E-Invoicing compliance and the great electronic signature swindle
You may not realise it, but there is no need for electronic invoices within the EU to have an electronic signature
This has actually been the case since 1st January 2013, and yet, so much of the payments industry is still beating the drum for the need to use electronic signatures. Even the much-respected UK National E-Invoicing Forum is guilty of trying to turn the clock back as they explain here.
Why is this and what impact is it having on the industry? Well, I believe some players within the industry are actively hampering the adoption of e-invoicing by propagating this myth. So, in order to ‘bust’ the myth, I thought I would examine the relevant EU Directives and consider how perceived ambiguity within the legislation, is enabling those with vested interests in the use of electronic signatures to restrict the choices organisations make when implementing e-invoicing and, as a result, are limiting the potential growth of the e-invoicing industry.
What is an e-invoice and e-signature?
Before we start, let’s be clear what exactly we are talking about. What is an electronic invoice? The EU  recognises an electronic invoice, as any invoice which has been issued and received in any electronic format. This includes both structured documents (e.g. XML) and unstructured (e.g. PDF).
What is an electronic signature? An electronic signature is data in electronic form that are attached to, or logically associated with, other electronic data and that serve as a method of authentication. There are various forms this can take, relevant to our subject however are ‘qualified electronic signatures’ which is “an advanced signature with a digital certificate encrypted by a secure creation device e.g. smart card”. 
The EU Directives
It has been widely believed that the adoption of e-invoicing across Europe has been hampered by the requirement to electronically sign e-invoices. The technological infrastructure required to adopt specific electronic signature technology has been a barrier to potential adopters of e-invoicing who are looking to e-invoicing, as a way, to reduce costs and processing burdens.
As a result, a new EU Directive (2010/45/EU) was issued, amending primary legislation Directive 2006/112/EC, specifically Articles 233 and 247. The Directive sets out clearly that electronic signatures are not required on e-invoices. The Directive instead sets out the need to ensure three key things when using e-invoicing;
Authenticity and integrity
The Directive is specific that the way a user ensures authenticity and integrity is for the user to decide and there is no requirement to use one particular method of e-invoicing to ensure compliance. An electronic signature is but one way to ensure authenticity and integrity, it is not the only way.
Whilst Directive 2010/45/EU clearly removed the requirement of an electronic signature, a criticism was that it did not specifically outline how to ensure authenticity and integrity without one. The European Committee for Standardization (CEN) subsequently produced compliance guidelines to reduce the confusion and ambiguity which surrounded the original Directive, and it is the CEN Guide  that we draw upon now.
The Directive gives three examples of approaches that can be used to ensure compliance:
- Electronic data interchange (EDI)
- Qualified electronic signature
- Business controls, which create a reliable audit trail between an invoice and a supply of goods or services
EDI, with or without qualified electronic signatures, is already established as an accepted method of compliance, so let’s examine in more detail the area of business controls as a way to establish authenticity and integrity. It is of importance to note that EDI and e-signatures are not synonymous. There are many EDI implementations that use e-signatures, but there are also many that do not.
Most organisations will be operating 2- or 3-way matching as part of their standard business processes. These existing checks, usually through an ERP system, create an audit trail linking invoices and supplies, are often sufficient to ensure authenticity and integrity.
CEN and HMRC guidance
“The ERP invoice record will not only contain data derived from the invoice but also supplementary data created by the ERP. This supplementary data is independent of the invoice and can therefore be used within authenticity and integrity verification”. 
Information that must legally be included on an invoice help an organisation to establish the authenticity and integrity of the invoice – name, address, VAT number, invoice number, taxable/gross amounts etc. Requesting that suppliers send invoices containing the relevant purchase order (PO) number is another way, that organisations can support integration to their audit trail, and is something we would recommend establishing with your trading partners during the onboarding process. The UK’s HMRC gives further guidance here.
One note of caution, provided by the CEN guidelines, when using the audit trail as a method of compliance is to consider acceptable tolerance levels, so the acceptable difference between values on documents being matched. If tolerances are set too high it will reduce the reliability of the matching process and therefore reduce the ability of the audit trail to verify authenticity and integrity. This is something businesses need to consider during their set-up phase.
So, there is an EU Directive clearly stating that there is no requirement for e-signatures to be used, and further CEN guidance to provide clear explanations as to how compliance can be ensured without the use of such technology; and yet there is still so much confusion surrounding e-invoicing and the need for electronic signatures. Why?
Ambiguity and vested interests
The Directive itself, which sought to simplify e-invoicing to enhance adoption rates, in reality has caused uncertainty. The Directive clearly sets out that there are multiple methodologies and technologies that can be used compliantly for e-invoicing, and yet, is not abundantly clear on how to do this outside of EDI or electronic signature options.
The subsequent CEN guidelines were issued to clear up this ambiguity, but some within the industry are still selling the EDI and e-signature methods as the only way to definitively guarantee compliance. Perhaps not surprisingly this message is the one being communicated by some service providers who just happen to provide technology based on EDI and/or e-signatures. But even some auditors are giving incorrect information, creating uncertainty, which leads to fear, which leads to another company potentially unable to utilise e-invoicing to its fullest.
 Council Directive 2010/45/EU, amending Directive 2006/112/EC on the common system of value added tax as regards the rules on invoicing (July 2010)
 Department for Business Innovation and Skills: Electronic Signatures (September 2014)
 CEN Workshop Agreement: Good Practice: e-Invoicing Compliance Guidelines – the Commentary (May 2012)
 HMRC: VAT Notice 700/63: electronic invoicing (April 2014)
Are you trying to evaluate your e-invoicing options?