Verifactu: what it is, deadlines and how to adapt

·

If you run a business in Spain and use invoicing software, at some point in the past few months you will have heard the word Verifactu. You have probably also received an email from your ERP or management software provider saying they are «already adapted» or that «you need to renew your licence». But what exactly is Verifactu, what does the regulation require and when do you need to have it implemented? This article answers those questions with precision, without unnecessary jargon and with the real deadlines set by the Spanish Tax Agency (AEAT).

What Verifactu is and where it comes from

Verifactu is the verifiable invoicing registration system established by Royal Decree 1007/2023, of 5 December, which approves the Regulation on Requirements that Invoicing Computer Systems must meet (known as the SIF Regulation). Its full name in the regulation is «sistema de emisión de facturas verificables» (verifiable invoice issuance system), though in practice everyone simply calls it Verifactu.

The aim of the regulation is to eliminate the so-called «dual-use software» or zapato software: programmes that allowed businesses to keep double accounts, record off-the-books sales or manipulate issued invoices without leaving a trace. The AEAT estimates that this type of fraud caused a loss of several billion euros in tax revenue each year. Verifactu closes that door by requiring each invoice to be cryptographically chained to the previous one and, optionally, sent in real time to the Tax Agency's servers.

The regulation directly affects invoicing software: programmes must comply with the technical requirements of the regulation and, if the taxpayer chooses the submission mode, each invoicing record is automatically sent to the AEAT at the same time it is issued.

Verifactu vs. SII: what is the difference

A common source of confusion among finance managers and CFOs is mixing up Verifactu with the SII (Immediate Supply of Information). These are distinct obligations that coexist:

Concept SII Verifactu
What it is Submission of VAT records to the AEAT (VAT books in near-real time) Technical requirements for invoicing software + chained invoice records
Who is currently obliged Large companies (turnover > €6 M), VAT groups, REDEME All taxpayers using invoicing software (by phase)
Submission to AEAT Mandatory and in real time (4 working days) Optional (Verifactu mode) or mandatory only if the alternative mode is not adopted
Affects the software Yes, requires an AEAT API connector Yes, the software must comply with the SIF Regulation internally
QR code on invoice Not mandatory Yes, mandatory on every invoice issued with SIF-compliant software
Legal basis RD 596/2016 RD 1007/2023 + Order HAC/1177/2024

In short: if you are already on SII, Verifactu does not replace it; they are separate layers. And if you are not on SII, Verifactu still applies to you because it acts on the software, not on the VAT census.

The two compliance modes: Verifactu and non-Verifactu

The SIF Regulation allows two compliance modes for software:

Both modes are valid. The practical difference for the business is that in Verifactu mode the AEAT already holds the data before any request is made, which simplifies audits but implies a constant data flow. In non-Verifactu mode the software must equally meet all the technical requirements of the regulation (immutability, traceability, digital fingerprint), but there is no automatic submission.

There is a third scenario: taxpayers under the SII who already submit VAT records in real time. For them, Verifactu compliance is considered equivalent, provided the software also incorporates the record chaining required by RD 1007/2023. Their ERP provider must verify this point.

Mandatory deadlines in 2025 and 2026

This is the point that generates the most confusion, partly because the deadlines have been amended since the regulation was published. Following the approval of Order HAC/1177/2024, of 17 October (which provides the technical development of RD 1007/2023), and the subsequent amendments introduced by Royal Decree 254/2025 of 1 April and Royal Decree-Law 15/2025 of 2 December, the current timetable is:

Group Mandatory deadline Notes
Manufacturers and distributors of invoicing software 1 January 2027 Products must be adapted to the SIF Regulation before this date (deadline extended by RDL 15/2025)
Corporate Income Tax payers (legal entities) 1 January 2027 Must use SIF-compliant software from this date (deadline extended by RDL 15/2025)
Self-employed individuals and professionals (Personal Income Tax) 1 July 2027 Sole traders and professionals with economic activity (deadline extended by RDL 15/2025)
SII taxpayers (large companies, VAT groups) Pending specific regulatory development Differentiated obligation; must consult with their provider

Important: at the date this article was published (June 2026), the deadlines have not yet expired but are approaching. Royal Decree-Law 15/2025 of 2 December extended the adaptation deadlines to 1 January 2027 for legal entities (Corporate Income Tax payers) and to 1 July 2027 for self-employed individuals and other obligated parties. If your company has not yet begun its adaptation, time is running out, and the penalties under article 201 bis of the General Tax Law — which can reach €50,000 per fiscal year for users of non-compliant software — will apply once those deadlines pass.

What your software must do exactly to comply

The technical requirements established by RD 1007/2023 and Order HAC/1177/2024 can be summarised in four main blocks:

  1. Immutability and integrity: once issued, an invoice cannot be modified or deleted without leaving an audited trace. If you need to correct it, you must issue a linked credit note.
  2. Record chaining (hash): each invoicing record incorporates the SHA-256 digital fingerprint of the previous record, forming an unalterable chain. If anyone manipulates a record, the entire subsequent chain is invalidated.
  3. Mandatory QR code: each invoice issued with the software must include a QR code that allows its authenticity to be verified on the AEAT's electronic office.
  4. VERI*FACTU identifier: if the software operates in Verifactu mode (submission to AEAT), invoices also carry the legend «VERI*FACTU» and the QRSAT online verification code.

The software must also log access events and any tampering attempts, maintain an issued-invoice register with the fields defined by the regulation and allow data export in the specific XML format required by the AEAT for its checks.

How Verifactu affects your current ERP

If you use a general-purpose ERP (Odoo, Sage 200, Microsoft Dynamics 365 Business Central, Holded, A3ERP or others), your provider will most likely have already published an update that incorporates the SIF module. However, the update is not automatic in all cases: it may require you to activate the module, migrate to a new licence version or configure the AEAT connection parameters if you choose Verifactu mode.

The most common friction points we encounter in adaptation projects are:

If you need help assessing the state of your current software and planning the adaptation, our Verifactu and electronic invoicing service includes a free initial diagnostic to determine exactly what changes are needed in your specific case.

Verifactu and mandatory B2B electronic invoicing: separate obligations

Another frequent mistake is confusing Verifactu with the mandatory B2B electronic invoice required by Law 18/2022 (Ley Crea y Crece). Although they are related because both affect how invoices are issued, they are obligations with different timelines and scopes:

The implementing regulation for Ley Crea y Crece was published as Royal Decree 238/2026 of 25 March (Official State Gazette of 31 March 2026) and establishes the accepted formats, the AEAT-managed public exchange platform and the definitive deadlines for the mandatory B2B electronic invoice. Both regulations can coexist in the same ERP, but you must ensure that the software meets both requirements separately.

Penalties for non-compliance

Law 58/2003, the General Tax Law, amended by Law 11/2021 on measures to prevent and combat tax fraud, introduced article 201 bis, which classifies as a very serious infringement the manufacture, production, commercialisation and possession of invoicing computer systems that do not meet the regulatory technical specifications. The practical consequences are:

Given that the deadline for legal entities falls on 1 January 2027 (and 1 July 2027 for the self-employed), any company that reaches those dates with non-adapted software will be exposed to these penalties. Due diligence requires starting the adaptation well in advance and verifying with the provider that the software will be SIF-compliant before the applicable deadline.

How to plan your adaptation: concrete steps

If you have not yet completed the adaptation, or if you have doubts about whether your software truly complies with the regulation, we recommend following these steps:

  1. Audit your current software: contact your provider and request written confirmation that their product complies with RD 1007/2023 and Order HAC/1177/2024. Ask for the version number or the declaration-of-responsibility identifier.
  2. Review active modules: in modular ERPs (Odoo, Dynamics, Sage), Verifactu compliance usually requires activating a specific module. Confirm that it is active and correctly configured.
  3. Choose your operating mode: decide whether you operate in Verifactu mode (automatic submission to AEAT) or in local record mode. The first option simplifies audits; the second gives you more control over the data.
  4. Update your invoice documents: ensure that printed or emailed invoices include the mandatory QR code and, if you use Verifactu mode, the legend «VERI*FACTU».
  5. Train your administrative team: staff who issue invoices must know that they cannot manually cancel or modify records, and that any correction must be made via a formal credit note.
  6. Document your compliance: keep evidence of the software version used, the date the module was activated and any communications with the provider. This is your defence in the event of a possible audit.

At Summum Sistemas, with over 15 years of experience implementing and adapting ERPs for businesses in Castilla y León and the Canary Islands, we have guided the adaptation to Verifactu for clients using solutions as diverse as Odoo, Sage 200, Business Central and vertical sector software. The process is simpler than it looks when approached with the right method.

Frequently asked questions

Is Verifactu mandatory for the self-employed in 2026?

Not yet. Following the deadline extensions introduced by Royal Decree-Law 15/2025, self-employed individuals and professionals have until 1 July 2027 to use SIF-compliant invoicing software. However, many software providers have already updated their products and it is advisable not to wait until the last moment to make the switch and resolve any potential technical issues.

What happens if my ERP provider has not yet updated its software?

If your provider has not published a version adapted to RD 1007/2023, you have a problem: continuing to use that software exposes you to the penalties of article 201 bis of the General Tax Law. In that case you must demand a firm delivery date in writing and, if none is forthcoming, evaluate migrating to another ERP that does comply. It is not a comfortable decision, but the risk of continuing with non-compliant software is greater than the cost of migration.

Do I have to send all my invoices to the AEAT with Verifactu?

Only if you choose Verifactu mode (automatic submission). The regulation also allows non-Verifactu mode, in which the software chains and protects records locally without sending them to the AEAT automatically. The data is stored in your system and only delivered to the AEAT in the event of a request or audit. Both modes are legally valid; the choice depends on your operational preference and your software's configuration.

Are simplified invoices (receipts) also affected by Verifactu?

Yes. The SIF Regulation applies to all documents that invoicing software generates as proof of economic transactions, including simplified invoices. If your business issues receipts through a POS terminal or cash-desk software, that system must also meet the technical requirements of the regulation. POS software providers are equally obliged to adapt their products.