How do you know if a program complies? Is there an official certification? What should you demand from your provider? We give you the keys to choosing well.
Verifactu does not require external certification. The manufacturer issues a responsible declaration certifying compliance. If a software claims to comply but does not, the manufacturer faces penalties of 150,000 euros.
RD 1007/2023 establishes the technical requirements that all invoicing software must meet. For each invoice issued, the software must automatically generate a record with all tax data, simultaneously or immediately before issuance. Each record must include a SHA-256 digital fingerprint that guarantees data integrity, and the fingerprint of each record includes that of the previous one, creating an unbroken chain that prevents deleting or inserting records.
All invoices must include a QR code with an AEAT verification URL and the VERI*FACTU legend. Once a record is generated, it cannot be modified or deleted — corrections are made through corrective invoices. The manufacturer must issue and maintain a responsible declaration certifying compliance.
There are two operating modes. The VERI*FACTU mode (recommended) sends records in real time to the AEAT, does not require an electronic signature, and the AEAT itself stores the records. It is the simplest to implement and use.
The NO VERI*FACTU mode is more complex and demanding. Records are stored locally, it requires XAdES-EPES electronic signature, an event log and anomaly detection. It is technically more difficult and offers fewer advantages.
Before contracting or renewing your invoicing software, there are key questions you should ask your provider: whether they have the responsible declaration (if they cannot show it, be wary), which mode they operate in (VERI*FACTU is simpler and recommended), and whether submission to the AEAT is automatic (you should not have to send records manually).
You should also ask whether the QR code is generated automatically on all invoices without manual intervention, and whether Verifactu is included in the price or if they charge a supplement — some providers charge extra for this functionality.
There are several warning signs that should make you wary. If the provider cannot show you the responsible declaration, if they say they are working on it but give no specific date, if they charge a significant supplement for Verifactu, if they do not offer VERI*FACTU mode, or if they require you to manage digital certificates manually, look for another option.
CokuApp meets all technical requirements and operates in VERI*FACTU mode.