Qoyod
Pricing

Knowledge Base

E-Invoicing Readiness Checklist: Is Your Business Ready?

Before your group’s integration deadline in Phase 2 of e-invoicing, your business needs more than the intention to comply. It needs real, measurable readiness you can verify item by item. This checklist walks you through it step by step so you can confirm your business is fully ready for e-invoicing, and helps you avoid any delay or penalties caused by missing requirements.

E-invoicing in Saudi Arabia is no longer optional. It is a mandate issued by the Zakat, Tax and Customs Authority (ZATCA) on every business registered for VAT. But the difference between a business that passes integration smoothly and one that stumbles at the last minute comes down to preparing early. In this guide we explain every readiness item in detail, clarify what you need to do and when, and show how a compliant accounting system helps you close these items all at once.

Why do you need a readiness checklist before integration?

Many businesses delay preparation until they receive the Authority’s notice with their group’s date. This delay is a costly mistake. Once the notice arrives, you have only a limited number of months to prepare your system, register your cryptographic certificate, test the integration, and train your team. Any flaw in one of these elements means invoices rejected by the Fatoora platform, which directly impacts your cash flow and your relationship with your customers.

The practical difference between a ready business and a struggling one does not show on integration day, but in the weeks leading up to it. The ready business has closed its checklist items one after another, tested every scenario, and trained its team, so go-live passes quietly. The struggling business discovers its gaps at the last minute, when time is short and options are few. This checklist was built to move you into the first category.

This checklist is not just a reminder. It is a diagnostic tool. Go through each item and answer honestly: is this genuinely ready in my business today? Every item you answer “no” to is a gap you must close before your integration deadline. The goal is to reach go-live day confident that your business is ready on the tax, technical, and operational fronts together.

E-Invoicing Readiness Checklist

Visual Checklist

Readiness Scorecard

The Six Items for E-Invoicing Readiness Before the Integration Deadline

A valid VAT registration with the Authority
Knowing your business group’s date in the integration and integration phase
A compliant e-invoicing system approved by the Authority
The mandatory invoice elements: QR code, cryptographic stamp, and UUID
Accuracy of customer data and their tax numbers in the system
Testing integration with the Fatoora platform in the sandbox environment

Your integration readiness indicator
0 of 6 complete

A scorecard bringing together the six items that determine your business’s readiness for e-invoicing before your integration deadline with the Authority.

Before we explain each item, here is the full checklist at a glance. Review it quickly, then move on to the detailed explanation of each element:

  • A correct, valid VAT registration.
  • Knowing your business’s group date from the Authority’s notice.
  • An e-invoicing system compliant with Phase 2 requirements.
  • Automatic generation of the mandatory elements: QR code, cryptographic stamp, and the unique identifier.
  • Reviewing the accuracy of customer data and their tax numbers.
  • Registering the cryptographic certificate (CSID) and testing the integration in the sandbox environment.

The Checklist Items Explained in Detail

1. A correct and valid VAT registration

Every e-invoice starts from a correct tax number. First make sure your business is genuinely registered for VAT, and that your 15-digit tax number is sound and valid. VAT registration is mandatory for every business whose taxable revenue exceeds SAR 375,000 per year, and optional once it exceeds SAR 187,500.

Also review the accuracy of your business’s details registered with the Authority: the legal name, the national address, and the activity type. This data appears on every invoice you issue, and any mismatch between it and the Authority’s records may cause the invoice to be rejected at integration. Start here, because the rest of the items are built on a correct tax number.

2. Knowing your business’s group date

The Authority rolled out Phase 2 in waves (groups) ordered by annual revenue size. Each group receives a direct notice specifying the start date for mandatory integration, with a preparation window that is usually about six months before the actual date. Do not rely on guesswork or on what you heard from another business, as your group’s date comes only from the Authority’s official notice.

Check the email registered with the Authority and your account on its portal regularly. Once the notice arrives, record the date and begin preparing immediately. Every week of delay in preparation shrinks the safety margin you need to test the integration calmly. The simple rule: prepare your business before the notice reaches you, not after.

3. A compliant and approved e-invoicing system

This is the most important item on the checklist, because it covers most of the other requirements automatically. A compliant system is one that issues the types of e-invoices in their regulated format, generates every mandatory element, and integrates directly with the Authority’s Fatoora platform. An invoice written in a word processor or a spreadsheet has not been accepted since Phase 1.

Businesses issue two types of invoices through their compliant system:

  • The tax invoice (B2B): sent to the Fatoora platform and goes through instant clearance before being delivered to the buyer.
  • The simplified tax invoice (B2C): delivered to the customer immediately, and reported to the Authority within 24 hours of issuance.

Make sure your system supports both types, and that it meets the e-invoice requirements in full. A system like Qoyod, compliant with Phase 2, issues both types in their regulated format and links them directly to the Authority with no manual intervention.

4. The mandatory elements on every invoice

Phase 2 added mandatory technical elements that were not required in the generation phase. These elements are what distinguish a compliant invoice from the rest, and their absence means the invoice is rejected by the Fatoora platform. The most notable of these elements are:

  • The cryptographic stamp: a digital signature proving the invoice was issued by an approved system and has not been altered after issuance.
  • The unique identifier (UUID): a unique identification number for each invoice that never repeats.
  • The hash of the previous invoice: links invoices in a connected chain that guarantees the integrity of the sequence.
  • QR code: carries the invoice data and the signature data, and allows instant verification.

You are not expected to create these elements manually. The compliant system generates them automatically with every invoice according to the Authority’s technical specification. Your task here is only to verify that your system actually generates them, and that they appear correctly on the copy of the invoice the customer receives.

5. Reviewing the accuracy of customer data and their tax numbers

A tax invoice addressed to another business (B2B) requires the customer’s tax number within its data. If this number is wrong or missing, the invoice is rejected or recorded incorrectly. Set aside time to review your business-customer database and confirm the accuracy of their tax numbers and national addresses before you start issuing for real.

This is a step many overlook because it does not relate to the system but to the quality of your own data. The cleaner and more up to date your customer database, the fewer rejected invoices and the less time wasted on corrections after integration. Make cleaning up customer data part of your preparation, not a postponed item.

6. Registering the cryptographic certificate and testing the integration

Before you issue your first real invoice, you need to register your business on the Fatoora platform and obtain your cryptographic certificate, known as the certificate identifier (CSID). This certificate is what allows your system to sign invoices and send them to the Authority. The certificate is registered by the business itself through the Authority’s portal, and your compliant system guides you through the steps.

After registration, do not move straight to production. Test the integration first in the sandbox environment provided by the Authority — a fully isolated environment from production, where you issue test invoices that are not considered real invoices and do not create any tax obligations. After actual integration with production there is no concept of a “test invoice”; every invoice you issue and send to the Authority is an official invoice, and if issued in error it must be cancelled with a credit note. Use the sandbox environment before the final integration to verify the setup is correct and free of errors. See the beginner’s guide to e-invoicing if you are at the start of the journey and need the foundational steps first.

Start today

Close every readiness item from one place

Qoyod, compliant with Phase 2, issues your invoices with the mandatory elements, links them directly to the Fatoora platform, and guides you step by step until your business is fully ready.

Start your free trial and prepare your business for integration

How do you know your system is genuinely compliant?

The phrase “compliant system” is repeated a lot, but what actually makes it compliant? Before you adopt any system, ask it these questions, and make sure the answer is “yes” to every one of them:

  • Does the system issue the tax invoice and the simplified invoice in their approved regulated format?
  • Does it generate the cryptographic stamp, the unique identifier, and the QR code automatically with every invoice?
  • Does it link invoices in a chain through the hash of the previous invoice?
  • Does it integrate directly with the Fatoora platform for instant clearance and reporting?
  • Does it guide you through registering the cryptographic certificate and testing the integration?
  • Does it release updates that keep pace with any change in the Authority’s technical specification?

A system that answers “yes” to these six questions covers the largest part of your readiness checklist automatically. A system that stumbles on any of them turns preparation into hard, error-prone manual work. Choosing the right system from the start saves you time and effort that are hard to make up later.

The difference between Phase 1 and Phase 2 readiness

Many businesses assume they are ready because they passed Phase 1 successfully. This is an incomplete understanding. The generation phase, which began in December 2021, only required you to issue your invoices from an electronic system instead of paper or word-processor files. It did not require any direct integration with the Authority, nor a digital signature, nor an encrypted invoice sequence.

Phase 2 differs fundamentally. Here the system moves from being merely an issuer of invoices to a system connected to the Fatoora platform in real time. Every tax invoice between businesses must go through instant clearance before being delivered to the buyer, and every simplified consumer invoice must be reported within 24 hours. This difference means the technical readiness requirements are far deeper, and any flaw that did not matter in Phase 1 could halt your work in Phase 2.

So do not treat your previous readiness as proof of your current readiness. Reassess your system from the Phase 2 perspective specifically: does it generate the cryptographic stamp? Does it link invoices in a chain? Does it actually integrate with the Fatoora platform rather than merely storing invoices locally? If the answer is “no” to any of these, you need a newer system before your group’s date.

E-invoicing readiness by business size

The readiness requirements are the same for everyone, but the path to reaching them differs depending on the size of the business and the nature of its work. Understanding your position helps you spend your time and effort in the right place.

Small businesses and individuals

Small businesses often issue simplified invoices to consumers more than tax invoices between businesses. Their core challenge is not scale but simplicity: they need a ready system that does not require a technical team or complex configuration. The rule here is to choose a system that handles the technical side entirely, so you focus on your business rather than on compliance.

Medium businesses

Medium businesses deal with a mix of individual and business customers, and their invoice volume is larger. Here the accuracy of customer data and their tax numbers becomes more important, because the proportion of tax invoices between businesses rises. These businesses need a little more time to clean their data and test different issuance scenarios before go-live.

Large businesses

Large businesses that issue thousands of invoices a day face the highest level of complexity. Testing in the sandbox environment for these businesses is not a choice but a necessity, because any flaw is magnified with invoice volume. They need a wider time margin, broader training for accounting teams, and close monitoring in the first weeks after go-live.

Whatever your size, the six items on the checklist remain the standard. What changes is the time and effort required to close each item, not the items themselves.

What happens if you are not ready?

Failing to complete your readiness before the integration deadline does not mean just an administrative delay. It has direct operational and financial consequences. When your group’s date arrives and you are not ready, problems start piling up quickly.

The first consequence is rejected invoices. If your system does not generate the mandatory elements correctly, or does not integrate with the Fatoora platform, your tax invoices will not be accepted. A rejected invoice means a stalled deal, a late payment, and an unhappy customer. This hits your cash flow directly.

The second consequence is the potential exposure to fines and penalties as a result of not complying with the Authority’s requirements by the specified date. The Authority sets integration dates clearly, and adhering to them is the business’s responsibility. Avoiding these fines is the strongest motive to finish the readiness checklist early.

The third consequence is less obvious but important: operational chaos. When readiness is delayed, the accounting team finds itself dealing with a crisis instead of organized work. Preparing early turns go-live from a crisis into a calculated, routine step.

Team readiness is no less important than system readiness

The six items focus on the technical and tax side, but there is a human dimension that is no less important: your team’s readiness. A compliant system alone does not guarantee correct issuance if the accounting team does not know how to use it properly.

Before go-live, set aside time to train those who issue invoices in your business. Explain to them the difference between the tax invoice and the simplified invoice, when to use each, and how to verify the completeness of customer data before issuance. Human error in data entry is one of the most common causes of rejected invoices, and it can be reduced through training alone.

Have your team try issuing in the sandbox environment before production. This hands-on practice is more useful than any theoretical explanation, and it surfaces the real questions your team will face in daily work. A team trained on a compliant system is the last line of defense that ensures your technical readiness translates into actual compliance on the ground.

A timeline to reach full readiness

Readiness is not completed in a single day. Spread your preparation over clear stages that begin well before the integration deadline. The following plan organizes the six items into a logical sequence that ensures each step is built on the one before it:

The Preparation Timeline

The Preparation Timeline

Four stages to reach readiness for integration with the Fatoora platform

1
6 months before integration

Tax foundation
Verify the validity of your registration, your tax number, and the accuracy of your business’s data with the Authority.

2
4 months before integration

Choosing the system
Adopt a compliant e-invoicing system that issues the mandatory elements required by the Authority.

3
2 months before integration

Registration and CSID setup
Register the cryptographic certificate (CSID) and clean up customer data and their tax numbers.

4
At the integration deadline

Testing and go-live
Test the integration in the sandbox environment, then move to actual production with the Authority.

A four-stage timeline that spreads e-invoicing preparation from the tax foundation to activating the integration.

This plan is indicative, and the durations vary by the size of your business and the complexity of your operations. Large businesses that issue thousands of invoices a day need more time to test, while small businesses may complete preparation faster. What matters is that you start early and leave a sufficient margin for testing before the actual go-live.

Common mistakes that delay readiness

From the real experience of businesses in Phase 2, a set of mistakes recur that can be easily avoided if planned for early:

  • Waiting until the last minute: leaving preparation until after the notice arrives compresses the timeline and raises the chance of error.
  • Choosing a non-compliant system: relying on software that does not generate the mandatory elements or does not integrate with the Fatoora platform.
  • Neglecting to clean customer data: entering production with wrong tax numbers generates rejected invoices.
  • Skipping the sandbox environment: moving straight to production without testing exposes problems on real invoices.
  • Not training the team: system readiness alone is not enough if the accounting team does not know how to issue correctly.

Avoiding these mistakes does not require deep technical expertise. It only requires an early start and a compliant system that handles the technical side on your behalf. The sooner you close these gaps before the integration deadline, the more smoothly your go-live will pass.

How Qoyod helps you close the entire checklist

The largest part of the readiness items is technical by nature: generating the cryptographic stamp, the unique identifier, and the QR code, and integrating in real time with the Fatoora platform. This is exactly what a compliant accounting system handles on your behalf. Qoyod accounting software is designed to cover these items automatically with every invoice, without needing you to deal with the complex technical side.

With Qoyod you issue the tax invoice and the simplified invoice in their regulated format, linked directly to the Fatoora platform through the integration with the Authority. The system also guides you through registering the cryptographic certificate and testing the integration, so you reach go-live day confident that every item on the checklist is closed. And to verify the tax calculations on your invoices, you can use the VAT calculator.

Try Qoyod free for 14 days, no credit card required.

After the checklist is complete

Once all six items are met, your business is ready for full compliance with Phase 2 requirements. But readiness is not a final destination. Keep your data clean, follow any updates the Authority releases to the technical specification, and monitor your invoice performance in the first weeks after go-live to make sure everything is running as expected.

Ongoing compliance is much easier than one-off compliance. With a compliant system that handles the technical side, issuing a compliant invoice becomes a natural part of your daily work rather than an added burden. This is the ultimate goal of the readiness checklist: to turn e-invoicing from a challenge into a routine.

Keep a copy of this checklist and review it every quarter, especially if your business expands, enters new markets, or changes the nature of its customers. Readiness is not a certificate granted once and kept forever, but a state you maintain through follow-up. The more you keep your data clean and your system up to date, the more your business stays on the safe side of compliance with no added effort worth mentioning.

Finally, remember that the value of e-invoicing does not stop at compliance. Organized, integrated invoices give you a clearer picture of your sales and taxes, make preparing your returns easier, and reduce manual errors. What begins as a regulatory obligation ends as a tool that gives you higher financial discipline. This is exactly what makes completing the readiness checklist an investment in your business, not just a duty you perform for the Authority.

Frequently Asked Questions

When should I start preparing for e-invoicing readiness?
Start before the notice of your group’s date arrives, not after. Give yourself a margin of no less than a few months to choose the system, register the cryptographic certificate, and test the integration in the sandbox environment before the actual go-live.
What is the most important item on the readiness checklist?
Choosing a compliant and approved e-invoicing system. This item covers most of the technical requirements automatically: the mandatory elements, integration with the Fatoora platform, and issuing both invoice types in their regulated format.
Do I need to test the integration in a sandbox environment?
Yes. Testing the integration in the sandbox environment provided by the Authority reveals any flaw in the setup before it affects your real invoices. Issue test invoices of every type and confirm they are accepted before moving to production.
What is the cryptographic certificate (CSID) and who registers it?
The cryptographic certificate is an identifier that allows your system to sign invoices and send them to the Authority. The business itself registers it through the Authority’s portal, and your compliant system guides you through the registration steps.
What are the mandatory elements the invoice must include?
In Phase 2 the invoice must include the cryptographic stamp, the unique identifier (UUID), the hash of the previous invoice, and the QR code. The compliant system generates these elements automatically with every invoice.
Does Qoyod file the invoice with the Authority on my behalf?
Qoyod issues your invoices with the mandatory elements and links them directly to the Fatoora platform for clearance and reporting. Filing and paying the VAT return itself is done on your side through the Authority’s portal.

The Final Readiness Checklist

The Final Readiness Checklist

Review the six items before you confirm your business’s readiness for integration

  • A valid VAT registration
  • Your business’s group date in the integration is known
  • A compliant e-invoicing system approved by the Authority
  • The mandatory elements are generated automatically in the invoice
  • Customer data and their tax numbers are reviewed
  • The cryptographic certificate (CSID) is registered and the integration is tested
Your business is ready for full compliance

A final checklist confirming the completion of the six e-invoicing readiness items before activating the integration.

Read also in the fundamentals track

Guides

Continue your learning journey

Explore the rest of Qoyod’s guides, or start applying what you’ve learned.

Live webinars hosted by the Qoyod team to help you use the software easily and answer your questions.

Discover Qoyod’s latest updates, ongoing improvements, and new features in one place.

Our team is ready to help you and provide instant support for any issue you face, around the clock.