Zakat, Tax and Customs Authority (ZATCA) has prescribed the features of complaint e-invoice solution, and a cryptographic stamp is one of them. A cryptographic stamp is created to ensure the authenticity of origin and integrity of the electronic invoices and related Credit and Debit Notes (CDNs). To enforce the cryptographic stamp feature, you must link their e-invoice solution units with Cryptographic Stamp Identifiers (CSIDs).
This article explains all about CSIDs.
Latest Updates
A cryptographic stamp identifier links the E-Invoice Generation Solution (EGS) unit and a trusted third party such as ClearTax, which helps in confirming the seller’s identity and the respective e-invoice solution unit. The ultimate purpose of CSID is to authenticate the EGS unit, which is used to stamp the simplified invoices and access the reporting and clearance APIs.
A CSID is a cryptographic certificate that allows for authenticated signing and encryption of communication. The certificate is also known as a public key certificate or an identity certificate. It is an electronic document used as proof of ownership of a public key.
ZATCA clarified that they would implement the phase 2 of e-invoicing (integration phase) in waves by bifurcating e-invoicing applicable taxpayers into targeted taxpayer groups. Also, ZATCA will notify the targeted taxpayer groups six months in advance to ease the integration. So, the taxpayers notified by ZATCA for Phase II need to obtain CSID to register their EGS units and get ready for e-invoice generation.
The cryptographic stamp identifier will be issued and managed through the ZATCA e-Invoicing Integration Portal as part of the device registration process. The e-invoicing applicable taxpayers have to log in to the ZATCA e-invoicing integration portal using their current accounts to request and manage cryptographic stamp identifiers for their electronic invoice solution.
When onboarding for the first time, you have to generate a One Time Password (OTP) from the Fatoora portal, which is to be entered into the EGS units either manually or automatically. Also, you have to generate a Certificate Signing Request (CSR).
After that, your EGS units need to undergo the necessary compliance checks. Once you successfully complete all the compliance checks, the ZATCA Certificate Authority (CA) generates the CSIDs for every EGS unit and will be sent to your EGS units.
There are two ways to generate OTP for getting CSID for the first time, the first one is manual OTP entry, and the second one is automatic OTP entry. You can decide on how to generate OTP. However, when you have multiple EGS units/devices to be onboarded, you should opt for manual OTP entry as you can onboard only one EGS unit/device at a time through automatic OTP entry.
In this method, you must manually enter the OTP into EGS units received from the Fatoora portal. This method allows you to onboard or renew the CSID for single or multiple EGS units simultaneously. Here’sHere’s the step-by-step process:
Step 1: You have to access Fatoora portal through a dedicated website.
Step 2: You will be logged in to Taxation Portal (ERAD).
Step 3: You will be redirected to the Fatoora portal.
Step 4: You must enter the number of OTP codes you want to generate. You can decide this based on the no. of devices you want to onboard.
Step 5: Fatoora portal displays the OTP codes.
Step 6: You must enter the OTP codes in EGS units or devices within one hour from the generation time.
Step 7: Your devices will send a request for cryptographic stamp identifiers to the e-invoice platform and OTP from the EGS unit/device.
Step 8: Your EGS units/devices undergo the necessary compliance checks.
Step 9: e-Invoicing platform requests the ZATCA CA for the cryptographic stamp identifiers.
Step 10: ZATCA CA generates the cryptographic stamp identifiers for each EGS unit/device.
Step 11: Your EGS units/devices receive a new cryptographic stamp identifier.
In this method, you have to access the Fatoora portal through your own EGS unit. Then the EGS unit will automatically read the OTP. However, in this method, you can only onboard or renew the CSID alone for a single EGS Unit. Here’s the step-by-step process:
Step 1: You have to access Fatoora portal through a dedicated website.
Step 2: You will be logged in to ERAD.
Step 3: You will be redirected to the Fatoora portal.
Step 4: The Fatoora portal generates and displays the OTP.
Step 5: The OTP code will automatically enter your EGS unit/device.
Step 6: Your devices will send a request for cryptographic stamp identifiers to the e-invoice platform and OTP from the EGS unit/device.
Step 7: Your EGS unit/device undergoes the necessary compliance checks.
Step 8: e-Invoicing platform requests the ZATCA CA for the cryptographic stamp identifiers.
Step 9: ZATCA CA generates the cryptographic stamp identifier for the EGS unit/device.
Step 10: Your EGS unit/device receives a new cryptographic stamp identifier.
ZATCA has mandated to renew the CSIDs once every five years. The process for renewing a CSID is similar to that of first-time onboarding. However, it involves the revocation of the existing CSID and issuing a new one.
Also, you can revoke the CSID whenever needed. A few times, ZATCA might also automatically revoke your CSIDs.