Saudi Arabia

No, that’s wrong. QR is one of the specifications of simplified e-invoice “B2C”, it’s optional on e-invoice “B2B” and the minimum requirements to be met have been explained as in the guidelines provided.

All of that would be required in the second stage of converting to e-invoice.

@lubos make all the extensions available to be Inactive. QR currently is not.

How to prepare your Business


For December 4th​, 2021, taxpayers should:

  1. Stop issuing manual invoices: handwritten invoices and invoices written using text editing tools are not considered e-invoices

  2. Use a compliant electronic invoicing solution: e-invoicing solutions must comply with the requirements and specifications published under the e-invoicing laws and regulations and can be summarized for Phase 1 as follows:

  • Ability to generate e-invoices with the required elements including QR codes (Currently, there is a lack of proper QR code extension)

  • Ability to timestamp the e-invoice copies archived in the solution (Currently, Manager Uses Invoice Date, not Invoice Create timestamp and Date beside Time is required)

  • Absence of prohibited functionalities:

    1. Uncontrolled access (we have password login - talking about the cloud version - it also requires user session management “Auto-logout” You know what I mean here.)

    2. Software time change (I’m not sure about that)

    3. Tampering of e-invoices or logs. (There is a real problem here with the permissions even with the use of the closing date. For example, the user can create or modify operations through “create a, update batch” and logically it will not be possible to specify the permissions of all users for viewing only.)

    4. Multiple invoice sequences​ (You know, there are no restrictions on duplicating the invoice number in Manager)

  1. Ensure invoices include the required additional fields:

Tax Invoices:

The VAT registration number of the buyer if the buyer is a registered VAT taxpayer in addition to the invoice type Description as a title. QR code can be added (Optional)

Simplified Tax Invoices:

A mandatory QR code generated by the taxpayer’s E-Invoicing solution based on ZATCA’s specifications, in addition to the invoice type Description as a title. ​​


Businesses are recommended to follow the 4 steps below to ensure timely readiness for e-invoicing:

  1. Understand e-invoicing requirements: familiarize yourself with e-invoicing leveraging the materials available on this website

  2. Using a complaint solution based with the E-Invoicing requirements​ (We paid to use Manager and enjoyed it and hope to continue using it but currently, we have less than 15 days to decide whether to continue or not. It all depends on your capabilities to fulfill the requirements.)

Taxpayers can approach a solution provider or their internal technical teams to acquire or upgrade to a compliant solution.​

  1. Test your e-invoicing solution: test your e-invoicing solution before 4 December 2021 to ensure invoices are issued correctly
  2. Ensure your staff is ready: create awareness amongst your staff and ensure relevant staff is familiar with your e-invoicing solutions​​​.

** @lubos we are holding on to this great experience. Help us to continue supporting you.**

1 Like

Auto-logout in web-based program is bad. Most people have password managers which will auto-fill password anyway. The proper way is to set up auto-logout on your entire computer.

No accounting software can deliver this. In centralized system which is every accounting software on the market, there will be always someone with access level to tamper invoices or logs.

This is why there is Phase 2 where you submit your invoice to tax authority, it gets stamped so the only one who can tamper with that invoice is tax authority themselves which they obviously won’t do.

They mean you can’t change time on your computer or server. Which is again, technically impossible to deliver.

Even if Manager prevents you to create invoice with duplicate invoice number, what stops you creating second business file with identical business details and create invoice with duplicate invoice number in new business file. And this applies to other accounting systems too so technically non-sense requirement.

Let’s just concentrate on real requirements like QR code. The entire section Absence of prohibited functionalities in that document is not to be taken seriously because it’s technically impossible to deliver or ineffective security measure.

If the user saves the password for automatic refill, this is the problem of the user, not Manager. Authorities require a system that is subject to session time management. We cannot answer that we use a different mechanism for the same purpose, which is automatic logout from the computer. I’m not arguing with you here, but please make this at least optional and leave the issue of the risk of saving passwords to the user, not Manager.

I agree with you here. Eventually, someone will have the access to tamper with the transactions. What is your guarantee as you are the developer in detecting these tampers? Do I just check the registry and check each time for tampering? I’m claiming authorization permissions for the transactions and then the normal user can’t modify them. is that possible?

They are talking about transaction Creat timestamp. I think.

This is completely unconvincing and only makes matters worse. Let tempering be a user problem, not a system problem. Not duplicating the reference number for the invoice, at least, is required for each business file.

Even in this, we have many requests that have not yet been solved. Indeed, we consider this to be the main requirement now and it needs further improvement.
Please review what other users are asking about this topic.
We require a QR code that works seamlessly in invoice, credit and debit notes and displays all required basic information. I know you’ve reviewed the requirements and are well aware of the shortcomings of the current code.
For example, what is the maximum number of characters possible to ensure the code runs smoothly?

My issue with the section of Absence of prohibited functionalities is that it’s not possible to implement such a system.

Do you want me to pretend like I’m trying to make it possible and in the process making the software more pain to use? That’s not going to happen. Not to mention, once Phase 2 is rolled out and government will require you to submit issued invoices in real-time into their system, they couldn’t care less what is happening in your system. The source of truth will be in their system.

As far as I know, for sales invoices, isn’t this just that time of invoice is missing in QR code? Or anything else other than replicating the same on credit notes?

1 Like

I hire accountants to do the accounting work using the software, not programmers.
I would like to draw your attention to that there are some programming works that seem very easy to a professional like you but to me, they are very complex and difficult things that I do not have the ability to deal with.
But in the end, no matter how difficult these programing things are, there is definitely a way or someone who can tamper them. Here I am not talking about the usual user who does not have the ability as mentioned. Although the system is intended for use by such ordinary users. So don’t pretend you are doing the purpose

but at least set minimum limits for the purpose that cannot simply be tampered with by the usual user.

No, not just Invoice time.
In fact, if the following is provided in the QR code it does not work correctly because the appropriate number of characters is exceeded:
1- The name of the business, for example, most of the activities are called like this (First Activity Company for Business) - you will not be able to abbreviate the name usually.
2- The 15-digit tax number
3- The name of the customer (almost the same number of characters as my business name) and will not be abbreviated either.
4- The customer’s tax number (15 numbers), by the way, does not appear now because the custom field appears to be overlapping with the business ID.
5- The invoice number is usually 8 digits, and it can be less or more
6- The timing of the invoice by date and day
7- Invoice amount
8- Tax amount.
From my experiment, if I reduce the number of characters in this data appropriately the QR works fine but I won’t be able to use the data completely as shown. I don’t know if this problem can be solved programmatically or not. However, I copied the same data and tried to generate the QR code through one of the specialized software and the result was very good and much better than the code generated by the QR extension used in Manager.

Yes, we need QR also on Credit notes.

This is an example for QR generated for usual information would be required in Manager QR, you can see the deference. which one would you like to have?

I’m not asking for that level, but I am sure you can give us better than the current QR extension.

Can’t this be already achieved by giving user “View / Create” permissions only?

Don’t worry. QR code will be resolved in upcoming days. This is not an issue.

1 Like

Good news.

I can creat transaction dated before lock date from Patch Creat. Couldn’t I?

OK, this is obviously not meant to be possible.

Sorry, I can’t understand that. but now I’ve tried to do it, It created successfully :pensive:

Hello there guys, I have a Saudi client and have an interest to expand more into KSA, so I hope I’m welcome to join in on this.

There’s already a separate log that no user can directly modify that also includes last modified timestamp. Maybe a created timestamp could be added there and exposed to the final document.

I think it should be possible for the administrator to set global session expiry parameters per Cloud Server, I think the option is already provided by AWS, right? @lubos

I have to agree with @lubos on this, it’s the server that sets the timestamps and the server is the only user that creates and modifies the logs so it’s the server time.

I have been outspoken about how batch operations should have their own permissions but I guess for now, restricting batch operations to admins seems enough and fitting.

And finally, my favorite:

I think the only real shortcoming of Manager is this and I have been very outspoken about that too. There should be a serial number that is not up to the user to change and another field for customized values that can be called “Internal reference” or “Display name” or whatever.

In fact, since many users saw no interest by Manager to enforce serialization, there’s been quite a few request for serial type custom fields, but that shouldn’t be the case, that should be by default.

I think Manager needs to separate the serial number from the users’ eye candy. We can call them “serial number” and “reference”, but they could be called anything since I and probably most other users that requested this are agnostic to whatever naming convention ultimately used as long as the functionality is there.

I know @lubos isn’t easily persuaded – for very good reasons mostly – but I hope now it’s apparent that serialization isn’t a matter of user preference, it’s a basic audit control and it’s the law in many countries.

1 Like

Not saying that this should be set globally for all users, but maybe allow Cloud customer to set their own parameters in their admin dash.

Hello, hello and hello.
Save us here. Your are welcome to join any discussion, please support us by your experience
I see that you are agree with most of these asked improvements, most of these were asked before by many forum’s members and we can consider all of it as a critical improvements that must be done immediately even Lubos, he is agree on it all somehow, but I can see he is just want to implement the same requirement by a different solution.
Here, you can remember most of related topics with these requirements.
Thanks Ibrahim for your help.

I wouldn’t worry so much Ehab, most of the things required are either already there or are already available such as session control.

And Lubos has done a fantastic job so far with the localizations, we have to give him that. And I believe that he’s not taking KSA’s any less seriously than any other case.

But I’m not entirely sure about the deadline though, it’s a bit too untimely. I hope most of these problems get solved somehow before the end of this year.

We can argue about the methods but we can’t argue about the results.

1 Like

Dear all
after update i can not see VAT ID and invoice time when i scan the QR Code and we can not adjust the invoice information on the A4 page because the information starting from the beginning of the page
Also if you have any idea to advise for the below points because it is required to be applied in the program
1- should be we can not edit or delete the invoice after created
2- The invoice number should be generated automatically
3- Expotr all invoces on XML

kindly i need your help before 4/12/2021
invoice after update

invoice before update

It will be fixed soon as @lubos said here

What do you mean by that? which information?

you can set user access to Creat and view only from user permission.
Go to Settings > user permission > select user and edit then select Creat and only view

currently, that’s available. select Auto Refernce while creating the invoice.

That’s not a mandatory requirement at the moment from ZATCA. but, you can search in the forum for manager api you will know you must hire a professional developer to achieve your dreams :wink:

In the old version, I went to the interface and modified the programming to show the invoice information in the middle as the attached picture , if there is any why pleas advice

I searched for Settings > user permission > but it is not available