Spain’s anti-fraud law tightens cash-payment limits, adds crypto reporting, and - through Verifactu (rules for billing software so invoices can’t be secretly changed) - forces billing systems to create tamper-evident invoice records with a QR code. You can also choose to send these records to AEAT (Agencia Tributaria, Spain’s Tax Agency) in real time. It mainly affects businesses that issue invoices with software and are outside SII (Immediate Supply of Information - the real-time VAT books).
2025 is the preparation year for software vendors and companies. User obligations start in 2026 with phased dates. B2B e-invoicing under Crea y Crece (the law that makes businesses send electronic invoices to other businesses) runs in parallel and is a separate mandate.
Quick Q&A
What is Verifactu? A rule set for billing software so every invoice leaves a trace. It adds a QR code on each invoice and allows real-time sending to AEAT.
Who is in scope? Companies and most autónomos who issue invoices with software and are not in SII (the real-time VAT books).
Does this force e-invoicing? Not by itself. Verifactu is about how invoices are recorded. B2B e-invoicing is a separate rule called Crea y Crece (it controls the format and delivery of invoices between businesses).
What dates matter? Jan 1, 2026 for companies. Jul 1, 2026 for the rest in scope.
Do I need to send every invoice in real time? No. Using Verifactu “send-now” mode is optional. If you do not use it, you must still keep the tamper-evident records and exports.
Will my customers see the QR? Yes. Each invoice must show a QR that lets anyone verify the invoice record.
Can I keep Excel or Word to issue invoices? No. You need a compliant billing program. Purely manual invoices are outside SIF (the software rules) but are impractical for most businesses.
Anti-fraud law - what it is and why it matters
It is a package of measures to prevent tax evasion. It changes the General Tax Law, including article 29.2.j (the clause that targets billing programs so they cannot hide sales). Royal Decree 1007/2023 (a government rule that sets software requirements) defines SIF (Sistemas Informáticos de Facturación - the billing systems covered) and Verifactu rules. Later updates in 2025 set the final calendar.
In short: your billing records must be trustworthy and meet these requirements:
- Integrity - no hidden edits.
- Inalterability - you cannot change data without leaving a trace.
- Traceability - you can follow the full history.
- Legibility - the records are readable.
- Conservation and accessibility - you keep them safely and can retrieve and export them quickly.
It also bans “double-use” tools that can hide sales.
Anti-fraud law 2025 - what actually changes this year
2025 is the adaptation year. Vendors finish Verifactu-ready releases (Verifactu complete guide here). Companies pilot and prepare cut-over plans.
Technical specs are stable. The ministry published the technical order in late 2024 so vendors can align. Expect more “Verifactu-ready” builds, QR tests, and structured export checks.
Your processes may need updates. You may adjust numbering series (invoice number sequences), how to cancel or correct invoices (voids and rectificativas - corrective invoices), and version control. Teams should learn how to read the QR, export the records, and review the incident log (a simple list of errors and fixes).
Practical to-dos for 2025
- Choose a compliant billing tool and confirm it supports the QR and the “VERI*FACTU” label when you use real-time send.
- Migrate legacy numbering if you have gaps or overlapping series.
- Train staff on allowed flows for voids, rectificativas, and re-issues.
- Document incident handling, backups, and audit exports.
What should I do now?
- Lock your software choice by Q4 2025.
- Rehearse QR and record exports with a few live invoices.
- Keep a one-page runbook for incidents and inspections.
Looking for an easy, fast and compliant e-invoicing tool? Try renn.
Anti-fraud law - when does it come into force?
General anti-fraud measures are already live. Cash caps and other base rules have applied since 2021.
Verifactu and SIF user obligations start in 2026:
- Jan 1, 2026: Corporate Income Tax payers (companies) must use compliant SIF or Verifactu systems.
- Jul 1, 2026: The rest in scope, such as most autónomos outside SII, must comply.
B2B e-invoicing under Crea y Crece is separate but overlaps. It starts after its final regulation. Large companies go first if they had more than €8m turnover, then the rest about a year later. Many will adopt it in 2026 or 2027.
SII interplay. If you are in SII you already submit VAT ledgers and you are out of Verifactu as a user. If you also run entities that are not in SII, the software for those must still comply.
Anti-fraud billing law and anti-fraud software law explained
Article 29.2.j LGT. Your billing program must block hidden edits. Every event leaves a record. That includes the initial issue, called “alta” (first creation), and any cancellation, called “anulación” (void). You can export these records in a standard way.
What Verifactu adds. Verifactu is a mode where each invoice record can be sent to AEAT the moment you issue it. Invoices must include a QR. If you use Verifactu mode, you also add the label “VERI*FACTU”.
Records and hashes
- Each invoice creates a signed record with a unique hash (a short digital fingerprint of the data).
- Cancellations generate linked “anulación” records. The chain shows version history.
- Deleting or silently overwriting is forbidden.
Operational changes you will notice
- Fixed numbering sequences per series. No gaps without a rectificativa (a corrective invoice that explains and fixes an error).
- Mandatory QR fields and data in the record files.
- An incident log and a clear software version number.
Examples
- Allowed: cancel an invoice with an anulación record, then issue a rectificativa that fixes the error.
- Forbidden: delete the old invoice and re-create it with the same number.
Tax anti-fraud law - other measures you should know
- Cash-payment limit. There is a €1,000 cap per operation when a professional is involved. A separate €10,000 limit applies in some non-resident cases.Crypto reporting.
- Model 172 covers balances for exchanges or custodians resident in Spain (they report what clients hold).
- Model 173 covers operations for those firms (they report client transactions).
- Model 721 applies to residents with more than €50,000 in crypto held abroad at year end. Filing runs from January to March for the prior year.
Bottom line
Use compliant billing software in 2025. By 2026, make sure every invoice has its QR and tamper-evident record. Decide whether to send records in real time or only on request. Plan e-invoicing (Crea y Crece) alongside Verifactu so both go live smoothly.
