Insights

On the 10th of January 2025, the European Union (EU) published the official text of Directive (EU) 2025/25 (hereinafter referred to as the ‘Directive’) in the Official Journal, which sets out various updates and amendments to Directive (EU) 2019/1151 and earlier frameworks on the use of digital tools and processes in company law.  You can access this article by clicking here.

The Directive introduces certain key features, such as a multilingual, authenticated EU Company Certificate and a standardised EU Power of Attorney, while also including stricter timelines for domestic company registers to process and publicly disclose company information.

This publication aims to identify the main features of the Directive.

Improved Company and Branch Incorporations through Digital Mechanisms

The Directive introduces targeted updates to further modernize company formation and branch establishment across the EU. While companies can already be incorporated entirely online, the Directive now mandates improved security measures to prevent fraud and enhance reliability, such as advanced identity verification using audiovisual checks and trusted authentication services.

In respect of branch registrations, the Directive requires that domestic company registers of Member States ensure that branch registration process can also be completed entirely online, while mandating that such registrations are to be finalised within ten business days, once all necessary documents and fees are submitted. Additionally, branch data should now be included within the EU’s interconnected company register system, which improves accessibility of information.

Minimising Administrative Barriers for Cross-Border Transactions

A key innovation introduced by the Directive, enshrined in its Article 16b, is the new EU Company Certificate – a standardised document aimed at facilitating cross-border recognition of company information. This electronic certificate shall constitute sufficient evidence, at the time of its issuance, of the incorporation and existence of the company, as well as certain essential company details, including its name, registered office, legal representatives, and other critical information. Such certificate may be obtained at least once per calendar year at no cost.

Complementing the above is Article 16c, through which the Directive introduces the EU Power of Attorney – a digital mechanism intended to simplify cross-border representation of corporate entities. By way of a standardised European template, companies may authorise representatives for specific operations in other Member States, without the need to procure an apostille, translation or other similar formalities for authentication or validity. The standard template requires that an outline the scope and details of such representation are inserted, so as to ensure clarity and consistency.

Facilitating Document Filing and Authentication

The Directive also extends its focus beyond incorporation to the online filing of post-incorporation documents.  By reducing the traditional reliance on physical filings, which often leads to delays in registration and increased costs.

To meet the Directive’s aims of simplify processes, domestic company registrars are encouraged to adopt advanced electronic controls, such as remote identity verification systems, to minimise the need for in-person interventions. Notwithstanding this, certain robust oversight mechanisms have been included to prevent and combat instances of fraud and misuse.

Firstly, all documents filed electronically are to be authenticated using advanced trust services to enhance the security, reliability, and validity of electronic transactions, as prescribed by Regulation (EU) No 910/2014 (the “eIDAS Regulation”). In addition, domestic registrars retain the authority to verify the identity and legal capacity of applicants. In exceptional cases (as may be required for reasons of public interest), such as suspected fraud or identity misuse, domestic registrars may even require the physical presence of applicants.

The Maltese Position

The Directive enters into force as of the 30th of January 2025, whereas Member States are required to domestically adopt and promulgate the rules set out in therein by 31 July 2027.

Locally, the Malta Business Registry (MBR) has already made strides to comply with the standards set out in the Directive, primarily through the launching of its Business Automation Registry Online System (BAROS), wherein users may digitally submit company documentation through a company-linked authorised account on the BAROS website. Notably, it is now a mandatory requirement for Maltese companies to submit their annual accounts online, through BAROS.

Additionally, the MBR now accepts company documentation executed via ‘Qualified Digital Signatures’ (QES), which are electronic signatures generated using cryptographic methods designed to be tamper-evident and uniquely associated with the signatory. This allows the MBR to identify the signatory with a high degree of confidence. In fact, QES’ hold the same legal authority and enforceability as handwritten signatures on physical documents.

The MBR, through its BAROS platform, provides a QES service free of charge, allowing authorised signatories of company documentation to execute and submit such documentation electronically, provided that they have completed an identity verification process conducted by MBR personnel, in compliance with the standards outlined in the eIDAS Regulation.

For further information, please feel free to reach out to Stuart Firman and Benjamin Farrugia who form part of the Corporate Finance and Tax team at Ganado.