RELATED ARTICLES
- E-Invoicing in Saudi Arabia
- ZATCA e-Invoicing Phase 2: Applicability, Requirements, Rules and Regulations in Saudi Arabia
- ZATCA Announced Wave 2 Under Phase 2 of e-Invoicing in Saudi Arabia
- ZATCA Announced Wave 3 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 4 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 5 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 6 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 1 Under Phase 2 of e-Invoicing in Saudi Arabia
- How to Validate ZATCA e-Invoice Using QR Code?
- FAQs on Phase 2 of KSA e-Invoicing
- ZATCA Announced Wave 7 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 8 Under Phase 2 of Saudi Arabia e-Invoicing
- KSA VAT Number Verification: How to Verify a VAT Number in Saudi Arabia?
- Impact of ZATCA e-Invoicing on Saudi Arabia Businesses
- ZATCA Announced Wave 9 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 10 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 11 Under Phase 2 of Saudi Arabia e-Invoicing
- ZATCA Announced Wave 12 Under Phase 2 of Saudi Arabia e-Invoicing
ZATCA e-Invoicing: EGS Solution Explained
Updated on: Oct 9th, 2024
|
10 min read
Switch Language
ZATCA (formerly GAZT) launched the e-invoicing initiative, FATOORA, in December 2021 to replace paper invoices with a digital solution, implemented in two phases: Generation (Phase 1) and Integration (Phase 2).
At the core of Phase 2 Compliance requirement i.e. integration phase is the E-Invoicing Generation Solution (EGS), a critical software that is integrated to the FATOORAH portal and generates e-invoices as per compliance.
In this article, we will explore how the EGS works, the technical requirements for compliance, and the benefits it brings to businesses operating in Saudi Arabia.
What is the E-Invoicing Generation Solution (EGS)?
The E-Invoicing Generation Solution (EGS) is the software system or tool that businesses use to generate, store, and submit electronic invoices in compliance with ZATCA’s e-invoicing regulations. The EGS allows businesses to create tax invoices in a structured digital format (XML), ensure their integrity, and communicate them to ZATCA’s platform, known as FATOORA, for real-time validation.
Key Functions of the EGS:
- Generating Invoices: Create tax-compliant invoices in the required format.
- Invoice Submission: Submit invoices to ZATCA for validation and clearance.
- Cryptographic Stamping: Secure the integrity of invoices using cryptographic signatures.
- Data Security: Protect sensitive invoice data against tampering or unauthorized access.
- API Integration: Seamlessly connect with ZATCA’s systems via APIs for real-time validation.
Phases of ZATCA’s E-Invoicing Initiative
Phase 1: Generation (December 4, 2021)
This phase focused on the generation of electronic invoices and required all VAT-registered businesses in Saudi Arabia to use an e-invoicing system for issuing invoices, credit notes, and debit notes. The primary goals were to digitize invoicing processes and ensure that businesses generate invoices in a structured format such as XML or PDF/A-3 (with embedded XML). However, no real-time submission to ZATCA’s platform was required in Phase 1.
Phase 2: Integration (January 1, 2023 Onwards)
The second phase, known as the Integration Phase, is where the full power of the EGS comes into play. Businesses are required to integrate their invoicing solutions with ZATCA’s systems for real-time validation of invoices. This phase is being rolled out in waves, depending on a business’s turnover. The EGS must now ensure the following functionalities:
- Real-time submission of B2B invoices to ZATCA for clearance.
- Cryptographic stamping of invoices before sharing them with buyers.
- Submission of simplified B2C invoices to ZATCA within 24 hours of issuance.
EGS Compliance Requirements for Phase 2
For businesses to comply with Phase 2 of ZATCA’s e-invoicing regulations, their EGS must meet specific technical, functional, and security standards.
- API Integration with ZATCA: The EGS must be capable of communicating with ZATCA’s systems via Application Programming Interfaces (APIs).
- XML Implementation Standards: Invoices generated by the EGS must comply with ZATCA’s XML Implementation Standards. This includes the structured digital format that ensures all necessary data fields (e.g., VAT numbers, invoice totals, etc.) are accurately included.
- Cryptographic Stamp Identifier (CSID): Every EGS unit must have a Cryptographic Stamp Identifier (CSID) issued by ZATCA. This cryptographic certificate ensures that each invoice is electronically signed, uniquely identifying the EGS that generated the invoice.
- QR Code and UUID: For simplified tax invoices (typically for B2C transactions), the EGS must generate a QR code that includes key details such as VAT registration numbers, total amounts, and tax amounts. A Universally Unique Identifier (UUID) must also be generated for each invoice to distinguish it from others.
- Invoice Hashing: Invoices must be hashed using SHA-256 to ensure data integrity. This hashing mechanism prevents tampering.
- Real-Time Validation: In the case of Standard Tax Invoices (B2B transactions), invoices must be validated and cleared by ZATCA in real time before they can be shared with the buyer. For Simplified Tax Invoices (B2C transactions), businesses must submit the invoice to ZATCA within 24 hours of issuance.
- Security Requirements: The EGS must adhere to ZATCA’s security standards, which include secure data transmission and protection against unauthorized access.
Steps to Onboard Your EGS with ZATCA
The EGS Onboarding process involves registering all your EGS unit(s) on the FATOORA Portal using your Tax Identification Number (TIN) and specific details of the EGS unit. Upon successful completion, you will receive a production CSID (Cryptographic Stamp Identifier), which is essential for signing and submitting invoices.
The following steps are the process to
Step 1: Access the FATOORA Portal
- Go to the FATOORA portal via the ZATCA platform.
- Log in using your VAT account credentials. This is part of the Single Sign-On (SSO) process.
Step 2: Generate One-Time Password (OTP)
- On the FATOORA portal, select the option to Onboard New Solution Unit.
- Generate a One-Time Password (OTP) for each EGS unit. OTPs are used to identify and authenticate the devices you wish to onboard. You can generate OTPs manually or automatically, depending on your system’s capabilities.
- For multiple units, you can generate up to 100 OTPs in one request.
Step 3: Enter OTP on EGS Unit
- Enter the OTP on your EGS unit within the one-hour validity period.
Step 4: Submit Certificate Signing Request (CSR)
- Your EGS unit must generate and submit a Certificate Signing Request (CSR) to ZATCA’s system. This CSR request is essential for obtaining a Compliance CSID, which will be required for signing invoices.
- The CSR includes critical technical details such as:
- Upload the CSR to the FATOORA portal.
Step 5: Receive Compliance CSID
- After successful submission and verification of the CSR, ZATCA will issue a Compliance CSID for each EGS unit. This CSID is necessary for generating and signing e-invoices.
Step 6: Test Integration via the Sandbox
- Conduct tests to ensure that the API integration works smoothly and that invoices are correctly submitted and validated.
Step 7. Clear EGS Compliance Check:
- With the Compliance CSID, clear the EGS compliance check by uploading sample invoices or related notes to the FATOORA portal.
Step 8. Raise Production CSID Request
- With the Compliance CSID, request a Production CSID. This CSID will be valid for one year.
- Securely store the Production CSID. In case of any security breaches, revoke the compromised CSID and raise a new one.
- Ensure timely renewal of the CSID before it expires.
Note:
- Single EGS Unit: A taxpayer operating from one branch can onboard a single EGS unit by providing the necessary identifier details on the FATOORA Portal.
- Multiple EGS Units: A taxpayer with multiple branches, each with its own EGS, can onboard multiple units. Each EGS unit must be uniquely identifiable, and the taxpayer must provide distinct identifier details for each unit during the onboarding process.
Penalties for Non-Compliance
Under recent rules, ZATCA officials will give three months to correct VAT violations before imposing penalties. Here’s a summary:
Failure to Issue Tax Invoices:
- 1st Violation: Notice
- 2nd Violation: SAR 1,000
- 3rd Violation: SAR 5,000
- 4th Violation: SAR 10,000
- After 4th Violation: SAR 40,000
Other Violations: Includes failure to include required details on invoices, maintain records, issue credit or debit notes, obstructing ZATCA employees, incorrect tax calculations, and other VAT Law breaches.
Violations that recur within 12 months start with a notice, followed by a SAR 1,000 penalty for the second instance, and so forth.
Conclusion
The E-Invoicing Generation Solution (EGS) is a vital tool for businesses operating in Saudi Arabia to ensure compliance with ZATCA’s e-invoicing regulations. As the e-invoicing initiative progresses through its second phase, the need for real-time integration, cryptographic security, and robust API connectivity is becoming essential for businesses of all sizes.
To ensure a smooth transition, businesses should leverage ZATCA’s tools, such as the Integration Sandbox and Compliance and Enablement Toolbox and follow the step-by-step onboarding process.
