05 Jan eIDAS and Invoice Verification in the VERI*FACTU System: New Regulations for Authenticity and Integrity
The Royal Decree 1007/2023, in line with the Anti-Fraud Law, has introduced significant changes in billing regulations, focusing particularly on the authenticity of the origin of invoices. According to the new regulation:
“4. The authenticity of the origin and the integrity of the content of the invoice will be considered accredited when they are issued through a computer system or program that meets the requirements specified in the Regulation. This regulation details the requirements for computer or electronic systems and programs used in billing processes by entrepreneurs and professionals, including the standardization of billing record formats.”
Changes in Authenticity and Integrity of Electronic Invoices
Previously, the authenticity and integrity of electronic invoices were ensured through:
a) Advanced electronic signature, according to Directive 1999/93/EC. b) Electronic Data Interchange (EDI), in accordance with Recommendation 94/820/EC. c) Other means validated by the State Tax Administration Agency (AEAT).
At www.leyantifraude.com, we have analyzed these issues in relation to eIDAS and electronic signature, particularly in Cloud SaaS solution environments. The regulation updates considering:
The generation of XML for registration and cancellation of invoices, based on hash calculation and electronic signature with the taxpayer’s certificate. Communication with the AEAT, even without electronic signature. This implies the need for qualified electronic certificates for services such as advanced signing, validation and custody of certificates, and certificate repositories, among others, in Cloud SaaS solutions.
Specific Requirements of VERI*FACTU
Section 4.1, “Billing Computer Systems and VERI*FACTU Systems”, published by the AEAT, states that the submission of invoices can be carried out by the taxpayer, a representative, or a social collaborator, all of whom must have a recognized electronic certificate.
Conclusions
For Cloud SaaS solutions, it is crucial to establish oneself as a trusted provider, in accordance with eIDAS and LSEC regulations. At www.leyantifraude.com, we offer audit and adaptation services to these regulations.