6 Days a Week
Free On Premise
Accounts & VAT
CSR (Certificate Signing Request) is a critical component of e-invoicing in Saudi Arabia especially with the current phase II by the ZATCA. Since the ERP/POS systems of various enterprises in the Kingdom have to be connected to the Fatoora portal, the CSR has a significant function in implementing ZATCA’s e-invoicing rules. A CSR is created by an Electronic Goods Service (EGS) unit, which includes the relevant information, for example, the organization’s VAT number, public key, or other data needed to distinguish the device for further cryptographic signing of invoices.
The CSR (Certificate Signing Request) plays a major role in acquiring the Cryptographic Stamp Identifier (CSID) that is used for signing Simplified Invoices (B2C) and for communicating with the Reporting as well as the Clearance APIs. The Certificate Signing Request Authority of ZATCA employs details provided in the CSR to develop the CSID, which is essential to the security and genuineness of electronic invoices. During the registration process, the businesses have to provide the CSR together with other documents to meet the new requirements established by ZATCA for their EGS units.
The recent changes in e-invoicing in Riyadh have made it even more pressing to integrate with this type of service. Based on the information provided by ZATCA, the companies which have a specific level of VAT turnover must adhere to the new regulation of e-invoicing by certain dates, so it is essential to know the process of CSR submission. This guide will explain what a CSR (Certificate Signing Request) is, when it should be filed, and the information needed for filing, so businesses are aware of the due dates and can be in compliance with the Saudi e-invoicing rules.
New Information on E-invoicing in Saudi Arabia
29th November 2024 – ZATCA released information that all companies that are KSA VAT registered with a turnover of over SAR 2 million in either 2022 or 2023 fall under wave 18 of phase 2. These businesses need to connect the Fatoora portal with their ERP/POS by 31st August 2025.
1st November 2024 – ZATCA again clarified that businesses with SAR 2.5 million or more turnover in 2022 or 2023 are in wave 17. They have to combine their ERP/POS by 31st July 2025.
27th September 2024 – Companies with turnover of more than SAR 3 million are in wave 16. Such businesses need to achieve integration by 1st April 2025.
In Riyadh, the e-invoicing is in practice, and for any business intending to be onboarded to participate in e-invoicing, the CSR is a prerequisite as it is a regulation.
A CSR (Certificate Signing Request) is a key component of the process for getting a CSID that is a unique identifier for an EGS unit. This identifier is used for signing and sealing the Simplified Invoices (B2C) and for getting access to the Reporting and Clearance Web services in the e-invoicing environment. The CSR contains several key pieces of information, including:
A CSR is required when the EGS unit has been newly registered, or the device is being renewed. The CSR is then uploaded through the e-invoicing platform after inputting a one time password (OTP). This encoded text is important to guarantee that the EGS unit is implemented and adherent to ZATCA’s e-invoicing standards.
The Compliance CSID is a CSID the EGS unit uses to call compliance APIs and check for compliance with ZATCA standards. The CSR is one of the steps in this process of obtaining this Compliance CSID. The e-invoicing platform checks the authenticity of the CSR and the CSID is then generated making sure that the EGS unit is associated with a third party like ClearTax.
While calling these APIs, one has to pass the Compliance CSID in the request header specifically. This helps to meet the requirement of ZATCA for e-invoicing within Saudi Arabia for the EGS unit.
A CSR must contain several fields mandatory for the organization, and all these fields must meet the requirements set by ZATCA. These include:
Non-compliance with these specifications leads to CSR rejection.
After entering the OTP into the EGS unit, the CSR submission follows these steps:
Several errors may occur during CSR submission, such as:
Such mistakes have to be addressed for proper CSR submission and compliance with the ZATCA e-invoicing rules.
A CSR (Certificate Signing Request) is an essential component of e-invoicing in KSA, particularly with the most recent changes to e-invoicing by ZATCA. Companies need to check that their EGS units are compliant with the regulations through the submission of the CSR and acquisition of a Compliance CSID. Knowing the right procedure and correct input of information, the businesses can avoid pitfalls when integrating with Fatoora portal.
