Briefing document: Spain’s VeriFactu Verified Billing System

This briefing document synthesises information from the provided excerpts regarding Spain’s new “VeriFactu” system for verified billing. This initiative, rooted in Law 11/2021 against fiscal fraud and further defined by Royal Decree 1007/2023 and subsequent amendments in Royal Decree 254/2025, introduces significant changes to invoicing requirements in Spain. The core aim is to enhance tax transparency, combat fiscal fraud, and promote the digitalisation of business operations by mandating the use of certified Billing Information Systems (SIF) or direct submission of billing records to the Spanish Tax Agency (AEAT) via VeriFactu systems.

Main Themes and Important Ideas:

1. Legislative Foundation and Objectives:

Law 11/2021 against fiscal fraud: This foundational law aims to “obstruct the manipulation of accounting data that facilitates dual accounting or alters transaction records.” It mandates that computerised systems supporting accounting, invoicing, or management must guarantee the “integrity, conservation, accessibility, legibility, traceability, and inalterability of the records, without interpolations, omissions or alterations that aren’t properly recorded within the systems themselves.” This law also seeks to encourage the “digital advancement of small and medium-sized enterprises (SMEs), microenterprises, and self-employed individuals in Spain” and “enhance tax compliance and bolster the battle against tax fraud.”
Royal Decree 1007/2023 (“VeriFactu Regulation”): This decree further details the compliance requirements for billing systems, including standardised formats for billing records. It is framed as an amendment to the General Tax Law to prevent tax fraud by ensuring the “integrity, preservation, accessibility, readability, traceability, and immutability of records while preventing software that could allow sales concealment.” The decree offers a “simplified compliance option by enabling direct transmission of billing records to the AEAT’s online platform as they’re created.”
Royal Decree 254/2025: This decree introduces key amendments, notably extending the mandatory compliance deadline for Corporate Income Tax payers to “before January 1, 2026.” It also clarifies that “issuers who already report their ledger books through the Immediate Supply of Information (SII) system are excluded from the obligation to generate self-billed invoices,” aiming to simplify processes for this group.

2. Compliance Options: SIF and VeriFactu:

Businesses have two main pathways to meet the new regulatory requirements:
Computerised Billing System (SIF): This is an “approved system that meets the technical requirements defined in Royal Decree 1007/2023.” Such systems must adhere to the principles of “integrity, conservation, accessibility, legibility, traceability, and unalterability of invoice records.”
VeriFactu System: Described as a “verifiable invoice issuance system that automatically sends billing records to the AEAT.”

3. Scope of Application:

The “VeriFactu Regulation” applies across Spain, with specific considerations for the Canary Islands, Ceuta, and Melilla. In the Basque Country and Navarre, its application is limited to taxpayers with fiscal residence in the common territory.
The regulation affects a wide range of entities issuing invoices, specifically including:
Corporate Income Tax (IS) taxpayers (with exemptions for fully exempt entities; partially exempt entities are obligated for taxable income).
Personal Income Tax taxpayers involved in economic activities.
Non-Resident Income Tax (IRNR) taxpayers earning income via a permanent establishment.
Entities under the system of attribution of income that carry out economic activities.
Developers and vendors of computerised billing systems (regarding their production and sales).
Crucially, “taxpayers obliged to submit the Immediate Supply of Information (SII)” are generally excluded from the obligation to generate self-billed invoices under VeriFactu, a point clarified by Royal Decree 254/2025.

4. Implementation Timelines:

Royal Decree 1007/2023 came into force on 7 December 2023.
The mandatory deadline for “Taxpayers using Computerized Billing Systems” (companies, business owners, professionals, etc.) to adapt their systems is before January 1, 2026 (extended for Corporate Income Tax payers by Royal Decree 254/2025).
Producers and vendors of SIF systems must offer adapted solutions within a maximum of nine months from the entry into force of the implementing Ministerial Order.

5. Requirements for Computerised Billing Systems (SIF):

These systems must guarantee the “integrity, preservation, accessibility, readability, traceability, and unchangeability of invoice records.”
They must “electronically transmit all generated invoicing records to the Tax Agency in a consistent, secure, accurate, complete, automatic, sequential, immediate, and reliable manner.”
Key technical requirements include:
Support for various methods of billing information entry.
Storage and processing of invoice information.
Generation of an “invoice registration record simultaneously with or immediately before invoice issuance.”
Embedding a “digital fingerprint or hash in the registration and cancellation records to link them and ensure traceability.”
Use of the “electronic certificate of the SIF provider to authenticate invoicing records.”
Incorporation of a “readable QR code on the invoice that facilitates its capture and digitalisation.”
Ensuring “all invoicing records are transmitted to the AEAT continuously and automatically.”
Providing the AEAT with “immediate access to, and/or extraction of, data.”

6. Characteristics of Invoicing Records:

SIF systems must automatically generate a record for each invoice with minimum required content, including:
“NIF (Tax Identification Number), first and last name, reason or business name of the party obligated to issue the invoice.”
“Invoice number, including the series if applicable, along with the date of issuance and the date of the documented transactions or receipt of advance payment, as relevant.”
The “type of invoice issued, indicating whether it is full or simplified.”
The “general description of the transactions and the total amount of the invoice.”
VAT information, including the system applied, whether the recipient is subject to VAT, taxable amount, VAT liability, and exemption details if applicable.
The “precise date and time (including hour, minute, and second) of the invoice registration record creation.”
Cancellation of erroneous invoices requires the generation of a “cancellation billing record” with necessary information.
Security measures like “digital fingerprints or hashes and an electronic signature” are mandatory to prevent alteration of invoicing records.

7. Event Log Requirement:

Computerised Billing Systems must maintain an “event log that records all interactions with the computerised system,” including operations, events, start-ups, shut-downs, user logins/logouts, and errors.
This log must “ensure the ability to trace all activities related to downloading, transferring, or archiving of records” and ensure “the unalterable preservation of original data by loggins any modifications or cancellations through the creation of a new record.”

8. Identification of VeriFactu Invoices:

Invoices generated by a VeriFactu system that submits all invoicing records to the AEAT must:
“Include a QR code containing specific data that identified the invoice.”
“Include a reference indicating that they have been generated using a verifiable invoice issuing system with the ‘VERI*FACTU’ label.”

9. Upcoming Deadlines:

The key deadline remains before January 1, 2026, for the mandatory use of VeriFactu compliant systems.
The document also mentions “pending definitions for mandatory B2B e-Invoicing based on annual turnover thresholds,” indicating further developments in digital invoicing requirements may be forthcoming.

Conclusion:

The VeriFactu system represents a significant move towards near real-time digital reporting of invoicing data in Spain, driven by the imperative to combat tax fraud and enhance transparency. Businesses and software providers must urgently familiarise themselves with the legislative framework, understand the two available compliance pathways (SIF and direct VeriFactu submission), adhere to the established timelines (with the critical date being before January 1, 2026), and ensure their systems and processes align with the detailed technical specifications for compliant invoicing records and systems. The exclusion of most SII reporters from self-billing obligations under VeriFactu provides a degree of simplification for that group. Market solutions are emerging to aid this transition and facilitate adherence to the new regulations.

Other newsletters on Verifactu