The General Authority of Zakat and Tax (ZATCA) in Saudi Arabia has implemented e-invoicing in two phases. Phase Two, also known as the Integration Phase, focuses on integrating your business systems with the ZATCA portal to ensure seamless generation, transmission, and verification of electronic invoices (e-invoices) and electronic credit/debit notes (e-notes), commonly referred to as “Fatoora” in Arabic.
This article provides a detailed overview of ZATCA Phase Two compliance requirements, including:
Integration with Fatoora Portal:
- Establish a secure connection between your internal systems and the ZATCA Fatoora portal to facilitate data exchange.
- Different integration methods are available, such as API integration, web services, or direct file transfer, depending on your system capabilities and ZATCA’s latest guidelines.
Onboarding Devices & Generating OTP:
- Register any devices used for issuing or managing e-invoices with ZATCA.
- Implement a One-Time Password (OTP) mechanism for user authentication to ensure data security during e-invoice processing.
E-invoice Generation and Hashing:
- Generate e-invoices in a format compliant with ZATCA’s specifications, including mandatory data fields like invoice number, date, buyer information, and tax details.
- Apply a secure hashing algorithm to the e-invoice data, creating a unique fingerprint that helps verify its integrity throughout the transmission process.
Tax & Simplified Invoices:
- ZATCA mandates e-invoices for all taxable transactions exceeding 3,000 SAR.
- Businesses may still issue simplified invoices for transactions below 3,000 SAR, but they are also encouraged to gradually integrate e-invoicing for all transactions to ensure a streamlined process.
Digital Signature Generation:
- Implement a digital signature mechanism using a valid digital certificate issued by an approved provider.
- This signature electronically binds the issuer (seller) to the contents of the e-invoice, ensuring authenticity and preventing unauthorized modifications.
Zatca QR Code Integration:
- Generate a unique QR code for each e-invoice as per ZATCA specifications.
- This QR code allows the buyer and other authorized parties to easily access the e-invoice’s details and verify its authenticity using a smartphone or dedicated application.
Generating PDF/A3 with Integrated XML:
- Create a human-readable PDF/A3 representation of the e-invoice for printing or record-keeping purposes.
- This PDF document should also embed the hashed XML data within it, ensuring the information remains verifiable even in a non-digital format.
Dashboards & Track & Trace:
- Utilize dashboards within your application to monitor the status of e-invoices in real-time.
- Track the acceptance or rejection of e-invoices by ZATCA, allowing for prompt identification and resolution of any issues.
Corrective Actions & Automated Notifications:
- Implement functionalities within your system to enable swift corrective actions in case of e-invoice rejections.
- Automate the process of sending email notifications to buyers upon successful e-invoice approval.
Compliance with ZATCA Phase Two is mandatory for all businesses subject to e-invoicing regulations. By implementing the aforementioned processes, businesses can achieve seamless integration with the ZATCA platform, ensure regulatory compliance, and benefit from efficient e-invoicing practices.
Additional Points to Consider:
- Regularly consult ZATCA’s official website and resources for any updates or changes in the regulations.
- Seek expert guidance from qualified consultants or system integrators to ensure a smooth and successful ZATCA Phase Two implementation.
- Invest in robust security measures to protect sensitive data throughout the e-invoicing process.
By proactively addressing ZATCA Phase Two requirements, businesses can ensure they remain compliant while also paving the way for a more efficient and transparent financial ecosystem in Saudi Arabia.