If your company still tracks working hours on paper or in a spreadsheet that nobody reviews, you have a problem. The mandatory working time record is not new: Royal Decree-Law 8/2019 of 8 March amended the Workers' Statute and imposed on all companies —regardless of size— the obligation to record each employee's daily working hours. But in 2026 the landscape has changed substantially: the new framework being prepared by the ongoing labour reform raises the technical and documentary requirements considerably. The Labour and Social Security Inspectorate (ITSS) no longer accepts just any notation: it demands traceability, data integrity and, in many collective agreements, digital systems with timestamp sealing.
This article answers, with rigour and data updated to 2026, the question SMEs ask us most: What exactly do I need to do, and what happens if I don't?
The legal obligation: what the Workers' Statute says
Article 34.9 of the Workers' Statute (consolidated text approved by RDL 2/2015, amended by RDL 8/2019) states that «the company shall guarantee the daily recording of working hours, which must include the specific start and end time of the working day for each employee». Records must be kept for four years and remain available to employees, their legal representatives and the ITSS.
The requirements imposed by the standard are clear, even though the law does not prescribe a specific system:
- Daily record with clock-in and clock-out time.
- Unambiguous identification of the employee (generic records by shift or department are not valid).
- Four-year retention from the date of the record.
- Immediate access for employees' representatives and the ITSS upon request.
- Collective bargaining or company agreement to organise and document the system used; failing that, a unilateral decision by the employer after consulting the legal representatives.
New developments in 2026: towards mandatory digital records
The obligation under RDL 8/2019 has applied since 12 May 2019, but for years enforcement was lax. In 2025–2026, two factors have hardened the environment:
The draft reform of the Workers' Statute and the «Working Time Use Act»
The Government presented in 2024 the draft of a new rule —driven as part of the agenda to reduce the working week to 37.5 hours— that explicitly requires digital recording systems that are «reliable, objective and unalterable». Although in June 2026 the rule is still going through Parliament, the ITSS has pre-empted inspection criteria: paper systems or spreadsheets that can be edited after the fact no longer meet the «reliability» standard required by its internal doctrine.
Increased inspection activity
The ITSS Strategic Plan 2024–2027 identifies working time control as one of its priority lines. Campaigns monitoring overtime and working hours have intensified across all sectors, with particular attention to logistics, hospitality, retail and professional services.
Which recording systems are valid in 2026?
The law does not prescribe a specific system, but case law and inspection doctrine allow a clear map of alternatives to be drawn. The table below summarises the most common options and their level of assurance when facing an inspection:
| System | Legal reliability | Approximate cost | Best suited for |
|---|---|---|---|
| Signed paper record | Low (editable, no traceability) | Very low | Not recommended in 2026 |
| Spreadsheet (Excel/Sheets) | Low (alterable, no timestamp) | Very low | Not recommended in 2026 |
| Clock-in app with timestamp | High (immutable log, exportable) | Low–medium | SMEs in any sector |
| Biometric terminal or RFID card | High (physical record + digital log) | Medium | Companies with fixed premises and stable workforce |
| ERP or HRIS with time-tracking module | High (integrated with payroll and GDPR) | Medium–high | Mid-sized companies with centralised management |
| Module in Microsoft 365 / Teams | High (cloud traceability + audit) | Medium (included in M365 licence) | Companies already in the Microsoft ecosystem |
The determining criterion is the immutability of the data once recorded. A system where the employee or manager can modify a clock-in entry without leaving an audit trail does not meet the «objectivity and integrity» standard required by the Inspectorate.
Remote work and hybrid work: the most common blind spot
Many companies have the correct record for on-site workers and completely neglect it for remote teams. Law 10/2021 on remote work does not exempt from time recording; on the contrary, it requires the control system to be the same regardless of where the service is provided. In practice, this means you need a clock-in solution accessible from any device —mobile phone, laptop, VPN— with optional geolocation (never mandatory without the employee's consent and a legal basis in the collective agreement or company agreement).
The use of geolocation for time recording has direct implications under the GDPR: it requires a legal basis, information to the employee, and a data protection impact assessment if the processing poses a high risk. At Summum Consultoria we have been helping companies implement working time recording systems that simultaneously comply with the Workers' Statute, the Remote Work Act and the GDPR, without operational friction for employees.
Penalties for non-compliance: how much can it cost not to have the record?
Non-compliance with article 34.9 of the Workers' Statute is classified as a serious infringement under article 7.5 of the Law on Infringements and Penalties in the Social Order (LISOS), with fines ranging from 751 to 7,500 euros per infringement notice. But the real economic impact can be much greater:
- Presumption of unpaid overtime. Without a record, the inspector presumes that hours worked outside normal hours are uncompensated overtime. The employee may claim the differences for the last four years.
- Invalidity of working-time clauses. Some collective agreements tie the validity of the hour-compensation system to the existence of a reliable record. Without it, the employer loses the argument.
- Conflicts in dismissals and sick leave. In dismissal proceedings, the absence of a time record can be used by the employee to challenge the reality of the alleged facts.
- Reputational damage. Since 2023, the LABE (List of Proceedings and Company Databases) is accessible to certain operators, and a firm sanction can affect public tenders or relationships with large clients.
How to implement the working time record step by step
Proper implementation is not just installing an app. There is a process that guarantees legal validity and real adoption by the workforce:
1. Diagnosis and system selection
Analyse your workforce profile: do they have company or personal phones? Do they work from multiple locations? Are there rotating shifts? With that data you choose the most suitable system —mobile app, physical terminal, integration with the existing ERP— and define the configuration parameters (rounding of clock-in times, minute tolerance, treatment of breaks).
2. Negotiation or consultation with the legal representatives
Article 34.9 of the Workers' Statute requires that the organisation of the record be carried out «by collective bargaining or company agreement or, failing that, by decision of the employer after consulting the employees' legal representatives». This step is not optional; omitting it can invalidate the system for evidentiary purposes.
3. Drafting and implementing the internal policy
You must have a document describing the system, the responsibilities (who validates, who corrects, who has access), the processing of personal data (referencing the GDPR and the records of processing activities), and the protocol for incidents (forgotten clock-in, technical failure, work on public holidays).
4. Training and communication to the workforce
The greatest operational risk is not technical but cultural: employees who forget to clock in, middle managers who correct records without leaving a trace, coordinated self-employed workers who fall outside the system. A brief training session and a query-resolution channel reduce errors in the first months.
5. Periodic audit and reporting to management
The record is a valuable data source: it allows you to detect patterns of uncompensated overtime, identify departments with work-life balance issues and calculate the real cost of working hours precisely. Companies that use it as a management tool get a clear return on their investment in the system.
If you want to avoid mistakes in this process, our working time record implementation service covers everything from system selection to the internal policy and training, with a guarantee of regulatory compliance.
Collective agreements and working time records: what prevails
Many sector-level collective agreements include specific clauses on the time-control system. In some sectors —construction, logistics, hospitality— agreements require biometric or card-based clock-in systems. In others, the agreement may establish simplified forms for certain categories (managers, sales representatives with autonomy). In any case, the collective agreement can never set conditions below the legal minimum of article 34.9 of the Workers' Statute: the obligation to keep records is a matter of public order and cannot be negotiated downward.
The Supreme Court initially denied the general obligation to keep daily records (judgments of 23 March and 20 December 2017); it was the Court of Justice of the EU judgment of 14 May 2019 (Case C-55/18, CCOO v. Deutsche Bank SAE) that declared the Spanish doctrine incompatible with the Working Time Directive. RDL 8/2019 then enacted that European requirement into law, superseding the prior Supreme Court case law.
Frequently asked questions
Is the working time record also mandatory for self-employed workers?
No. The obligation under article 34.9 of the Workers' Statute applies only to employment relationships, i.e., to employees with an employment contract. Self-employed workers —including economically dependent self-employed workers (TRADE)— are not subject to this obligation, although they may be required to keep an activity record for tax purposes (personal income tax, VAT). If your company regularly uses coordinated self-employed workers or subcontractors, it is worth reviewing the characterisation of the relationship to avoid the ITSS finding a concealed employment relationship.
How long must the records be kept?
Article 34.9 of the Workers' Statute sets a retention period of four years. This period coincides with the limitation period for claims for wage differences (article 59 of the Workers' Statute) and with the period the ITSS can use as a reference for calculating infringements. If the collective agreement or company agreement sets a longer period, the one most favourable to the employee prevails. Records must be kept in a format that guarantees their integrity and immutability: a printed copy of an Excel spreadsheet does not meet this criterion if the original digital file has been modified.
Can the company use mobile phone geolocation for clock-in?
Yes, but with strict conditions arising from the GDPR and article 89 of Organic Law 3/2018 (LOPDGDD), which specifically regulates geolocation systems in the workplace. The processing of location data must have a legal basis (usually, compliance with a legal obligation or the employer's legitimate interest, depending on the case), employees must be clearly and in advance informed, and the processing must be limited to the specific purpose of time recording. It is not permissible to use clock-in location data for other purposes —productivity monitoring, route tracking, behaviour analysis— without an additional legal basis and, in many cases, without a Data Protection Impact Assessment (DPIA).
What happens if an employee forgets to clock in?
The system must include a protocol for managing missed clock-ins. The most common approach is for the employee to notify their direct manager or HR as soon as possible, and for the manager to make the manual correction leaving a record of the reason and the person responsible for the correction in the system's audit log. What is not acceptable is for anyone —the employee themselves, the middle manager or the HR department— to modify an already registered clock-in without leaving a trace of the change. If your current system allows clock-in entries to be edited without an audit trail, consider that it does not meet the reliability standard required in 2026.