There are plenty of EU rules and regulations to help us understand what constitutes a compliant electronic tax invoice. EDI as a means to exchange electronic invoices is long-established and proven since 1994, but in some countries there has been confusion around how EDI provides tax compliance. In the past, companies would run an EDI program to gain business benefits but accounts payable/receivable would also process paper invoices, to ensure tax compliance.
While there have been different VAT rules and regulations in different member states since 1990, it wasn’t until 2001 that clear VAT rules for e-Invoicing were issued by the EC, and mapped out how paper could be completely removed from the invoicing process, in a tax compliant manner. The 2001 legislation later harmonised in 2006, set out the rules for data validation, authenticity and integrity, and archiving.
One country in particular seized on these new regulations to provide explicitly clear rules on how both digital signatures and EDI can provide compliant e-Invoicing. In July of 2003 the French tax authorities new rules on e-Invoicing came into force. The French legislation combined each of the three core pillars of compliance into a single EDI process and since that time there has been little confusion around compliant EDI. This has resulted in a thriving compliant EDI industry in France whereas elsewhere, only the “authenticity and integrity” element for EDI has been used.
Authenticity & Integrity
According to the current EC VAT Directive the authenticity of the origin, the integrity of the content and the legibility of an invoice, whether on paper or in electronic form, shall be ensured from the point in time of issue until the end of the period for storage of the invoice.
EDI achieves this transferring data within a secure network and messages sent and received are identical. This may be supported by interchange agreements, summary lists and sometimes by a trading partner list. A well-managed EDI process will store the different evidence components, including evidence that the chosen security and other controls are complied with, in such a way as to convince an auditor quickly that the archived invoices messages are authentic and unchanged since issuance.
Companies issuing invoices must ensure the authenticity of the origin of the document, essentially this means that the issuing company is who they say they are and they issue documents within a secure channel. Trading parties must implement and maintain different security procedures and measures, including the verification of the origin, the non-repudiation of origin, the receipt, and the confidentiality of EDI invoice messages.
EDI networks are private, secure networks where EDI related information can be exchanged between companies. Connectivity to the EDI network must be over a secure channel to guarantee the “integrity” of invoices, for example FTPS, VPN, AS2 or secure FTP within a secure shell protocol are all acceptable methods. Processes engrained within the EDI network ensure that the message transferred maintains integrity across the end to end process and any transfer errors are captured and dealt with.
To ensure authenticity within an EDI network, trading partners will typically require a secure account and connection with an EDI network provider to both send and receive electronic documents. A well-managed EDI network process maintains a trading partner list that identifies all trading partners exchanging invoices. This list validates the trading relationship between trading counterparties. The provider will also keep a record of all trading party interchange agreements and maintain a summary list of all transactions between trading counterparties verifying each message and indicating any anomalies detected at transmission.
During an enrolment campaign, suppliers will typically be part of a customer’s vendor master list, inferring an element of trust between the two trading partners. In an EDI network each supplier goes through an enrolment process and credit check to authenticate the company and if successful they have a secure account and connection within the network and “authenticity” is assured.
When networked EDI is combined with data and archiving compliance, it can both provide an end-to-end tax compliant process. The decision for your company is quite simple, is upgrading my existing EDI process the simplest, most cost-effective, and efficient e-Invoicing program to implement?
Point-to-point connections can also ensure “integrity”, providing the protocol used is secure, again, the examples of FTPS, VPN, AS2, or secure FTP within a secure shell protocol are all acceptable methods. But it is a little more difficult to quantify “authenticity” for point-to-point connections, by using a secure connection between your company and your trading partners authenticity is “inferred”, but perhaps not guaranteed unless you mandate secure procedures. If your company is using point-to-point to directly connect to your trading partners you must ask yourself what process both trading partners have in place to ensure the “authenticity” of invoices. I would recommend talking to your tax advisor on best practise.
AS2 is perhaps the most commonly used protocol for point-to-point connections and deserves a separate mention as AS2 can provide both “authenticity” and “integrity” at the same time because a digital signature is embedded into the protocol. Because a digital signature is embedded over the protocol, this doubly ensures the “integrity” of invoices, but “authenticity of the origin” of the invoices is also ensured by the electronic certificate, so if your company is running a point-to-point EDI program the recommended method of ensuring a compliant process is using AS2 with a digital signature.
Web EDI has generated some controversy over its ability to be compliant but as far as ensuring “integrity” is concerned as long as invoices are issued over HTTPS they will be compliant. Web EDI provides “authenticity” as long as account security and enrolment process has the same controls as the EDI network enrolment process. Typically any web-form solution will require a secure log-on and therefore the trading party must have a secure account with the EDI network provider. The enrolment of web suppliers is driven from a vendor master list from the buyer, during the enrolment process the supplier is asked a set of validation questions and successful suppliers are given a secure account. This web EDI enrolment process is typical of many of the alternative e-Invoicing service providers.
Another option is EDI outsourcing, which is simply a method of using external resources to manage your EDI environment on a day to day basis. A company can choose to outsource part of an EDI process such as on-boarding a group of trading partners, or they could decide to outsource the management of the entire EDI process. Most EDI implementations need access to resources that can develop maps, on-board trading partners and implement new communication protocols. Many companies do not have the internal resources to undertake this type of work and prefer to outsource it. As long as the underlying EDI method used by the EDI outsource team assures authenticity and integrity, then outsourced EDI can ensure compliant invoices.
Data Validation & Archiving
So we can see that as far as authenticity and integrity is concerned, EDI can provide a tax compliant process. Some methods have compliance engrained into the process and other methods require certain procedures to be in place alongside. But so far, none of the methods discussed include data validation or archiving.
GXS developed its e-Invoicing solutions to include each of the three elements of tax compliance – data validation, authenticity & integrity and archiving. Our solutions are inclusive of both digital signatures and EDI and the choice for our customers is simple, whether to upgrade their existing EDI process, or to leverage digital signatures where appropriate.
So if you are considering an e-Invoicing program, why would you choose the EDI method? Your company may already be processing EDI invoices. If so, your company will be able to extend existing contracts and SLAs and leverage a solution that will overlay your existing EDI processes.
Many of your suppliers are pre-connected to EDI networks and this will reduce your initial investment plus allow you to get to ROI quickly. Any suppliers that are not can easily connect through web-forms. It should be re-iterated that EDI is not expensive any more. Suppliers can connect through cost-effective solutions, from web-forms for low-volumes through to integrated desktop solutions for mid-volumes. Many EDI network providers are pre-connected, and interoperability across networks is well established which opens up trading counterparty connections across multiple networks.
In conclusion, EDI does provide compliant e-Invoicing as long as you combine each of the different elements of tax compliance into a single process.