Verifactu is the Spanish Tax Agency’s rule set that billing software must follow to create tamper-evident invoice records, with a QR on each invoice and an optional real-time send mode to AEAT. If you are wondering what is Verifactu in Spain, here is the short answer: it standardizes how software records each invoice so edits leave a trace and, if you choose, sends those records to AEAT, Spain’s Tax Agency.
It applies to businesses that issue invoices using software and are not in SII, AEAT’s Immediate Supply of Information for VAT ledgers. The law bans "double-use" software and requires integrity, inalterability, traceability, and version control.
2025 is the preparation year. Software makers had 9 months from 29 Oct 2024 to release compliant versions by 29 Jul 2025, and AEAT opened its reception services in that window. Obligations for users start in 2026.
Entry into force is phased: 1 Jan 2026 for Corporate Tax payers and 1 Jul 2026 for everyone else in scope. AEAT will also offer a free, simple app in Verifactu mode for low-volume issuers.
Verifactu quick answers
What is Verifactu in one line? AEAT’s framework that billing software must follow to create secure invoice records.
Who must comply? Anyone who issues invoices with software and is not in SII.
When is it mandatory for users? 2026, with two dates depending on your tax type.
Is this B2B e-invoicing? No. Verifactu is about the invoice record. B2B e-invoicing is about the structured invoice you exchange with other businesses.
Where can I read the rules? See the BOE, Spain’s Official State Gazette, and AEAT guidance (official source: boe.es).
What is Verifactu?
Short answer. Verifactu is the set of technical and functional requirements that billing software in Spain must meet to generate standard invoice records that are secure against alteration, optionally sending those records to AEAT in real time. If you ever searched for "verifactu what is it", that is it.
Purpose. Stop double accounting, set a common minimal invoice record, and give AEAT optional visibility via the QR and real-time sends.
What it is not. It is not the same as B2B e-invoicing under Crea y Crece and not a replacement for the invoice itself. The Verifactu record is not an electronic invoice by itself.
Read the Verifactu complete guide for details.
Verifactu 2025: what happens before it is mandatory
Dates you must know in 2025
- 29 Oct 2024 - the ministerial order entering into force starts a 9-month countdown for vendors and AEAT services.
- 29 Jul 2025 - deadline for software vendors to market compliant versions. AEAT’s reception services are available within this window.
- 2025 voluntary period - companies can pilot, configure numbering, test QR and record generation, and train staff ahead of 2026. This is the core of "verifactu 2025".
What businesses should do in 2025
- Choose a Verifactu-ready billing system and plan migration. Map your numbering series, VAT and IRPF scenarios, and define when you issue simplified invoices (tickets) versus full invoices.
- Run end-to-end tests: issue sample invoices, scan the QR to open AEAT’s check page, verify the hash chain and time stamps, and validate the XML record against the published schema.
- Prepare simple policies: who can issue, rules for voids versus corrections, how to handle cash registers and simplified invoices, and how to archive XML records.
Verifactu 5-step checklist
- Select software with Verifactu requirements. 2) Configure series per device. 3) Test invoices and QR. 4) Save XML and logs. 5) Train staff.
What vendors must do in 2025
Vendors: your SIF must do the following
- Include a signed “responsible statement” inside the app (you confirm it follows the rules).
- Keep a clear version history of the software (so any change is traceable).
- Store the software’s encryption keys safely (e.g., OS key store or a hardware security module) so they can’t be copied or misused.
- Create a record every time you create an invoice - the first record is called alta (the initial entry).
- Record cancellations and other important events.
- Link each record to the previous one with a SHA-256 checksum (a unique fingerprint) so hidden edits are detected.
- Digitally sign each record using XAdES (the EU standard for XML digital signatures) to prove who created it and that it hasn’t been changed.
- Use a built-in clock that can’t be altered, so timestamps are trustworthy.
- Keep detailed logs of who did what and when.
- In VERI*FACTU mode, send records to AEAT as they’re created.
Tiny decoder
- alta = first entry for a new invoice.
- SHA-256 = a mathematical fingerprint; if the data changes, the fingerprint changes.
- XAdES = the EU’s format for digital signatures on XML; it proves origin and integrity.
When does Verifactu come into effect?
Two user deadlines are fixed - 1 Jan 2026 for Corporate Tax payers and 1 Jul 2026 for the rest of in-scope taxpayers (autónomos, entities under attribution of income, permanent establishments (PE) under IRNR (Non-Resident Income Tax)). Before those deadlines, software makers had 9 months from 29 Oct 2024 to release compliant versions, up to 29 Jul 2025, and AEAT stood up its reception services.
Who is excluded from RRSIF (billing software requirements regulation)/Verifactu. Taxpayers in SII for VAT books. SII is AEAT’s Immediate Supply of Information, where you keep your VAT ledgers online and send invoice data within days. If you are in SII, the Verifactu obligations do not apply to those ledgers. In edge cases like third-party issuance or self-billing, follow your SII obligations.
Verifactu: how it works
The invoice record
The SIF must generate a standard Registro de facturación de alta per invoice with fields for issuer, recipient, amounts, taxes, series, and device and software info.
Integrity and inalterability
- Calculate a SHA-256 hash per record and chain it to the previous record’s hash.
- Sign every record electronically (XAdES, enveloped) and use time information from a protected clock.
- Block edits or deletions of final records and keep a full audit log of events.
Modes
- No Verifactu mode - the SIF generates records locally and keeps them. Optional events are logged.
- Verifactu mode - the SIF also remits each record to AEAT in real time. The invoice shows the VERI*FACTU mention.
This is why a silent edit or back-dating becomes visible. The hash chain breaks if you try to change a past record. The signature and time stamp prove when the record was created.
What changes on your invoices
QR on invoices
QR is mandatory on all invoices produced by a SIF. For e-invoices, a substitutive element is allowed as per the order. As practical guidance, the QR should be easy to scan and often uses a minimum size in the 30-40 mm range. The QR contains a link to AEAT’s verification page and basic invoice details (date, invoice number, amount, issuer), so anyone can quickly check the invoice.
Legend or marking
When working in VERI*FACTU mode, include the visual mention "VERIFACTU" as specified.
Numbering and dating
- Single protected clock source. Numbering is automatic and strictly sequential per series.
- No multiple recipients in a single invoice.
- Simplified invoices are allowed but have their own rules and, in VERI*FACTU mode, must be communicated to AEAT.
If you need an all-in-one tool that is ready for these rules, see our electronic invoicing tool.
Who must comply and who does not
In scope. Businesses and professionals who issue invoices using software, except those in SII. Shops, online sellers, agencies, clinics, trades, and hospitality are typical cases. Retail and hospitality issuing simplified invoices via POS are in scope. If using VERI*FACTU mode, those simplified invoices are communicated to AEAT.
Out of scope. Taxpayers in SII for VAT books are excluded from RRSIF (billing software requirements regulation)/Verifactu. Mixed scenarios may apply for specific operations that are not covered by SII. Check how your software separates them.
AEAT tools you can use
Free AEAT billing app. AEAT will provide a free, simple billing application operating in Verifactu mode, intended for issuers with very few invoices.
Basic capabilities: issue invoices, produce records, include QR, and send to AEAT. It is useful to test flows and for low-volume businesses. If you later grow, you can switch to full software.
Download and verification services. Senders can download their own records from AEAT. Recipients can download records that suppliers sent in VERI*FACTU mode. Scanning the QR takes you to AEAT’s verification or information page to check the record.
Obligations and penalties
Business obligations
Use Verifactu-compliant software. Keep XML records and logs. Train staff on when to cancel an invoice and when to issue a correcting invoice (credit note). Ensure QR and legends are printed or embedded. If you use multiple SIFs or devices, maintain series and chain integrity across them.
Vendor obligations
Include a signed responsible statement, maintain version traceability, secure keys, disallow disabling integrity controls, and expose tests for hash and signature verification.
Penalties to know
- Using or holding non-compliant software: fixed fine up to 50,000 euros per year and per software program.
- Producing or marketing non-compliant software: up to 150,000 euros per year.
- Formal breaches like missing QR may incur per-invoice fines, with quarterly caps.
Bottom line
Verifactu is not just a QR. It standardizes the invoice record and locks down your billing process. Treat 2025 as the year to pilot your SIF, and enter 2026 with QR, hash chain, signature, and processes ready. If you are in SII, you are excluded. Everyone else must choose a compliant system and set it up properly. If you came here asking what is Verifactu, the short answer is: the rulebook your billing software must follow from 2026.
