e-invoicing Fundamental Concepts and Introduction to e-signatures Beograd, 9. Oktobar, 2015 Belgrade, October 9th, 2015
e-invoicing, What is it?
Invoicing" or Billing e-invoicing, What is it? It is a concept, a term that traditionally describes the processes and the steps needed to complete a transaction between a byer and a seller, but in a formal or "official manner, ie. registered. That means that the transaction is documented, can be demonstrated, while in the same time provides real evident that both parties of the transaction are actually involved in that transaction (transfer of ownership of goods or provision of services). Usually the term Invoicing determines that the transaction took place between two professionals or businesses, ie. between two natural persons or legal entities, who perform some kind of "official, professional or commercial activity. As the "official" professional or commercial activity means that this activity has been (or has to be) reported / recorded to the appropriate governmental or financial services. The main (the official ) document of a transaction is the Invoice. Can you see the difference between the term e-invoicing and the term Invoice?
e-invoicing" or e-billing e-invoicing, What is it? Electronic invoicing ( e-invoicing ) is the immaterial, the paperless version of the Invoicing/Billing. This means that all (or most) of the processes and steps included in the traditional" paper-based Invoicing, now is made using electronic devices, i.e computers, smart mobile devices, etc. To that sense, we have to think about e-invoicing as an essential part of the e-commerce and e-business. The main (the official ) document of a transaction is the e-invoice What do you understand as e-invoice?
Why e-invoicing?
Why e-invoicing? SAVINGS : Less expenditures to businesses! Serbian Government Policy : Serbia to adopt e-invoicing in Public Sector by 2020. E-Invoicing will be mandatory for all businesses selling to public sector EU official Policy : e-invoicing should be the nominated way for invoicing by 2020.
Savings (just few examples) Why e-invoicing? According to estimates in France, a paper based Invoice costs around 13,8 while the electronic one, only 4! (French Chamber of Commerce) In the UK, the government could save more than 3 billion per year on the costs of invoicing by making the process automated and electronic. (Esa Tihilä CEO, Basware Corporation) Austrian government counts to save approximately 7 Million every year, and overall 15 Million savings are expected in the Austrian economy. All this by saving 70% on the cost of the single invoice compared to the paper format. (WKÖ - Austrian Chamber of Commerce) It is estimated that the average user has been able to reduce processing costs by 50-75%, with a return on investment (ROI) of over 60% p.a. (EU Multi-Stakeholder Forum on e-invoicing)
Legal Environment
Legal Environment EU legal framework relevant to e-invoicing VAT Directive 2010/45/EU: the e-invoicing processes are less dependent on mastering a specific technology. i.e. e-signs, EDI are not mandatory any more. VAT Directive 2014/55/EU on electronic invoicing in public procurement aims to harmonize and standardize public procurement systems among European member states. From year 2018 the use of electronic invoicing in Public Procurement will be mandatory. Regulation 910/2014 (eidas Regulation) on electronic identification and trust services for electronic transactions will enable secure and seamless electronic interactions between businesses, and public authorities at national and international level.
Legal Environment Serbian legal framework relevant to e-invoicing Law on Value-Added-Tax : the minimum content of an invoice (article 42), certification of record-bookkeeping system (article nr 38), etc. Law on Trade : defines dispatch notes (invoice also) they can be either in paper or electronic form (article 35) Law on conditions for trading goods, providing services in the goods circulation and on inspection surveillance : Articles 12, 16, 20, 35 are all potentially relevant to invoices Rulebook on records of the goods and services circulation : Content of dispatch notes, including invoices (article 6)
Legal Environment Some examples of legal requirements, for re-thinking The Serbian Law on VAT requires that a bill (an invoice) should be issued at least in two copies (article 42). This requirement could be quite obvious for paper based bills and invoices, however it should be reconsidered when it comes to e-bills and e-invoicing The Serbian Law on VAT states that the recordkeeping system (software application) being used by a taxpayer, should be certified by tax authorities (article 38). It should be reexamined in the future, in order to be compliant to the contemporary interconnected infrastructures and modern cloud based value added services to enterprises, such SaaS, AaaS The Law on Trade, defines the place in which the trader is obliged to keep his/her sales records (article 37). It should be appropriately adjusted in the future in order to be compliant with the modern cloud services for electronic storage and archiving
e-invoicing, how it works
Seller e-invoicing, how it works The issuer of the e-invoice is (generally) the Seller who is then responsible to send it to the Byer (or to make it available to him). Buyer This is the simplest way of e-invoicing. We will see more ways later
Main steps of a typical e-invoicing procedure e-invoicing, how it works e-order Placement e-invoice issuance e-order receiving and registration Electronic transmission of the e-invoice Electronic process of e-order Internal business preparation for dispatch Delivery of goods/services and (e)confirmation of delivery Electronic delivery of e-invoice, process verification, approval and (e)confirmation e-invoice storage and data archiving e-payment of e-invoice
e-invoicing, how it works a typical e-invoicing procedure, includes : e-invoice issuance Electronic transmission of the e-invoice Electronic delivery of e-invoice, which in turn, includes: o verification process, approval o e-confirmation and o e-invoice acceptance e-invoice storage and data archiving
e-invoicing: Business Models e-invoicing, how it works 1. Direct model, bilateral, peer-to-peer or 2-corner model Seller Byer 2. 3-corner model Seller E-Invoicing Service Provider Byer 3. 4-corner model Seller «Χ» E- Invoicing Service Provider «Υ» E- Invoicing Service Provider Byer
e-invoicing, how it works E-Invoicing related Services (via Service Providers) Articles code matching / mapping (standards) e-invoice issuance on behalf of sellers Authenticity and integrity services e-signatures, e-signs Time stamps Transmission of the e-invoice Storage and data archiving Reporting (to TAX authorities, Statistics, etc.) Financial services (factoring, dyn. discounts)
e-invoicing, how it works e-invoicing main stakeholders Seller Buyer Service Providers (SaaS) Forwarders (transporters, couriers, etc.) Governmental authorities TAX authorities Treasury / Procurement Statistics
Structured e-invoices
Structured e-invoices Structured e-invoices Structured e-invoices EDI, XML and standardization Coding and ISO standards
Structured e-invoices Structured Invoice: Creation of a structured invoice document consists of the compilation of the required data into an agreed e-invoice message in electronic form with a known structure, format and content. This means that contrary to the case with a paper document, where the receiver may well be unfamiliar with the format, with a structured invoice message the format is pre-defined and known to the parties involved. Structured: Unstructured : organized text, like database (tables, fields), identifiable information like bitmap image and sound files, MS Word and.pdf files Benefits No data re-entrance, no-keying, less mistakes Automation, fast process rapid accounting records update Reuse of data - interoperability Rapid Statistics Standardization of business processes Savings Transparency, no human (or less) intervention
EDI and XML EDI: Electronic Data Interchange XML: extended Markup Language Structured e-invoices EDI, is the computer-to-computer data exchange between two companies of standard business documents in electronic format. The exchange of documents takes place in a standardized format. It exists since early 1980s. Now EDI is a term that can refer to any standardized format, including the widely accepted XML format. It is a markup language created by internet bodies W3C in 1986. It defines a set of rules for encoding documents in a format which is both human-readable and machinereadable is a markup language much like HTML (used by all web browsers like IE, Firefox, etc.) was designed to store and transport data was designed to be self-descriptive
Structured e-invoices XML: how it looks like, a simplified example : <invoices search-terms= database+design > <invoice_header> <seller_name>toplicki VINOGRADI</seller_name> <invoice_number>ab00012345</invoice_number> <Issue_Date>20151009</Issue_Date> <Sellers_VAT_Nr>12345678</Issue_Date> <total_ammount>13/03/2003</total_ammount> <currency>serbian Dinnar</currency> <currency_code>rsd</currency_code> </invoice_header> <invoice_items> <invoice_item> <item_id>123456</item_id> <item_name>epigenia</item_name> <item_descr>red Wine</item_descr> <item_unit_price> 1,095.00 </item_unit_price > <invoice_item>.. <invoice_items>. </invoices>
the most common standards which are using for standardization of details of an e-invoice Structured e-invoices Coding and ISO standards look-up tables Language Coding according to ISO 639-1 - Codes for the Representation of Names of Languages Currency Coding according to ISO 4217: 3-character Alphabetic Code for currency designators Business activity Coding according to (ΕC) 1893/20.12.2006 (CPA 2008) Country Coding according to ISO 3166-1 alpha-2-2 letters of Latin alphabet, or ISO alpha-3 3 letters code and ISO 3166-1 numeric-3 3 decimal digits Banking ids BIC - Bank Identifier Code - SWIFT - Society for Worldwide Interbank Financial Telecommunication ΙΒΑΝ - International Bank Account Number according to ISO 13616:1997 CPV CPV: Common Procurement Vocabulary (last version 2007 (2008 - Regulation EC 2195/2002 (as it has been amended by Regulation EC 596/2009) Customs Tariff code - TARIC (for cross-border invoices) TARIC (6 ή 8-digit code) according to Regulation EC 2658/87 Quantity measurement unit According to units based on SI - Système International d'unités, SI National ZIP (Post) Code Coding according to. Standard: a document that sets out requirements for a specific item, material, component, system or service, or describes in detail a particular method or procedure
Introduction to e-signatures
Intro to e-signatures Intro to e-signatures Encryption (Cryptography) Short Intro e-signatures and PKI Certification and qualified e-signatures
Intro to e-signatures Basic Concepts and Terms Encryption (Cryptography) is the transformation of data (text, messages, information, etc) into a not comprehensible encrypted form. The text or other information can be changed to such a form that it would be meaningless and/or impossible to be read by somebody who does not have the corresponding unencryption (decipherment) algorithm and "key" or code Aim of Cryptography The aim of encryption is to secure the privacy of information by maintaining the secrecy of sensitive data from those that have no authorization to see or use them even if they have right to access to them. Basic Methods Two basic types (methods) of encryption based on encryption algorithms and keys: Methods of Symmetric Encryption (with one, secret key) and Methods of Asymmetric Encryption (with a public and a private - secret key). also known as Public Key Algorithms e-signatures are based on Cryptography
Intro to e-signatures Sending an e-invoice via encryption Brief Description sender recipient A simplified process of encryption for the transmission of an e-invoice (XML text - message) could be briefly described as follows: a) the sender creates the initial e-invoice (XML text) and b) using a specific encryption algorithm as well as using a "private encryption key", encrypts the e-invoice text and sends it to the recipient c) the recipient in his turn, uses the un-encryption algorithm and key and unencrypts the message.
Intro to e-signatures More Basic Concepts and Terms Public & Private Keys You can think them as a pair of codes (like passwords). One code is the secret (private) key and the second is a code that is publicly available (to be used by anyone) Digital Envelop The. Session key (or "Symmetric Session Key") This is the code that is being used for the real e-invoice text encryption (symmetric: means that this is the same for both sender and recipient. The "symmetric session key" certainly needs also to be encrypted and this is done using the asymmetric public key of the recipient Hash Functions Hash Functions are mathematical unidirectional (one-way), i.e. it is impossible to recover the original text (or message) from the string created after hashing by applying any type of mathematical calculations to the string. (example: SHA-1 Secure Hash Algorithm 1 from NIST) Hash value or synopsis This is the Digital Finger Print of a specific text (i.e. e-invoice. Any change in the original text will result in an absolutely different synopsis (hash value). It is impossible to recover the original text (i.e. e-invoice) from the string created after hashing by applying any type of mathematical calculations to the string.
Intro to e-signatures and more Basic Concepts and Terms e-signature or Digital Signature (i.e. of an e-invoice in XML text) This is the encrypted hash value. This, consists of letters and numbers, it is of a specific size (has a fixed length) and it characterizes in an absolute and non-disputable way the e-invoice message (the text / data of e-invoice) from which it results Advanced Digital Signature is nothing else but the coded encrypted hash value of a message (e-invoice) using the private key of the sender advanced electronic signature is the electronic signature that fulfills the following requirements: 1. It is related one-to-one with the signer - uniquely linked to him 2. It is capable of uniquely identifying the signer 3. It is created by means that signer can maintain under his sole & exclusive control 4. It is related to the data to which it refers in a way that allows the detection of a later alteration of the given data Qualified e-signatures They are Advanced Electronic Signatures that are issued on the basis of a Qualified Certificate [see next]
Intro to e-signatures and even more Basic Concepts and Terms Digital Certificates They are actually in a digital form (electronic files). A digital Certificate provides : Determination of Identity: it relates or "links" a public key to an individual, an organization, a company, a specific company position, or some other specific entity. Determination of Authorizations: it determines or delimits the actions or the possible activities the holder of a specific certificate can and cannot perform. Guarantee of Confidential Information, e.g. of the encryption of the symmetric session key for the confidentiality of the related data. Typically, a Qualified certificate would contain the following information: a public key a name a Date of Start and/or a Date of Expiration the name of the authority that issued the certificate a Serial Number that uniquely identifies the certificate Standard: Most of the certificates used today have adapted the X.509 standard model any relative policies describing how the certificate was published and/or how it can be used, the digital signature of the certificate provider and perhaps other information
and even more Basic Concepts and Terms Intro to e-signatures Public Key Infrastructure (PKI) This is a network of entities (i.e. public or private companies) having the appropriate infrastructure for public & private keys creation. They are certified by competent authorities and they are all linked together and in an opposite tree structure. The root authority is in the top of certification process. In Serbia the competent top authority is MTTT. Other Certification providers are Post Service (Pošta Srbije - http://www.ca.posta.rs/ ) and MoI (Police). Certification Service Provider (CSP) and the role of CSPs They are 3 rd trusted parties (=Certified entities, businesses, organizations). They provide their infrastructure to authenticate, register and then to create and assign private and public keys to anyone who is interesting in or obliged to use e-signatures (physical persons or legal entities). They authenticate them and they also maintain lists with registered persons. Finally they provide publicly the public keys (and the corresponding Certificates) of the registered persons or entities.
Intro to e-signatures Sender s Private Key Asymmetric Encryption Algorithm Digital Signature Original Sender s e- Invoice Hash Algorithm - Hash Function (SHA-1) Digital Envelop Session Key (Symmetric) Symmetric Encryption Algorithm Encrypted Sender s Message For Transmission Recipient s Public Key Asymmetric Encryption Algorithm Encrypted Session Key e-signatures homework : Try to describe the schema above Promise: I will send back the description to all those who will send me an email with any possible answer
Summary
Summary What is e-invoicing Why is being used (benefits, savings) Reference to Legal Environment (Serbian and EU) How e-invoicing works Service Providers & other key stakeholders Structured e-invoices and reference to structured formats like XML and other ISO standards Short Introduction to e-signatures (complexity?)
Хвала на пажњи и стрпљењу! Panos Zafeiropoulos Project Key-Expert 2 EU - funded Project 'E-Business Development Resavska 21, 11000 Belgrade Tel: +381 11 3235915 e-mail: p.zafeiropoulos@eposlovanje.biz