VeriFactu: Enhancing Invoice Verification to Tackle Tax Fraud in Spain

Royal Decree 1007/2023 mandates that businesses and professionals employ Computerized Billing Systems (SIF) capable of supporting accounting, billing, or management processes that ensure the integrity, conservation, accessibility, legibility, traceability, and unalterability of invoice records. Alternatively, the use of VeriFactu systems for sending billing records to the Spanish Tax Agency (AEAT) is permitted.

Law 11/2021 against fiscal fraud in Spain

Law 11/2021, focusing on prevention measures and combating fiscal fraud, is designed to obstruct the manipulation of accounting data that facilitates dual accounting or alters transaction records. This law requires producers, traders and users to ensure that the computer or electronic systems and programs that support the accounting, invoicing, or management processes of those who carry out economic activities guarantee the integrity, conservation, accessibility, legibility, traceability, and inalterability of the records, without interpolations, omissions or alterations that aren’t properly recorded within the systems themselves. The intention is to prohibit what is known as “dual-use software” or computer programs that enable users to maintain a ‘B’ accounting system, allowing them to issue invoices without declaring them.

This law aims to encourage the digital advancement of small and medium-sized enterprises (SMEs), microenterprises, and self-employed individuals in Spain. Concurrently, it seeks to enhance tax compliance and bolster the battle against tax fraud.

What is SIF and what is VeriFactu?

An approved Computerized Billing System (SIF) is one that meets the technical requirements defined in Royal Decree 1007/2023. Every business or professional who does not process their billing manually must use this system to generate and issue their invoices. VeriFactu, or a Verifiable Invoice Issuance System, is a system capable of sending billing records to the Spanish Tax Agency (AEAT).

To comply with the "VeriFactu Regulation," there are two options:

• Choose a VeriFactu system, a verifiable invoice issuance system that automatically sends billing records to the AEAT.
• Opt for a Computerized Billing System (SIF) that adheres to the principles of integrity, conservation, accessibility, legibility, traceability, and unalterability of invoice records.

Who is affected by the "VeriFactu Regulation"?

The "VeriFactu Regulation" is enforced across all of Spain, taking into account the particularities established in its specific regulations for the Canary Islands, Ceuta and Melilla. However, in the Basque Country and Navarre, this regulation is limited to taxpayers whose fiscal residence is in the common territory.

The companies and professionals affected by this regulation are those issuing invoices, with the exception of taxpayers obliged to submit the Immediate Supply of Information (SII), except in exceptional cases. Therefore, the "VeriFactu Regulation" will be applicable to the following taxpayers who use Computerized Billing Systems (SIF), even if they only use them for part of their activity:

• Taxpayers subject to Corporate Income Tax (IS), except those that are exempt. For partially exempt entities, the obligation applies exclusively to transactions that generate income that is subject to tax and not exempt.
• Taxpayers under Personal income Tax involved in economic activities.
• Non-Resident Income Tax (IRNR) taxpayers earning income via a permanent establishment.
• Entities under the system of attribution of income that carry out economic activities, without prejudice to the attribution of income that corresponds to their members.
• Developers and Vendors of computerised Billing systems, with respect to their production and sales activities.

When will the "VeriFactu Regulation" take effect?

Royal Decree 1007/2023 came into force the day after its publication in the Official State Gazette, on the 7th of December 2023. However, considering the technical developments needed for the measures it introduces, various deadlines have been set to allow different taxpayers to comply with the new regulations:

• Taxpayers using Computerized Billing Systems (companies, business owners, professionals, etc.) must adapt their systems to meet the requirements set forth in the regulation and its implementing rules by July 1, 2025. 
• Producers and vendors of Computerized Billing Systems (SIF) must offer their adapted solutions within a maximum period of nine months following the entry into force of the Ministerial Order that implements the regulation.

Requirements for Computerized Billing Systems (SIF)

The "VeriFactu Regulation" mandates that computer systems recording and documenting goods and services transactions must ensure the integrity, preservation, accessibility, readability, traceability, and unchangeability of invoice records. These systems are also required to electronically transmit all generated invoicing records to the Tax Agency in a consistent, secure, accurate, complete, automatic, sequential, immediate, and reliable manner. To achieve this, the computer systems must:

• Support the entry of billing information by any method. 
• Store and process invoice information, either within the system itself, via an external physical device or by means of telematic transmission to another computer system, whether or not it is an invoicing system.
• Generate a record of invoice registration simultaneously with or immediately before invoice issuance.
• Embed a digital fingerprint or hash in the registration and cancellation records to link them and ensure traceability.
• Use the electronic certificate of the SIF provider to authenticate invoicing records.
• Incorporate a readable QR code on the invoice that facilitates its capture and digitalisation and even allows the recipient to voluntarily provide information on it to the AEAT.
• Ensure that all invoicing records are transmitted to the AEAT continuously and automatically.
• Provide the AEAT with immediate access to, and/or extraction of, data.

Characteristics of the invoicing records

The Computerized Billing Systems are required to automatically generate a record of each invoice at the time of, or just before, the issuance of the invoice, specifying the minimum required content. Each record discharged will include:

• NIF (Tax Identification Number), first and last name, reason or business name of the party obligated to issue the invoice.
• Invoice number, including the series if applicable, along with the date of issuance and the date of the documented transactions or receipt of advance payment, as relevant
• The type of invoice issued, indicating whether it is full or simplified, and, where appropriate, the additional detail necessary for the correct identification of the type of invoice issued.
• The general description of the transactions and the total amount of the invoice.
• An indication of the system or systems applied to the transactions documented for VAT purposes, or of other transactions with tax implications.
• A statement indicating whether the invoice recipient is subject to VAT.
• The taxable amount of the transactions, the VAT liability, the rate(s) of the equivalence surcharge applied and the amount of the equivalence surcharge.
• In cases where the transaction is exempt from VAT, the corresponding amount and the reason for exemption.
• The precise date and time (including hour, minute, and second) of the invoice registration record creation.

When an invoice has been issued by mistake and it is necessary to cancel its corresponding registration billing record, a cancellation billing record will have to be generated, with the necessary information to correctly carry out the cancellation. Additionally, the regulation includes security measures to ensure that invoicing records remain unaltered, such as the use of a digital fingerprint or hash and an electronic signature.

Event Log for Regulated Invoicing Systems (RIS)

Computerized Billing Systems must implement an event log that records all interactions with the computerised system, as well as operations performed and events occurring during its use. This functionality of the IT systems shall:

• Ensure the ability to trace all activities related to downloading, transferring, or archiving of records.
• Ensure the unalterable preservation of original data by loggins any modifications or cancellations through the creation of a new record.
• Retain all billing records generated by the system itself.
• To have a register that automatically records any interaction, operation carried out, start-up and shut-down, user entry and exit, and errors that have occurred.

How are VeriFactu invoices identified?

For the identification of VeriFactu invoices, when a business or professional submits all their invoicing records to the AEAT, this action must be documented on the invoices themselves. VeriFactu invoices are required to adhere to the following criteria:

• Include a QR code containing specific data that identified the invoice.
• Include a reference indicating that they have been generated using a verifiable invoice issuing system with the "VERI*FACTU" label.

EDICOM, the VeriFactu solution for businesses and software vendors

EDICOM stands as the leading technology provider of electronic invoicing in Spain. Our expertise in developing data integration projects encompasses the deployment of tax reporting solutions such as SII (Immediate Information Supply) and TicketBAI, enabling the automation of tax record declarations reflected in invoices.

The "VeriFactu Regulation" mandates fiscal reporting based on issued invoices for 100% of Spanish businesses. Our proprietary technology platform allows us to swiftly adapt to any tax changes, ensuring compliance with the established requirements for managing and sending billing records through the following VeriFactu solutions:

• VeriFactu Web: A manual solution for registering invoices with the AEAT.
• VeriFactu Integrated: An automatic solution for registering all your invoices directly from your ERP with the AEAT.

Both solutions apply a hash that chains the invoicing records, which will be electronically signed to ensure the traceability of the invoicing process. They will also include a QR code that facilitates the reading of invoices.

Furthermore, if your business is growing and could become a large enterprise with a turnover of around 6 million euros, you might consider joining the SII system. Implementing electronic VAT management with the SII frees you from meeting the "VeriFactu Regulation" requirements, in addition to simplifying your tax compliance and improving administrative management.