Phase 2 changes in invoicing

1. When and how will I be informed about my business' Phase 2?

The authority will determine the various targeted groups and phases of the integration for all persons subject to e-invoicing. They will be notified of the implementation procedures for the integration with the authority's systems at least 6 months prior to the due date. The integration can be done using APIs "Application Programming Interface" complying with the timelines, with the targeted groups, with the implementation phases of integration with the Authority's systems. 

2. What are the technical functionalities required for e-invoicing solutions in phase 2?

Phase 2: 1st of January, 2023
  1. The format of the electronic invoice or debit/credit note
    1. XML mandated by the ZATCA
    2. PDF/A3 with the XML embedded file. This format is optional and useful for sharing the invoice with the customer.
  2. The structure of the electronic invoice or debit/credit note
  3. The processing of data and security reinforcement
    1. A unique ID is generated for each invoice and associate notes
    2. A counter that is tamper-resistant for each e-invoice and its associated notes
  4. Cryptographic stamps for simplified tax invoice only and its associated notes
    1. Electronic invoicing systems must have a unique cryptographic stamp identifier for each invoice and its associated notes
    2. Each invoice and its associated notes should have a cryptographic stamp
    3. The cryptographic stamp identifier has to be issued and managed through the Authority's portal. Taxpayers can request their cryptographic stamp identifier by logging in to their current accounts in the Authority's portal. 
    4. A stamping key associated with a cryptographic stamp identifier has to be generated 
    5. When the cryptographic stamp identifier is renewed, a new stamping key should also be generated
    6. The stamping key should be recognized as non-exportable to limit exports outside of the security module
    7. In the e-invoicing solution, disk encryption will be used to protect the stamping key when using software that stores that key 
  5. The use of additional cryptographic capabilities
    1. The use of standard secure hashing algorithms
  6. The use of the Universal unique identifier (UUID)
    1. The UUID is a 128-bit number. This number is generated by an algorithm that makes it very unlikely that anyone else would have the same identifier
  7. The generation of QR codes for all types of electronic invoices and notes containing the following information 
    1. The seller's name
    2. The seller's VAT registration number 
    3. The electronic invoice's or note's timestamp (date/time)
    4. The electronic invoice's or note's amount including VAT
    5. The VAT amount
    6. The electronic invoice's or note's hash of XML
    7. The cryptographic stamp:
      1. For simplified tax invoices and their associated notes: E-invoice generation solution generates are responsible for generating stamps 
      2. For tax invoices that are integrated with the ZATCA's portal and their associated notes: The ZATCA generates their stamps 
    8. The public key used for the generation of cryptographic stamps 
      1. For simplified tax invoices and their associated notes: This key corresponds to the e-invoicing generating solution's key
      2. For tax invoices that are integrated with the ZATCA's portal and their associated notes: The ZATCA's platform's public key can optionally be
  8. Ensuring connectivity 
    1. The ability to ensure safe and encrypted connections such as TLS
    2. The ability to periodically upload in bulk simplified tax e-invoices and their associated notes to external API
    3. The ability to periodically submit in bulk tax e-invoices and their associated notes in real-time to receive a swift response
    4. When the electronic invoicing solution is offline, the issued e-invoices and their associated notes are queued. The data is reported as soon as the connection is re-established

3. What are prohibited functions specified by the ZATCA for e-invoicing compliant systems in phase 2?

  1. The export of stamping keys:
    1. Providing the option of exporting cryptographic stamp stamping key.
  2. Time change: 
    1. Allowing software time changes.
    2. Allowing the modification of timestamp values when issuing an e-invoice, credit, or debit note.