Skip to main content

VeriFactu vs No-VeriFactu: Key Differences, 2027 Deadlines and Which to Choose

· 14 min read
InvoSeal
InvoSeal
Facturación electrónica y cumplimiento normativo

If you are a freelancer, SME or the person responsible for invoicing at a company operating in Spain, you have almost certainly heard of VeriFactu. But did you know there are two modes — VeriFactu and No-VeriFactu — and that the choice between them has direct implications for how you manage your invoices, how much technical responsibility you take on, and how you interact with the Spanish Tax Agency (AEAT)? This article covers everything you need to know to make the right decision.

The regulatory context: from the Anti-Fraud Law to RD 1007/2023

To understand VeriFactu you need to go back to Law 11/2021 on the prevention and fight against tax fraud (known as the Anti-Fraud Law). This law introduced a new obligation in Article 29.2.j) of the General Tax Law: all invoicing information systems (SIF, for their Spanish acronym) must guarantee the integrity, preservation, accessibility, legibility, traceability and immutability of invoicing records.

The goal was clear: to put an end to so-called "dual-use software" — programs that allowed invoices to be altered or deleted in order to conceal income from the tax authorities.

The detailed regulation came with Royal Decree 1007/2023 of 5 December, which enacted the Regulation on Requirements for Invoicing Information Systems (RRSIF). This regulation sets out the technical requirements that every invoicing program must meet, regardless of whether VeriFactu or No-VeriFactu mode is chosen.

Subsequently, Ministerial Order HAC/1177/2024 of 17 October developed the detailed technical, functional and content specifications that SIFs must implement. And RD 254/2025 together with RDL 15/2025 adjusted the implementation deadlines, as we will see below.

The complete regulatory chain is as follows:

  • Law 11/2021 (Anti-Fraud Law): legal foundation.
  • RD 1007/2023: regulation setting out SIF requirements.
  • Order HAC/1177/2024: detailed technical specifications.
  • RD 254/2025: first deadline extension.
  • RDL 15/2025: second extension, definitive deadlines pushed to 2027.

Requirements common to both modes

Before getting into the differences, it is worth understanding what the regulation requires of every invoicing information system, whether VeriFactu or No-VeriFactu. RD 1007/2023 establishes that any SIF must meet these requirements:

Invoice registration record: for every invoice issued (full or simplified), the system must generate — simultaneously with or immediately before the invoice — a record containing mandatory minimum data. This record is not the invoice PDF but a structured summary in XML format.

Cancellation record: when an invoice is cancelled, a cancellation record must be generated and linked to the original registration record.

Digital fingerprint (SHA-256 hash): every record must include a hash calculated over key fields, ensuring that the content has not been altered.

Record chaining: each new record includes data from the previous record (issuer's tax ID, invoice number, date and the first 64 characters of the previous hash). If the chain breaks, the system must trigger an alert.

Tax QR code: every invoice issued through a SIF must include a readable QR code containing basic information for verification.

Legal preservation: records must be kept for the period required by the General Tax Law (generally 4 years, extendable in certain cases).

Producer's Responsible Declaration: the software manufacturer must issue a document certifying that its program complies with all requirements of RD 1007/2023 and Order HAC/1177/2024. Without this declaration, the software cannot be considered compliant.

From this point on the two modes diverge: one sends records to the tax authorities in real time and the other stores them locally with additional security measures.

VeriFactu: real-time submission to the AEAT

VeriFactu mode (or "verifiable invoice issuance system") means that each invoicing record is automatically and immediately submitted to the AEAT's electronic portal at the moment it is generated.

How does it work in practice?

When you issue an invoice with a VeriFactu system, the following happens:

  1. Your SIF generates a registration record with the invoice's structured data.
  2. A SHA-256 hash (digital fingerprint) is calculated over key fields.
  3. That hash is chained to the hash of the previous record, creating an immutable chain.
  4. The record is automatically sent to the AEAT's servers via a secure connection.
  5. The invoice includes a QR code that allows the recipient to verify it on the AEAT's electronic portal.
  6. Invoices carry the legend "Invoice verifiable at the AEAT Electronic Portal" or simply "Veri*Factu".

Advantages of VeriFactu

  • Compliance by design: by sending records automatically, the system itself guarantees integrity and traceability. The AEAT acts as a digital custodian of your records.
  • Lower technical complexity: VeriFactu systems have fewer security requirements to implement. There is no requirement for local electronic signatures on each record or for maintaining an event log, since custody lies with the tax authorities.
  • Future administrative simplification: the AEAT has announced that, by having records in real time, it will be able to offer pre-filled VAT drafts (Form 303) and instalment payments (Form 130).
  • Third-party verifiability: your customers can check the fiscal validity of each invoice by scanning the QR code. This generates commercial trust.
  • Reduced custody responsibility: the responsibility for preserving records is shared with the AEAT.

Drawbacks of VeriFactu

  • Internet dependency: records must be sent in real time, although the regulation provides for a periodic retry mechanism in case of incidents (the "Incident" field marked with "S").
  • Full and immediate visibility to the tax authorities: all your invoicing is recorded on the AEAT's servers the moment it is issued. This allows the tax authorities to cross-reference data in real time and, if there are outstanding tax debts, to act more quickly — for example, by issuing credit seizure notifications on invoices just issued to your customers. For many businesses this is not a problem, but it is important to be aware of the implication.
  • Not viable in areas without stable connectivity: although solutions with an offline mode exist that temporarily store records and send them when the connection is restored.

No-VeriFactu: local record-keeping with custody

No-VeriFactu mode (or "non-verifiable invoice issuance system") meets all the technical requirements of RD 1007/2023 but does not send records to the AEAT automatically. Instead, it stores them securely on the taxpayer's own systems.

How does it work in practice?

  1. Your SIF generates the invoicing record with its hash and chaining, just as in VeriFactu.
  2. It is not automatically sent to the AEAT. Records are kept on your local servers or private cloud.
  3. To compensate for the absence of automatic submission, the system must apply a qualified electronic signature to each invoicing record and each event record.
  4. An immutable event log must be maintained, documenting system starts, anomalies, manipulation detections, changes and any relevant incidents.
  5. Invoices include a QR code, but they are not directly verifiable by the recipient on the AEAT's electronic portal.
  6. Records are only sent to the tax authorities if expressly required during an audit or inspection.

Advantages of No-VeriFactu

  • Independence from connectivity: ideal for businesses in areas with poor coverage or those operating on the move (agriculture, livestock, fairs, events, construction sites).
  • Full data sovereignty: you decide when and how you share your information with the tax authorities.
  • No dependency on the AEAT's servers: your invoicing is not interrupted if there are problems with the tax authority's infrastructure.

Drawbacks of No-VeriFactu

  • Greater technical complexity: electronic signatures for each record, an event log and export capability in standard formats are all required.
  • Full custody responsibility: you (the taxpayer) must preserve records in an intact, accessible and immutable manner for at least 4 years.
  • Lower commercial confidence: since invoices cannot be verified on the AEAT portal, your customers lack that additional layer of validation.

Point-by-point comparison table

AspectVeriFactuNo-VeriFactu
Record submission to AEATAutomatic, in real timeOnly upon express request
Local electronic signatureNot required for each recordMandatory (qualified) for each record
Event logNot requiredMandatory and immutable
Record custodyAEAT + local (shared responsibility)100% taxpayer's responsibility
Hash and chainingMandatoryMandatory
QR code on invoiceYes, verifiable at AEAT portalYes, but not verifiable at AEAT portal
Legend on invoice"Invoice verifiable at the AEAT Electronic Portal"No verifiability legend
Internet dependencyHigh (with offline fallback)Low
Technical complexity of SIFLowerHigher
Pre-filled VAT draftsYes (future)No
Legal validityFully validFully valid

Which one should you choose based on your business type?

Both modes are legally valid. The AEAT recommends VeriFactu, but the choice lies with the taxpayer. Here are some practical guidelines:

VeriFactu is a good fit if...

  • Your business operates with a stable internet connection (office, urban retail, professional services).
  • You want to minimise technical management and delegate custody to the tax authorities.
  • You value commercial transparency and want your customers to be able to verify your invoices.
  • You are a freelancer or micro-business with straightforward invoicing: the AEAT offers a free application on its electronic portal that operates in VeriFactu mode.
  • You want to prepare for the administrative simplifications the AEAT plans to offer (VAT drafts, instalment payments).
  • You are comfortable with the AEAT having immediate knowledge of all your transactions. This includes the tax authorities being able to cross-reference data in real time and, in the event of outstanding debts, acting more quickly — for example, by issuing credit seizure notifications on invoices that have just been registered. This immediate visibility is the flip side of operational convenience.

No-VeriFactu may suit you if...

  • You regularly operate without internet coverage (agriculture, livestock, fairs, events, construction).
  • Your company has specific privacy requirements or needs control over its invoicing data.
  • You prefer the tax authorities not to have real-time access to your invoicing, only learning about your transactions when you file Form 347 in February of the following fiscal year, or when they formally request records as part of an audit or inspection.
  • You have your own technical infrastructure and qualified staff to manage electronic signatures, the event log and record custody.
  • You use a complex ERP with invoicing modules that generate records in a decentralised manner.

Can you combine both modes?

Yes. In mixed environments (for example, a company with offices in urban areas and points of sale in rural zones), it is possible to use VeriFactu systems in some channels and No-VeriFactu in others. Each SIF must individually meet the requirements corresponding to its mode.

The AEAT's free application

Since October 2025 the Tax Agency has had a free invoicing application available on its electronic portal that operates in VeriFactu mode. It is aimed at freelancers and small businesses with a low volume of invoices.

Key features:

  • No invoice limit (annual, monthly or weekly).
  • Only allows invoicing in one's own name or through an authorised representative.
  • Does not support simplified invoices (tickets) or certain special tax regimes.
  • Invoices generated can only be managed from within the application; it is not possible to export records to another SIF.
  • Includes client, product and numbering series management.
  • Generates invoices with a verifiable QR and sends records automatically to the AEAT.

It is a good starting point, but businesses with higher volumes or needs for integration with accounting systems will need specialised software.

What about companies under the SII?

The Immediate Supply of Information (SII) is a pre-existing system through which certain companies (generally large ones, with turnover exceeding 6 million euros) already send the AEAT data on their issued and received invoices in near real time.

Companies enrolled in the SII — whether mandatorily or voluntarily — are exempt from implementing VeriFactu. They are two different systems, with different obligations, for different audiences. They are neither compatible with nor complementary to each other.

If a company ever decides to leave the SII, the RRSIF rules would then apply and it would need to adapt its system to one of the two modes (VeriFactu or No-VeriFactu).

The regulation has undergone several postponements. These are the definitive deadlines under RDL 15/2025:

MilestoneDate
Publication of RD 1007/2023 (RRSIF)7 December 2023
Publication of Order HAC/1177/2024 (technical specifications)28 October 2024
RD 254/2025: first deadline extension1 April 2025
Deadline for software producers (9 months from the Order)29 July 2025
AEAT free application availableSince October 2025
RDL 15/2025: second deadline extension2 December 2025
Mandatory for corporations (Corporate Tax)1 January 2027
Mandatory for freelancers and other taxpayers1 July 2027
AEAT inspection campaigns expectedSecond half of 2027

The current period (2026) is a transition and preparation year. The AEAT allows testing with records in its external testing environment, and you can stop submitting test records at any time without consequences.

Penalties for non-compliance

The penalty regime is severe and distinguishes between different types of infringement:

  • Use of non-certified software: fines of up to €50,000 per fiscal year for the user (business or freelancer). The fine applies merely for using non-compliant software, without the AEAT needing to prove fraud.
  • Manufacturers of non-compliant software: fines of up to €150,000 per fiscal year for each type of non-compliant program sold or distributed.
  • Manipulation, omission or destruction of records: penalties ranging from €1,000 to €100,000 depending on severity, pursuant to Article 201 bis of the General Tax Law.

From 2027 onwards, it will no longer be valid to use Excel, Word, manual templates or any program that does not meet the RRSIF requirements. Anyone invoicing through a SIF must ensure that the system is compliant.

VeriFactu and electronic invoicing: are they the same thing?

A common source of confusion is mixing up VeriFactu with the B2B electronic invoicing obligation. They are distinct — though complementary — regulations:

  • VeriFactu (RD 1007/2023) focuses on the requirements of the invoicing software: how it must record, protect and (optionally) submit the data of each invoice. It is a tax-related regulation.
  • Mandatory electronic invoicing (Law 18/2022, Crea y Crece), developed by RD 238/2026, requires invoices to be issued and received in a structured electronic format (such as Facturae) in B2B transactions. It is mandatory from October 2027 for companies with turnover >€8M and from October 2028 for all others. It is an economic regulation.

Software can comply with VeriFactu and still issue invoices on paper (with a QR code). And an electronic invoice in Facturae format does not necessarily comply with VeriFactu if the system that generated it lacks hashing, chaining and a Responsible Declaration.

The ideal approach is to prepare for both obligations simultaneously, as many software providers are integrating both sets of requirements into a single update.

Conclusion: prepare in 2026 to comply in 2027

The obligation is real, the deadlines are set and the penalties are significant. Here is what you can do now:

  1. Assess your current software: does it meet the requirements of RD 1007/2023? Ask your provider for the Responsible Declaration.
  2. Choose your mode: VeriFactu or No-VeriFactu, based on the needs of your business.
  3. Test before the deadline: take advantage of the AEAT's testing period.
  4. If you are a freelancer with few invoices: the AEAT's free application may be enough.
  5. If you need integration, automation and hassle-free compliance: look for a professional solution.

Related reading: Invoicing Software Comparison: Which Ones Offer VeriFactu, No-VeriFactu, or Both?

Related reading: E-Invoicing in Europe 2026-2030: How It Is Being Implemented Country by Country

InvoSeal is designed from the ground up to comply with the requirements of RD 1007/2023. If you want to find out how InvoSeal can help you prepare your invoicing for 2027 — whether in VeriFactu or No-VeriFactu mode — check our documentation or get in touch.