Introduction:

This article outlines a set of Frequently Asked Questions (FAQ’s) related to the UAE eInvoicing mandate, providing clarity on key concepts, regulatory requirements, and practical considerations for businesses. It is intended to support stakeholders in understanding how the eInvoicing framework affects their operations, and compliance obligations under the Federal Tax Authority guidelines.

1. What is Peppol?
   The acronym “Peppol” stands for “Pan-European Public Procurement On-Line) and it is a network for document exchange that allows its members to send and receive electronic documents efficiently and securely.Initiated in 2008 to simplify trade among European governments, Peppol has evolved into a global framework, supporting electronic document exchange between entities.
2. What are the parties involved in the Peppol network?
   1. Peppol network: A logical network enabling secure and reliable exchange of Peppol dataset types between end users via Peppol Service Providers.
   2. Authorities: An organisation responsible for promoting, facilitating and governing the adoption and use of the Peppol interoperability Framework within its jurisdiction.A Peppol Authority (PA) is allowed to define Peppol Authority Specific Requirements (PASR) applicable to the use of the Peppol network within its jurisdiction.
   3. Service Providers: An organisation authorised to provide Peppol services within one or more Peppol Service domains pursuant to a Peppol Service Provider Agreement.
   4. End Users: An identified entity that is responsible for the business content of the datasets that are exchanged (by sending and/or receiving) with another such entity using Peppol services over the Peppol network.
3. What is the eInvoicing model that will be implemented in the UAE?
   The UAE Ministry of Finance (MoF) has chosen to implement a decentralised eInvoicing model using the “5 corners approach”. This implementation is mandatory for businesses under the scope of eInvoicing for B2B and B2G transactions., with the first mandatory phase set to launch in July 2026.The UAE eInvoicing model follows a reporting approach. This means that the Ministry of Finance (MoF) or the Federal Tax Authority (FTA) will not validate the invoice before it is shared with customers. Instead, the Accredited Service Provider (ASP) will extract specific tax data from the eInvoice, known as the Tax Data Document (TDD), and share it with the MoF/FTA.It is crucial to consider that under this model, there are two key aspects: the exchange of the eInvoice between the seller and the buyer, and the reporting, which involves sharing tax data with the MoF.
4. What is the role of each participant in the 5-corner model?
   The participants of the 5-corner model are:
   1. Supplier
   2. Supplier’s Service Provider
   3. Customer Service Provider
   4. Customer
   5. Ministry of Finance (MoF) or Federal Tax Authority (FTA)

   Corner 1: Sender (Supplier)

   • Creates an invoice using their accounting systems
   • Share the invoice and data to their Accredited Service Provider (ASP)

   Corner 2: Sender’s (Supplier’s) Service Provider

   • Conduct validation checks, including Peppol network verification, invoice format and legitimacy of the sender.
   • Confirm whether the receiver can accept the eInvoice
   • Once validated, the eInvoice is sent to the Customer’s Service Provider and the Tax Data Document (TDD) to the MoF/FTA.

   Corner 3: Receiver’s (Customer’s) Service Provider

   • Receives the validated eInvoice from the Supplier’s Service Provider
   • Forward the eInvoice to the customer’s accounts payable software
   • Although not mandated by the FTA, Corner 3 may also perform additional validation checks based on any business rules provided by the receiver.
   • Send the Tax Data Document to the MoF/FTA.

   Corner 4: Receiver (Customer)

   • The customer’s accounts payable software receives the eInvoice, where further business rules can be applied to determine the processing stage within the software.
   • If additional information is needed, exception handling processes for accounts payable invoices may be initiated, for instance, it could be an exception queue managed by the accounts payable staff.

   Corner 5: The Ministry of Finance/Federal Tax Administration

   • Receive, collect and store the Tax Data Document (TDD) shared by corner 2 and 3.
   • Send a “Message Level Status” if the Tax Data Document has been reported successfully.
5. Is it mandatory to use an Accredited Service Provider (ASP)?
   Yes, it is mandatory to use an (ASP), which will be listed on the MoF website. This requirement ensures that the service provider has passed necessary security checks and complies with Peppol standards to be officially listed.
6. Will the ASP check if the tax treatment on the eInvoice is correct?
   As part of the eInvoicing model, the service provider is not expected to validate the accuracy or determine the applicable tax on the eInvoices.
7. Will there be any change in my current invoicing process?
   Yes, the introduction of eInvoicing in the UAE will significantly affect the current invoicing processes of companies. With full eInvoicing, the UAE intents on taking all transactions between a buyer and supplier online. All eInvoices will be submitted in real time and securely stored by the Federal Tax Authority (FTA).Businesses will be required to integrate with an Accredited Service Provider (ASP) and adopt eInvoicing practices that comply with the UAE regulations. Businesses should analyse their transactions and the resulting invoicing data against the data dictionary and ensure that they are compliant.The adoption of eInvoicing will reduce human intervention and enhance transparency, operational efficiency, and trust across the tax ecosystem.
8. How does the Accredited Service Provider ensure data security?
   ASP maintains data security by encrypting data during transmission, ensuring that invoice messages sent over the Peppol network remain unreadable. Additionally, if data is stored by the ASP, it will be encrypted at rest, making it unreadable and secure.
9. What will be the format of the electronic invoice in the UAE after eInvoicing implementation?
   The format of the eInvoice in the UAE will be an XML, which is machine-readable and consists of structured data. Implementing eInvoicing involves transitioning from traditional PDF or paper invoices to structured XML eInvoices.
10. Is eInvoicing applicable only for the sales process while issuing the invoice?
    In the UAE eInvoicing framework, the focus is primarily on the issuance of tax invoices and credit notes by VAT registered suppliers – which means it is mainly tied to the sales process. However, while the obligation to issue invoices lies with the supplier, the buyer must be able to receive, validate, and store these invoices electronically on the Peppol network. Thus, eInvoicing is not limited only to the sales process.
11. Is it possible for the Peppol network and ASP to support document attachments in addition to the XML eInvoice?
    Attachments are allowed on the Peppol network. It can include extra details like invoice charges, timesheets, guidance documents, etc. The attachments are meant to complement an eInvoice, not just replicate the eInvoice in a PDF format.Peppol messages can be up to 100MB, including XML and attachments, but this capability needs to be checked with the ASP during the vendor selection.For the UAE specifically, attachments are not required to be sent to the MoF/FTA (Corner 5). Attachments are only necessary for C2 (Sender’s (Supplier’s) Service Provider) and C3 (Receiver’s (Customer’s) Service Provider). For C5 (MoF/FTA), only the Tax Data Document (TDD) is sent, which does not include any attachments,
12. How can businesses in the UAE ensure their data remains secure when choosing an eInvoicing ASP?
    The UAE Ministry of Finance (MoF) has embedded stringent security benchmarks into the ASP accreditation framework. Any ASP seeking to be listed as “MoF-accredited” must meet the following core security criteria:
    • ISO/IEC 27001 Certification: This globally recognised standard assures that the ASP follows best practices in managing information security.
    • Data Encryption (In Transit & At Rest): All tax and invoice data must be encrypted both when stored and when transmitted, shielding it from interception or unauthorised access.
    • Multi-Factor Authentication (MFA): ASPs must implement MFA to control access to the platform, ensuring only authorised users can access sensitive systems.
    • Continuous Security Monitoring: Businesses can expect their ASP to have live threat monitoring and incident response mechanisms in place, reducing the window of risk.
    • Cloud Security Compliance: If the ASP operates on a cloud platform, it must comply with the UAE National Cloud Security Policy, including requirements around data residency.
    • Peppol Security Standards: ASPs must align with OpenPeppol protocols, including secure digital certificates and validated interoperability.
    • For businesses, the takeaway is simple: Always ask for the ASP’s accreditation status and supporting documentation. An MoF-accredited provider has already demonstrated compliance with the government’s rigorous security standards.
13. What is the required frequency for issuing and reporting eInvoices under the UAE eInvoicing regulations?
    Both the eInvoice issuance and the submission of the Technical Data Document (TDD) to the FTA via an Accredited Service Provider (ASP) will occur in near real time without any delay. According to the FAQ released by the FTA (Q.73), batch submissions of the TDD are also permitted.