Phase 2 or the integration phase of e-invoicing will be implemented from 1st January 2023 and VAT taxpayers with a turnover of more than SAR 3 billion in 2021 will be mandated to generate and issue electronic invoices. While in the first phase, ZATCA specified a list of mandatory fields in e-invoicing, the second phase of e-invoicing has a different set of requirements.
In this blog, we will give a detailed overview of the mandatory fields in e-invoicing phase 2 of KSA.
Mandatory fields prescribed by ZATCA in Phase 2 of e-invoicing
As per the guidelines issued for phase 2 of e-invoicing by ZATCA, a Universal Unique Identifier (UUID) must be included in the e-invoices and simplified e-invoices. This UUID is automatically generated within the taxpayer’s solution and used to identify the invoice.
The UUID, also referred to as GUID is a globally unique number, which, once issued, can be tracked throughout the lifecycle of the e-invoice.
Example of generated UUID: 061c95fb-d6bb402-e-aa6-24cb09ec1d013
Generation of UUIDs within the electronic invoice XML is a requisite for any e-invoicing solution.
Another mandatory field in phase 2 of e-invoicing is a cryptographic stamp, which is generated by the Authority E-Invoicing Integration Portal. It is mandatory to include a cryptographic stamp generated by the taxpayer’s invoicing solution in every e-invoice.
Note that the cryptographic stamp is applied by the Authority E-Invoicing Integration Portal for the standard e-invoices and is automatically generated by the solution in case of simplified e-invoices.
The cryptographic stamps cannot be located on the printed invoices, apart from an embedded version in the QR code. The VAT taxpayers eligible to generate e-invoices in the second phase of e-invoicing must ensure that the electronic invoice XML contains a cryptographic stamp.
Cryptographic Stamp Identifier
Associated with the cryptographic stamp, a cryptographic stamp identifier is a credential issued and managed through the ZATCA E-Invoicing Integration Portal as part of the device registration process.
It is mandatory for taxpayers subject to the e-invoicing regulations to request and manage cryptographic stamp identifiers for the e-invoicing solution by logging into the ZATCA E-Invoicing Integration Portal using their current accounts.
Previous Invoice Hash
The previous invoice hash is auto-generated within the invoicing solution of the taxpayer. This hash is like a digital fingerprint of the invoice that is not visible in the printed invoice.
Example of previous invoice hash: NWZlY2ViNjZmZmM4NmYzOGQ5NTI3ODZjN mQ2OTZjNzljMmRiYzIzOWRkNGU5MWI0Njcy OWQ3M2EyN2ZiNTdlOQ==
It is mandatory to include the previous invoice hash within the electronic invoice XML or note document. Hence, the e-invoicing vendor must ensure that the e-invoicing solution is able to generate previous invoice hashes within the subsequent e-invoices.
QR code contains basic invoice data and is included within the printed and electronic invoices, used to verify the invoices and ensure ZATCA e-invoicing compliance.
QR codes are automatically generated by the invoicing solution and the E-Invoicing Integration Portal updates the code during the clearance process. The QR code will then be printed to be visualized on the human-readable invoice by the taxpayer.
This QR code contains information on,
The Seller’s name
- Seller’s VAT Registration number
- Timestamp of the invoice (date and time)
- Invoice total
- VAT total
- Cryptographic Stamp (Integration phase) Hash of the invoice, which links the QR code to the underlying e-Invoice XML in a tamper-proof way (Integration phase)
- The cryptographic stamp of either the E-invoice Solution for Simplified E-invoices or ZATCA’s E-Invoicing Integration Portal for E-Invoices to uniquely identify the QR contents as coming from a specific E-invoice Solution unit in a way that cannot be easily repudiated (Integration phase)
-The public key used to generate the Cryptographic Stamp to ease cryptographic stamp validation (Integration Phase) - For Simplified E-invoices only, the Authority’s cryptographic stamp of the E-invoice Solution’s public key, allows for offline validation of whether the E-invoice Solution has been registered with the Authority (Integration Phase).