What Is the Ley Crea y Crece?
The Ley Crea y Crece (literally, "Create and Grow Law") was enacted as Law 18/2022 on 28 September 2022. Its primary objective is to reduce commercial late payment — a chronic problem that costs Spanish SMEs billions annually — by mandating structured electronic invoicing for all B2B transactions.
Spain's approach is uniquely two-layered: the Ley Crea y Crece defines the obligation to issue and receive electronic invoices in B2B commerce, while a separate regulation — Royal Decree 1007/2023 — introduces the Verifactu anti-fraud system for billing software, requiring cryptographic hashing, sequential chaining of invoice records, and near-real-time reporting to the Agencia Estatal de Administración Tributaria (AEAT).
For B2G (business-to-government), Spain has mandated e-invoicing since January 2015 under Law 25/2013 via the FACe platform (Punto General de Entrada de Facturas Electrónicas) using the Facturae 3.2.x XML format. All suppliers to Spanish public administrations must submit invoices ≥€5,000 electronically through FACe.
Ley Crea y Crece (Law 18/2022)
Mandatory B2B e-invoicing obligation for all businesses operating in Spain. Designed to combat late payment and improve transparency in commercial transactions.
Royal Decree 1007/2023 (Verifactu)
Anti-fraud system requiring certified billing software with cryptographic hashing (SHA-256), sequential invoice chaining, and near-real-time AEAT reporting.
Law 25/2013 (B2G Mandate)
Mandatory B2G e-invoicing since January 2015. All public administration suppliers must submit Facturae 3.2.x XML invoices via the FACe platform for invoices ≥€5,000.
SII — Suministro Inmediato de Información
Spain's real-time VAT reporting system (since 2017) for large companies. Verifactu builds on and extends SII principles to all businesses.
The Verifactu Anti-Fraud System
Verifactu ("VERI*FACTU") is Spain's anti-fraud billing system established by Royal Decree 1007/2023. It fundamentally changes how invoices are generated, secured, and reported. Unlike traditional audit-based models, Verifactu requires that every invoice is cryptographically secured at the moment of creation.
Cryptographic Hashing (SHA-256)
Every invoice record must be hashed using SHA-256. The hash includes the invoice data, timestamp, and the previous invoice's hash — creating an unbreakable chain of integrity that prevents retroactive modification.
Sequential Invoice Chaining
Invoice records are linked sequentially, where each new record references the hash of the previous one. Any attempt to modify or delete a past invoice breaks the chain, making fraud immediately detectable.
QR Code on Every Invoice
Every invoice must include a QR code containing the Verifactu verification URL, the issuer's NIF (tax ID), invoice number, date, amount, and the hash fingerprint. This enables instant verification by the AEAT or the recipient.
Near-Real-Time AEAT Reporting
Certified billing software must report invoice records to the AEAT within 4 business days (Phase 1), progressively moving toward real-time reporting in later phases. Non-compliant software will be liable for penalties.
Software Certification Requirement
All invoicing software used in Spain must be certified by the AEAT as Verifactu-compliant. This includes ERP systems, standalone billing tools, and any software that generates commercial invoices.
Timeline & Implementation Phases
Law 18/2022 enacted, establishing the obligation for mandatory B2B structured e-invoicing. Implementation details delegated to secondary regulations.
Detailed anti-fraud regulations published, defining cryptographic hashing requirements, software certification process, and AEAT reporting obligations.
Certified billing software must implement Verifactu requirements. Large corporates and SII-registered businesses already operating under Verifactu obligations.
Companies with annual turnover ≥€8 million must issue and receive all B2B invoices in structured electronic format. Full compliance with Verifactu required.
All remaining businesses must comply. Universal B2B e-invoicing across the entire Spanish economy. No exemptions for company size.
Technical Requirements
Spain's e-invoicing framework requires compliance with multiple technical standards depending on the transaction type. Here are the key technical elements your business and software must support:
Facturae 3.2.x (B2G)
The mandatory XML format for B2G invoices submitted via FACe. Facturae is Spain's national standard and must include digital signatures compliant with XAdES enveloped format.
EN 16931 (B2B — EU Standard)
Structured B2B invoices must conform to the European e-invoicing standard EN 16931, enabling cross-border interoperability with other EU member states.
Verifactu XML Reporting
Invoice records must be submitted to the AEAT in the Verifactu XML format, including SHA-256 hash, invoice chain reference, QR code data, and issuer NIF identification.
Digital Certificate (FNMT / eIDAS)
Invoices must be signed with a qualified digital certificate issued by the FNMT (Fábrica Nacional de Moneda y Timbre) or any eIDAS-compliant provider. Required for both FACe and Verifactu submissions.
SII Integration (Large Companies)
Companies with turnover >€6M already report via SII. Verifactu extends similar requirements to all businesses, requiring near-real-time AEAT reporting with cryptographic integrity.
QR Code Generation
Every invoice must include a QR code with Verifactu verification data — URL, NIF, invoice number, date, total amount, and SHA-256 hash fingerprint.
Penalty Framework
Non-compliance with Verifactu requirements can result in fines of up to €50,000 per fiscal year for software vendors. Businesses using non-certified software face tax penalties under Spain's General Tax Law (Ley General Tributaria). Additionally, invoices not meeting the structured format requirements may be rejected by recipients and tax authorities, causing delays in payment and potential VAT deduction denials.
How to Prepare Your Business
Audit Your Current Invoicing Software
Verify whether your ERP or billing software is Verifactu-certified or has a roadmap for certification. If it doesn't, you'll need a certified add-on or new provider.
Assess Your Transaction Volume & Turnover
Determine if your business falls under the 2027 mandate (turnover ≥€8M) or the 2028 universal mandate. Start preparation at least 12 months before your deadline.
Ensure Digital Certificate Readiness
Obtain a qualified digital certificate from FNMT or an eIDAS-qualified provider. Configure your ERP to sign invoices automatically upon generation.
Implement Verifactu Hashing & Chaining
Your software must generate SHA-256 hashes for every invoice and maintain the sequential chain. Test the integrity mechanism thoroughly before go-live.
Set Up AEAT Reporting
Configure the Verifactu XML reporting module to submit invoice records to the AEAT within the required timeframe. Test with AEAT's sandbox environment.
Map B2G & B2B Formats
Ensure your system can generate both Facturae 3.2.x (for FACe/B2G) and EN 16931-compliant formats (for B2B). InvoStaq handles dual-format mapping automatically.
Partner with a Certified Provider
Working with a provider like InvoStaq gives you Verifactu-ready infrastructure, AI-powered validation, and native ERP integration — without re-platforming your existing systems.
Ready for Spain's B2B E-Invoicing Mandate?
InvoStaq's AI engine handles Verifactu compliance, Facturae mapping, and AEAT reporting — all from inside your ERP. Zero errors, zero fines, zero disruption.