What Verifactu actually is
Verifactu is the verification system the Spanish tax agency (AEAT) requires from any software that issues invoices in Spain, regulated by Royal Decree 1007/2023. In practice: your program electronically signs every invoice, chains it to the previous one with a SHA-256 hash, and produces a QR code anyone can scan to validate the invoice against the tax agency.
The important bit: it is not optional. From the mandatory dates, pretty PDFs from Word, Excel or a homemade template won't cut it. Your software has to be Verifactu-compatible, and you — the professional — are responsible for making sure it is. Not the tax agency, not your accountant. You.
What Verifactu guarantees
The three principles your invoicing system must satisfy.
Tamper-proof
Every invoice is electronically signed and stored in a record that can't be modified after the fact. If someone tries to edit an issued invoice, the chain breaks and it becomes detectable.
Traceable
Every invoice carries a SHA-256 hash linking it to the previous one. It's a chain: you can't delete one in the middle without breaking the entire history.
Verifiable
Every invoice ships with a unique QR code. Your customer (or a tax agency inspector) scans it, hits the AEAT, and confirms instantly that the invoice exists and is legitimate.
Key dates you can't miss
After the official delay published in the BOE, these are the dates currently in force.
Companies (SL, SA, co-ops)
Every legal entity subject to Spanish corporate tax must invoice through a Verifactu system. This includes joint ventures and entities without independent legal personality that issue invoices.
Freelancers (self-employed individuals)
Self-employed professionals under direct estimation (standard or simplified) must comply with Verifactu. Those under the flat-rate regime (módulos) remain exempt as long as they stay in that regime.
Software manufacturers
Invoicing software manufacturers already had to make their systems Verifactu-compatible by this date. That's why BeeL. already complies — and why any provider that still doesn't is out of compliance.
What your software must do
The minimum requirements from RD 1007/2023. If your software is missing one, it's no longer legal.
Electronic signature
Automatic signature of the invoicing record on every operation, generated by the software and verifiable by the tax agency.
Chained SHA-256 hash
Each invoice contains a hash linking it to the previous one. The full chain is impossible to alter without detection.
Tax-agency QR code
A unique QR code on every invoice so anyone (your customer, an inspector) can instantly verify that the invoice is registered.
Manufacturer declaration
The software manufacturer must file a compliance declaration with the tax agency, committing to regulatory compliance.
What you can no longer do
From the mandatory date, these practices become illegal — even though you've been doing them for decades.
Invoice with Word or Excel
Homemade templates are out. A hand-built PDF isn't traceable or verifiable, so the tax agency won't accept it as a legal invoice.
Use uncertified software
Even if that program is "the one you've always used", if its manufacturer hasn't filed a compliance declaration, you're the one who's out of compliance.
Paper invoice books
Handwritten or mechanical-book invoices are no longer valid. You have to issue them from a certified electronic system.
Edit issued invoices
If you made a mistake, issue a corrective invoice. Editing an invoice that's already been registered breaks the chained hash and is detectable.
Frequently asked questions
The most common questions about mandatory Verifactu.