Developing an e-invoice integration solution for ZATCA compliance in Saudi Arabia
The Zakat, Tax, and Customs Authority (ZATCA) in Saudi Arabia has introduced major changes in how companies in the Kingdom handle their invoicing processes. According to the new law, every company selling its services or products must submit an invoice for each transaction to the ZATCA system through a digital service. While some companies may opt to use third-party services, others prefer to develop their own in-house solutions. In this case study, we will describe the highlights of integration with ZATCA’s system for the registration of invoices and receipts we have implemented for our clients.
Table of contents
The Challenge
ZATCA’s requirements are quite strict and multifaceted: invoices needed to be sent in a specific format, digitally signed, and with a QR code issued by ZATCA. Each invoice had to be validated and, if necessary, corrected and resubmitted. ZATCA is obligated to issue a fine for each wrongly prepared e-invoice. The integration process was complex, involving multiple steps and verification processes.
Decision for In-House Implementation
The decision to develop an in-house solution rather than outsourcing was driven by a desire for better control and adaptability. The initial perception of simplicity soon gave way to the realization of the complexity involved. This complexity included handling various e-invoice types, digital signatures, data from previous invoices, and a blockchain-like linking of invoices for verification.
The Implementation Process
The implementation process involved:
- Verification and Token Generation: Companies needed to send their details to ZATCA to receive tokens for invoice templates.
- Invoice Submission and Signing: Invoices were sent to ZATCA for digital signing and QR code addition.
- Data Management: Each invoice, along with its XML data, had to be converted into a PDF and attached to the invoice for end-user verification.
- Handling Corrections: Incorrect invoices required correction and resubmission, with financial penalties imposed for errors.
Technical Complexities and Solutions
The technical solution was centered around an API that served multiple internal products of our client. This API is responsible for:
- Gathering data from various client services.
- Validating invoice fields.
- Generating hashes (as part of the invoice chain) and QR codes.
- Signing invoices.
- Logging data for troubleshooting and compliance purposes.
- Storing data and logs in a database.
- Checking invoice status to provide information to customers using the client’s services.
The API connects the ZATCA system with various services operated by our client.
The backend was built on Java 17 with Spring version 2.7, emphasizing a reactive application approach.
Compliance and Auditing
Our API was audited by Deloitte to check its compliance with ZATCA’s standards. The audit showed positive results with only minor areas for improvement, confirming our solution’s reliability.
The Outcome
The integration process, which lasted approximately eight months, successfully culminated in a functioning system compliant with ZATCA’s standards. The API is fully functional, operates within the client’s complex product ecosystem, and is used by end users. We managed to deliver the integration within ZATCA’s strict deadline and helped our client avoid fiscal penalties
Conclusion
This case study shows how challenging it can be to meet government rules while running a business. Our success with this project proves that being flexible, really understanding what’s needed, and having strong tech skills are key. We successfully navigated the complexities of digital finance and tax regulations, developing a system that effectively serves the needs of end users, our client’s services, and ZATCA’s fiscal system.
Share this article: