ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

Billing-software certification — a world-unique regime, since 2010

In Portugal you cannot issue an invoice with just any software: the program itself must be certified by the tax authority (the AT). Introduced by Portaria n.º 363/2010, this regime — unique worldwide in its earliness and scope — forces every program to cryptographically sign invoices and carry a certificate number. It is the oldest and most systematic anti-fraud lock in Europe.

History — Portaria 363/2010 and beyond

In 2008, SAF-T (PT) already let the AT audit billing — but nothing technically stopped a company from editing or deleting invoices before generating the file. To close that gap, Portugal pushed the control upstream, into the software itself.

Portaria n.º 363/2010 (23 June 2010) creates mandatory certification: every billing program must sign each document with a private key declared to the AT, chain the signatures, and display its certificate number. Roll-out was staged by turnover threshold, then generalised by Decreto-Lei n.º 198/2012. Decreto-Lei n.º 28/2019 overhauled all billing obligations and prepared the arrival of ATCUD and the QR code (2023).

text certification-timeline.txt
2008       | SAF-T (PT) mandatory: the AT can audit billing, but nothing
           | yet prevents editing invoices after the fact.
           |
2010       | Portaria n.º 363/2010 (23 June) — creates MANDATORY billing-
           | software certification. Every program must cryptographically
           | sign each document and obtain an AT certificate number.
           |
2010-2011  | Phase-in by turnover threshold: large companies first
           | (turnover > 250,000 EUR), then progressively lowered.
           |
2012       | Decreto-Lei n.º 198/2012 + Portaria 22-A/2012: generalisation,
           | mandatory "Processado por programa certificado" notice.
           |
2013       | Coupled with e-fatura — the certified invoice feeds the
           | monthly SAF-T submission to the AT.
           |
2019-2020  | Decreto-Lei n.º 28/2019 — overhaul of billing obligations,
           | confirms certification and prepares ATCUD + QR code.
           |
2023       | ATCUD + QR code mandatory on the certified invoice: software
           | signing is now doubled with an enforceable, scannable unique
           | document code.

Governance — AT, certificate registry

The Autoridade Tributária e Aduaneira processes certification requests, assigns a number (e.g. 1234) and publishes the public list of certified software. To be certified, a vendor submits a declaration of conformity, a feature description, and demonstrates that its program meets the technical requirements (signing, chained hash, immutability, valid SAF-T).

The vendor stays liable: any version that alters the signing mechanism must be re-submitted. The AT can revoke a certificate. The certificate number appears in the SAF-T Header (field SoftwareCertificateNumber) and on every printed invoice.

Technical mechanism — RSA signature + notice

The core of the scheme is a cryptographic chain. For each invoice the software computes an RSA-SHA1 signature over a string made of the date, the system date, the document number, the total — and the previous invoice's hash within the same series. This hash is stored in the SAF-T (Hash field) and lets the AT verify that the sequence has not been altered.

text certified-invoice-signature.txt
--- Mandatory footer notice on the invoice ---
Processado por programa certificado n.º 1234/AT

--- Technical block generated by the certified software ---
InvoiceNo        : FT 2026A/00417
ATCUD            : JFHA3T7N-417
SystemEntryDate  : 2026-06-12T10:14:33
Hash             : kEr8mQ2...base64(RSA-SHA1)...==
HashControl      : 1            (AT private-key version)

--- Hash computation (chaining) ---
text_to_sign = InvoiceDate ; SystemEntryDate ;
               InvoiceNo ; GrossTotal ;
               Hash_of_previous_invoice

Hash = base64( RSA-SHA1( text_to_sign, vendor_private_key ) )

# The vendor's private key is paired with a public key declared
# to the AT at certification time. The AT can therefore verify the
# integrity and sequence of ALL invoices.

A world-unique regime

Several countries have since introduced software anti-fraud schemes, but Portugal remains the pioneer and the most complete:

CountrySchemeYearChained signature
PortugalMandatory AT certification2010Yes (RSA-SHA1)
FranceVAT anti-fraud law (POS software)2018Immutability, no AT RSA chain
GermanyKassenSichV / TSE (POS)2020Hardware TSE module
SpainVeriFactu / TicketBAI2024-2026Chained hash (inspired by PT model)
HungaryOnline Számla (real-time reporting)2018Reporting, not software certification

Adoption — the whole PT software market

  • Several thousand certified programs are listed in the AT public registry — from large ERPs (Primavera, PHC, Sage) to billing SaaS (Moloni, InvoiceXpress, Vendus, KeyInvoice, Bill.pt).
  • Market condition: no vendor can sell billing software in Portugal without certification — it is a structuring barrier to entry.
  • Near-universal coverage: outside micro-entities below thresholds, every Portuguese invoice is now issued by a certified program.
  • Source of inspiration: Spain's TicketBAI / VeriFactu (2024-2026) explicitly reuses the Portuguese chained-hash logic.

Common pitfalls

  • Invoice without the certificate notice. Omitting "Processado por programa certificado n.º XXXX/AT" makes the invoice non-compliant, even if everything else is correct.
  • Editing an issued invoice. A certified invoice is immutable: to correct it you issue a credit note (NC), never an edit. Any attempt breaks the hash chain.
  • Mixing series. Hash chaining is per series. Issuing out of order across series, or reusing a number, invalidates the sequence and blocks e-fatura submission.
  • In-house tool not certified. A company building its own billing tool must certify it like any vendor — internal use does not exempt it.
  • Confusing software certification with SAF-T. SAF-T is the file; certification guarantees that the software producing it is tamper-proof. The two are linked but distinct.