Get 100% ZATCA Phase II compliant with ClearTaxGet 100% ZATCA Phase II compliant with ClearTax
Seamless integration
with any ERP/POS
Seamless integration with any ERP/POS
E-invoice generation in
a fraction of a second
E-invoice generation in a fraction of a second
PDF/A3 E-invoices with
XML embedded
PDF/A3 E-invoices with XML embedded

Anti-tampering Measures in e-Invoice Solution

Updated on: Jun 2nd, 2022


3 min read

social iconssocial iconssocial iconssocial icons

A compliant e-invoice solution is a software used to issue invoices and notes under e-invoicing regulations in the Kingdom of Saudi Arabia (KSA). An e-invoice solution must fulfil the specifications and requirements which are mentioned in the e-invoicing resolution.

As per data and security requirements listed by Zakat, Tax and Customs Authority (ZATCA) in the resolution, the e-invoice solution should protect the data records from tampering attempts by any external user or third party.

What is anti-tampering? 

Anti-tampering refers to protecting software from data leakage and unwanted intrusion from external sources. It helps in curbing any modification or deletion of data that can have material effects on the system.

The e-invoicing solution should necessarily have an anti-tampering mechanism that prevents any potential tampering attempts. E.g., an e-invoice solution should have a tool that prevents unauthorised access to the system, such as anonymous access to the solution.

Measures to be taken to ensure anti-tampering in an e-invoice solution

ZATCA has mandated some anti-tampering measures to ensure that the system remains tamper-free. These anti-tampering measures will be applicable in two phases of enforcement of e-invoicing – The generation phase and the integration phase.

The anti-tampering measures included in the generation phase

Prevention of Invoice counter reset

As per the data and information security requirements of ZATCA, the e-invoice solution should have a counter which increments with every generated invoice or related Credit or Debit Note (CDN). However, the e-invoice solution should not contain a function that allows resetting the counter of an invoice.

Prevention of deletion or modification of invoices

The compliant e-invoice solution should not enable anyone to change or modify e-invoice and associated XML documents stored on the solution. Also, the solution should keep all the invoices and related XML documents on the solution memory, which should be well equipped with sufficient storage space.

Prevention of un-controlled access

The access to the compliant e-invoice solution must always be through a login session. The user should be granted access only to those functionalities after login in to perform their duties. No person should be given uncontrolled access to the system, leading to data theft and tampering with the e-invoice solution.

The anti-tampering measures included in the integration phase

Prevention of date changes

The system users should not be able to reset the date and time. The e-invoice solution should ensure that no function enables modification of date and time as it can severely impact true and accurate reporting of transactions.

Prevention of export of stamping keys

The e-invoice solution should have anti-tampering measures that prevent the copying or viewing the unique private keys during system initialisation. The e-invoice solution generates this key, and the cryptographic stamp identifier helps in identifying the same. The export of such stamping keys will lead to tampering of e-invoice solutions, and therefore, such tampering attempts need to be blocked by the vendor using software or hardware vault.