Get 100% ZATCA Phase II compliant with ClearTaxGet 100% ZATCA Phase II compliant with ClearTax
Seamless integration
with any ERP/POS
Seamless integration with any ERP/POS
E-invoice generation in
a fraction of a second
E-invoice generation in a fraction of a second
PDF/A3 E-invoices with
XML embedded
PDF/A3 E-invoices with XML embedded

Prohibited Functionalities for an e-Invoicing Solution in KSA

Updated on: Apr 17th, 2023

|

4 min read

social iconssocial iconssocial iconssocial icons

To generate e-invoices, as mandated under newly ruled out guidelines by Zakat, Tax and Customs Authority (ZATCA), the taxpayers need to adopt an e-invoicing solution. An ideal e-invoicing solution should not have some prohibited functionalities, as listed below:

Functionalities prohibited from phase 1: Generation phase (w.e.f. 4th December 2021)

Anonymous access

Access to e-invoicing solutions should be secured using a login ID and password or biometrics. This is mandatory to prevent any unauthorised person from having access to the confidential data of e-invoicing. Also, the taxpayers are advised not to share such login details with any external party and should preserve the same securely.

Ability to operate with the default password

The e-invoicing solution can not be continued upon the default password. The user needs to set a new password after the first login. This is prohibited, again, to ensure the security and confidentiality of the data.

Absence of user session management

The e-invoicing solution must track and store all the details regarding login and invoice generating activities. This ensures that any malicious activities that a user comes to know about at a later stage can be tracked using historical data that gets trapped in the solution.

Allow alteration or deletion

The e-invoicing solution should not permit alteration or deletion of the already generated invoices and their related Credit and Debit Notes (CDNs). In the event of the wrong issue of an e-invoice, the taxpayer is advised to cancel the same by issuing CDNs. However, deletion or alteration is strictly not allowed.

Allow for log modification or deletion

The taxpayer should ensure that their e-invoicing solution does not allow any modifications in system logs that store the data related to the system’s activities. Only access should be allowed to logs, but any alteration or modification should be prohibited in the solution.

Modification to time or date

The e-invoicing solution should not allow the user to change the time or date on the generated e-invoice as per their convenience. This may lead to e-invoices carrying false information. Thus, the solution itself should generate time and date, and users should not be given any control over the same.

Non-sequential log generation

The e-invoice generated by the solution should be in sequence with the previously generated e-invoice. This is ensured by making all the log entries in the system time-stamped to track the generation of e-invoices. Also, the e-invoice to be generated should be linked with the previous invoice by placing the previous invoice’s hash in the current invoice’s associated field.

Invoice counter reset

The invoice counters should generate the invoices in a sequence. Resetting the invoice counter leads to a new sequence for invoices. Hence, the taxpayer’s e-invoicing solution should not contain the feature of resetting the invoice counter.

Functionalities prohibited from phase 2: Integration phase (w.e.f. 1st January 2023)

Generation of more than one invoice sequence at the same time

This functionality is particularly prohibited to ensure the e-invoice to be generated the hash of the previous invoice. If the taxpayer has more than one invoice generating unit, then separate invoice sequences can be followed at each unit.

Also, the e-invoicing solution generates an invalid e-invoice or its related CDNs, they should not be deleted but preserved to ensure sequence.

Time changes

The e-invoicing solution must be sufficiently equipped so as to avoid any changes in time in the related software. This is to, again, prevent time changes in the generated e-invoice.

Export of stamping keys

Every e-invoice needs to contain a cryptographic stamp on it. For this, every e-invoicing solution has a cryptographic private stamping key, enabling it to generate the same. The ZATCA has imposed a prohibition under which the e-invoicing solution should not share/export this stamping key.

Index