

3.2.2. Legal characterization of income

The second relevant issue is the characterization of income and, in particular, the possibility that certain goods supplied online may, merely by virtue of the fact that they are protected by intellectual or industrial property laws (such as music, books and, particularly, software), be characterized as generators of royalties and, therefore, be taxable in the country of source.

The Commentaries on the OECD Model Tax Convention characterize as business profits (instead of royalties) almost all payments made for all intangible goods delivered electronically, on the ground that the subject-matter of those transactions are copies of images, sounds or text, rather than the right to exploit them commercially.

Initially, Spain included an observation on the relevant Commentary on the 2003 Model Tax Convention qualifying the treatment of the acquisition of rights to software by arguing that payment for those rights could constitute a royalty. Specifically, Spain considered that payments relating to software were royalties where less than the full rights to it were transferred, either if the payments were in consideration for the use of a copyright on software for commercial exploitation or if they related to software acquired for business or professional use when, in this latter case, the software was not absolutely standardized but somehow adapted to the purchaser.

However, the relevant Commentary on the OECD Model Tax Convention published in July 2008 takes the novel line that payments made under arrangements between a software copyright holder and a distribution intermediary do not constitute a royalty if the rights acquired by the distributor are limited to those necessary for the commercial intermediary to distribute copies of the software. Thus, if it is considered that distributors are paying only for the acquisition of the software copies and not to exploit any right in the software copyrights (without the right to reproduce the software), payments in these types of arrangements would be characterized as business profits. The Commentary published in July 2010 maintains this position.

In light of this change in the Commentary on royalties in the Model Tax Convention, Spain introduced a qualification in its observations on the Commentary published in July 2008 (which was kept in the Commentary on the OECD Model Tax Convention published in July 2010), indicating that payments in consideration for the right to use a copyright on software for commercial exploitation constitute a royalty, except payments for the right to distribute standardized software copies, not comprising the right to customize or to reproduce them.

Therefore, as acknowledged by the Directorate-General of Taxes in its binding ruling of November 10, 2008 and other subsequent rulings, Spain considers that payments made for the right to distribute standardized software copies are business profits, although it continues to treat as royalties any payments made for the right to distribute software where the software has been adapted. In any case, as was clarified in a binding ruling of November 23, 2010, the transfer, together with the distribution right, of other rights, such as a license to adapt the software being distributed, will mean that the payments are treated as royalties.

It should also be noted that article 13 of the Revised Nonresident Income Tax Law, approved by Legislative Royal Decree 5/2004, of March 5, 2004, treats as royalties amounts such as those paid for the use of, or the right to use, rights in software.

Also, in some tax treaties signed by Spain, income derived from the licensing of software is expressly characterized as a royalty. In this regard, one should note the Supreme Court judgment of March 25, 2010, which defined the licensing of software as a license of the rights to exploit a literary work, although the Court’s definition addressed a situation pre-dating the entry into force of the Spanish legislation specifically listing the items deemed to be royalties. However, in a judgment dated March 22, 2012, the National Appellate Court held that such a definition was no longer possible after the entry into force of the above-mentioned legislation. The Supreme Court confirmed this view in a judgment handed down on March 19, 2013, in which it held that characterization as a literary work is no longer correct after the change in the legislation.

3.2.3. Determination of taxable income and transfer pricing problems

The widespread use of intranets among different companies belonging to multinational groups, and the enormous mobility of transactions over computer networks, create highly complex problems when applying the traditional arm’s-length principle to pricing transactions within groups. This has been accentuated by the increase in transactions between group companies and the downloading of digital content or of free services.

Accordingly, the tax authorities of OECD countries (including Spain) are advocating the development of bilateral or multilateral systems for advance pricing agreements, applying the OECD transfer pricing guidelines to e-commerce. Noteworthy in this regard is the creation of an EU Joint Transfer Pricing Forum in which, among other matters, non-legislative measures are being proposed to enable a uniform application of the OECD guidelines across the EU.

In BEPS, Actions 8 to 10 of the BEPS Action Plan have the ultimate aim of ensuring that the results of transfer pricing are in line with the creation of value. The implementation of the measures of the BEPS Action Plan has not yet been done, as it is expected to be developed and implemented in 2016 and 2017.

3.2.4. Application of the place-of-effective-management rule

Due to the special characteristics of e-commerce (which include easy detachability from location, relative anonymity, and the mobility of the parties involved), the traditional rules on taxation of worldwide income, based on the principles of residence, registered office or place of effective management, are more difficult to apply to taxpayers engaging in e-commerce.

Indeed, the parameters established in the tax treaties for apportioning the revenue powers among States in the event of a conflict (most of them based on the “place-of-effective-management” principle) are exceeded in the context of e-commerce, since the various managing bodies of the same enterprise can be located in different jurisdictions and be totally mobile during the same year. It can therefore be extremely difficult to determine where the enterprise’s place of effective management is situated, and this can lead to double taxation or to no taxation at all.

Although this issue is being studied by international organizations and by the Spanish tax authorities themselves, they have yet to arrive at clear conclusions on how to resolve it. Accordingly, a close watch will have to be kept on progress with the work being done in this area.

3.3. Indirect taxation

It is in the area of VAT where the most relevant coordinated legislative measures have been adopted.

The indirect taxation implications for e-commerce mainly concern “online e-commerce,” a term that refers to products supplied on the Internet in digitized format (books, software, photographs, movies, music, and so on) and downloaded by a user in real time onto his or her computer, having clicked on to the supplier’s website and paid for the products in question (in contrast to offline supplies where products sold on the Internet are subsequently delivered by using conventional means of transportation). In offline e-commerce, where goods are still physically supplied, the traditional VAT concepts apply.

The main VAT issues arising in relation to e-commerce (especially in the area of online e-commerce) are basically the following:

  • The definition of “taxable event” as a supply of goods or services and the application of the resultant rules for determining the place of supply.
  • The determination of the VAT rates applicable to the different types of e-commerce.
  • The adaptation of the formal obligations and management of VAT to the realities of e-commerce and, particularly, the invoicing obligations.
  • The problems already raised in relation to direct taxation, regarding the determination of the existence of a permanent establishment and of the effective place of business, are also applicable in the area of indirect taxation. Council Implementing Regulation (EU) No. 282/2011 has clarified these concepts, defining them as follows:
    • “Place of establishment of a business”: the place where the functions of the business’s central administration are carried out, i.e., the place where essential decisions concerning the general management of the business are made, the place where the registered office is located or the place where management meets. The Regulation clarifies that if, having regard to the above criteria, the place of establishment of a business cannot be determined with certainty, the place where essential management decisions are made will take precedence. It also clarifies that a postal address cannot be taken to be the place of establishment of a business.

    • “Permanent establishment”: any establishment, other than the place of establishment of a business, with a degree of permanence and a suitable structure in terms of human and technical resources to enable the services supplied it to be received and used for its own needs.

Each of these issues is briefly examined below.

3.3.1. Definition of “taxable event” as a supply of goods or services for the purpose of determining the place of supply

Directive 2002/38/EC was based on the premise that transactions performed electronically are deemed supplies of services:

  • Services will be deemed to be electronically supplied services where their transmission is sent initially and received at destination by electronic data processing equipment. The fact that the supplier of a service and his customer communicate by e-mail does not of itself mean that the service performed is an electronically supplied service.

    In relation to the concept of “electronically supplied service”, article 7 of Council Implementing Regulation (EU) No. 282/2011 further defined it by including a list of services that must be regarded as electronically supplied services and others that are not. In this regard, article 7 established that electronically supplied services are those “delivered over the Internet or an electronic network and the nature of which renders their supply essentially automated and involving minimal human intervention, and impossible to ensure in the absence of information technology”.

Implementing Regulation 1042/2013, to which we refer above because it regulates the new rules applicable from January 1, 2015, has revised the list of electronically supplied services as set out in the following table:

Table 3

Electronically supplied services Services not supplied electronically

a) the supply of digitized products generally, including software and changes to or upgrades of software; 

a) radio and television broadcasting services; 

b) services providing or supporting a business or personal presence on an electronic network such as a website or a webpage;

b) telecommunications services;

c) services automatically generated from a computer via the Internet or an electronic network, in response to specific data input by the recipient;

c) goods, where the order and processing is done electronically;

d) the transfer for consideration of the right to put goods or services up for sale on an Internet site operating as an online market on which potential buyers make their bids by an automated procedure and on which the parties are notified of a sale by e-mail automatically generated from a computer;

d) CD-ROMs, floppy disks and similar tangible media;


e) Internet Service Packages (ISP) of information in which the telecommunications component forms an ancillary and subordinate part (i.e., packages going beyond mere Internet access and including other elements such as content pages giving access to news, weather or travel reports; playgrounds; website hosting; access to online debates etc.);

e) printed matter, such as books, newsletters, newspapers or journals; 

f) the services listed in Annex I.

f) CDs and audio cassettes; 

g) video cassettes and DVDs;

h) games on a CD-ROM;

i) services of professionals such as lawyers and financial consultants, who advise clients by e-mail;

j) teaching services, where the course content is delivered by a teacher over the Internet or an electronic network (namely via a remote link); 

k) offline physical repair services of computer equipment;

l) offline data warehousing services;

m) advertising services, in particular as in newspapers, on posters and on television; 

n) telephone helpdesk services;

o) teaching services purely involving correspondence courses, such as postal courses;


p) conventional auctioneers’ services reliant on direct human intervention, irrespective of how bids are made;

q) tickets to cultural, artistic, sporting, scientific, educational, entertainment or similar events, booked online; 

r) accommodation, car-hire, restaurant services, passenger transport or similar services booked online.

  • The services are deemed to have been supplied in Spanish VAT territory if:
    • The recipient is a trader or professional and his place of business is in Spain;
    • The supplier is established in Spain and the recipient is a non-trader residing in the EU or having an unidentifiable domicile;
    • The services are supplied from outside the EU and the recipient is a non-trader domiciled in Spain;
    • The recipient is a trader or professional, the services are actually consumed in Spain, and the services have not been deemed supplied pursuant to the above rules in the EU, Canary Islands, Ceuta or Melilla.
    • Directive 2006/112/EC provides that starting on January 1, 2015, the electronically supplied services will be taxed in the Member State where the recipient is established, regardless of where the taxable person supplying them is established. Thus, effective that date, where the recipient, including non-traders, is established in Spain, the services will be deemed supplied in Spanish VAT territory.

In this connection, the place of supply of electronically supplied services can be summarized as follows:

Table 4

SupplierRecipientPlace of Supply

EU / Non-EU

Trader established in Spain


EU / Non-EU

Non-EU trader and actual consumption in Spain



Non-trader resident in the EU



Non-trader resident in Spain



Non-trader resident or domiciled in Spain

Spain (Application of special scheme)

  • As regards determining who is the taxable person, it has been decided to fully apply the current legislation (article 84 of the VAT Law), which establishes that:
    • In general, the supplier of services is the taxable person, regardless of where he is established.

    • In special circumstances, the recipient of the services (rather than the supplier) is the taxable person and is obliged to charge the VAT under the “reverse charge mechanism” (where the supplier is a trader not established for VAT purposes in Spain and the customer receiving the services is a trader or professional established in Spain), notwithstanding the amendments that apply from January 1, 2015 onwards

    • Furthermore, in cases where the supplier of the services is not established in the EU and the customer is a final consumer (in business-to-consumer, or “B2C”, transactions), the supplier of the services is the taxable person. However, with a view to simplifying their obligations, suppliers only have to register (electronically) for VAT in one Member State, although they will have to charge the VAT relating to each of the jurisdictions where their customers are located and pay it over (also by telematic means) to the tax authorities of the Member State in which they are registered. Subsequently, that Member State will reapportion the VAT collected among the other countries.

      Non-established traders or professionals that apply this special regime in Spain will be entitled to a refund of input VAT in accordance with the refund procedure for non-established traders, without being subject to the reciprocal treatment requirement generally established in the legislation.

      Council Implementing Regulation (EU) No. 282/2011 has modified this special regime by introducing certain special VAT management rules in the case of exclusion from the regime, rectification of VAT returns, impossibility of rounding off the VAT payable, etc.

3.3.2. Rules applicable from January 1, 2015

As noted above, Council Directive 2008/8/EC, as fleshed out by Regulation (EU) No 967/2012, introduces specific changes that will apply to electronic services from January 1, 2015 onwards. Specifically, as from that date, services supplied electronically by an EU-established trader to persons who are not traders and are established in a Member State or have their permanent address or usually reside there will be deemed to be supplied in the place where the non-taxable person is established, or where he has his permanent address or usually resides.

In order to implement the above provisions, Implementing Regulation 1042/2013 has introduced the relevant amendments. Accordingly, the Regulation contains provisions:

  • To define and update the list of services that are affected by the rules discussed here and to clarify who the supplier is where several traders are involved (e.g. sale of applications).
  • To define the place of establishment of the customer (legal person not acting as a trader).
  • To clarify —since certain rules already exist in this respect in the Regulation— how to evidence the trader’s status as a recipient.
  • To specify the place of actual consumption of the services through presumptions on the customer’s permanent address or residence and the evidence that can be required, if applicable, to rebut them.
  • To establish transitional provisions.

The Regulation also addresses the supply of services through a portal or telecommunications network such as a marketplace for applications, in order to clarify who will be deemed the supplier in these cases.

The Regulation contains a number of provisions aimed at defining the place of business, establishment, permanent address or habitual residence according to the type of customer, in order to clarify the application of the place-of-supply rules for supplies of services that depend on these circumstances.

These definitions are kept intact, although a specific rule is added for legal persons who do not act as traders whose place of establishment will be where the functions of their central administration are carried out (place of business) or where they have a permanent establishment that is suitable for receiving or using the services.

As regards determining the location of the recipient, the place-of-supply rules that apply from 2015 are those for supplies to parties acting as final consumers, that is, natural or legal persons not acting as traders.

For these purposes, the supplier may regard the recipient as the final consumer as long as the recipient has not communicated his individual VAT identification number to the supplier but, unlike other supplies of services, the supplier may consider the recipient as the final consumer regardless of whether he has information to the contrary.

In the case of legal persons that have several establishments or of natural persons who have a permanent address other than their habitual residence, the Regulation establishes that:

  • For non-trader legal persons the “place of business” prevails on the terms defined in the preceding section.
  • For natural persons, priority will be given to their habitual residence (a concept which is already defined in the Regulation in its current wording) unless there is evidence that the service is used at the person’s permanent address.

However, these rules are not sufficient to determine the place of supply of services where the same recipient can access them from several places or by various means. To try to cover the most frequent cases, the Regulation includes specific rules such as the following:

  • If the services are supplied requiring the physical presence of the customer (e.g. an internet café, a wi-fi hot spot or a telephone booth), the services will be taxed at that location. This rule also applies to services supplied by hospitality establishments where they are supplied in connection with accommodation services.
  • If the service is supplied on board a ship, aircraft or train, at the place of departure of the transport operation.
  • A service supplied through a fixed land line, at the permanent address of the customer where it is installed.
  • If it is supplied through mobile networks, at the country identified by the mobile country code of the SIM card.
  • If the service requires a viewing card or decoder or similar device (without being supplied through a fixed land line), where the decoder or similar device is located, or if that place is not known, at the place to which the viewing card is sent.

In any other case, at the place identified as such by the supplier on the basis of two items of evidence: billing address, IP address, bank details (e.g. place of demand deposit account), the mobile country code stored on the SIM card, location of the land line, other commercially relevant information.

The presumptions on the place of supply of the service described can be rebutted by the supplier if three of the items of evidence listed in the preceding point determine a different place of supply.

The tax authorities may, in turn, rebut any of the presumptions described where there are indications of misuse or abuse by the supplier.

Lastly, note should be taken of what has been called the “mini one-stop shop” system, similar to the one existing for supplies of services by non-EU traders so as to permit the taxable person to file in the Member State of identification a single return which includes transactions addressed to final consumers of different Member States. In Spain, the form for registering with the system is already available.

3.3.3. Determination of the VAT rates applicable to the various types of e-commerce

In keeping with the view held by the Spanish tax authorities, the standard VAT rate of 21% will apply in all cases, since it is a kind of service for which the VAT Law makes no special provision.

It should be noted that the Directorate-General of Taxes, in a ruling dated March 26, 2010, as well as in a ruling dated July 1, 2011, has clarified that as the Directive does not provide for the application of reduced rates for electronic services, the reduced VAT rate can only be charged for e-books when they are included on physical media. This confirms the stance taken by the Spanish authorities not to apply reduced rates to electronic services even where they involve goods which, when supplied physically, are subject to a reduced VAT rate.

In this regard, the Commission launched infringement proceedings against Member States, such as France, that established reduced rates for e-books. In fact, the European Commission set up an Expert Group on Taxation of the Digital Economy. Specifically, the Group was tasked with analyzing and finding solutions for the distortion of competition that arose from the difference in rates between electronic and physical books. It is worth noting in this connection that the Court of Justice of the EU, in its judgment of September 11, 2014 (Case C-219/13), concluded that national legislation that subjects books published in paper form to a reduced VAT rate and books published on other physical supports such as CDs, CD-ROMs or USB keys to the standard VAT rate, is not contrary to EU Law, provided that it respects the principle of fiscal neutrality inherent in the common system of value added tax.

3.3.4. Formal obligations and management of taxes

Both the EU and the Spanish tax authorities ascribe to the principle that this form of commerce should not be hindered by the imposition of formal obligations that reduce the speed with which transactions should be performed.

Of particular relevance in this regard are the rules already contained in Council Regulation (EEC) No. 1798/2003 on administrative cooperation in the field of value added tax, which, among other matters, provides that individuals and legal entities involved in intra-Community transactions can access the databases kept by the tax authorities of each Member State. This possibility of identifying reliably the status under which the recipient is acting (trader, professional or final consumer) is absolutely decisive for the proper tax treatment of each transaction.

Royal Decree 1619/2012, approving the Regulations on Invoicing Obligations, establishes the legal regime applicable to electronic invoices, which are defined as invoices that have been issued and received in electronic format without the use of a certain technology being required. This Royal Decree supersedes its predecessor, Royal Decree 1496/2003, and stipulates that paper and electronic invoices are treated similarly. In addition, it permits invoices to be kept in an electronic format provided that the conservation method ensures the legibility of the invoices in the original format in which they were received, and the data and mechanisms that guarantee the authenticity of their origin and the integrity of their contents.

The requirements that must be met by electronic invoices are as follows:

  • The recipient must have given his consent.
  • The invoice must reflect the reality of the transactions documented in it and guarantee this certainty throughout its period of validity.
  • The authenticity, integrity and legibility of the invoice must be ensured.

These aspects must be guaranteed by any legally admissible proof and, in particular, through the “usual management controls over the business or professional activity of the taxable person” which must enable the creation of a reliable audit trail establishing the necessary connection between the invoice and the supply of goods or services documented in it.

The authenticity of the origin and integrity of the contents will, in all cases, be guaranteed by:

  • the use of an advanced electronic signature based either on a qualified certificate and created using a secure-signature-creation device, or on a qualified certificate;
  • an EDI that envisages the use of procedures that guarantee the authenticity of the origin and integrity of the data;
  • other means that have been communicated prior to their use and validated by the authorities.

On the other hand, regarding formal obligations, it must be noted that from 1 July 2017, taxable persons who have to file monthly VAT returns (generally, those whose turnover in the previous year exceeded €6,010,121.04; any taxable person registered in the monthly refund scheme, and any taxable person applying the VAT grouping regime) must also keep their business records on the website of the Spanish tax agency (AEAT) by electronically providing the information requested therein, together with some additional data of the invoices (but not the invoices themselves).

Under this system (generally known as “SII”), taxable persons will have to submit the information related to invoices issued within 4 calendar days from the date of issuance. If they are invoices issued by the recipient or by a third party, a longer time period of 8 calendar days is allowed. In both cases, subject to a limit ending on the 16th day of the month following that in which VAT on the transaction became chargeable.

Invoices received must also be reported within 4 calendar days, in this case from the date when they are recorded in the accounts. A limit is laid down, also ending on the 16th day of the month following the assessment period in which the transactions are included. A similar rule applies to import transactions.

Saturdays, Sundays and public holidays are excluded from the calculation of the time periods.

In 2017, according to a transitional period, the period for submitting the information has been extended to 8 calendar days.

1. Order EHA/92/2007, of April 10, 2007, implementing certain provisions concerning telematic billing and electronic invoice storage, contained in Royal Decree 1496/2003, of November 28, 2003, approving the regulations governing billing obligations.
3. Up to now, according to different Decisions the European Commission considers that the following countries provide an adequate level of protection: Switzerland, Canada, Argentina, Guernsey, Isle of Man, Jersey, Faeroe Islands, Andorra and Israel. As for the transfers of data to the United States, after the annulation of the “Safe Harbor” principles by the European Union Court of Justice on October 6th 2015, the transfers to that country will be allowed to be made in a simplified manner when the importing entity has adhered to the “Privacy Shield” system.
4. Legislative Royal Decree 1/1996, of April 12, 1996, approving the Revised Intellectual Property Law, regulating, clarifying and harmonizing the legal provisions in force in this area.
5. On April 1 2017 Law 24/2015 will enter into force, repealing Law 11/1986, except in those cases mentioned in its transitional provisions.