With Saudi Arabia mandating e-invoicing to increase transparency and compliance with tax regulations, ZATCA (Zakat, Tax, and Customers Authority), formerly known as GAZT, has issued new regulations for controls, requirements, and technical specifications.
The Generation stage commences on 4th December 2021, and businesses are required to generate, issue, and store electronic invoices and notes and should notify the Authority if any technical error arises. The second phase, Integration commences 1st June 2022, by which time taxpayers must mandatorily integrate their systems with ZATCA’s (the Authority) systems by using an Application Programming Interface (API).
In accordance with ZATCA’s regulations, all the transactions that earlier required tax invoices to be issued must comply with and follow e-invoicing requirements:
- Supplies of goods and services that are either subject to the standard VAT rate or zero rates;
- Export of goods and services from the Kingdom;
- Intra-GCC supplies in accordance with the Agreement, VAT law, and it’s Implementing Regulation;
- Nominal supplies by the taxpayer in accordance with the Agreement, VAT, and Implementing Regulation; and
- Any payments related to the supply of goods or services and received by the taxpayer before the actual supply.
The transactions for which notes are issued as per Article 40 and 54 of the VAT Implementing Regulation shall also have to comply with the latest regulation in the following instances:
- Cancellation or suspension of the supplies after their occurrence, either wholly or partially
- In case of essential change or amendment in the supply, which leads to the change of the VAT due; and
- Amendment of the supply value, which is pre-agreed upon between the supplier and consumer, in case of goods or services refund.
Transactions that are not required to follow the regulations are:
- Transactions with Exempted Supplies;
- Any payments related to exempted supplies received by a taxpayer;
- Supplies subject to VAT pursuant to Reverse Charge Mechanism; and
- Import of goods to the Kingdom.
What changes should businesses observe from 4th December 2021?
During the transition phase, businesses will be required to adjust their accounting systems and internal processes to meet the e-invoicing requirements through an ‘e-invoice generation solution’. The ‘e-invoice generation solution’ will be considered as compliant after prior verification of its conformity to all specifications and requirements by the Authority, third party, or self-certified by the person subject to e-invoicing regulations.
Business entities and banks must ensure that their accounting system has enhanced capabilities both for VAT compliance and e-invoicing solution:
- The compliant solution should be able to connect to an internet connection and integrate with external systems by using an Application Programming Interface (API). Taxpayers will be required to work with their IT team to ensure that technical requirements are met.
- The e-invoices and associated notes must contain mandated fields as specified by ZATCA, which will help with integration.
- Business entities should be able to generate e-invoices in XML format or PDF/A-3 format (with embedded XML) and share the same with customers.
- The Authority shall create a Cryptographic stamp (an electronic stamp created via cryptographic algorithms to ensure the authenticity of origin and integrity of content) after receiving the e-invoices and electronic notes pursuant to the integration procedures starting from the date determined by the authority.
- Businesses need to prepare themselves to share tax invoices or their associated notes that have been generated electronically in XML format or PDF/A-3 format (with embedded XML) in the same format of such invoice or note with customers.
- Businesses should be able to export generated invoices and associated notes into an external archival system.
What should the compliant e-invoice generation solution be able to do?
- The compliant solution must be able to generate invoices and their associated notes in the XML format or PDF/A-3 format (with embedded XML) as per the requirements of electronic invoice formats.
- The compliant solution must be tamper-resistant and include a mechanism that prevents tampering and should reveal any tampering attempts that might occur by the user or any third party in accordance with the specifications and requirements specified by the Authority. The Authority has the power to verify the e-invoicing generation solution to the specifications and requirements.
- The compliant solution must be able to protect the generated electronic invoices and electronic notes from any alteration or undetected deletion and contain some functionalities which enable the person subject to e-invoicing regulation to save electronic invoices and electronic notes and archive them in XML format without an Internet connection.
- The compliant e-invoice generation solution must be able to generate a Universally Unique Identifier (UUID) in addition to the invoice sequential number, which identifies and distinguish each VAT Tax Invoice, Simplified Tax Invoice, and their associated notes in accordance with the specifications, requirements, and timelines. This shall be for each electronic invoice or electronic ote as per the requirements and timelines. UUID is a 128-bit number generated by an algorithm chosen to make it unlikely that the same identifier will be generated by anyone else.
- The compliant solution, which is used for generating Simplified Tax Invoices and their associated notes, must be able to generate a Cryptographic Stamp for each electronic invoice or electronic note. Such cryptographic stamps must have an identifier as per the requirements and timelines.
- The compliant solution must be able to generate a hash (an enciphered text obtained by applying a one-way algorithm upon data which prevents the return to the original data or amending or tampering with it) for each generated electronic invoice or electronic note within the sequence of the electronic invoices and electronic notes. The hash of the invoice is then embedded in the next invoice in the sequence. This hash is used to protect the sequence of Invoices from tampering, whether by deletion or replacement.
- The compliant solution must be able to generate a QR code which is a type of matrix barcode, with a pattern of black and white squares that is machine readable by a QR code scanner or the camera of smart devices in order to enable basic validation of electronic invoices and electronic notes.
- The compliant solution must have a tamper-resistant invoice counter that cannot be reset. The counter must increment for each generated invoice or associated note, and the compliant solution must record the value of this counter in each invoice or associated note. This counter is used to ensure that invoices cannot be deleted from the end of the invoice sequence without detection.
Will there be any fines or penalties for non-compliance?
Yes, all provisions related to tax invoices in the VAT Law are applicable to electronic invoices, including fines and penalties.
Further regulations relating to the generation of e-invoices shall be made available by ZATCA in the coming months.
Affiniax has collaborated with Pagero, a digital solution provider, to ensure all our clients are compliant with the forthcoming E-invoice mandate.
Not sure if these requirements apply to you? Read our blog on applicability, as well as other commonly asked questions, to learn more.
If you would like to know more about the E-Invoicing Requirements, please feel free to approach our team.