The Kingdom of Saudi Arabia (KSA) is proceeding with the implementation of the e-invoicing mandate and aims to close the first important milestone on 4 December 2021. The latest releases by GAZT allow the taxpayers to take the first steps towards the implementation process.
KSA e-invoicing action plan
The e-invoicing implementation is to be realized in two major phases. The first stage embraces the generation of electronic invoices and related documents, including provisions related to its processing and record keeping. This stage will become effective on 4 December 2021. The second stage (the integration phase) includes the most advanced features of the e-invoicing concept, i.e., transmission of electronic invoices and exchanging them through the online GAZT platform.
The first stage looks much less demanding than the second, but already includes a number of specific requirements and calls for launching preparatory works as soon as possible.
Scope of the e-invoicing regulation
The KSA e-invoicing regulations will apply to different types of documents, including standard tax invoices, but also the simplified tax invoice, as well as credit and debit notes. If issuing these documents in electronic form, the existing tax regulations will be observed to ensure that the content remains compliant.
E-invoicing only for KSA residents
E-invoicing regulations will apply to all taxable persons who are subject to VAT, and also third parties issuing tax invoices on behalf of the taxpayers. At the same time, these regulations will apply exclusively to residents of Saudi Arabia, who will have to issue and store e-invoices in a particular electronic format with predefined data fields. The requirements also apply to third parties who are issuing tax invoices on behalf of resident taxable persons.
The e-invoicing rules will not apply to taxable persons who are not resident in Saudi Arabia.
E-invoicing regulations are released
The e-invoicing story in KSA started in September 2020, when the E-invoicing Regulation was drafted and eventually came into force three months later, in December 2020. This is, however, only a general outlook on the requirement, and KSA taxpayers were looking forward to a more detailed regulation being released. This moment finally came in March 2021. KSA tax authorities have just released an important document: Draft of Controls, Requirements, Technical Specifications and Procedural Rules for Implementing the Provisions of the E-Invoicing Regulation, which describes in more detail the KSA e-invoicing concept and the specific requirements that will be imposed in the near future.
The following documentation was published by GAZT at the same time as the aforementioned document:
– Electronic Invoice Data Dictionary
– Electronic Invoice XML Implementation Standard
– Electronic Invoice Security Implementation Standards
With the released documentation in hand, local taxpayers can now start their preparations. What do these documents include, and do they include all the information necessary to prepare for the e-invoicing mandate?
Let’s have a closer look at these documents to understand the current e-invoicing landscape in KSA.
Controls, Requirements, Technical Specifications and Procedural Rules for Implementing the Provisions of the E-Invoicing Regulation (the Draft Rules Regulation)
This is the main document that clarifies the e-invoicing requirement and has been created to identify controls, requirements, technical specifications, or procedural rules required for the implementation of the E-Invoicing Regulation provisions. The document addresses both phases of the e-invoicing implementation:
- Phase 1: generation of electronic invoices and electronic notes, including provisions related to its processing and record keeping (effective from 4 December 2021).
- Phase 2: transmission of electronic invoices and electronic notes, and sharing them with GAZT, which will be implemented through phases (set to start in June 2022).
In terms of technical requirements, the regulation defines the features of the e-invoicing generation solution (the so-called Compliant Solution), which needs to be developed by taxpayers in order to fully meet the requirement. Such a solution will be certified by a competent authority or a professional third party.
The Compliant Solution must enable generation and sharing of the e-invoices and e-notes in a pre-defined format (XML or PDF/A-3). The most characteristic element of this concept is a set of data and information security measures that are included in the solution (unique identifier UUID, QR code, hash, internal counter, and cryptographic stamp).
- Universally Unique Identifier (UUID): all e-invoices will be individually identified in the e-invoicing system by a unique number that is ascribed to each document in addition to its sequential number. UUID is a 128-bit number, generated by an algorithm designed to make it unlikely that the same identifier will be generated by any other system.
- Cryptographic Stamp: this will be added by GAZT upon receiving the electronic document following the positive verification of the e-invoice/e-note. The Cryptographic Stamp consists of two fields: the ECDSA public key and the ECDSA signature. It will be generated using the same digital certificate as that used to stamp the electronic invoices.
- Hash: separate from the individual numbering used by the taxpayer, this will also ensure that sequential numbering is used and that no intervention (such as replacement or deletion) is possible. This element will not store the invoice data itself, but rather be a tool that prevents any alterations of the document. The hash of a particular invoice will be used in the next invoice, and will be computed from all the elements of the previous invoice (UBL invoice, hash of the previous invoice, QR code, cryptographic stamp).
- QR code: this enables quick, basic verification of the document through the use of simple QR camera scanners. It will be encoded in Base64 format with up to 500 characters.
- Internal document counter: an independent counting solution that cannot be reset and will allow quick detection of any fraudulent intervention.
An important feature of the Compliant Solution will be the ability to connect to the Internet and integrate with external systems using an application programming interface (API). The e-invoicing integration capability will be subject to a separate regulation and is not described in detail in the mentioned document.
Technical functionalities (Annex I)
The Draft Rules Regulation provides a detailed overview of e-invoicing technical functionalities, which will come into force in both implementation phases. In the first place, the taxpayers will focus on developing the e-invoice/e-note generation feature, and only in the second phase introduce the integration capability, as well as the security elements mentioned above. In addition, the Draft Rules Regulation provides a set of prohibited e-invoice functionalities (e.g. uncontrolled access, modification features, etc.), which must not be used.
E-invoice fields (Annex II)
The Draft Rules also include an exhaustive list of the fields relevant to e-invoices and indicates the obligation status. There are three statuses that may be used for particular fields:
- mandatory (the field must be used)
- conditional (must be used if condition is met)
- optional (fields that are not obligatory)
Additionally, the summary table shows the e-invoice items that will become mandatory on completion of phase 1 (4 December 2021) and phase 2 (1 June 2022).
[document 2] Electronic Invoice Data Dictionary
The dictionary includes a description of different terms used in e-invoicing documentation. In particular it defines invoice categories, business terms and their description, technical specification of the term (UBL specifications), and finally the KSA-specific context for each business term (if applicable). The document also includes examples for particular elements.
[document 3] Electronic Invoice XML Implementation Standard
The document is a purely technical one, which describes the structure of the XML that is to be used for generation of e-invoices and e-notes. The KSA e-invoicing standard is based on the EU standard EN 16931-1:2017 with use of the UBL schema (UBL 2.1). There is also a set of KSA-specific elements of the structure, which take into account the specifics of the KSA VAT regime. Among these are specific business rules:
- the invoice must contain unique identifier (UUID),
- specific transaction codes with defined structure, which identifies different invoice regimes (third party invoice, simplified invoice, summary invoice, export invoice, etc.)
- payment means code
- credit and debit notes (specific invoice code) must justify the use of this type of document
- invoice must include the hash (using SHA256 algorithm function) of the previous invoice
- document must contain a QR code
- each invoice must have an invoice counter value
- document must be stamped cryptographically
It should be noted that at this stage additional XML files (Schematron files) are not yet available and will be released after the e-invoicing consultation is finalized.
[document 4] Electronic Invoice Security Implementation Standards
This document specifically refers to the two security measures: the cryptographic stamp and the QR codes, which constitute the core of the security of the e-invoices and e-notes.
The standard describes in more detail the e-invoice cryptographic stamp business process (issuing/management) and requirements for creation and use, as well as the structure and format of the e-invoice stamp. It also contains the QR code specification.
Further developments are expected
Although the regulations released to date include a large amount of information, there are still further e-invoicing releases expected. The most important are regulations and requirements referring to integration features, which will enable the exchange of electronic documents via GAZT’s portal. GAZT plans to prepare and publish different types of APIs to be used to integrate taxpayers’ e-invoicing solutions with the GAZT e-invoicing platform for invoice clearance.
The e-invoicing regulatory developments in KSA are pretty advanced and the ball is now in the court of businesses, which now need to take steps to identify how these regulations will affect them. Based on these assessments, further analysis of the impact of the regulations on businesses will be performed, followed by a proper e-invoicing implementation project to meet the first deadline (phase 1) on 4 December 2021.