Skip to content
Demo
Book Now

Legally Safe Online Elections: Requirements and Implementation

Picture of Aaron Lesicar
Conduct online elections legally compliant. Pay attention to this:
10:55

Legally compliant online elections are legally permissible, transparent and contestable elections in which legal election principles and data protection are observed and verifiable. This is how you make them possible:

Legally compliant online elections: "What do I need to consider for a secure election?" With the nemovote logo and data protection highway, from the digital ballot paper to the digital ballot box with encryption for the result.

 

Chapter

  1. (TL;DR) Short and concise summary
  2. Legally compliant online elections: Definition and basic principles
  3. Legal framework: Law, statutes and virtual assemblies
  4. Technical requirements for secure online voting systems
  5. Data protection and GDPR: Legally compliant elections need clean data processing
  6. How NemoVote supports legally compliant online elections
  7. Practical implementation: from the invitation to the result
  8. Best practices for maximum participation and legal certainty
  9. Conclusion: Legally compliant online elections are possible

Short and sweet

Legally compliant online elections are more than just "somehow voting digitally". They must meet the same requirements as a traditional ballot box election - as well as high standards of data protection, IT security and transparency. Online elections areonly truly legally secure - and resilient in the event of a dispute -if the law, statutes, electoral principles and technology fit together.

This article explains the legal and technical criteria that legally compliant online elections must meet, what organizations should pay attention to and how NemoVote implements these requirements in practice.

Legally compliant online elections: Definition and basic principles

5 pillars of legally compliant online elections, NemoVote meets all criteria, also highlighted with icons: statutes, law, secrecy, integrity, GDPR and the NemoVote logo"Legally compliant" means in the context of digital elections: The election is compatible with the applicable laws and statutes, upholds the democratic principles of voting (free, equal, secret, direct) and is documented in such a way that it will stand up to challenge or scrutiny.

  • Legal admissibility: Online elections must be permitted by the applicable laws (e.g. BGB, party, labor or association law).
  • Conformity with the articles of association: The articles of association must permit digital, virtual or hybrid elections and regulate key points such as eligibility to vote, voting weighting and procedures.
  • Electoral principles: Generality, equality, freedom, secrecy and immediacy may not be given by the articles of association. This means that the articles of association can also permit open elections and weighted elections. In addition, most elections are held in camera.
  • Integrity & verifiability: It must not be possible to manipulate votes and the result must be correct and verifiable.
  • Data protection & GDPR: Processing of personal data must be GDPR-compliant - including data minimization, purpose limitation, integrity and confidentiality.

The specific design depends on the organization and jurisdiction. A legal review in individual cases - especially in the case of complex committee or works council elections - is therefore recommended.

Legal framework conditions: Law, articles of association and virtual meetings

NemoVote on tablet in election officer view. Comfortable environment with warm colors. Ballot icon when voting and text “Online elections: a challenge.”The first step towards legally compliant online elections is always to check the legal basis:

  • National laws: In Germany, relevant laws include the German Civil Code (BGB), special association, cooperative or stock corporation law as well as labor or professional regulations.
  • Virtual and hybrid meetings: Section 32 of the German Civil Code and recent reforms now allow associations to hold virtual or hybrid general meetings - even without prior amendments to the articles of association, provided certain requirements are met.
  • Articles of association & election regulations: The articles of association should expressly regulate whether and how online elections, electronic voting or hybrid general meetings are permitted, including voting weighting, deadlines and formal requirements.

Before introducing an online election, it is therefore advisable to check and, if necessary, amend the articles of association and election regulations so that the subsequent recognition of the election results is legally secure.

We have summarized the challenges and legal framework conditions in detail:

🔗 Conducting elections online: Challenges and the legal situation

Technical requirements for legally compliant online voting systems

technical requirements for online voting, with three pillars: Authentication, anonymity, immutability supported by icons. background is a brick wall and the nemovote logoIn order for an online election to be legally secure, the system used must fulfill key characteristics as described in technical guidelines, among other things.

Authentication and authorization to vote

  • Only authorized voters are granted access and can vote exactly once.
  • Secure access methods such as magic links, SSO, individually signed QR codes or traditional access data prevent unauthorized access.
  • Fallback mechanisms (e.g. alternative contact channels) must be in place without jeopardizing the secrecy of the ballot.

Voting secrecy and anonymity

  • It must not be technically possible for admins or election committees to assign votes to individuals.
  • Separation of identity data and votes in the database is mandatory.
  • There must be no "receipt" with which voters could prove their actual vote (protection against buying/printing).

Integrity, immutability and correctness of results

  • From the start of the election, ballot papers, settings and voter lists may no longer be changed without documented processes that comply with the statutes.
  • Votes cast may not be subsequently deleted or changed.
  • The system must deliver correct and verifiable results; manipulation by admins or third parties must be technically impossible or at least clearly verifiable.

Data protection and GDPR: Legally compliant elections require clean data processing

Legally compliant online elections are inconceivable without consistent data protection. The EU GDPR requires, among other things:

  • Legal basis: e.g. contract, legal obligation or legitimate interest of the organization to conduct elections.
  • Data minimization: Only data that is absolutely necessary for conducting the election is collected.
  • Integrity & confidentiality: Protection against unauthorized access, loss or alteration of data.
  • Transparency: Data subjects must know which data is processed and for what purpose.
  • Storage limitation & deletion: Data is only stored for as long as is necessary for traceability and statutory retention obligations.

Typical for GDPR-compliant providers is the conclusion of a data processing agreement (DPA). Hosting in the EU, encryption at rest and during transmission as well as a tested authorization concept are central components here.

How NemoVote supports legally compliant online elections

"NemoVote: Legally compliant in practice. Immutability, secrecy of the ballot, logging export," next to it with green checkmarks: GDPR, Secure, Secret and the NemoVote admin interface on a tablet, held by two hands.We have published the NemoVote security concept in full technical detail on our website.

EU hosting, encryption and separate instances

NemoVote is hosted exclusively by ISO-certified cloud providers in the EU, in particular Germany . Each organization receives a logically separate instance - data from different customers is not mixed.

  • Encryption: All data is encrypted at rest with AES-256 and during transmission via HTTPS.
  • Data separation: Identity data and votes are stored strictly separately; this ensures that voting secrecy is maintained.
  • Logging: Critical admin activities can be logged in a traceable manner without recording passwords or plain text personal data.

Unchangeable voting and technical voting rules

NemoVote technically maps election processes that comply with the articles of association and the law:

  • Ballot papers can no longer be changed or withdrawn after they have been cast - similar to ballot box voting.
  • The election closes automatically at the specified time; subsequent receipt of ballot papers or manipulation is technically impossible.
  • Live quorum tracking and flexible vote weighting make it possible to map complex election rules (e.g. delegate, step or committee elections).
  • Results can be exported as a tamper-proof PDF - for minutes, checks and subsequent audits.

Auditability and transparency

For legally compliant elections, it is crucial that the process is traceable without breaching the secrecy of the ballot:

  • Comprehensive logs for admin actions (e.g. creating/changing voter lists, starting/stopping the election).
  • Log for sending and opening accesses (e-mail invitations) reduces the risk of challenges.
  • Export functions for results, quorums and participant status for documentation for members, supervisory bodies or courts.

Practical implementation: from the invitation to the result

Invitations, access and fallbacks

Legally compliant online elections often fail not because of the technology, but because of the practice. That's why NemoVote supports the entire process:

  • Creation of a clean electoral roll including vote weighting and roles.
  • Sending secure access via e-mail, Magic Link, SSO or QR code.
  • Fallback mechanisms in the event of delivery problems (e.g. alternative contact channels or QR codes generated on site).

Implementation and user-friendliness

  • Intuitive, accessible (according to WCAG 2.1 AA) interfaces for election officials and voters.
  • Clear confirmation of each vote, transparent status displays.
  • Optional live result insights for election committees, if compliant with the statutes.

Transmission of results and documentation

  • Automatic calculation of results after the close of voting.
  • Export as PDF, CSV or minutes documents for the general meeting.
  • Documentation of the election process for internal and external verifiability.

Best practices for maximum participation and legal certainty

Info graph Tutorial on how to hold a vote with NemoVote: First setup the vote, second invite voters third vote and evaluate the results

  • Early communication: announce election, explain procedure, provide FAQs.
  • Test runs: Trial elections with board/committee and selected members if necessary.
  • Clear responsibilities: Clearly define election committee, admins, support (by provider if necessary).
  • Obtain feedback: Systematically record potential for improvement after each election.
  • Involve legal advice: Obtain legal advice in the event of uncertainties regarding statutes, election regulations or special elections.

Conclusion: Legally compliant online elections are possible - with the right basis

Legally compliant online elections are not a contradiction in terms, but have long been common practice. If you think about the legal basis, election principles, data protection and technical implementation together, you can make digital elections legally secure, efficient and user-friendly.

NemoVote provides the right technical basis for this - legally compliant, auditable and scalable online elections for clubs, associations, trade unions, political parties, works councils, universities and many more.

You can read more about how secure elections are implemented, what to look out for and what challenges can arise in our blog on online election security

Related posts