SII and VeriFactu in Spain: How to automate compliance

Spain’s tax environment now requires businesses to operate in near real time. Two systems sit at the centre of this shift: Suministro Inmediato de Información (SII) for VAT ledger reporting and VeriFactu for certified invoicing.

These are not separate compliance obligations. They’re interconnected. SII focuses on transmitting transaction-level VAT data to the Spanish Tax Agency (AEAT), while VeriFactu ensures that invoices themselves are generated, stored, and corrected within compliant, traceable systems.

The challenge for finance teams is that both systems impose strict timelines, structured data requirements, and increasing audit visibility. Manual processes — spreadsheets, batch uploads, and post-period corrections — create risk as invoice volumes grow.

It’s essential to understand how SII and VeriFactu work, who must comply, key deadlines, and the technical requirements involved. It’s also key to understand how automation can enable finance teams to meet both obligations consistently.

• SII and VeriFactu are interconnected, not separate. SII governs real-time VAT reporting, while VeriFactu governs invoice integrity.

• Manual processes do not scale for real-time compliance. As invoice volume and system complexity increase, spreadsheets and batch uploads lead to errors, missed deadlines, and audit risk.

• Compliance is now system-driven, not just process-driven. VeriFactu requires certified invoicing software, meaning compliance depends on how invoices are generated and controlled at source.

• Automation is the only scalable solution. Real-time data validation, API submission, and continuous monitoring reduce penalty risk and ensure consistent compliance across both SII and VeriFactu.

SII is Spain’s real-time VAT reporting system operated by AEAT. It requires businesses to submit detailed invoice data electronically, creating near real-time visibility into transactional activity.

Unlike traditional value-added tax (VAT) reporting, SII does not replace periodic VAT returns. Instead, it supplements them. Businesses must still file VAT returns, but they must also transmit transaction-level data for each invoice within a defined timeframe.

Under SII, most invoice records must be submitted within four calendar days of issuance or receipt. This significantly reduces the window for validation and correction, shifting compliance from month-end reconciliation to continuous reporting. The system applies to several VAT ledgers, including:

• Issued invoices

• Received invoices

• Investment assets

• Intra-EU transactions

Each submission must follow a structured XML format and include accurate data such as counterparty details, VAT rates, taxable base, quota, and transaction dates.

Because SII operates continuously, compliance depends on data accuracy at source. Errors are identified quickly, and corrections must be handled within the reporting flow — not after the fact.

VeriFactu is Spain’s certified invoicing framework. While SII focuses on reporting VAT ledger data, VeriFactu governs how invoices are created, stored, and controlled within compliant systems.

The key difference is scope. SII is about what data is reported to AEAT. VeriFactu is about how invoice data is generated and managed before it is reported.

Under VeriFactu, invoicing systems must ensure integrity and traceability. This includes generating invoices with:

• A unique hash chain linking each invoice to the previous one

• A QR code containing key transaction data

• Structured records that cannot be altered without detection

In practice, this means invoice data must be created within software that meets AEAT’s certification requirements. Manual edits, spreadsheet-based invoicing, or disconnected systems create compliance risk.

It’s no longer sufficient for finance teams to correct errors after invoices are issued. Systems must ensure that invoices are compliant at the point of creation.

SII applies to businesses that meet certain thresholds or fall within defined VAT regimes. This includes large taxpayers with annual turnover exceeding €6 million, as well as companies registered in special VAT frameworks. In scope are:

• Large businesses exceeding the €6M turnover threshold

• VAT groups registered in Spain

• Companies enrolled in REDEME (the Monthly VAT Refund Register)

• Foreign businesses with a Spanish VAT number that meet the same criteria

For these organisations, SII is already part of day-to-day compliance. Invoice data must be submitted continuously within the four-day window, rather than being reviewed only at period-end. Systems must support real-time data extraction, validation, and submission, often across multiple business units or regions.

For foreign companies registered for VAT in Spain, SII obligations apply in the same way as for domestic businesses once thresholds are met. Cross-border operations do not reduce reporting requirements.

VeriFactu has a broader scope than SII. While SII applies to specific categories of taxpayers, VeriFactu is intended to apply to all businesses and self-employed individuals (autónomos) that issue invoices in Spain. This includes Spanish companies subject to corporate tax, self-employed individuals issuing invoices, and foreign businesses with a Spanish VAT registration that invoice locally.

The key requirement is not linked to turnover thresholds. Instead, it is tied to the use of invoicing systems.

Under VeriFactu, any software used to issue invoices must meet AEAT certification requirements. This means it must generate compliant records, maintain traceability through hash chaining, and prevent undetected alterations.

Non-certified software creates direct compliance risk. Businesses cannot rely on manual invoicing processes, spreadsheets, or legacy systems that do not meet these technical standards.

SII has been in force since July 2017 and is already mandatory for applicable businesses. There is no transition period for these organisations — compliance is ongoing and continuous.

Under SII, invoice data must generally be submitted within four calendar days of issuance or receipt. This rolling deadline applies throughout the reporting period, not just at month-end, which requires consistent monitoring and timely submission processes.

VeriFactu follows a phased implementation timeline. Larger businesses are expected to comply first, with SMEs following in subsequent stages. Exact deadlines continue to evolve, and businesses should confirm the latest requirements directly with AEAT before implementation.

The key takeaway for finance teams is that SII is already operational, while VeriFactu is imminent. Together, they create a continuous compliance environment where both reporting and invoicing systems must operate in near real time.

SII and VeriFactu are not just reporting obligations, but system requirements.

For SII, businesses must be able to connect to AEAT web services and submit VAT ledger data in a structured XML format. This requires systems that can extract invoice data from ERP or billing platforms, transform it into the required format, and transmit it within the four-day window.

Error handling is a core requirement. Systems must be able to interpret AEAT responses, identify rejected or “accepted with errors” records, and trigger correction workflows. Without this, errors accumulate and create ongoing compliance risk.

VeriFactu introduces additional technical requirements at the point of invoice creation. Invoicing systems must:

• Generate certified invoice records

• Apply hash chaining to ensure integrity

• Include QR codes on invoices

• Prevent undetected modification of records

• Maintain a traceable audit trail of all changes

These requirements mean that invoicing is no longer just a finance process, but a system-controlled activity subject to audit scrutiny. For many organisations, legacy ERP or billing systems cannot meet these requirements alone. They may lack real-time connectivity, structured validation, or certified invoice-generation capabilities.

Most SII and VeriFactu issues do not stem from misunderstanding the rules. They arise from operational gaps in how data is captured, validated, and submitted.

One of the most common errors is late submission of invoice records under SII. The four-day window is often missed due to batch processing, manual workflows, or delays in accounts payable. This creates immediate penalty exposure and increases scrutiny.

Incorrect ledger classification is another frequent issue. Misclassifying transactions — for example, treating intra-EU operations or investment assets incorrectly — leads to inconsistencies between reported data and VAT returns.

VeriFactu introduces a different risk. Using non-certified invoicing software or relying on manual invoice-generation methods can create direct legal liability. Compliance depends on the system, not just the output.

Data formatting errors are also common. Incomplete or incorrectly structured XML submissions can lead to rejected records or “accepted with errors” responses, which require follow-up and correction.

Finally, many businesses struggle to manage corrections and credit notes in real time. Adjustments are often handled after submission, creating discrepancies that must be reconciled across systems.

These issues are often interconnected. A single data inconsistency can lead to multiple downstream errors across reporting, reconciliation, and audit processes. Avoiding these issues requires moving validation upstream — ensuring data is correct before submission, not after.

Manual processes cannot support real-time compliance at scale. The combination of continuous reporting, strict deadlines, and system-level invoicing requirements creates an automation gap.

Automation bridges that gap by embedding validation, submission, and monitoring into everyday operations.

At a practical level, an automated solution must connect directly to ERP and billing systems to extract invoice data in real time. That data must be validated before submission — checking VAT IDs, tax treatment, required fields, and formatting — to reduce rejection rates and “accepted with errors” exposure.

Once validated, data must be transmitted to AEAT through API connections, with full visibility into submission status. This includes tracking accepted, rejected, and pending records, and triggering correction workflows automatically when issues arise.

For VeriFactu, automation must extend further upstream. Invoice records must be generated in a structured format, with hash chaining and QR codes applied automatically. Systems must ensure that all invoice events are traceable and cannot be altered without detection.

Equally important is monitoring. Dashboards should provide real-time visibility into compliance performance — including submission timeliness, error rates, and backlog — allowing finance teams to act before issues escalate.

Avalara supports businesses operating in Spain by providing a unified compliance layer that integrates with existing ERP and billing systems. This enables real-time data extraction, prevalidation, automated submission to AEAT, and continuous monitoring, while also supporting certified e-invoicing workflows aligned with VeriFactu requirements.

The result is a shift from reactive correction to controlled, scalable compliance — allowing finance teams to reduce risk without increasing operational complexity.

If your organisation is approaching the limits of manual processes, speak with Avalara to evaluate how automation can support both SII and VeriFactu obligations.

Is SII the same as VeriFactu?
No. SII is a VAT reporting system that requires businesses to submit transaction-level ledger data to AEAT in near real time. VeriFactu is an invoicing framework that governs how invoices are generated, stored, and controlled to ensure integrity and traceability.

Do foreign companies with Spanish VAT need to comply with SII?
Yes. If a foreign business has a Spanish VAT registration and meets the relevant thresholds — such as turnover above €6 million or inclusion in specific VAT regimes — it must comply with SII in the same way as a domestic company.

What happens if I miss the SII submission window?
Late submissions can result in financial penalties and increased scrutiny from AEAT. Repeated delays may also signal weak internal controls, increasing audit risk.

Can my existing accounting software handle VeriFactu?
Only if it meets AEAT certification requirements. Many legacy systems do not support the necessary controls, such as hash chaining, QR code generation, and immutable record keeping. In these cases, a compliance layer or dedicated solution is typically required.