fiskaly.

Crea y Crece Law: B2B e-invoicing technical requirements

Camille Mendonรงa, Fiscalization Expert Spain
Camille MendonรงaFiscalization Expert Spain
6 min read

Royal Decree 238/2026, dated 25 March, has been published. It establishes the legal framework for electronic invoicing between businesses and professionals, as well as the requirements for exchange platforms, under the Ley Crea y Crece.

With this step, B2B e-invoicing moves from a general concept to a concrete technical framework, with direct impact on businesses and their processes, as well as on developers and billing software providers, who will bear the technical responsibility of adapting their systems.

This article summarises, in plain terms, what this Royal Decree means, what technical requirements it introduces, and what comes next.

What does this Royal Decree regulate?

This Royal Decree develops the Ley Crea y Crece framework, defining the technical obligations for issuing and receiving invoices between businesses and professionals in Spain. It covers interoperability conditions, requirements for exchange platforms, traceability and the status workflow associated with each invoice, and their storage and accessibility.

The ultimate goal is to build an ecosystem where B2B invoicing is digital, traceable, and verifiable.

What are the expected timelines for the regulation to take effect?

The effective application of the obligations is tied to the publication of a Ministerial Order that will regulate the AEAT's public e-invoicing solution. From that Order:

  • +12 months: mandatory for companies with annual turnover above 8 million euros.
  • +24 months: mandatory for all other businesses and professionals.

Additionally, during the first 12 months after the regulation takes effect for the first group, electronic invoices must be accompanied by a readable PDF, unless the recipient explicitly agrees to receive them in structured format only.

If the Ministerial Order is published between June and July 2026, as current timelines suggest, the obligation for large companies would kick in around mid-2027. That same period coincides with the Verifactu compliance deadline for self-employed individuals, which would concentrate two major regulatory milestones within a very tight window.

In a context where several regulations are converging, getting ahead of the curve will be critical to avoid technical bottlenecks, both for developers who need to adapt their systems and for businesses that depend on their software providers to meet both obligations.

Key technical requirements of B2B e-invoicing

The Royal Decree specifies the technical requirements of the Ley Crea y Crece that billing software and systems must meet.

Structured and interoperable formats

Invoices must be issued in structured electronic format, aligned with the EN16931 semantic model of the European Committee for Standardisation. The accepted formats are:

  • UBL (Universal Business Language) - Reference format for the public system
  • CII (Cross-Industry Invoice, CEFACT/UN)
  • EDIFACT
  • Facturae

Messages in Peppol BIS format are also valid on private platforms, as they use UBL syntax aligned with EN16931.

What does this mean in practice? That issuing a PDF is no longer enough: software must generate and process these formats natively.

Integrity, authenticity, and electronic signature

All invoices issued through private platforms must be signed with an advanced electronic signature, either directly by the issuer or through authorised delegated signing, in accordance with the eIDAS Regulation (EU 910/2014). When using the AEAT's public solution, integrity is guaranteed by the procedures the Agency itself establishes.

Unique identification code

Each electronic invoice must include a unique code combining the issuer's tax ID (NIF), the invoice number and series, and the date of issue.

Interoperability and faithful copy to the public solution

Platforms or software that do not use the public solution to issue invoices are required to simultaneously submit an accurate electronic copy of each invoice in UBL syntax to that public solution. This directly affects any private exchange platform: it must connect with the AEAT and convert formats while preserving the authenticity and integrity of the document.

Mandatory invoice lifecycle statuses

The regulation introduces invoice statuses that must be communicated:

  • Commercial acceptance or rejection of the invoice (and its date)
  • Full effective payment and its effective date

The payment date is recorded at the moment the supplier actually receives payment, not when a financial advance mechanism is made available. There is a maximum period of 4 calendar days (excluding Saturdays, Sundays, and national public holidays) to communicate each status.

On a voluntary basis, additional statuses can also be reported, such as partial acceptance, partial payment, or assignment of the invoice to a third party.

Storage, access, and readability

Invoices must be stored with legal guarantees and be available for download by both the issuer and the recipient. The public solution will provide streamlined download mechanisms, both manual and automated.

Direct impact of the Ley Crea y Crece for developers and billing software providers

If you develop billing software, ERP, or POS systems, Royal Decree 238/2026 introduces specific technical obligations that go beyond generating an XML file. Here are the most direct impacts:

  • Mandatory multi-format support: your software must be able to generate and convert invoices in UBL, CII, EDIFACT, and Facturae, ensuring that conversion does not break the integrity or authenticity of the original document.
  • Connection to the AEAT public solution: if you operate as a private exchange platform, you must be able to connect with the AEAT to submit faithful copies of invoices in UBL, and do so simultaneously with issuance.
  • Mandatory interconnection with other platforms: at a client's request, your platform must interconnect with any other private platform within the Spanish system within a maximum of one month, at no cost to the requesting platform.
  • Invoice status management: the software must implement the status workflow (accepted/rejected, paid) and communicate statuses within the established deadlines, both to the issuer and to the public solution.
  • Certified security requirements (ISO 27001): private platforms must meet specific security, continuity, and data governance requirements, including ISO 27001 certification or equivalent.
  • Secure transmission protocol: the exchange of information must use AS2 or AS4 protocols.

This Royal Decree leaves a clear message for the market: if you develop billing software, your product must be structurally ready for B2B e-invoicing, not treat it as an add-on. And this is where the big risk of 2026 lies: building point solutions without accounting for coexistence with Verifactu, NaTicket, or TicketBAI.

How will the Ley Crea y Crece affect businesses in their day-to-day operations?

For businesses, B2B e-invoicing is not just a format change. It affects how everyday commercial relationships are managed:

  • Obligation to issue and receive structured electronic invoices: tacit agreements or exchanging PDFs by email will no longer be sufficient. Every invoice between businesses and professionals must be issued, transmitted, and received in structured electronic format.
  • Active communication of payment status: the recipient of each invoice has a legal obligation to report acceptance or rejection, and full effective payment, within 4 calendar days. This means integrating these workflows into internal accounts payable and treasury processes.
  • Public entry point by default: if a business has not explicitly agreed with its suppliers to receive invoices through a private platform, its default entry point will automatically be the AEAT's public solution. Businesses must actively decide how they want to receive their invoices and communicate that preference.
  • Traceability of payment cycles: the AEAT will have access to payment data for all electronic invoices. This information will be used to monitor payment terms and compile an annual list of companies that fail to comply with late payment regulations (Law 3/2004). The reputational impact and implications for access to public subsidies could be significant.
  • Transitional period with mandatory PDF: companies with turnover above 8 million euros will be required to accompany their electronic invoices with a readable PDF during the first 12 months, unless there is an explicit agreement to the contrary.

The importance of ISO 27001 certification under the Ley Crea y Crece requirements

Royal Decree 238/2026 does not leave security to each provider's discretion: ISO 27001 certification is an explicit requirement for operating as a private exchange platform within the Spanish e-invoicing system.

This has direct implications for the software market:

  • Any company wishing to operate as an intermediary in the Spanish B2B system must demonstrate that its information security management system meets this standard.
  • Platforms must have a business continuity plan appropriate to the volume of invoices they manage, and guarantee service availability and support at all times.

In practice, this means developers and software providers that are not ISO 27001 certified will be excluded from the regulated market. Certification is not a differentiator: it is a baseline requirement.

fiskaly: a B2B e-invoicing API for Spain, built to work alongside fiscal regulations

This Royal Decree leaves a clear implication for the market: if you develop billing software, ERP, or POS systems, your product must be structurally ready for B2B e-invoicing, not treat it as a bolt-on.

And this is where the big risk of 2026 lies: building point solutions without a plan for coexistence with Verifactu, NaTicket, or TicketBAI.

At fiskaly, we have spent years helping software providers across Europe meet complex regulations with a simple approach: one integration, multiple obligations covered.

With fiskaly, you get access to:

  • An API built for developers
  • Clear documentation and expert technical support
  • A solution designed to evolve with regulation
  • Multi-regulation coverage across different European countries
  • ISO 27001 & ISO 9001 certified

This means you avoid maintaining separate integrations and reduce technical risk when requirements change. One integration, clear documentation, technical support, and a certified European partner to help you scale with confidence.

FAQs

Interested? Request a first meeting

  • We're here to help with any questions and find the perfect solution.
  • Over 1,600 customers trust our fiscalization solutions. We've got you covered!

Optional

Optional