bcgov · Rajandeep98 · Jan 20, 2026 · Jan 16, 2026 · Jan 16, 2026 · Jan 17, 2026
diff --git a/legal-api/src/legal_api/services/filings/validations/incorporation_application.py b/legal-api/src/legal_api/services/filings/validations/incorporation_application.py
@@ -20,6 +20,7 @@
 
 from legal_api.errors import Error
 from legal_api.models import Business, PartyRole
+from legal_api.services import flags
 from legal_api.services.filings.validations.common_validations import (
     validate_court_order,
     validate_effective_date,
@@ -30,6 +31,7 @@
     validate_parties_addresses,
     validate_parties_names,
     validate_pdf,
+    validate_permission_and_completing_party,
     validate_phone_number,
     validate_share_structure,
 )
@@ -49,6 +51,10 @@ def validate(incorporation_json: dict):  # pylint: disable=too-many-branches;
         msg.append({"error": babel("Legal type is required."), "path": legal_type_path})
         return msg  # Cannot continue validation without legal_type
 
+    err = _validate_incorporation_permission(incorporation_json, filing_type, msg)
+    if err:
+        return err
+
     msg.extend(validate_offices(incorporation_json, legal_type))
     msg.extend(validate_offices_addresses(incorporation_json, filing_type))
 
@@ -320,3 +326,22 @@ def validate_ia_court_order(filing: dict) -> list:
         if err:
             return err
     return []
+
+def _validate_incorporation_permission(
+    incorporation_json: dict,
+    filing_type: str,
+    msg: list
+):
+    """Validate the permission and completing party of the incorporation filing."""
+    if not flags.is_on("enabled-deeper-permission-action"):
+        return None
+    return validate_permission_and_completing_party(
+        None,
+        incorporation_json,
+        filing_type,
+        msg,
+        {"check_name":False,
+         "check_email":True,
+         "check_address":False,
+         "check_document_email":True}
+                        )
diff --git a/legal-api/tests/unit/services/filings/validations/test_incorporation_application.py b/legal-api/tests/unit/services/filings/validations/test_incorporation_application.py
@@ -17,6 +17,8 @@
 from http import HTTPStatus
 
 import datedelta
+from legal_api.errors import Error
+from legal_api.services.filings.validations import incorporation_application
 import pytest
 from freezegun import freeze_time
 from registry_schemas.example_data import COURT_ORDER, INCORPORATION, INCORPORATION_FILING_TEMPLATE
@@ -25,14 +27,14 @@
 
 from legal_api.models import Business
 from legal_api.services.filings import validate
-from legal_api.services.filings.validations.incorporation_application import validate_coop_parties_mailing_address, validate_parties_names
 
 from tests.unit.services.filings.test_utils import _upload_file
 
 from . import create_party, create_party_address, lists_are_equal, create_officer
 from tests import not_github_ci
 from unittest.mock import patch
-from legal_api.services import NameXService
+from legal_api.services import NameXService, flags
+from legal_api.services.filings.validations.incorporation_application import validate_coop_parties_mailing_address, validate_parties_names
 from tests.unit import MockResponse
 
 
@@ -1994,3 +1996,76 @@ def test_validate_name_translation(session, test_name, name_translation, expecte
         if err:
             print(err, err.code, err.msg)
         assert err is None
+
+@pytest.mark.parametrize(
+    'test_name, flag_enabled, permission_error, expected_code, expected_msg',
+    [
+        ('SUCCESS_FLAG_ON', True, None, None, None),
+        ('SUCCESS_FLAG_OFF', False, None, None, None),
+        ('FAIL_PERMISSION_ERROR', True, Error(HTTPStatus.FORBIDDEN, [{'error': 'Permission denied.'}]),
+            HTTPStatus.FORBIDDEN, 'Permission denied.'),
+    ]
+)
+def test_incorporation_permission_and_completing_party_flag(mocker, app, session, test_name, flag_enabled, permission_error, expected_code, expected_msg):
+    """Test validate_permission_and_completing_party is called when flag is enabled."""
+    account_id = '123456'
+    filing_json = copy.deepcopy(INCORPORATION_FILING_TEMPLATE)
+    filing_json['filing']['header'] = {
+        'name': incorporation_application_name,
+        'date': '2019-04-08',
+        'certifiedBy': 'fname mname lname',
+        'email': 'test@email.com',
+        'filingId': 1
+    }
+    filing_json['filing'][incorporation_application_name] = copy.deepcopy(INCORPORATION)
+    filing_json['filing'][incorporation_application_name]['nameRequest'] = {}
+    filing_json['filing'][incorporation_application_name]['nameRequest']['nrNumber'] = identifier
+    filing_json['filing'][incorporation_application_name]['nameRequest']['legalType'] = Business.LegalTypes.BCOMP.value
+
+    mocker.patch.object(incorporation_application ,'validate_offices', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_roles', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_coop_parties_mailing_address', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_parties_delivery_address', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_cooperative_documents', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_ia_court_order', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_offices_addresses', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_parties_names', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_parties_addresses', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_name_request', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_share_structure', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_effective_date', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_phone_number', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_email', return_value=[])
+    mocker.patch.object(incorporation_application, 'validate_name_translation', return_value=[])
+
+    mocker.patch('legal_api.services.bootstrap.AccountService.get_contacts', return_value={'contacts': [{'email': 'test@example.com'}]})
+
+    mocker.patch.object(flags, 'is_on', return_value=flag_enabled)
+    mock_validate_permission = mocker.patch.object(incorporation_application,
+        'validate_permission_and_completing_party', return_value=permission_error)
+
+    with app.test_request_context(headers={'account-id': account_id}):
+        err = validate(None, filing_json, account_id)
+
+    if flag_enabled:
+        mock_validate_permission.assert_called_once()
+        call_args = mock_validate_permission.call_args
+        assert call_args[0][0] is None 
+        assert call_args[0][1] == filing_json 
+        assert call_args[0][2] == incorporation_application_name
+        check_options = call_args[0][4] 
+
+        assert check_options.get('check_name') is False
+        assert check_options.get('check_email') is True
+        assert check_options.get('check_address') is False
+        assert check_options.get('check_document_email') is True
+    else:
+        # When flag is off
+        mock_validate_permission.assert_not_called()
+    if expected_code:
+        assert err is not None
+        assert err.code == expected_code
+        assert expected_msg in str(err.msg[0].get('message', err.msg[0].get('error', '')))
+    else:
+        assert err is None
+