Category Archives: Bulletin

Update of asset thresholds for entities subject to the supervision of the Superintendence of Companies, Securities and Insurance, requiring their annual financial statements to be submitted to mandatory external audit.

Supplement No. 118 of the Official Register, dated September 5, 2025, published Resolution No. SCVS-INC-DNCDN-2025-0005 of August 27, 2025, issued by the Superintendence of Companies, Securities and Insurance, which, for the purposes of external audit, the amounts that were previously expressed in United States dollars have been replaced with values equivalent to a specific number of minimum wages. In this manner, the thresholds applicable to the assets of domestic entities, as well as branches of foreign corporations or other foreign companies organized as legal entities, shall be adjusted automatically on an annual basis.

Under these amendments, the following entities are required to submit their annual financial statements to external audit review:

1. a) Domestic mixed-economy companies, corporations, and simplified joint-stock corporations with the participation of public entities or private legal entities with a social or public purpose, whose assets exceed two hundred seventy-three (273) minimum wages.
2. b) Branches of foreign corporations or enterprises organized as legal entities and established in Ecuador, provided that their assets exceed two hundred seventy-three (273) minimum wages.
3. c) Domestic corporations, limited liability companies, partnerships limited by shares, and simplified joint-stock corporations whose assets exceed one thousand three hundred sixty-six (1,366) minimum wages.
4. d) Entities subject to the control and oversight of the Superintendence of Companies, Securities and Insurance, which are required to file consolidated financial statements.

For purposes of the Regulation on External Audit, “assets” shall mean the total assets recorded in the statement of financial position submitted by the respective company to the Superintendence of Companies, Securities and Insurance in the prior fiscal year.

These amendments shall apply from the statement of financial position corresponding to the fiscal year 2025.

Milton Carrera, Partner at CorralRosales
mcarrera@corralrosales.com
+593 2 2544144

In the Third Supplement to the Official Registry No. 112 of August 28, 2025, the Organic Law on Social Transparency was published.

The Fifth Amending Provision modifies the Mining Law (the “Law”) as follows:

Exploration Stage of the Mining Concession

Before the expiration of the initial exploration period, if the concessionaire wishes to continue mining exploration activities, it must request approval from the Sectoral Ministry to transition to the advanced exploration period for a term of four years. This request must include: an express waiver of part of the concession area; and evidence of compliance with the minimum activities and investments required during the initial exploration period.

For concessions obtained through auction or tender, the concessionaire must also demonstrate compliance with:

1. The minimum investment amounts established by law; and
2. The committed investment declared in its financial bid for each concession granted.

If the Sectoral Ministry fails to issue the corresponding resolution within sixty (60) days from the approval of the request, advanced exploration shall be deemed authorized.

Caducity of Mining Rights

In the administrative process for the caducity of a mining concession due to any of the causes established in the Law, the timeframe for the concessionaire to prove compliance with its obligations, submit defenses, and provide supporting evidence is reduced from forty-five (45) to fifteen (15) days.

If an administrative resolution determines that obligations remain outstanding, the concessionaire will have fifteen (15) days (previously forty-five) to remedy the non-compliance. Failure to do so within this period will result in the Sectoral Ministry declaring the forfeiture of mining rights through a reasoned resolution.

Caducity of mining rights shall also be declared automatically, without the need for further administrative proceedings, if the environmental authority has determined and notified the existence of environmental damage.

New Cause of Caducity for Non-Payment

Within the grounds of caducity due to non-payment of fees, royalties, and other rights or taxes established under this Law and its Regulations, administrative fees are now expressly included, broadly and without specific limitation

New Cause of Caducity for Breach of Economic Commitments

A new unnumbered article following Article 177 establishes that mining concessions obtained through auction or tender shall be terminated if the concessionaire fails to comply with either the minimum investment amounts or the committed investment set forth in its financial bid.

Verification Process of Minimum Investment and Committed Investment

The Ninth Transitory Provision instructs the Mining Regulation and Control Agency, within ninety (90) days, to verify whether mining concessions obtained through auction or tender have complied with the minimum investment amounts and the committed investment proposed in the financial bid. The results must be reported to the Sectoral Ministry to initiate, if applicable, forfeiture proceedings.

 

Carlos Torres, Senior Associate at CorralRosales
ctorres@corralrosales.com
+593 2 2544144

The National Court of Justice, through Resolution No. 15-2025, has issued a new binding jurisprudential precedent in labor law matters.

The Specialized Chamber for Labor Law identified a recurring issue in several cases where the plaintiff’s (employee’s) testimony as a party was considered, on its own, sufficient evidence to prove the facts alleged in their complaint.

The analysis was grounded on the principles of evidence assessment established in the Organic General Code of Processes (COGEP), which mandate that evidence must be evaluated as a whole and in accordance with the rules of sound judicial discretion (sana crítica). Consequently, the plaintiff’s statement as a party cannot be the sole piece of evidence sufficient to prove the facts alleged in the complaint.

Binding Jurisprudential Precedent

The Plenary of the National Court has resolved to declare the following point of law as a binding jurisprudential precedent:

“In labor law matters, the plaintiff’s testimony as a party does not, by itself, constitute suitable and sufficient evidence to prove the facts alleged in the complaint. Therefore, for said testimony to acquire evidentiary sufficiency, it must be corroborated by external, objective data that allows it to be subjected to an examination of credibility, verisimilitude, and reliability.”

Effects of the Resolution

• This precedent is of mandatory compliance for all judges in the country, including the National Court of Justice itself.
• The resolution entered into force upon its publication in the Official Gazette (September 1, 2025).

Mateo Zavala, Associate at CorralRosales
mzavala@corralrosales.com
+593 2 2544144

 

The Law of Social Transparency, published in Official Gazette Third Supplement No. 81 on August 28, 2025, establishes the following tax reforms:

 

1. Income Tax on the Distribution of Dividends

The profits or dividends distributed by resident companies or permanent establishments in Ecuador will be subject to a single income tax. This tax will be withheld by the company making the distribution.

The applicable tax rate is 12%; however, it is reduced or increased in the following cases:

1. 10% if the distribution is made to individuals and companies that are not residents of Ecuador.
2. 14% in the following cases:
   1. If the distribution is made to non-resident entities when: (i) in the ownership chain, there is a resident in a tax haven or low-tax jurisdiction; and (ii) the beneficial owner is a tax resident in Ecuador.
   2. If the local entity distributing the dividend fails to comply with the obligation to disclose its ownership structure.

Dividends distributed to another resident company or permanent establishment in Ecuador are not considered taxable income.

If the dividend recipient is an individual resident in Ecuador, the equivalent of 3 unified basic salaries (USD 1,410 for 2025) will be considered exempt with respect to each company distributing dividends, within the same tax period.

Dividends distributed between January 1 and August 28, 2025, will be consolidated with global income and subject to the regular income tax payment.

 

1. Income Tax Advance on Undistributed Profits

Companies and permanent establishments with tax residence in Ecuador that, by July 31 of each tax year, do not distribute accumulated profits from previous years, shall pay on that balance the following rates:

BRACKET FROM TO RATE 1 – $100,000.00 0.00% 2 $100,000.01 $1,000,000.00 0.75% 3 $1,000,000.01 $10,000,000.00 1.25% 4 $10,000,000.01 $100,000,000.00 1.75% 5 $100,000,000.01 $500,000,000.00 2.25% 6 $500,000,000.01 Onwards 2.50%

 

In the case of financial and insurance institutions, the amount of profits that cannot be distributed due to orders from the supervisory authority shall not be taken into account.

If the company distributes dividends within the following 2 years, the amount paid may be used as a tax credit for withholding tax applicable to the dividend distribution.

If the company distributes dividends or capitalizes undistributed profits within the following 2 years, the amount may be used as a tax credit for the company’s income tax payment, and the excess may be refunded.

If the entity does not distribute dividends or capitalize its profits within the following 2 years, the amount paid cannot be credited against any tax, will not be refundable, and must be recorded as a non-deductible expense.

Investment funds, trusts, and mixed-economy companies with state participation are not obliged to pay this advance. Companies that have recognized investments in other companies using the equity method are not subject to the advance payment with respect to the undistributed profits of the companies they own.

This advance payment will apply as of the 2025 tax year.

Andrea Moya, Partner at CorralRosales
amoya@corralrosales.com
+593 2 2544144

Mateo Bravo, Associate at CorralRosales
mbravo@corralrosales.com
+593 2 2544144

 

Pursuant to Agreement No. 027-CG-2025, published in the Official Gazette No.  83, on July 17, 2025, the Office of the Comptroller General of the State has amended several regulations governing the procedures for the pre-determination and determination of culpable civil liability.

 

The amended regulations include: (i) Organic Statute for Organizational Management by Processes; (ii) Regulations for the Preparation, Processing, and Approval of Government Audit Reports; (iii) Substitute Regulations on the Execution of Documents; and (iv) Regulations on the Determination of Liability.

 

A summary of the amendments is provided below:

 

1.The National Director for the Pre-determination of Liability may refrain from pre-determining civil liability when the amount involved does not exceed US$20,000. For higher amounts, prior authorization from the Deputy Comptroller General of the State shall be required

 

2. In deciding not to pre-determine civil liability, at least the following criteria shall be taken into account: (i) contradiction or inconsistency between the liability suggested in the audit report and other sections of the report, supporting documentation, or applicable regulations; (ii) absence of evidence demonstrating economic harm; (iii) preparation of the audit report under regulations not in force at the time of the audited actions; and (iv) restitution or payment of the amounts stated in the report by the audited parties.

 

3.If, during the approval process, the approval period expires, the work order shall be canceled and the audit rescheduled.

 

4.Evidence such as on-site inspections, expert reports, acknowledgment of documents, or similar forms shall be admissible, provided they comply with applicable procedural legislation and are conducted by experts accredited by the Judiciary Council.

 

Hugo García Larriva, Partner at CorralRosales
hgarcia@corralrosales.com
+593 2 2544144

Mario Fernández, Associate at CorralRosales
mfernandez@corralrosales.com
+593 2 2544144

 

On August 6, 2025, the Tax Authority (“SRI”) issued Resolution No. NAC-DGERCGC25-000000018 (the “Resolution”), whereby it establishes the following:

 

1. The Single Taxpayer Registry (“RUC”) will indicate whether or not the taxpayer is an obligated party to report to the Financial and Economic Analysis Unit (“UAFE”).
2. The SRI may suspend the RUC of those taxpayers who have not obtained their Registration Code issued by the UAFE within 30 business days after opening or updating their RUC.

• In the event of suspension, it will remain in effect until the taxpayer submits to the SRI the certificate of compliance with obligations issued by the UAFE.

 

We recommend reviewing the activities listed in the RUC to retain only those activities that the taxpayer actually performs and remove those that are not carried out, in order to avoid being incorrectly classified as an obligated party to report to the UAFE.

Andrea Moya, Partner at CorralRosales
amoya@corralrosales.com
+593 2 2544144

Juan Fernando Riera, Associate at CorralRosales
jriera@corralrosales.com
+593 2 2544144

On July 30, 2025, the Ministry of Labor issued the Ministerial Agreement No. MDT-2025-083, extending the deadline for private sector employers with 50 or more employees on their payroll to register their “Equality Plans” until December 31, 2025, through the Unified Labor System (SUT).

Once this deadline has passed, the Ministry of Labor will begin the corresponding control and sanction process in cases where registration has not been completed.

 

Edmundo Ramos, Partner at CorralRosales
eramos@corralrosales.com
+593 2 2544144

 

María Victoria Beltrán, Senior Associate at CorralRosales
mbeltran@corralrosales.com
+593 2 2544144

 

On July 30, 2025, through Resolution No. SPDP-SPD-2025-0028-R, the Data Protection Authority (“SPDP”) issued the Governing Rules for the Data Protection Officer, with the purpose of regulating the activities associated with that role.

 

Below are the most relevant aspects:

 

     I.         Appointment of the Data Protection Officer (“DPO” or “DPOs”)

 

The DPO must be appointed by the legal representative or a duly authorized attorney-in-fact of the organization, in its capacity as data controller or data processor.

 

The appointment must include the following:

 

1. Date of appointment.
2. Identification details of the organization:
   a. For domiciled entities: Corporate name and tax identification number (RUC);
   b. For non-domiciled entities: Corporate name, tax identification number, address, phone numbers, and email addresses of the parent company or main office.
3. Name of the legal representative.
4. Name of the DPO.
5. Functions of the DPO.
6. Signature of the legal representative or attorney-in-fact.
7. Express acceptance of the position by the DPO.

 

The appointment must be submitted to the SPDP within fifteen (15) days of its issuance. Failure to comply with this deadline will be considered an infringement classified as a serious violation.

 

The appointment will be recorded in a public registry to be created by the SPDP.

 

   II.         Special Cases of Mandatory Appointment

 

In addition to the cases provided for in the Data Protection Law (“LOPDP”), the following entities are required to appoint a DPO:

 

1. Entities processing personal data of minors.
2. Higher education institutions that process special categories of personal data for academic or administrative purposes.
3. Entities engaged in financial activities.
4. Insurance entities, reinsurance companies or intermediaries, as well as insurance advisors, brokers, agents, and other service providers in the insurance sector.
5. Companies engaged in advertising, commercial prospecting, or market research that process personal data involving profiling.
6. Members of the healthcare system responsible for maintaining patient medical records, except for individual health professionals practicing privately.
7. Establishments in the pharmaceutical sector that carry out the production, distribution, or marketing of pharmaceutical products, including laboratories, drug representatives, pharmaceutical distributors, and pharmacies.
8. Private security companies, as well as private legal entities or trusts administering gated communities, private residential complexes, or condominiums, due to their processing of personal data for access control purposes.
9. Professional sports federations or associations, sports corporations, professional clubs, or sports academies.
10. Professional associations or bar councils.
11. Telecommunications service providers.
12. Companies offering or providing mass video surveillance, geolocation, or information technology services, including those involved in the development, implementation, or deployment of artificial intelligence.
13. Public or private legal entities that are public service concessionaires, as well as public-private partnerships distributing, marketing, or supplying public services.

 

These entities must appoint a DPO regardless of whether they act as data controllers or data processors, and regardless of whether they operate for profit.

 

 III.         Additional Requirements for the DPO

 

In addition to the requirements established in the Regulations to the LOPDP, the DPO must comply with and successfully complete the DPO professionalization program officially approved by the SPDP.

 

This obligation will become effective as of January 1, 2029.

 

 IV.         Prohibitions

 

The DPO may not engage in the following activities:

 

1. Carry out functions corresponding to the data controller or data processor.
2. Directly implementing data protection regulations within the organization.
3. Conduct data protection risks assessments or data protection impact assessments. The DPO may only issue non-binding comments or recommendations.
4. Make decisions regarding the purposes or means of processing.
5. Represent the organization before the SPDP.
6. Serve as the information security officer, compliance officer, implementer, or any other role that may create a conflict of interest.
7. Perform duties that compromise their independence, autonomy, impartiality, or objectivity as a DPO.

 

Local representatives on data protection matters of non-established processors or controllers may not serve as DPOs within the same organization.

 

    V.         Conflicts of Interest

 

Before their appointment, the DPO must disclose any actual, potential, or apparent conflict of interest. If such a conflict arises before or after the appointment, the organization must take corrective measures, such as refraining from appointing the individual, modifying their duties, or revoking the appointment, as appropriate.

 

A conflict of interest shall be deemed to exist when the DPO:

 

1. Carries out or participates in personal data processing activities, even occasionally.
2. Provides advisory services beyond their functions that aim to safeguard the interests of the organization.
3. Make decisions regarding the organization, its activities, or its internal operations.

 

 VI.         Impartiality and Independence of the DPO

 

The DPO must act with full independence in the performance of their duties.

 

The organization must ensure the DPO’s independence and impartiality by implementing the following control mechanisms:

 

1. Direct access and communication with the highest executive and decision-making level within the organization.
2. Availability of technical, financial, and human resources.
3. Mechanisms for effective consideration of the DPO’s observations and recommendations regarding the data processing activities carried out by the organization.
4. Reports assessing the organization’s level of compliance with data protection regulations.

 

Compliance assessments must be conducted annually by the organization. Under no circumstance may the assessment be carried out by the DPO.

 

The DPO may report the data controller or processor to the SPDP for any actions that may undermine their independence or constitute retaliation related to their duties.

 

VII.         Additional Considerations

 

Data controllers and processors must register their DPO by December 31, 2025.

 

Failure to register the DPO will be considered a serious violation due to the lack of implementation of security measures.

 

Rafael Serrano, Partner at CorralRosales
rserrano@corralrosales.com
+593 2 2544144

Juan Martín Chavez, Associate at CorralRosales
jchavez@corralrosales.com
+593 2 2544144

 

The President of the Republic of Ecuador has submitted the “Law for the Control of Irregular Capital Flows” bill to the National Assembly. The most important tax provisions are detailed below:

1. Income Tax on Dividend Distribution

Profits or dividends distributed by entities with tax residence in Ecuador or permanent establishments located in Ecuador to its shareholders will be subject to a unique income tax.

The applicable rates are:

• 12% in general.
• 10% for distributions to individuals and entities that do not have tax residence in Ecuador.
• 14% in the following cases:
  • If the distribution is made to non-resident entities when: (i) a resident of a tax haven or low-tax jurisdiction is part of the ownership structure, and (ii) the final beneficiary is a tax resident in Ecuador.
  • If the local company distributing the dividend fails to report its ownership structure.

The following exemptions are established:

• The dividend distributed to another entities with tax residence in Ecuador or permanent establishments located is not considered taxable income, and
• If the dividend recipient is an individual with tax residence in Ecuador, an exemption applies equivalent to 3 minimum wages received by each company distributing the dividend, within the same fiscal period.

Dividends distributed between January 1, 2025, and the first day of the month following the effective date of this law, to individuals with tax residence in Ecuador, will be consolidated with global income and will be subject to taxation according to the applicable progressive tariffs.

1. Advance Income Tax on Undistributed Profits

Entities with tax residence in Ecuador and permanent establishments located in Ecuador, that as of July 31 of each fiscal year, do not distribute its retained earnings from previous years, are subject to pay the following:

This amount may be offset by the company with the corporate income tax during the two subsequent fiscal years. If the credit is not offset during this period, it will not be subject to a refund and will be recorded as a non-deductible expense in the respective year.

This payment is not applicable for: (i) trusts that do not carry out business activities or operate ongoing businesses; (ii) non-profit organizations; (iii) public companies; (iv) mixed-economy companies with respect to the Governments’ share.

Effectiveness of the Provisions

These provisions will come into force on the first day of the month following the publication of this law in the Official Registry.

 

Andrea Moya, Socia en CorralRosales
amoya@corralrosales.com
+593 2 2544144

Mateo Bravo, Asociado en CorralRosales
mbravo@corralrosales.com
+593 2 2544144