Verifactu 2027: A Plan to Adapt Your Software

·

Adapting your invoicing software isn't something you switch on at the last minute. It means confirming the scope, updating or replacing the software, reviewing data and series, generating records with integrity and traceability, testing corrections, training staff and preparing contingency plans. Following the extension approved in December 2025, Corporate Income Tax taxpayers must have their systems adapted before 1 January 2027; all other parties covered by the regulation, before 1 July 2027.

What changes in 2027, and what shouldn't be confused

Real Decreto 1007/2023 approved the regulation setting out the requirements for the systems and software that support invoicing processes. Orden HAC/1177/2024 set out the technical and functional detail behind it. Real Decreto-ley 15/2025 then extended the adaptation deadlines to 2027.

In everyday business conversation, "Verifactu" is used as shorthand for the whole change, but it helps to separate the concepts:

So the first decision isn't "which vendor do I buy", but which entities, activities, premises, series and applications fall within scope, and which operating mode will be used.

Official timetable and how to read it

Following the 2025 amendment, the Spanish Tax Agency (AEAT) sets out:

GroupAdaptation deadline
Entities filing Corporate Income TaxBefore 1 January 2027
All other parties coveredBefore 1 July 2027

The period before those dates can be used for testing. It shouldn't be read as licence to postpone the project. An organisation with multiple points of sale, integrations or complex closing processes needs to set aside time to fix defects without putting invoicing at risk.

Dates and scope should be checked again before publishing or executing the plan, since regulatory changes, territorial particularities or excluded situations may exist. Businesses under the Immediate Supply of Information (SII) regime and those operating under regional (foral) systems such as TicketBAI need to analyse their specific fit. It isn't prudent to extrapolate a general answer.

Step 1. Take stock of how invoicing really happens

The inventory needs to cover more than the main program. Many businesses also invoice from ecommerce platforms, POS terminals, spreadsheets, vertical applications, secondary ERPs or manual processes.

For each flow, record:

The inventory must locate "shadow invoicing": office templates, rewritten receipts or documents issued outside the system. If they remain in place, the project can look finished while a residual channel still falls short of compliance.

Step 2. Confirm scope with tax advice

The company must document who is obliged, which transactions are covered and which exceptions apply. This decision shouldn't rest solely with the software vendor.

A useful scope file includes:

  1. entities and premises analysed;
  2. regulations and criteria applied;
  3. affected applications;
  4. excluded flows and their rationale;
  5. mode chosen for each system;
  6. tax validation and review date.

You also need to define the relationship with the SII, regional (foral) regimes, invoicing by the recipient or a third party, self-billing and foreign systems. When a group shares a platform, scope is decided by entity and flow, not by installation.

Step 3. Demand evidence from the vendor

A sales claim of "Verifactu compatible" isn't enough. The vendor must identify the product, version and configuration; provide the declaration of responsibility required by the regulation; explain the mode; and document technical requirements, updates, support and retention.

Essential questions:

There is no "individual approval" that lets a commercial logo stand in for the company's own due diligence. The declaration of responsibility must be kept on file, and you must check that the version deployed matches the version declared.

Functional requirements that must be tested

The regulation aims to guarantee the integrity, retention, accessibility, legibility, traceability and immutability of records. The specifications set out structure, chaining, fingerprints, events, QR codes and submission.

Testing must run through the whole cycle:

Creating an invoice

Check numbering, date, issuer, recipient, description, taxable bases, rates, tax amounts, totals and rounding rules. The record is generated at the right moment and stays linked to the invoice.

Correction and cancellation

An issued invoice isn't "edited" like a text document. Errors must be corrected through the mechanisms the regulation provides, keeping traceability intact. Test changes of amount, recipient, tax rate, refunds and wrongful cancellation.

Chaining and fingerprint

This validates that the sequence stays coherent and that any tampering is detected. Tests include a change of fiscal year, series, backup restoration and concurrency across terminals.

QR code and invoice display

The invoice must include the elements required for each case. Check printing, PDF output, mobile display, simplified invoices, custom templates and documents generated by integrations.

Submission and response

In VERI*FACTU mode, test submissions, responses, rejections, retries and reconciliation. A technical submission isn't the same as acceptance; statuses must be visible and actionable.

Event logging

Where applicable, there must be evidence of relevant system actions. Access and exports are restricted and protected against unauthorised modification.

Migration without losing traceability

Updating may mean migrating data or switching vendor. The goal isn't to copy everything indiscriminately, but to keep the ability to look up and evidence what's needed.

The plan separates:

Before cutover, clean up data quality: tax IDs, addresses, tax codes, duplicates, series and rules. Afterwards, reconcile counts and amounts by entity, fiscal year, series and tax. Take a protected copy of the previous system and document how to query it.

A migration should never be improvised during a closing period. The rehearsal is run on a representative copy, timed, with an abort criterion defined in advance. The rollback plan states up to what point the previous system can be reused without creating two sources of truth.

Integrations: where projects fail most often

ERP, ecommerce, POS, CRM and sector applications can all share document creation. There must be a single system responsible for numbering and final status. If two systems generate numbers or issue corrections independently, gaps, duplicates or inconsistencies will appear.

Each integration must define:

ElementDecision needed
Master systemWho creates and numbers the invoice
Time of issuanceThe exact event that triggers the record
IdentifierA shared, idempotent key
ErrorsQueue, retry, alert and owner
CorrectionWhich system initiates and synchronises
ReconciliationDaily comparison of statuses and amounts

Retries must be idempotent: repeating a request after a timeout must not create another invoice. Partial outages, latency and out-of-order messages should also be rehearsed.

Security, access and data protection

User profiles must separate administration, issuance, correction, viewing and export. Shared accounts make it hard to attribute actions. Proper authentication, immediate access revocation, backup protection, activity logging and vulnerability management are all required.

Certificates or credentials used for submission must not be embedded in code or accessible to every user. They must be stored securely, rotated and monitored.

Invoices contain personal data. The adaptation must be integrated with data processor agreements, access control, retention, handling of data subject rights and transfer analysis wherever cloud or international hosting is involved. The tax obligation justifies certain retention periods, but not indiscriminate commercial use.

Phased rollout plan

Phase 1. Diagnosis

Phase 2. Preparation

Phase 3. Testing

Phase 4. Pilot

Phase 5. Going live

Acceptance test matrix

CaseExpected resultEvidence
Correct invoiceConsistent record and displayPDF, record and log
Invalid tax dataControlled block or warningScreenshot and ticket
CorrectionLink to the original and traceabilityRelated records
Network outageQueue and retry without duplicationLog and reconciliation
RestorationSequence intact and query availableTest record
Change of fiscal yearSeries and chaining correctSequence report
Duplicate integration callIdempotency prevents a second invoiceRequest log

Contingency plan

It must cover three scenarios: the application being unavailable, the connection with the AEAT being down, and a mass error following an update. For each one, define who declares the incident, how operations continue legally, what data is recorded, how it is recovered and how it is reconciled afterwards.

An uncontrolled parallel spreadsheet shouldn't be kept as a permanent solution. The contingency plan must be approved, numbered, time-limited and rehearsed. Once service is restored, a designated owner reconciles every operation and keeps the evidence.

Common mistakes

  1. Confusing the SIF regulation with the VERI*FACTU mode.
  2. Waiting until the legal deadline to request the update.
  3. Only inventorying the ERP and forgetting POS, ecommerce or Excel.
  4. Accepting "approved software" without checking version and declaration.
  5. Testing only a simple invoice, not corrections or outages.
  6. Migrating historical data without reconciliation or a rollback plan.
  7. Allowing shared accounts and untraceable changes.
  8. Failing to coordinate tax advisers, the business, IT and the vendor.
  9. Treating B2B electronic invoicing and VERI*FACTU as a single project.
  10. Not reserving support for closing periods and invoicing peaks.

Checklist for management

Frequently asked questions

Is VERI*FACTU mandatory for every business?

The regulation requires systems within its scope to meet its requirements. The VERI*FACTU submission mode must be distinguished from a non-VERI*FACTU system. The specific fit must be validated for each obligated party and flow.

What are the 2027 dates?

Before 1 January 2027 for entities filing Corporate Income Tax, and before 1 July 2027 for all other parties covered, under the extension approved in 2025.

Can I keep invoicing with Excel?

You need to analyse whether the tool is being used as an invoicing computer system within scope. A template that generates and keeps invoices shouldn't be assumed excluded without analysis.

Is there officially approved software?

The regulation relies on requirements and on the producer's declaration of responsibility. The company must check the product, version, configuration and evidence, not rely solely on a commercial label.

Is it the same as B2B electronic invoicing?

No. They are different frameworks, although they share data and may require a coordinated architecture.

Is it worth waiting until 2027?

No. 2026 should be used for the inventory, vendor choice, testing, the pilot and a gradual rollout. That runway allows you to fix issues without blocking invoicing.

Official sources consulted

Summum Sistemas can support the inventory, selection, migration, integrations and testing. Tax responsibility must be validated with competent advice; the technical goal is for the change to be traceable, reversible and compatible with how the business actually operates.