VeriFactu (officially VERI*FACTU) is Spain's mandatory electronic invoicing system, established by Royal Decree 1007/2023. It requires invoicing software to create a tamper-proof hash chain for every invoice and submit records in real time to the Spanish Tax Agency (AEAT).

Who must comply with VeriFactu?

All self-employed individuals (autónomos) and companies subject to Corporate Income Tax (IS) or Personal Income Tax (IRPF) in Spain's common territory must comply by 1 July 2027. Businesses in País Vasco and Navarra use different regional systems (TicketBAI and SuministroInmediato, respectively).

What is the deadline for VeriFactu compliance?

1 July 2027, established by Royal Decree-law 15/2025. This is the final deadline for both autónomos and companies. Earlier dates from previous regulations were replaced by this consolidated deadline.

What are the fines for non-compliance?

Fines range from €1,000 to €50,000 depending on the severity and duration of non-compliance. Using non-compliant invoicing software is itself a sanctionable infraction under the General Tax Law (Ley 58/2003).

Does VeriFactu apply to the Canary Islands, País Vasco or Navarra?

No. VeriFactu applies to Spain's common territory only. País Vasco and Álava use TicketBAI. Navarra has its own system. The Canary Islands use IGIC (a different VAT regime) and are also out of scope. Ceuta and Melilla use IPSI.

What is VeriFactu: the complete guide for autónomos in Spain (2027)

Last updated: 15 May 2026 · Regulation: Royal Decree 1007/2023, Order HAC/1177/2024, Royal Decree-law 15/2025

What is VeriFactu?

VeriFactu (officially written VERI*FACTU) is Spain's mandatory electronic invoicing system for businesses and self-employed individuals. Established by Royal Decree 1007/2023 (the SIF Regulation — Sistemas Informáticos de Facturación), it requires all invoicing software to:

Generate a SHA-256 hash fingerprint for every invoice
Chain each invoice cryptographically to the previous one
Submit an invoice record to the AEAT (Spanish Tax Agency) in real time or near real time
Include an AEAT-verifiable QR code on every invoice

The result is a tamper-proof audit trail that makes invoice fraud technically impossible: altering any past invoice breaks the entire chain, and the AEAT detects it immediately.

VeriFactu is not a tax itself. It is a technical requirement for the software you use to issue invoices. Your invoicing software must be certified (technically: must comply with the SIF Regulation) — or you risk fines of up to €50,000.

Why does VeriFactu exist?

Spain's tax authority estimates that invoice fraud and tax evasion cost the state several billion euros annually. The black economy — invoices issued outside official channels, invoice alteration, duplicate invoicing — is particularly prevalent among small businesses and freelancers.

VeriFactu is the technical response. By requiring every invoice to be cryptographically linked to the previous one and submitted to the AEAT in real time, the government makes it effectively impossible to:

Issue an invoice and then modify or delete it
Run parallel off-the-books invoicing systems
Back-date or pre-date invoices undetected

The regulation also underpins Ley 11/2021 (anti-fraud law) and Ley Crea y Crece (the broader e-invoicing mandate for B2B transactions), which together form Spain's comprehensive push toward a fully auditable invoicing ecosystem.

Who must comply?

VeriFactu applies to:

All autónomos (self-employed) subject to IRPF (Personal Income Tax) in Spain's common territory
All companies subject to IS (Corporate Income Tax) in Spain's common territory
Any software developer or vendor whose invoicing software is used by the above

Exceptions and out-of-scope entities:

Territory	System	VeriFactu applies?
Spain common territory	VeriFactu (VERI*FACTU)	Yes
País Vasco (Álava, Bizkaia, Gipuzkoa)	TicketBAI	No
Navarra	SuministroInmediato	No
Canary Islands	IGIC regime	No
Ceuta & Melilla	IPSI regime	No

If you operate across both common territory and a foral territory (País Vasco or Navarra), you need separate compliance for each. VeriFactu covers your common-territory operations; TicketBAI or the Navarra equivalent covers the foral operations.

What is the deadline?

1 July 2027.

This date was established by Royal Decree-law 15/2025, which consolidated several earlier and conflicting deadlines. Previous regulations had set dates in 2024 and 2025 — these were superseded. The single, definitive deadline is now 1 July 2027 for all obligated entities.

There is no grace period after this date. From 1 July 2027, using non-compliant invoicing software is a sanctionable infraction.

What are the fines?

Non-compliance with VeriFactu falls under the infraction regime of Ley General Tributaria (Ley 58/2003):

Infraction	Fine range
Using non-compliant invoicing software	€1,000 – €50,000
Failing to submit invoice records to AEAT	Per-invoice penalties
Obstruction of AEAT inspection	Multipliers apply

The €50,000 ceiling applies to serious or persistent infractions. For a typical autónomo running non-compliant software, the practical range is €1,000–€10,000 per inspection cycle — before any additional penalties for the underlying tax irregularities that the non-compliant invoicing enabled.

How does the hash chain work?

This is the technical core of VeriFactu. Every invoice your software generates must include:

Its own SHA-256 fingerprint — a cryptographic hash of the invoice's key fields (invoice number, date, amount, tax ID, etc.)
The SHA-256 fingerprint of the previous invoice — creating the chain link
An AEAT-verifiable QR code — encoding a URL to the AEAT electronic office where the invoice can be verified

When invoice number 101 is generated, it contains the hash of invoice 100. Invoice 102 contains the hash of invoice 101. And so on. This means:

You cannot alter invoice 99 without changing its hash
Changing its hash breaks invoice 100, which referenced the old hash
Which breaks invoice 101, 102... — the entire chain from that point forward
The AEAT detects the chain break immediately on the next submission

This is why VeriFactu is described as making invoice fraud technically impossible, rather than just harder to get away with.

What invoice types are covered?

VeriFactu applies to all invoice types under Royal Decree 1619/2012 (the invoicing regulation):

Type	Description	VeriFactu required?
F1	Full invoice (standard)	Yes
F2	Simplified invoice (up to €3,000, no buyer details required)	Yes
R1	Corrective invoice — error in original	Yes
R2	Corrective invoice — insolvency proceedings	Yes
R3	Corrective invoice — bad debt recovery	Yes
R4	Corrective invoice — other legal causes	Yes
R5	Corrective invoice — simplified originals	Yes

There are no exemptions by invoice type. Rectificative (corrective) invoices are explicitly included.

What does compliant software need to do?

Under Order HAC/1177/2024 (the technical specifications order), compliant invoicing software must:

Implement the SHA-256 hash chain per the exact specification in Annex I
Submit records via SOAP web service to the AEAT in VERI*FACTU mode (real-time) or LROE mode (batch, for systems that need it)
Generate compliant QR codes linking to the AEAT verification URL
Support all F1/F2/R1–R5 invoice types
Validate tax IDs (NIF) before submission
Apply correct Spanish VAT rates (21%, 10%, 4%, 0%)
Preserve invoice records for the statutory retention period

Software that meets these requirements is called a SIF (Sistema Informático de Facturación). Vendors may file a Declaración Responsable with the AEAT, which results in their software being listed in the AEAT's public SIF registry.

How to choose compliant software

When evaluating invoicing software for VeriFactu compliance, ask:

1. Is the hash chain implementation documented? Ask to see the SHA-256 chain specification or the code. Compliant software should be able to show you exactly how it implements Article 8 of Royal Decree 1007/2023.

2. Does it submit to AEAT production — not just pre-production? Pre-production (the AEAT test environment) is a sandbox. Production is the live system. Ask for documented acknowledgement receipts (acuses de recibo) from the AEAT production endpoint, not pre-production.

3. What happens if AEAT goes down? The AEAT SOAP service has outages. Compliant software must queue and retry submissions automatically without losing invoice records. Ask about the retry and queuing mechanism.

4. Does it support all invoice types you issue? If you issue rectificative invoices (corrective), verify R1–R5 support explicitly.

5. What is the price structure? Some vendors charge per invoice. This creates perverse incentives and adds unpredictability. Flat-rate pricing (per month, regardless of volume) is simpler and more predictable for autónomos.

6. Is it open source? Open source compliance engines can be independently audited. Closed-source vendors require you to trust their claims without verification.

VeriFacturas: what we do

VeriFacturas implements all of the above. Specifically:

SHA-256 hash chain per RD 1007/2023, Art. 8 — every invoice cryptographically linked
Real-time SOAP submission to AEAT production (not pre-production) — with automatic retry
AEAT-verifiable QR code on every invoice per Order HAC/1177/2024
All invoice types: F1, F2, R1–R5
Spanish VAT rates: 21%, 10%, 4%, 0% — validated on issue
Flat rate: €9/month for autónomos, regardless of invoice volume
30-day free trial, no credit card required

We are tested against the AEAT production environment (not a sandbox) and can show you documented acknowledgement receipts before you pay.

VeriFacturas for autónomos in Spain → See the autónomo solution →

Frequently asked questions

Does VeriFactu apply to B2B invoices only?

No. VeriFactu applies to all invoices you issue — B2B, B2C, and B2G (government). The regulation covers all invoices subject to IRPF or IS obligations, regardless of who the buyer is.

I am a foreign autónomo in Spain. Does VeriFactu apply to me?

If you are registered as an autónomo in Spain and your fiscal residence is in Spain's common territory, yes — VeriFactu applies to you regardless of your nationality. The obligation follows the fiscal registration, not citizenship.

My accountant handles my invoices. Do I still need to comply?

Your invoicing software must be compliant, regardless of who operates it. If your accountant (gestor) issues invoices on your behalf using their software, that software must comply. Confirm with your gestor that their platform will be VeriFactu-compliant before 1 July 2027.

Can I keep issuing PDF invoices?

You can still issue PDFs — VeriFactu does not mandate a specific format for the invoice document sent to your client. What it mandates is that the underlying software that generates the invoice must implement the hash chain and submit the record to AEAT. Your client can still receive a PDF; the compliance happens behind the scenes.

What about the B2B e-invoicing mandate (Ley Crea y Crece)?

Ley Crea y Crece (Ley 18/2022) mandates structured e-invoicing (Factura-e) for B2B transactions above certain thresholds. This is a separate obligation from VeriFactu, with its own deadlines and technical requirements. VeriFactu compliance does not automatically satisfy Ley Crea y Crece compliance, and vice versa. Most autónomos will need to address both.

This guide is authored by Uri Harel, founder of VeriFacturas and Vida Verda 2023, S.L.U. For regional regimes — País Vasco (TicketBAI), Navarra, Canary Islands (IGIC) and Ceuta/Melilla (IPSI) — see the regional regimes guide (coming soon). Regulation references: Royal Decree 1007/2023, Order HAC/1177/2024, Royal Decree-law 15/2025, Royal Decree 1619/2012, Ley 58/2003, Ley 18/2022, Ley 11/2021.

This guide is authored by Uri Harel, Fundador y Director. For regional regimes — País Vasco (TicketBAI), Navarra, Canary Islands (IGIC) and Ceuta/Melilla (IPSI) — see the regional regimes guide (coming soon).