Spain B2B E-Invoicing 2026: Royal Decree 238/2026 and the ERP Vendor Timeline
Spain has moved from draft to law. Royal Decree 238/2026 implements the Ley Crea y Crece B2B e-invoicing mandate, and the April 17 draft Ministerial Order sets an October 1, 2026 trigger date. Here's what ERP vendors need to build toward.
Spain Just Locked in Its B2B E-Invoicing Timeline
For two years, Spain's B2B e-invoicing mandate was an open question. The enabling law — Ley 18/2022 de Creación y Crecimiento de Empresas, known as Ley Crea y Crece — was passed in September 2022. But the implementing regulations kept slipping. Verifactu (the anti-fraud software regime) was delayed to January 2027. The B2B invoicing decree sat in draft for eighteen months.
That changed on March 31, 2026, when Royal Decree 238/2026 was published. It formally implements the B2B e-invoicing mandate under the Ley Crea y Crece framework. Then on April 17, 2026, the Ministry of Economy released a draft Ministerial Order for public consultation proposing the technical go-live dates.
If you sell ERP software, accounting software, or invoicing infrastructure into Spain, the compliance work starts now. This post covers the timeline, the formats you need to support, the central public platform, and the concrete engineering work that has to ship before October 2027.
Timeline: What Happens When
The draft Ministerial Order published April 17 defines three trigger dates. Assuming it is adopted without material change (the consultation is open, but the substance is unlikely to move), the phased rollout looks like this:
| Date | Event | Who's Affected |
|---|---|---|
| October 1, 2026 | Rule trigger date | Regulations take effect; voluntary compliance window opens |
| January 1, 2027 | VERI*FACTU mandatory | Corporate taxpayers and permanent establishments |
| July 1, 2027 | VERI*FACTU mandatory (remainder) | Self-employed and other in-scope persons |
| October 1, 2027 | B2B e-invoicing mandatory | Large companies: annual turnover >€8M |
| October 1, 2028 | B2B e-invoicing mandatory (remainder) | All remaining businesses and self-employed |
Two regimes, two timelines. VERI*FACTU is the anti-fraud billing software regime — it governs how invoicing software itself has to behave (immutable records, hashing, QR codes, optional real-time transmission to the AEAT). Ley Crea y Crece B2B e-invoicing is the structured-invoice exchange layer that rides on top.
A business in scope of both needs compliant software (VERI*FACTU) and has to issue structured e-invoices via an approved channel. These are separate compliance obligations with separate activation dates.
There is a 6-month grace period after mandate activation before fines for missing e-invoices can be imposed. During the first compliance year, a recipient not yet obligated may still request a PDF copy alongside the structured invoice.
The Dual Platform Model
Spain has landed on a hybrid architecture. Private platforms (whether commercial solutions, in-house ERP modules, or PEPPOL access points) can issue and receive invoices directly between trading partners. But every invoice must also be lodged — in a copia fiel (faithful copy) — with a central public platform operated by the AEAT (Agencia Tributaria).
This makes Spain look structurally similar to France's PPF (Portail Public de Facturation) architecture — except the AEAT platform doubles as a free-tier issuing and receiving option. Small businesses with low volume can use it directly. Everyone else will route through a private platform, with the copia fiel submitted programmatically.
For ERP vendors, this means two integration surfaces:
- Bilateral exchange — your customers either exchange invoices directly with their trading partners (over Peppol or a private interop network) or route through a commercial platform.
- AEAT copia fiel submission — every issued invoice must be transmitted to the AEAT platform. Your customers will expect your software to handle this automatically.
The AEAT commits to providing minimum 4-year recipient access to invoices without charging the buyer. This is a practical constraint: if you build a recipient workflow that depends on invoices sitting in your own platform, your customer still has a free fallback at the AEAT.
Accepted Formats
The Royal Decree specifies that all compliant formats must satisfy the EN 16931 European semantic standard. Within that constraint, Spain accepts:
- Facturae — Spain's national XML format, updated to align with EN 16931. Historically the required format for B2G invoicing through FACe, now extended to B2B.
- UBL 2.1 — the OASIS Universal Business Language XML format (ISO/IEC 19845:2015). This is the same syntax used by Peppol BIS 3.0.
- UN/CEFACT Cross-Industry Invoice (CII) — the XML syntax used by ZUGFeRD and Factur-X.
- EDIFACT — legacy but accepted. Primarily for large enterprises with existing EDI infrastructure.
Four formats is a lot. In practice, expect Facturae and UBL 2.1 to dominate — Facturae because of continuity with FACe, UBL 2.1 because Spanish businesses that already deal with France, Belgium, or Poland will have it running anyway.
If your ERP already supports Peppol BIS 3.0 (UBL 2.1), you have most of what you need. The gap is Facturae support and the AEAT copia fiel integration.
VERI*FACTU: Software-Level Requirements
VERI*FACTU is a separate obligation that governs how invoicing software produces and records invoices. It operates in two modes:
- Online mode (Sistemas VERIFACTU)* — invoices are transmitted to the AEAT within seconds of issuance.
- Offline mode (Sistemas No VERIFACTU)* — invoices are stored locally with digital signatures and QR codes; the AEAT can request them later or receive them in batches.
Either way, your software must:
- Generate a unique invoice identifier with a cryptographic hash chain linking each invoice to the previous one.
- Print a QR code on every invoice, encoding the hash and a verification URL.
- Produce invoice records in an immutable, tamper-evident log.
- Support real-time transmission to the AEAT (even if the customer chooses offline mode, the software must be capable of online operation).
Businesses already using SII (Suministro Inmediato de Información) — the existing real-time VAT reporting system for large taxpayers — are exempt from VERIFACTU. Your ERP needs to handle the routing logic: SII-reporting customers skip VERIFACTU; everyone else is in scope.
For ERP vendors, VERI*FACTU certification is the bigger lift than Facturae support. The hash-chain requirement means your invoicing module needs a dedicated secure log with controls on modification and access.
Invoice Status Reporting
Under Ley Crea y Crece, recipients must report the status of every invoice back through the same channel within 4 business days. Status values include acceptance, rejection, and payment confirmation. This mirrors the status-exchange layer in France (AFNOR XP Z12-014) and the acknowledgement flow in Poland's KSeF.
For ERP vendors, this means AP (Accounts Payable) workflows need to be wired to emit structured status messages. A customer rejecting an invoice in your UI should trigger an automatic status message back to the issuer's platform and a copia fiel to the AEAT.
Who's In Scope — and Who's Not
In scope:
- All Spanish-established businesses conducting B2B transactions domestically.
- Self-employed professionals (autónomos) for B2B invoices — mandatory from October 2028.
- Permanent establishments of foreign companies operating in Spain.
Out of scope or exempt:
- B2C transactions. The mandate covers business-to-business only. B2C invoicing obligations remain unchanged.
- Cross-border transactions between a foreign entity and a Spanish party. These fall under separate EU/international rules and are excluded from the domestic mandate (though ViDA Pillar 1 will change this from July 2030).
- Basque Country and Navarra. These regions operate TicketBAI and their own fiscal regimes. National VERI*FACTU and the B2B mandate don't apply inside their fiscal jurisdictions.
- Small businesses under the régimen simplificado, initially exempt from VERI*FACTU only.
- VAT-exempt-only operations, initially exempt from VERI*FACTU.
Note that "initially exempt" means the exemptions are expected to narrow over time. No permanent size-based exemption exists in the underlying law — microenterprises and freelancers will eventually be fully in scope.
Penalties
Spain has published a tiered penalty structure:
| Violation | Penalty |
|---|---|
| Failure to issue or provide an e-invoice | Up to €10,000 per incident; 6-month grace period after mandate activation |
| Use of non-certified invoicing software (VERI*FACTU) | Up to €50,000 annually per company |
| Software vendors supplying non-compliant systems | Up to €150,000 |
| Late or inaccurate status reporting | 0.5% of invoice amount, minimum €300, maximum €6,000 per quarter |
| Archive violations or tampering | €150 per missing or flawed invoice; higher for serious violations |
The €150,000 software vendor penalty is the one ERP vendors need to internalize. Under VERI*FACTU, liability for non-compliance extends back to whoever supplied the software. If your ERP produces an invoice that doesn't meet the hash-chain or QR-code requirements, the fine can land on you — not on your customer.
This is stricter than the liability model in most EU mandates. In Belgium, Poland, and France, penalties flow to the business that issued the invoice, not the software vendor. Spain is the first mandate where vendor-level liability is explicitly codified.
What ERP Vendors Should Do Now
The October 2027 deadline sounds distant. It isn't. For vendors serving the Spanish market, the engineering work breaks into four tracks:
1. Facturae Support
If your ERP doesn't already generate Facturae XML (the format required for FACe B2G invoicing since 2015), start here. Facturae 3.2.2 is the current version, and the EN 16931-aligned updates are expected to publish alongside the final Ministerial Order. Don't wait for the final version — build against 3.2.2 and refactor the EN 16931 alignment fields when the updated schema lands.
2. VERI*FACTU Certification
This is the longer engineering project. You need:
- A tamper-evident invoice log with cryptographic hash chaining.
- QR code generation on every invoice, including the verification URL format specified by the AEAT.
- Real-time submission capability to the AEAT API, even if the customer operates in offline mode.
- Secure key management for the digital signatures.
The specification document is the Orden HAC/1177/2024 (published under the earlier Verifactu rules) with updates under the 2026 Ministerial Order. Budget 3–6 months of engineering work if you are starting from zero.
3. AEAT Copia Fiel Integration
Every B2B invoice issued via a private platform must also be submitted as a copia fiel to the AEAT central platform. The technical specification is still in draft, but the AEAT has signaled an API-based submission model. Watch the AEAT developer portal over the next quarter.
4. SII Routing Logic
Your software needs to know whether a given customer is already SII-registered and route accordingly. SII users skip VERI*FACTU; everyone else is in scope. Build this as a customer-level configuration flag, not a hardcoded behavior.
Where Invoice Navigator Fits
Spain's mandate is one of the more complex in the EU — dual platform model, four accepted formats, separate VERI*FACTU regime, software-vendor-level liability. Multiply that by the other six mandates that are already live or landing in the next 18 months (Belgium, Poland, France, Germany, Italy, Romania) and the compliance surface for a multi-country ERP is substantial.
Invoice Navigator operates at the compliance safety layer: format validation against EN 16931 and national business rules, cross-country routing logic, and continuous regression testing against evolving schemas. We don't replace your issuing platform or your Peppol access point — we sit between your ERP and the outbound channel, catching validation failures before they reach the AEAT or the recipient.
If you are planning your Spain compliance build, see our Countries coverage for the current state of supported validation rules, or the Developers guide for integration patterns.
FAQ
When does Spain's B2B e-invoicing mandate start?
October 1, 2027, for companies with annual turnover above €8 million. October 1, 2028, for all remaining businesses and self-employed professionals. These dates are from the draft Ministerial Order published April 17, 2026, for public consultation. The rule trigger date is October 1, 2026, when the regulatory framework takes effect.
What is Royal Decree 238/2026?
Royal Decree 238/2026, published on March 31, 2026, is the implementing regulation for Spain's B2B e-invoicing mandate under the Ley Crea y Crece framework. It mandates structured e-invoices for domestic B2B transactions, defines the dual platform model (private platforms plus a central AEAT platform), and establishes invoice status reporting requirements. Technical specifications are delegated to a forthcoming Ministerial Order.
What invoice formats are accepted in Spain under the B2B mandate?
Four formats are accepted, all of which must satisfy EN 16931: Facturae (Spain's national XML format), UBL 2.1 (used by Peppol BIS 3.0), UN/CEFACT Cross-Industry Invoice (the format underlying ZUGFeRD and Factur-X), and EDIFACT. In practice, Facturae and UBL 2.1 will dominate.
How is VERI*FACTU different from the B2B e-invoicing mandate?
VERIFACTU governs how invoicing software produces and records invoices — hash chaining, QR codes, tamper-evident logs, optional real-time transmission. Ley Crea y Crece B2B e-invoicing governs the structured exchange of invoices between businesses. They are separate obligations with separate activation dates. VERIFACTU applies from January 2027 (corporates) and July 2027 (others); B2B e-invoicing applies from October 2027 (>€8M turnover) and October 2028 (everyone else). Companies already reporting through SII are exempt from VERI*FACTU.
Are ERP software vendors liable under Spain's new rules?
Yes. VERI*FACTU introduces a software-vendor-level penalty of up to €150,000 for supplying non-compliant invoicing systems. This is stricter than the liability model in Belgium, France, or Poland, where fines flow to the issuing business. If your ERP produces an invoice that doesn't meet the hash-chain, QR code, or secure logging requirements, the liability can land on you as the vendor.
What about Basque Country and Navarra?
Both regions have their own fiscal jurisdiction and operate TicketBAI (and related regional systems) instead of the national Verifactu and Ley Crea y Crece regimes. If your customer operates in those regions, you need separate compliance work for TicketBAI — the national mandate does not apply there.
Is cross-border invoicing covered?
No. The domestic mandate covers B2B transactions between Spanish-established parties. Cross-border invoicing to foreign entities is outside the scope of Royal Decree 238/2026. ViDA Pillar 1 will introduce EU-wide cross-border digital reporting requirements from July 2030, but the Spanish domestic mandate does not preempt that framework.
Sources: VATupdate — Spain briefing document (April 18, 2026), Marosa — Verifactu 2026 guide, AEAT official communications, Royal Decree 238/2026 (BOE, March 31, 2026), Draft Ministerial Order published for public consultation April 17, 2026.
Check Your Compliance Status
Find out exactly what your business needs to do for e-invoicing compliance.
Use Obligation Finder