An electronic invoice is an electronic document that has the same content and legal consequences as a paper invoice; or a means of simplifying accounting processes. The directive lays down basic requirements for invoicing contracting authorities. A new European standard for electronic invoicing thought to be introduced in Europe, a semantic data model for electronic invoicing will be available. The aim of an electronic invoice is not only to create, send, transmit and receive, but also to fully automate the processing of invoices. This means that recipients must process invoices automatically and digitally based on structured data. An electronic invoice must meet the following conditions:
- The invoice recipient must agree to the electronic invoice
- It must be in an electronic format (such as pdf) to be issued, sent, received and processed
- Human readability is mandatory
- The authenticity of the origin must be guaranteed (i.e. by digital signature or internal control procedure)
the integrity of the invoice must be guaranteed
- All other invoice characteristics/mandatory information for the tax deduction must be available
- This is the responsibility of the invoice recipient and the issuer of the invoice to ensure this independently of each other in their disposal area.
The authenticity of the origin and the integrity of the content can be ensured by:
- A qualified electronic signature in accordance with the laws
- By means of electronic data exchange
- An internal control procedure which allows each registration to be traced back to its source in order to verify its accuracy
The core element of electronic invoices is a structured electronic format that enables the automatic processing of the document. THIS excludes PDF files, image documents and scanned paper invoices. The invoice must be issued and transmitted in the format, but a corresponding service provider can also be used. In addition to the obligation for electronic invoicing for entrepreneurs, regulations also regulate the obligation for public authorities to accept and process electronic invoices. Aspects of data security and data protection become relevant in electronic invoicing, provided that personal data are included in the e-invoice – which can usually be assumed. Because of the ever-increasing danger situation in the field of cybersecurity, such measures are essential to protect the confidentiality and integrity of the data and to act in compliance with data protection.
One possible measure is encryption, for example. This is a cryptographic method designed to restrict access by unauthorized persons. A distinction is made between transport encryption and end-to-end encryption. In transport encryption, the data is unencrypted at the sender and receiver. Only during the transfer process is the data encrypted.
However, they can be subject to unauthorized access by both the sender and receiver, such as a hacker attack. A higher level of security is provided by end-to-end encryption, in which the data is also encrypted at the sender and receiver. However, end-to-end encryption also has significant drawbacks: it is more expensive and requires prior coordination with the communication partners, as there are various technical standards here that are not compatible with each other.
Diagram credit and copyright : Oracle Corp
The need for encrypted communication and the degree of security to be applied is controversial among experts. However, there is agreement on the point that transport encryption has now established itself as a minimum standard and should therefore also be applied when documents containing personal data are transmitted electronically. Also, end-to-end encryption may also be required in case of increased protection requirements.