VeriFactu: Verified Billing System in Spain

Royal Decree 1007/2023 requires businesses and professionals to use certified Billing Information Systems (SIF) to support accounting, billing, and management processes that ensure the integrity, preservation, accessibility, readability, traceability, and immutability of invoice records. Alternatively, VeriFactu systems may be used to submit billing records directly to the Spanish Tax Agency (AEAT).

Law 11/2021 against fiscal fraud in Spain

Law 11/2021, focusing on prevention measures and combating fiscal fraud, is designed to obstruct the manipulation of accounting data that facilitates dual accounting or alters transaction records. This law requires producers, traders and users to ensure that the computer or electronic systems and programs that support the accounting, invoicing, or management processes of those who carry out economic activities guarantee the integrity, conservation, accessibility, legibility, traceability, and inalterability of the records, without interpolations, omissions or alterations that aren’t properly recorded within the systems themselves. 

This law aims to encourage the digital advancement of small and medium-sized enterprises (SMEs), microenterprises, and self-employed individuals in Spain. Concurrently, it seeks to enhance tax compliance and bolster the battle against tax fraud.

Royal Decree 1007/2023: "VeriFactu Regulation"

Published in the BOE on December 6, 2023, Royal Decree 1007/2023 defines compliance requirements for billing systems used by businesses and professionals, including standardized formats for billing records. This regulation is part of the amendments to Article 29.2.j) of the General Tax Law, introduced by Law 11/2021 to prevent tax fraud. The primary aim is to ensure the integrity, preservation, accessibility, readability, traceability, and immutability of records while preventing software that could allow sales concealment.

Known as the "VeriFactu Regulation," the decree provides a simplified compliance option by enabling direct transmission of billing records to the AEAT’s online platform as they’re created. Security measures, like electronic signatures and chained hashes, are also included to prevent unauthorized modifications, ensuring transparency and traceability in billing processes.

What is SIF and what is VeriFactu?

An approved Computerized Billing System (SIF) is one that meets the technical requirements defined in Royal Decree 1007/2023. Every business or professional who does not process their billing manually must use this system to generate and issue their invoices. VeriFactu, or a Verifiable Invoice Issuance System, is a system capable of sending billing records to the Spanish Tax Agency (AEAT).

To comply with the "VeriFactu Regulation," there are two options:

• Opt for a Computerized Billing System (SIF) that adheres to the principles of integrity, conservation, accessibility, legibility, traceability, and unalterability of invoice records.
• Choose a VeriFactu system, a verifiable invoice issuance system that automatically sends billing records to the AEAT.

Who is affected by the "VeriFactu Regulation"?

The "VeriFactu Regulation" is enforced across all of Spain, taking into account the particularities established in its specific regulations for the Canary Islands, Ceuta and Melilla. However, in the Basque Country and Navarre, this regulation is limited to taxpayers whose fiscal residence is in the common territory. The companies and professionals affected by this regulation are those issuing invoices, with the exception of taxpayers obliged to submit the Immediate Supply of Information (SII), except in exceptional cases.

Therefore, the "VeriFactu Regulation" will be applicable to the following taxpayers who use Computerized Billing Systems (SIF), even if they only use them for part of their activity:

• Taxpayers subject to Corporate Income Tax (IS), except those that are exempt. For partially exempt entities, the obligation applies exclusively to transactions that generate income that is subject to tax and not exempt.
• Taxpayers under Personal income Tax involved in economic activities.
• Non-Resident Income Tax (IRNR) taxpayers earning income via a permanent establishment.
• Entities under the system of attribution of income that carry out economic activities, without prejudice to the attribution of income that corresponds to their members.
• Developers and Vendors of computerised Billing systems, with respect to their production and sales activities.

When will the "VeriFactu Regulation" take effect?

Royal Decree 1007/2023 came into force the day after its publication in the Official State Gazette, on the 7th of December 2023. However, considering the technical developments needed for the measures it introduces, various deadlines have been set to allow different taxpayers to comply with the new regulations:

• Taxpayers using Computerized Billing Systems (companies, business owners, professionals, etc.) must adapt their systems to meet the requirements set forth in the regulation and its implementing rules by January 1, 2026. 
• Producers and vendors of Computerized Billing Systems (SIF) must offer their adapted solutions within a maximum period of nine months following the entry into force of the Ministerial Order that implements the regulation.

Requirements for Computerized Billing Systems (SIF)

The "VeriFactu Regulation" mandates that computer systems recording and documenting goods and services transactions must ensure the integrity, preservation, accessibility, readability, traceability, and unchangeability of invoice records. These systems are also required to electronically transmit all generated invoicing records to the Tax Agency in a consistent, secure, accurate, complete, automatic, sequential, immediate, and reliable manner. To achieve this, the computer systems must:

• Support the entry of billing information by any method. 
• Store and process invoice information, either within the system itself, via an external physical device or by means of telematic transmission to another computer system, whether or not it is an invoicing system.
• Generate a record of invoice registration simultaneously with or immediately before invoice issuance.
• Embed a digital fingerprint or hash in the registration and cancellation records to link them and ensure traceability.
• Use the electronic certificate of the SIF provider to authenticate invoicing records.
• Incorporate a readable QR code on the invoice that facilitates its capture and digitalisation and even allows the recipient to voluntarily provide information on it to the AEAT.
• Ensure that all invoicing records are transmitted to the AEAT continuously and automatically.
• Provide the AEAT with immediate access to, and/or extraction of, data.

Characteristics of the invoicing records

The Computerized Billing Systems are required to automatically generate a record of each invoice at the time of, or just before, the issuance of the invoice, specifying the minimum required content. Each record discharged will include:

• NIF (Tax Identification Number), first and last name, reason or business name of the party obligated to issue the invoice.
• Invoice number, including the series if applicable, along with the date of issuance and the date of the documented transactions or receipt of advance payment, as relevant
• The type of invoice issued, indicating whether it is full or simplified, and, where appropriate, the additional detail necessary for the correct identification of the type of invoice issued.
• The general description of the transactions and the total amount of the invoice.
• An indication of the system or systems applied to the transactions documented for VAT purposes, or of other transactions with tax implications.
• A statement indicating whether the invoice recipient is subject to VAT.
• The taxable amount of the transactions, the VAT liability, the rate(s) of the equivalence surcharge applied and the amount of the equivalence surcharge.
• In cases where the transaction is exempt from VAT, the corresponding amount and the reason for exemption.
• The precise date and time (including hour, minute, and second) of the invoice registration record creation.

When an invoice has been issued by mistake and it is necessary to cancel its corresponding registration billing record, a cancellation billing record will have to be generated, with the necessary information to correctly carry out the cancellation. Additionally, the regulation includes security measures to ensure that invoicing records remain unaltered, such as the use of a digital fingerprint or hash and an electronic signature.

Event Log for Regulated Invoicing Systems (RIS)

Computerized Billing Systems must implement an event log that records all interactions with the computerised system, as well as operations performed and events occurring during its use. This functionality of the IT systems shall:

• Ensure the ability to trace all activities related to downloading, transferring, or archiving of records.
• Ensure the unalterable preservation of original data by loggins any modifications or cancellations through the creation of a new record.
• Retain all billing records generated by the system itself.
• To have a register that automatically records any interaction, operation carried out, start-up and shut-down, user entry and exit, and errors that have occurred.

How are VeriFactu invoices identified?

For the identification of VeriFactu invoices, when a business or professional submits all their invoicing records to the AEAT, this action must be documented on the invoices themselves. VeriFactu invoices are required to adhere to the following criteria:

• Include a QR code containing specific data that identified the invoice.
• Include a reference indicating that they have been generated using a verifiable invoice issuing system with the "VERI*FACTU" label.

EDICOM’s VeriFactu Solution for Businesses and Software Providers

As a leader in electronic invoicing in Spain, EDICOM offers advanced solutions tailored to the "VeriFactu Regulation" for businesses and software providers seeking reliable, compliant integration options for their clients. With extensive experience in data integration projects like SII (Immediate Supply of Information) and TicketBAI, EDICOM provides tools that automate and simplify fiscal reporting, enabling clients to meet the new requirement of submitting billing records to the AEAT.

Our platform includes VeriFactu solutions designed for diverse integration needs:

• VeriFactu Web: Enables manual entry of invoices into the AEAT, offering a flexible option for clients who don’t need full automation.
• Integrated VeriFactu: An advanced solution that fully automates the submission of all billing records from the client’s ERP directly to the AEAT.

Both solutions ensure maximum traceability and security with linked record chains and electronic signatures, along with a QR code that facilitates validation and review of each invoice. These features allow software providers to add high-value services to their billing systems, enhancing functionality and ensuring full compliance with current regulations.