Intro
ZATCA Phase 2 is no longer a new term we talk about, yet, for many businesses the necessary steps to be compliant with ZATCA for this Phase are still vague. Perhaps it’s due to the details the process holds. That’s why, today we’d like to go one step ahead of you and let you know what you need to do to be ZATCA Phase 2 compliant through InvoiceQ’s steady solutions that ensure you a full-fledged experience.
But First, What Should You Know About ZATCA Phase Two?
Enforcing E-invoicing in Saudi Arabia emerged as part of the big vision of having E-invoicing as the standard all businesses must follow. Of course, this couldn’t be easily executed if no clear strategy was put into practice. Thus, ZATCA decided to manage the shift towards E-invoicing through phases known as Phase 1 and Phase 2.
Phase 2 obliged all organizations to comply, however, this isn’t something to be done in one shot. Thus, ZATCA categorized the obliged taxpayers who are required to comply with Phase 2 into waves; each determined by a specific annual taxable revenue till all businesses big and small are included.
Okay, now that this has been cleared up we can move to the next essential steps. Compliance with ZATCA Phase 2 starts with the process of Onboarding as the initial step to be taken before anything else. Onboarding refers to registration with ZATCA to ensure compliance with their tax legislation and requirements. Without it, nothing can be done so it’s really important. So, how do we handle it at InvoiceQ?
ZATCA Phase 2 Onboarding
Onboarding necessitates two essential steps; registration and compliance. Upon the successful completion of their requirements, businesses can choose the suitable integration method and follow-up support they may need.
How Does Onboarding with InvoiceQ Happen?
Onboarding starts with defining the organization’s E-invoice Generation Solutions – EGS that can be requested through easy-to-follow steps from the FATOORA Portal. The organization can request one EGS or more with no restriction to the number based on its requirements and needs.
However, each generated EGS has a dedicated sequence number to differentiate it from any other EGS even if they’re all owned by the same business owner. This comes in handy for things like distribution and speed when generating invoices. Bear in mind that each invoice must follow one EGS in order to be identified correctly with a unique serial number to distinguish it from other invoices that follow the same EGS as well.
Each invoice holds a specific invoice ID and invoice counter value – ICV – without allowing any two invoices to share the same ICV under the same EGS. This is important in what we call “Queueing”; which can be described as a counter-sequence that tracks all invoices without allowing any skips. In other words, any skips noticed in the counter sequence will refer to manipulation, tax evasion, or any other issue.
So what happens in cases of failed invoices such as network issues? Failed invoices are still counted as part of the counter sequence and the new retried invoices are counted as newly generated invoices. Which in turn ensures all invoices no matter the status are counted and monitored.
Think of it this way, you’re waiting in line at the cashier and realize you forgot something so you have to go and get it. Having to bring what you need means losing your spot and having to wait for a new turn in line but you were actually there first, right? Taking a new turn doesn’t mean you weren’t there in line, it just means your queue number has changed. Same thing for failed invoices.
Notes to consider when onboarding EGS:
- This is mandatory for ZATCA Phase 2.
- It is done through the FATOORA portal.
- Taxpayers can get 1 EGS or more.
- An OTP is provided for each EGS.
- Taxpayers can log into the InvoiceQ portal to proceed via the “ZATCA Integration” page. ( The client’s account is already registered on the system at this point ).
- Clients fill out the information needed including the OTP they got and then the EGS name they want along with how the sequence formatting of the naming is going to look like. Example: [ Invoice number – EGS – Counter Value ].
- Once done, the client clicks on the “Add New” button to save the changes made.
Get ZATCA Phase 2 Onboarding with InvoiceQ
et’s dig deeper into the real process as the previous steps so far don’t require advanced technical skills to be carried out. Upon receiving the OTP the client got from ZATCA, the next step is to generate the Certificate Signed Request – CSR – which holds information and credentials related to the taxpayer such as tax number, tax identification number, and more. However, for the certificate to be deemed complete, it has to be ZATCA-signed.
We need to create key pairs (private & public keys) to generate the CSR and have them stored and encrypted in a vault. After that, the CSR and OTP previously generated are shared with The FATOORA Portal (ZATCA). At this point, InvoiceQ communicates with ZATCA by providing them with the CSR and OTP so that ZATCA is capable of checking if the tax number owner indeed matches the owner of the generated OTP and to validate the information shared.
Once complete, ZATCA shares a signed compliance certificate, password, and request ID number. With that in hand, compliance testing is done with ZATCA as a requirement to ensure all is good by sending multiple invoices based on the invoice type that is shared inside the CSR.
It’s worth mentioning that the invoice type in the CSR can be determined whether it’s B2B or B2C or even both. For B2B and B2C invoices the testing process with ZATCA requires issuing 3 invoices as follows:
1. Normal Invoice
2. Credit Note
3. Debit Note
In cases where both types of invoices are used, the total of the tested invoices will be six invoices with 3 for each. This is known as the compliance invoice which can be defined as an invoice that isn’t officially sent to ZATCA yet but is used to test the invoice validation before doing so.
After obtaining the compliance certificate and compliance password, we start submitting testing invoices to ZATCA for validation. Once they all pass and the status is considered eligible, InvoiceQ will request the Production Certificate and password from ZATCA using the request ID.
Request ID, compliance certificate, compliance password, key pairs (symmetric key), production certificate, and production password all this data are kept in memory until full onboarding is successful. After that, it will be encrypted and saved in a vault so no one can access this sensitive data.
in Brief, The onboarding Process with ZATCA Phase 2 Requires:
1. Generate CSR, Private Key, and Public Key
2. Compliance CSR Request
3. Testing Invoices
4. Getting a Production Certificate
Wrap Up,
E-invoicing solution providers streamline the onboarding process with ZATCA by offering technical assistance, compliance guidance, and integration services, ensuring businesses adhere to regulations efficiently and thrive in the digital age. At InvoiceQ, we realize this better than anyone which is why we’re always on the haunt to make our simple solutions even simpler.