Verifactu 2027: the definitive guide for SMBs and freelancers

If you own a small or medium-sized business in Spain, or you work as a freelancer (autónomo), there is a regulatory change approaching that you cannot afford to ignore. Starting in 2027, Spain's Tax Agency (Agencia Estatal de Administración Tributaria, or AEAT) will require that every piece of invoicing software generates a cryptographic record of each invoice and, in many cases, sends it to the tax authorities in real time.

The system is called Verifactu. It is not optional. It is not a recommendation. It is a legal obligation backed by fines that can reach 50,000 euros per fiscal year for businesses and 150,000 euros per year for software vendors that sell non-compliant tools.

This guide breaks down what Verifactu is, who it affects, when the deadlines hit, and exactly what you need to do to prepare. No jargon. No filler. Just the facts.

What is Verifactu and how does it work?

Verifactu (short for Verificación de Facturas) is a verified invoicing system created by Spain's AEAT. It sits at the core of the country's Anti-Fraud Law (Ley 11/2021) and the subsequent Royal Decree that regulates invoicing software requirements.

The goal is simple: make invoice fraud technically impossible. The mechanism is elegant but strict.

Cryptographic hash chaining

Every time your software generates an invoice, it must create a cryptographic hash — a unique digital fingerprint of that invoice's data. This hash is then chained to the hash of the previous invoice, creating a sequential, tamper-proof record. If anyone modifies, deletes or reorders a past invoice, the chain breaks, and the alteration becomes immediately detectable.

Think of it like a blockchain for your invoices, but managed by the Spanish Tax Agency.

Real-time submission to AEAT

Under the Verifactu modality, your invoicing software must send the invoice record to AEAT's servers within 60 seconds of issuance. This is not a monthly or quarterly filing — it is real-time control. The alternative modality (non-Verifactu SIF) allows retaining records locally until AEAT requests them, but the integrity requirements remain identical.

QR code and "Verifactu" legend

Every invoice must include a verifiable QR code that links to AEAT's verification service, plus the text "Verifactu" if the software operates in the real-time submission mode. This allows anyone — your client, a tax inspector, or an auditor — to verify the invoice's authenticity instantly.

Real timeline: mandatory electronic invoicing Spain deadlines

The implementation follows a phased approach. There is no single date — it depends on the type of taxpayer you are.

Separately, the Ley Crea y Crece introduces mandatory B2B electronic invoicing. This follows its own timeline: large companies (turnover above 8 million euros) will need to comply approximately 12 months after the final ministerial order is published, and all remaining businesses 24 months after. Current estimates place these dates in 2027 and 2028, respectively, though the final ministerial order has not been published yet.

The bottom line: if you are a freelancer or SMB owner, July 1, 2027 is your hard deadline for Verifactu compliance. Do not wait for the B2B e-invoicing mandate to act.

Verifactu vs. mandatory e-invoicing: Ley Crea y Crece explained

These two regulations get confused constantly. They are related but distinct. Understanding the difference will save you from making wrong assumptions about what your business needs.

Verifactu: anti-fraud software requirements

Verifactu is about how your software works internally. It mandates that invoicing software generates tamper-proof records with hash chaining, prevents invoice deletion or hidden modification, and either sends records to AEAT in real time or stores them in a verifiable format. It applies to all businesses using invoicing software (which is essentially everyone).

Ley Crea y Crece: B2B electronic invoice format

The Ley Crea y Crece (Law 18/2022) mandates that B2B invoices must be issued and transmitted in a structured electronic format (such as FacturaE, UBL or CII). This is about the format and transmission of the invoice document itself, not the internal workings of the software. It currently applies to B2G (business-to-government) transactions and will extend to B2B once the final regulations are published.

And what about SII?

The SII (Suministro Inmediato de Información) has been mandatory since 2017 for large companies with annual turnover exceeding 6 million euros. SII already requires real-time reporting of both issued and received invoices, with a four-day submission window. If your company is already on SII, you are exempt from Verifactu. However, most SMBs and freelancers are not on SII, which means Verifactu will apply to them.

In short: Verifactu controls how your software handles invoices. Ley Crea y Crece controls the format in which you exchange them. Both will be mandatory. Your software needs to comply with both. For more details on how electronic invoicing works in Spain, see our dedicated landing page.

What your invoicing software must comply with

Not every invoicing tool on the market will meet Verifactu requirements. The regulation imposes specific technical obligations on software vendors. Before you renew your subscription or buy a new tool, verify that it meets these criteria:

• Hash generation and chaining — Each invoice must produce a SHA-256 hash linked to the previous invoice's hash, forming an unbreakable chain.
• Immutability — The software must prevent deletion, hidden modification, or reordering of invoice records. Corrections must be issued as new corrective invoices, not edits.
• Real-time or on-demand submission — In Verifactu mode, invoice records must reach AEAT within 60 seconds. In non-Verifactu SIF mode, records must be stored securely and submitted on request.
• QR code generation — Every invoice must include a QR code linking to AEAT's verification URL, allowing instant authenticity checks.
• Audit trail — The software must maintain a complete log of all operations performed on invoicing records.
• Responsible declaration — Software vendors must issue a formal declaration that their product complies with all regulatory requirements.

If your current tool does not explicitly state Verifactu compliance, contact your vendor now. If they cannot confirm it, start evaluating alternatives. Our invoicing module overview explains how a compliant system should work in practice.

Penalties for Verifactu non-compliance: concrete fine amounts

The Spanish government has set clear financial consequences for non-compliance. These are not theoretical — they are written into law.

Beyond these specific fines, additional penalties can apply for invoice manipulation or deletion. In severe cases, the AEAT may classify the behavior as tax fraud, which carries penalties of up to 75% of the underpaid tax amount and potential criminal charges.

The message is clear: the cost of non-compliance is far higher than the cost of switching to compliant software.

5 steps to prepare your business before the deadline

You have until July 2027 if you are a freelancer or SMB. That sounds distant, but software migrations take time, especially if you need to preserve historical data and retrain your team. Here is a concrete action plan.

1. Audit your current invoicing stack

Make a list of every tool you use to create, send and store invoices. This includes your accounting software, any Excel spreadsheets, PDF generators, and even manual invoice books. If any part of this process cannot generate hash-chained records, it will not comply with Verifactu.

2. Contact your software vendor

Ask them a direct question: "Will your product be fully Verifactu-compliant by January 2027?" If they say yes, request documentation. If they say no, or if they give you a vague answer, start looking at alternatives now. Do not wait until six months before the deadline to discover your vendor cannot deliver.

3. Evaluate all-in-one platforms

Many businesses currently use a patchwork of separate tools: one for invoicing, another for CRM, another for project management. Verifactu compliance is a good reason to consolidate. An all-in-one platform that handles invoicing, CRM, project management and time tracking in a single system reduces compliance risk and simplifies your operations. Fewer tools means fewer points of failure.

4. Plan your data migration

If you switch software, you will need to migrate client records, product catalogs, historical invoices and tax configurations. Budget at least 2-4 weeks for this process. Test the migration in a staging environment before going live. Lost data during a migration can cause more problems than the regulation itself.

5. Train your team

Verifactu changes the invoicing workflow. Your team needs to understand that invoices cannot be deleted or backdated once issued. Corrections must be made through proper corrective invoices. Schedule training sessions before the deadline, not after. If you are also subject to mandatory digital time tracking, consider addressing both compliance changes at the same time to minimize disruption.

How Utilia OS meets Verifactu compliance requirements

Utilia OS is being built from the ground up with Verifactu compliance as a core requirement, not a last-minute add-on. The invoicing module follows the technical specifications published by AEAT, including:

• Automatic SHA-256 hash generation and sequential chaining for every invoice.
• Immutable invoice records with full audit trail.
• Real-time submission to AEAT's servers (Verifactu modality).
• QR code generation with AEAT verification URL on every invoice.
• Support for corrective invoices following the legally required workflow.

But compliance is just one part of the picture. Utilia OS integrates 14+ modules — CRM, project management, time tracking, team chat, video calls and more — into a single platform. Instead of paying for 10 separate tools and worrying about compliance across all of them, you get one system that handles everything.

The platform is currently in pre-launch. You can join the waitlist to get early access and lock in founding member pricing.