What Is an EGS?
An E-Invoice Generation Solution (EGS) is the software system — whether an ERP, a standalone billing application, a point-of-sale system, or a purpose-built e-invoicing platform — that generates, applies security features to, stores, and transmits electronic invoices. In Phase 2, it must also connect to ZATCA’s FATOORA platform via API for clearance and reporting.
A single business may have multiple EGS units. Each cash register that independently generates and stamps invoices is a separate unit. A billing server generating invoices for all branches is one unit. Identifying your units correctly is the first step in any Phase 2 implementation — because each unit requires its own CSID, and one CSID shared across multiple units is a compliance failure.
Mandatory Technical Capabilities
| Capability | What It Means in Practice |
|---|---|
| XML invoice generation (UBL 2.1) | Invoices must be in structured XML conforming to ZATCA’s XML Implementation Standard. Field names, encoding, and structure must match precisely — FATOORA validates against it. |
| UUID generation per invoice | Each invoice must carry a UUID — a 128-bit unique identifier. No two invoices from any EGS unit should ever share a UUID. |
| Cryptographic stamp application (ECDSA) | The EGS must digitally sign every invoice using ECDSA with the private key associated with its CSID. This makes invoices tamper-evident: modification after stamping is mathematically detectable. |
| Previous Invoice Hash (PIH) embedding | Each invoice must contain a SHA-256 hash of the immediately preceding invoice, creating a tamper-evident chain. A break in the chain is detectable by FATOORA. |
| Invoice counter (tamper-proof) | A sequential, non-resettable counter incrementing with every invoice. The value is embedded in the invoice and QR code. |
| 9-field TLV QR code (Phase 2) | Machine-readable QR in TLV base64 format containing: seller name, VAT number, invoice date/time, total with VAT, VAT total, invoice hash, cryptographic stamp, CSID, and previous invoice hash. |
| FATOORA API connectivity | The EGS must connect to FATOORA’s REST-based API endpoints for clearance (Tax Invoices) and reporting (Simplified Tax Invoices). |
The Cryptographic Stamp — Why It Matters
The cryptographic stamp is a digital signature using ECDSA applied to a hash of the invoice content using the private key stored in your EGS and associated with your CSID. Anyone in possession of the invoice — a buyer, ZATCA, an auditor — can verify the stamp by checking it against the public key in the CSID. If the invoice content has been modified after stamping, verification fails. This is what makes the invoice genuinely tamper-evident: not just a software prohibition on modification, but cryptographic proof that any modification is detectable.
The E-Invoicing Resolution explicitly prohibits the EGS from providing an option to export the cryptographic stamp private key. It must remain in the system that uses it. A solution that allows private key export — for backup, for migration, for any reason — is non-compliant. If migrating to a new system, the process involves revoking the old CSID and obtaining a new one for the new unit, not transferring the key.
Prohibited Functionalities
| Prohibited Function | Why It Matters |
|---|---|
| Anonymous access / default password operation | Every user action must be attributable to a specific identified user. Anonymous or default-credential access makes the audit trail unreliable. |
| Invoice alteration or deletion after generation | Once generated, an invoice is immutable. Corrections are via credit note. Any system permitting edit or delete of a generated invoice destroys record integrity. |
| Log modification or deletion | System activity logs must be immutable. No staff member can alter or erase entries. |
| Inaccurate timestamp generation | Users cannot change system date to backdate or forward-date invoices. |
| Invoice counter reset | The sequential counter must be permanent. No reset on year-end, update, or system restart. |
| Multiple invoice sequences from one unit | Each EGS unit must maintain a single, continuous hash chain. Parallel sequences break the integrity ZATCA audits verify. |
| Export of cryptographic stamp private key | The private signing key must remain secured within the EGS. Exportable keys undermine the entire trust model. |
The existence of a prohibited functionality makes your EGS non-compliant — regardless of whether it has ever been used. A system that allows invoice deletion but where no deletion has occurred is still non-compliant. ZATCA’s test is capability. Review your system configuration against this list explicitly, not by assumption.
Onboarding and the CSID Lifecycle
Before any Phase 2 invoice can be generated, your EGS unit must be registered with FATOORA and issued a CSID. The process: access the FATOORA portal using ERAD credentials → generate an OTP for each unit → enter the OTP into the EGS → receive the CSID → accept ZATCA’s subscriber agreement → test in ZATCA’s sandbox before going live.
CSIDs have a validity period and must be renewed before expiry. A lapsed CSID means your EGS can no longer apply a valid cryptographic stamp — every invoice it produces after expiry is non-compliant. Monitor CSID expiry dates and schedule renewal at least 30 days in advance. This is an active compliance task, not an automated one.
ZATCA provides three testing resources: a sandbox environment mirroring the live FATOORA platform, an SDK for offline testing of invoice generation and cryptographic features, and a web-based validator for checking individual invoices. Use all three before go-live — sandbox for end-to-end integration testing, SDK for unit-level feature testing, validator for spot-checking specific configurations.
Choosing or Upgrading Your Solution
When assessing whether your existing system is Phase 2 compliant, ask your vendor specifically: which software version added Phase 2 ZATCA compliance? Does it support XML UBL 2.1, CSID management, FATOORA API integration, clearance, and reporting? Has it been declared or verified compliant by ZATCA?
- Do not confuse Phase 1 compliance with Phase 2. Many systems certified as e-invoicing compliant in 2021 have not been updated for Phase 2. The vendor’s “ZATCA compliant” badge on its website may be a Phase 1 certification. Ask explicitly for Phase 2.
- Confirmed software compliance is not confirmed deployment compliance. A compliant software version incorrectly configured — wrong field mapping, CSID associated with the wrong unit, clearance not triggered for Tax Invoices — is not compliant in production.
- Test with realistic invoice samples. FATOORA imposes a maximum submission size (~10MB). Invoices with large numbers of line items can approach this limit. Test with typical invoice volumes, not just minimal test cases.
Frequently Asked Questions
- “Supports e-invoicing” is not the same as “Phase 2 compliant.” Always confirm the specific Phase 2 capabilities — XML UBL 2.1, CSID management, cryptographic stamping, FATOORA API integration — with your vendor in writing, with a specific software version reference.
- Your EGS unit count determines your CSID count. Map your invoice generation architecture before starting onboarding. One CSID across multiple units is a compliance failure from day one.
- Prohibited functionalities are capability tests, not usage tests. A system that allows invoice deletion — even if no one has ever deleted one — is non-compliant. Review your system configuration against the prohibited functions list explicitly.
- CSIDs expire. Add expiry dates to your compliance calendar and schedule renewal at least 30 days in advance. Invoices generated after CSID expiry are non-compliant from that moment.
- ZATCA’s sandbox is your primary risk management tool. Test every clearance scenario, rejection and resubmission workflow, and PIH mismatch edge case before processing a single live transaction.
Also in this series
This article reflects ZATCA’s E-Invoicing Regulation (December 2020) and the Controls, Requirements, Technical Specifications and Procedural Rules Resolution (May 2023). For informational purposes only — not legal or tax advice. Confirm with zatca.gov.sa or a qualified Saudi tax advisor. dariba.co is an independent platform.