8. Legal, compliance, and corporate control
The Shock happened thirty-six hours ago. The infrastructure team has stabilized the core systems. A few services are responding again. Leadership exhales. Then the CFO calls.
Payroll is due in two days. The finance team has moved to a backup system and can technically process payments. But the bank is refusing to cooperate: they are in the middle of their own storm, and are trying to cope with the ongoing bank run. So they have become overzealous and ask dual authorization from two named signatories. Unfortunately, the board resolution that designates those signatories is stored in the company’s contract management platform. That platform runs on the same cloud infrastructure that went down. Without the resolution, they treat the request as unverified.
Meanwhile, the legal team is triaging inbound requests. A key enterprise customer’s procurement department has sent a formal letter: they characterize the past 36 hours as an SLA breach, and are suspending payment. Unfortunately, nobody knows whether this is legit as signed contracts are leaving in DocuSign - which is unreachable.
The systems are recovering. The company is not.
Banks, regulators, partners, insurers, and customers do not interact with infrastructure. They interact with a company that must prove who it is, who represents it, and what obligations it is meeting. When access to legal and compliance artifacts fails, operations can stall even if technology is recoverable.
Failure modes
Companies rarely lose legal control because documents disappear. They lose it because access disappears.
Common failure scenarios include:
- Corporate documentation (incorporation, by-laws, shareholder agreement) stored exclusively in cloud-based legal or document management platforms, preventing the company from proving its legal existence or taking decisions lawfully
- The cap table or share ledger disappears because it lives only in a SaaS tool, making it impossible to verify ownership or authorize equity transactions.
- Customer contracts, amendments, and SLAs are locked in e-signature or contract management platforms, causing customers to suspend payments for lack of an authoritative copy.
- The bank refuses to release funds because the company cannot produce the board resolution that designates authorized signatories.
- Regulatory filings (tax returns, VAT declarations, financial reports) cannot be completed because the underlying data lives in cloud-based accounting or ERP systems that are unreachable.
- Powers of attorney and delegation documents are inaccessible, leaving no one able to act on behalf of the company with banks, notaries, or public authorities.
- The company cannot respond to legal requests, regulatory inquiries, or data subject access requests because the relevant data or correspondence is locked in unavailable SaaS tools.
- Insurance claims cannot be filed within the contractual notification window because the policy terms and insurer contact details are stored only in cloud-based systems.
In these situations, the company may still function technically but be unable to transact, comply, or defend itself legally. Legal paralysis does not require data loss. It only requires loss of access at the wrong moment.
Objectives
The company must be able to:
- prove its legal existence and ownership structure,
- demonstrate authority to act and sign on behalf of the company,
- and meet minimum regulatory, tax and disclosure obligations under applicable deadlines, produce authoritative copies of key commercial contracts,
- and notify insurers and comply with policy conditions within required timeframes.
These capabilities must survive loss of cloud access, SaaS tooling, and normal communication channels.
Solutions
Proving company ownership
Prepared companies treat corporate records as operational assets, not archival files. If your cap table only resides in Carta, if your corporate documentation lives in a cloud-based legal platform, you are at risk.
You need to maintain offline or independently hosted copies of certificates of incorporation, bylaws and articles of association, shareholder and cap table records, board resolutions and signatory authorizations.
These records must be current, verifiable, and accessible without relying on SaaS legal tools or identity providers.
- Current documentation of legal and signatory authority, including board resolutions designating authorized signatories with scope and limits clearly defined
- Offline-accessible incorporation and shareholder records (PDF copies stored locally or on independent infrastructure, updated after every corporate event)
