VERIFACTU 2026: What It Is, Who It Affects, and How to Comply

If you've landed here searching for "verifactu", you're probably in one of three situations: you're a partner at a professional services firm and you've heard "something new is coming" but don't know if it affects you; you run an accounting practice and your clients are starting to ask what it is; or you already know the rules but need a clear summary to make decisions this week. In any of the three cases, this article is for you.

VERIFACTU is, in short, the name given to the verifiable invoicing system derived from Spain's Tax Fraud Prevention Act 11/2021 and its implementing regulation. The idea is simple: every invoice a company issues must be recorded in a way that is complete, traceable, and verifiable by Spain's Tax Agency (AEAT). What gets complicated — and what raises questions — is how it applies in practice and who it affects.

TL;DR: VERIFACTU requires most Spanish companies and professionals to use invoicing software that guarantees record integrity, electronically signs invoices, and allows voluntary submission to the AEAT. The rollout calendar has been postponed several times; always check the official source. Non-compliance can lead to significant financial penalties.

What is VERIFACTU in 3 sentences

VERIFACTU is a set of technical requirements that invoicing software used in Spain by companies and professionals must meet. Its goal is to prevent the "two-books" practice — issuing one invoice "for the tax authority" and another "for the client" — via IT systems that guarantee invoicing records cannot be tampered with after issuance. It is, in essence, the obligation that software be honest by design, not just by user goodwill.

Who VERIFACTU applies to, and who is exempt

Article 3 of Royal Decree 1007/2023, which approves the Regulation on the requirements of invoicing IT systems, defines precisely who VERIFACTU applies to. Broadly speaking, the Regulation applies to taxpayers who use invoicing IT systems and are:

• Corporate Income Tax payers (except entities fully exempt under art. 9.1 of Law 27/2014).
• Personal Income Tax payers carrying out economic activities — this includes the self-employed, under both direct assessment and objective assessment (modules). The regulation does not distinguish by tax regime: what determines the obligation is carrying out an economic activity and using an invoicing IT system.
• Non-Resident Income Tax payers who earn income through a permanent establishment.
• Entities under the income-attribution regime — co-ownerships, professional civil partnerships — carrying out economic activities.

The Regulation explicitly excludes:

• Taxpayers who keep their record books via the AEAT's Immediate Supply of Information (SII) system — regulated in article 62.6 of the VAT Regulation (Royal Decree 1624/1992). If you already submit invoices to the SII within four working days of issue, you comply through that channel and are not additionally subject to VERIFACTU.
• Companies domiciled in the Basque and Navarrese foral territories with their own control systems: TicketBAI in the Basque Country and its equivalent in Navarre. The Regulation expressly clarifies that its territorial scope does not affect the economic-agreement regimes (concierto y convenio económico), provided the taxpayer's tax domicile is in the relevant historical territory.
• Certain specific transactions (permanent establishments abroad, recipient-issued invoices, etc.), listed in article 4 of the same Regulation.

If your situation doesn't cleanly fit any of the above, the sensible move is to consult a tax advisor or check the Invoicing IT Systems section of the AEAT's electronic office directly.

The rollout calendar

Here's where you need honesty: the VERIFACTU calendar has been pushed back several times since Tax Fraud Prevention Act 11/2021 first announced it. The regulatory development — in the form of Royal Decree 1007/2023 — and the need to give software vendors time to adapt their systems have forced successive revisions to the rollout calendar, with transitional provisions amended more than once.

As of this article's publication, the authoritative reference for the current deadline applicable to Corporate Income Tax payers, self-employed individuals under direct assessment, and the other obligated parties listed in article 3 of the Regulation is the AEAT's electronic office and the transitional provisions of Royal Decree 1007/2023 in the BOE. Before making any planning decisions, always cross-check with the official source in case there's been a new postponement or amendment.

Rather than quoting dates that could become obsolete in a few months, we recommend:

1. Check the up-to-date official calendar at the AEAT's electronic office, specifically in the Invoicing IT Systems section.
2. Subscribe to updates from your professional association (Consejo General de Economistas, Consejo Superior de Colegios Oficiales de Titulados Mercantiles, bar associations).
3. Get a written commitment from your current or prospective invoicing-software provider that their product will be VERIFACTU-compliant before your applicable deadline.

What is firm is that adaptation is not optional: the dates have moved, but the obligation is in the law. Planning with margin is cheaper than scrambling.

Technical requirements your software must meet

Without unnecessary jargon, VERIFACTU-compatible software must guarantee four things.

1. Record integrity

Each invoice issued must be stored in a way that cannot be altered without leaving a trace. This is achieved by chaining invoicing records: each new invoice "points to" the previous one via a verification code. If someone tries to alter an old invoice, the chain breaks and the tampering is detected on the first inspection.

In plainer terms: it's like numbering the pages of an accounting ledger with a mathematical formula that depends on the previous page. Change a page, and every subsequent page stops matching.

2. Electronic signature on each record

The invoicing records the software generates must be electronically signed by the system itself. This guarantees they come from the authorised software and haven't been manipulated outside it.

3. QR code on the invoice

Every invoice must carry a printed QR code that lets the AEAT — or, in practice, anyone with a mobile phone — read the essential invoice data and verify its authenticity. If your software doesn't generate this QR according to the AEAT's specifications, it doesn't comply with VERIFACTU.

4. (Voluntary) submission to the AEAT

The name VERIFACTU comes precisely from the submission modality: business owners can opt to automatically send their invoices to the AEAT's electronic office at the moment they are issued. This submission is voluntary, but it carries a clear incentive — spelled out in the Regulation — that's worth understanding.

Under the Regulation, IT systems that transmit every invoicing record continuously, securely, automatically, sequentially, instantaneously, and reliably to the Spanish Tax Agency at the moment of issuance are officially considered "Verifiable Invoicing Systems" or "VERI*FACTU Systems" (that's the full technical name). The rule grants two concrete privileges to this type of system:

1. Presumption of compliance by design. They are presumed to meet the requirements of article 8 of the Regulation, which considerably simplifies the burden of proof in the event of an inspection.
2. No obligation to electronically sign each record. Article 12 of the Regulation requires every invoicing record to be electronically signed; VERI*FACTU systems are exempt because the submission itself fulfils the evidentiary function. This is the specific incentive that justifies opting into the modality.

Invoices issued by these systems also carry the notice "Invoice verifiable at the AEAT's electronic office" or simply "VERI*FACTU".

Systems that do not opt into voluntary submission still have to meet the integrity, electronic signature, chaining, and QR code requirements, and must keep records in their own system for potential inspections. Both modalities are legal — the choice depends on how you want to balance the operational burden of internal electronic signing against continuous integration with the AEAT.

What happens if you don't comply: penalties

Penalties are set out in article 201 bis of General Tax Law 58/2003, added by the Tax Fraud Prevention Act 11/2021. They are fixed amounts classified as serious infringements:

• Production, marketing, or manufacture of IT systems that allow keeping parallel accounts, omitting transactions, falsifying records, or altering data: fixed fine of €150,000 per tax year in which sales occurred and per each distinct type of system or program.
• Marketing of systems without the required certificate: €1,000 per system or program marketed without certification.
• Possession of IT systems that do not meet the Regulation's specifications: fixed fine of €50,000 per tax year in which they were used.

An important nuance easily missed on a quick read: penalties don't fall only on the company using the non-compliant software. Article 201 bis also penalises the developer or distributor of the system. For a firm advising clients on which tools to adopt, this means recommending non-compliant software can generate joint-and-several liability — not a minor point.

The same person or entity cannot be penalised simultaneously under the production/marketing (€150,000) and the possession (€50,000) infringements for the same system: the law expressly excludes this.

VERIFACTU FAQ

Does VERIFACTU affect me if I invoice on paper or with Excel?

If you issue invoices as part of an economic activity — whether you're self-employed under direct assessment, a company, or a professional — and you're not in an exempt regime (SII, TicketBAI, modules), then yes, it affects you. Using Excel or generic templates does not meet the integrity or electronic-signature requirements VERIFACTU demands. You'll need to use software that does.

When does VERIFACTU start applying in my case?

The calendar has moved several times and the specific date depends on the type of taxpayer. Always consult the official calendar at the AEAT's electronic office — the information in this article may be out of date.

Do I have to change my invoicing software?

Not necessarily. Most commercial programs in the Spanish market — A3, Holded, Sage, Contasol and similar — are adapting their systems to VERIFACTU via updates. What you do need to do is get a written confirmation from your vendor that your current version, or the next one, will be certified before your applicable deadline.

Are VERIFACTU and SII mutually exclusive?

Yes. If you already submit invoices to the SII — due to annual turnover above €6 million, voluntary enrolment, VAT-group membership, or REDEME registration — you comply through that channel and the additional VERIFACTU obligation does not reach you. Both systems pursue the same goal: traceability and control.

What if I use TicketBAI in the Basque Country?

TicketBAI and VERIFACTU are parallel systems with the same objective. If you are domiciled in a foral territory (Álava, Gipuzkoa, Bizkaia) and comply with TicketBAI, that obligation replaces VERIFACTU for your taxable events in those foral tax authorities. Navarre's equivalent works the same way.

What's the penalty for non-compliance?

Penalties can range from relatively low amounts for formal breaches to significant sums for serious non-compliance, especially when intentional concealment is detected. Because the exact amounts depend on the current text of the Regulation and the AEAT's interpretation, the recommendation is to consult a tax advisor before taking any risk.

How we're solving this at Gradion

In the automation projects we've done at professional services firms, the bottleneck isn't usually meeting VERIFACTU's technical requirements as such: commercial software vendors are adapting. The real bottleneck is upstream: the manual work teams spend preparing, reviewing, and classifying invoices before they reach the system.

A concrete example. A firm receives invoices by email, as PDFs, as WhatsApp photos, and as scanned documents. Previously, one team member spent 10 to 15 hours a week re-classifying them, extracting data, and entering it into the accounting program. That work is purely repetitive, requires no professional judgement, and blocks time the partner could be spending with clients.

What we do at Gradion is automate exactly that part: the file is ready for review in hours, not days. The firm's staff remains the reviewer, the signer, and the decision-maker. The automation only prepares the draft. All of this with data stored in the European Union, under our GDPR compliance responsibility — with a Data Processing Agreement signed from day one — and with per-client isolation. If you want to understand in depth what GDPR does and doesn't allow when automating with AI in your firm, we have a dedicated guide.

It's not magic, it's not "replacing people", and it's not a six-month consulting engagement. It's a 10-day pilot at a fixed price where we automate a specific process and deliver the result in production.

Is your team losing 15 hours a week on paperwork?

We solve it in 10 days, with a fixed-price pilot.

Tell us about your case →