Saudi Arabia, having a relatively new indirect taxation regime, is keeping pace with digital taxation. The General Authority of Zakat and Tax (GAZT) has announced the implementation the e-invoicing. The recent implementation of a value added tax (VAT) system also raises challenges to the local economy, including competition issues and fraud. One reason for the introduction of the e-invoicing regime is that business operators will benefit from a streamlined invoicing process and more effective business operations.
On 4 December 2020 the E-invoicing Regulation was enacted and published. GAZT has ordered that the final deadline for implementation be 4 December 2021. In practice this means that within less than a year the e-invoicing regulations will become effective and obligatory for business users. During the pending transitional period, businesses will need to adjust their accounting systems and internal procedures in order to meet e-invoicing requirements. Upon analysis, this may present a challenge for businesses trying to stay compliant with the new laws, as the endgame for KSA e-invoicing is ambitious.
In the meantime, GAZT has also published a draft document titled Controls, Requirements, Technical Specifications and Procedural Rules for Implementing the Provisions of the E-Invoicing Regulation. The document has now been put to public consultation, which is predicted to be finalized by 17 April 2021.
The e-invoice implementation itself will be realized in two main phases. The first stage embraces the generation of electronic invoices and related documents, including provisions related to their processing and record keeping. This stage will become effective on 4 December 2021. The second stage (the integration phase) includes the most advanced features of the e-invoicing concept, i.e., transmission of electronic invoices and their exchange through the online GAZT platform.
E-invoicing technical requirements
The e-invoicing technical framework in KSA is quite comprehensive. Apart for some basic requirements (like internet access) there are some specific principles in the area of cybersecurity, anti-fraud, and IT integration (for example, API). These technical rules are intended to ensure a structured approach towards issuing, generating and exchanging e-invoices. Eventually, it will allow for a comprehensive e-invoicing model where e-invoices are cleared through the GAZT platform.
E-invoicing destination format
Taxpayers are obliged to implement e-invoicing solutions that enable the generating, saving, and archiving of electronic invoices and their associated notes (including electronic notes) in XML format or PDF/A-3 format (with embedded XML). The preferred format must be protected from alteration and fraud proof. These features will be part of the technical e-invoicing solution implemented by the taxpayer.
The KSA government has given much attention to the security of the electronic documents, and in the official regulations a number of security elements are mentioned. The technical solution used for generating e-invoices must be able to generate additional elements for each e-invoice and e-note: unique identifier, cryptographic stamp, hash, QR code, and internal counter. The elements and features below may have different enforcement dates. (Format elements are mainly part or the second phase of the e-invoice implementation.) More details on functionalities that become obligatory in the first phase (starting 4 December 2021) can be found in the next section.
- Universally Unique Identifier (UUID): all e-invoices will be individually identified in the e-invoicing system by a unique number that is ascribed to each document in addition to its sequential number. UUID is a 128-bit number, generated by an algorithm designed to make it unlikely that the same identifier will be generated by any other system.
- Cryptographic Stamp: this will be added by GAZT upon receiving the electronic document following the positive verification of the e-invoice/e-note. The Cryptographic Stamp consists of two fields: the ECDSA public key and the ECDSA signature. It will be generated using the same digital certificate as that used to stamp the electronic invoices.
- Hash: separate from the individual numbering used by the taxpayer, this will also ensure that sequential numbering is used and that no intervention (such as replacement or deletion) is possible. This element will not store the invoice data itself, but rather be a tool that prevents any alterations of the document. The hash of a particular invoice will be used in the next invoice, and will be computed from all the elements of the previous invoice (UBL invoice, hash of the previous invoice, QR code, cryptographic stamp).
- QR code: this enables quick, basic verification of the document through the use of simple QR camera scanners. It will be encoded in Base64 format with up to 500 characters.
- Internal document counter: an independent counting solution that cannot be reset and will allow quick detection of any fraudulent intervention.
E-invoice functionalities in force as of 4th December 2021 (1st phase)
The implementation of e-invoicing in KSA has been divided into two phases. The first entails generating e-invoices containing the required data, but does not yet require the full format.
Therefore, taxpayers should for now focus on the following three development areas:
- E-invoice generation and processing
Taxpayers shall be able to generate tax invoices and simplified tax invoices, as well as related documents, such as credit and debit notes. Importantly, the first phase does not include a specific format requirement, which means that the electronic invoices and other documents will at least have the relevant content based on relevant tax regulations.
The technical solution will enable taxpayers to export e-invoices and associated electronic documents to a local or external archive.
- E-invoice structure
In terms of e-invoice structure, GAZT defines the mandatory e-invoice fields optional at each implementation phase. Taxpayers are obliged to ensure that the e-invoice solution generates invoices containing the mandatory fields, but also contains proper business rules for the optional fields. Among others, the following mandatory fields will be available as of 4 December 2021:
- Invoice type description
- Invoice reference number (IRN)
- Invoice issue date
- Seller’s name, address, and ID
- Buyer’s name, address, and ID
- Product or service description
- VAT calculation fields (net, gross, VAT rate, subtotals, etc.)
- Data security
In general, the data security elements of the e-invoice will only become mandatory as of June 2022. However, certain security features regarding simplified tax e-invoices must be implemented in the first phase:
- attributes that enable the locking of the electronic document and prevention against intervention in the content of the document,
- generating and assigning a QR code that must contain the seller’s name and VAT ID, the date and time, gross amount (VAT inclusive), and VAT total.
From a wider perspective, Saudi Arabia is following the global trend by introducing a new e-invoicing system, which is expected to develop into a CTC regime based on initial assumptions. For that to happen, the implementation of the second phase will be critical, when major format and technical features are included. We will first observe progress on the finalization of the first phase.