Implementation of the E-invoicing system is a pivotal shift in UAE. This is triggered in enhancing operational efficiency and tax compliance as the UAE builds its digital tax infrastructure. A clear and systematic accreditation framework has been put in place by the Ministry of Finance for the service providers providing e-invoicing services across the country to facilitate this system.

This guide forms the legal basis for the eligibility standards, accreditation process, compliance monitoring on an ongoing basis, and renewal or cancellation conditions of the accreditation of Service Providers running business within the UAE's E- Invoicing System. It sets forth requirements and obligations for Service Providers aiming to be accredited or renew their accreditation in order to meet the Ministry's regulatory requirements.

Legal Framework Governing E-Invoicing in the UAE 

The electronic invoice mandate in the UAE, is supported by a defined set of legal and regulatory framework. They are:   

The constitution, 

1. Federal Law No. 1 of 1972 on the Competencies of Ministries and Powers of the Ministers, and its amendments,
2. Federal Decree-Law No. 13 of 2016 on the Establishment of the Federal Tax Authority, and its amendments,
3. Federal Decree-Law No. 8 of 2017 on Value Added Tax, and its amendments.
4. Federal Decree-Law No. 28 of 2022 on Tax Procedures, and its amendments.
5. Federal Decree-Law No. 47 of 2022 on the Taxation of Corporations and Businesses, and its amendments.

Important Definitions and Concepts under the UAE E-Invoicing Accreditation Framework

1. State: Referring to United Arab Emirates (UAE)
2. Ministry: Referring to Ministry of Finance (MoF)
3. Authority: Referring to Federal Tax Authority (FTA)
4. Person: Referring to any natural person or juridical person/legal entity.
5. Financial Year: The 12 month period for which the person makes financial statements, or the Gregorian calendar year.
6. Business day: Describes what qualifies as a business activity. Any activity no matter what type, that is conducted regularly, which is done on an ongoing basis (continues over time) and is carried out independently by a person or entity, which means you’re doing it on your own or as your own business, not as an employee. The activity can happen anywhere, such as industrial, commercial, agricultural, vocational professional, service or excavation activities or any other activity involving uthe use of property, whether it’s tangible or intangible.
7. Electronic Invoicing System: It's a digital system that lets businesses create, send, receive, and manage invoices and credit notes online — making the process faster, paperless, and compliant with government regulations.
8. Electronic Invoice: Invoice that is created, sent and received using the Electronic Invoicing System, formatted in a standardized digital structure that allows it to be processed automatically and electronically.
9. Electronic Credit Note: A credit note that is generated, sent, and received via the Electronic Invoicing System in a standardized digital format, allowing for seamless automatic and electronic processing.
10. Tax Data: Any information needed for the tax reporting and compliance purposes, such as tax registration numbers, details of transactions and the tax amound to be paid.
11. Electronic Invoicing Services: The service for transmission, reception, and exchange of Electronic Invoices, Electronic Credit Notes, and other related business documents, carried out in compliance with the mandates set by the Ministry and established within the Peppol Interoperability Framework.
12. Service Provider: An organization authorized by OpenPeppol to access the Peppol Interoperability Framework.  
13. Pre-Approval: A temporary approval granted to a service provider after submitting their application for accreditation to the Ministry, as per the rules of this Decision. 
14. Data Dictionary: This refers to a centralized database or system that holds all the official rules, formats, and data fields that must be used when creating Electronic Invoices and Electronic Credit Notes in accordance with the governance standards of the Peppol Interoperability Framework and the requirements prescribed by the Ministry.
15. Peppol Interoperability Framework: The Peppol Architectural Framework and the Peppol Governance Framework.
16. Peppol Architectural Framework: A collection of technical guidelines that outline the standards needed to enable different business systems to work together smoothly within the Peppol Interoperability Framework, ensuring seamless communication and data exchange for all participating End Users.
17. End User: A recognized individual or organization that is accountable for the business information contained in the documents exchanged (whether sending or receiving) with other parties through Peppol Services within the Peppol Interoperability Framework.
18. Peppol Governance Framework: A collection of agreements, internal rules and operational guidelines that manage and support the functioning of the Peppol Interoperability Framework.
19. Accreditation: The official approval /authorisation granted by the Ministry to the Service Provider as per the rules of this Decision.
20. Accredited Service Provider: A service provider that has received official Accreditation to deliver Electronic Invoicing Services within the UAE, as per the provisions of this Decision.
21. OpenPeppol: An international non-profit organization that is responsible for the development and maintenance of the Peppol Interoperability Framework.
22. Peppol Service Provider Agreement: A contract between OpenPeppol and the service provider that permits the service provider to deliver Peppol Services according to the Peppol Interoperability Framework within approved service areas.
23. Peppol Services: Services offered by a Peppol Service Provider that fully adhere to the terms of the Peppol Services Provider Agreement and meet the operational and technical standards of the Peppol Interoperability Framework.
24. Peppol Service Provider Product or PSP Product: The software or technology solutions utilized by a Service Provider to deliver Electronic Invoicing Services to its End Users.
25. Peppol Authority Specific Requirement or PASR: Specific conditions or standards established by the Ministry that go beyond the requirements of the Peppol Interoperability Framework.
26. Central Register: A database managed by the ministry that records all Accredited Service Providers and the End Users onboarded by those Accredited Service providers to deliver Electronic Invoicing Services within the UAE.
27. PINT AE: Peppol International is a standardized approach that outlines a set of technical specifications for formatting business documents like Electronic Invoices and Credit Mptes. It allows these formats to be adapted to suit the specific requirements of individual countries, while still ensuring compatibility and seamless data exchange across international networks.The UAE’s specific requirements are listed in it’s official Data Dictionary.

28. What are the eligibility criteria to be accredited in UAE?** 

A Service Provider can only offer Electronic Invoicing Services in the UAE if they have received official Accreditation from the Ministry under this Decision. The Ministry shall establish and maintain a central Register listing all Accredited Service Providers authorised to operate under the Electronic Invoicing System within the State. 

To qualify for Accreditation, a Service Provider must satisfy several important conditions. They are: 

1. Company Registration Conditions

The service provider is considered to have fulfilled the necessary company registration conditions if it: 

• Is a juridical entity established under UAE legislation or a foreign entity licensed to conduct  business within the state.
• Maintains a minimum paid up capital of AED 50,000 evidenced through valid legal documents (valid trade or commercial license or similar document issued by the relevant authorities in the state).
• Submits audited financial statements for the most recent financial year or commits to submitting them within six months if not  immediately available. 

• Possesses an ISO 22301 certification to demonstrate its business continuity capabilities. If not available during the time of submitting the application, they shall obtain and submit with a grace period of three months from the end of the financial year for submission. 

  2) Need to be a Peppol Access Point Provider

• A service provider will be considered to be in compliance with the service provider standards, if they meet the following conditions:
• Retain an active Peppol-certified status.

Peppol, or Pan-European Public Procurement On-Line is an international framework that standardizes the exchange of electronic documents, such as e-invoices and purchase orders between businesses and government entities. Originally developed for the European market, it’s now widely adopted across regions seeki

ng to modernize and harmonize their procurement and invoicing processes. 

Achieving Peppol certified status signifies that a service provider has successfully met the stringent technical, operational and security standards as outlined by the Peppol authority. Certification confirms that the provider’s system is fully compatible with the Peppol network and can securely exchange e-documents with the accredited participants. 

• Comply fully with the Peppol Interoperability Framework  and Peppol Authority Specific Requirements (PASR) 
  When a service provider is required to comply with the Peppol Interoperability Framework, it means their system and operations must align with the technical, security and procedural standards set by PEPPOL to ensure seamless, secure and reliable exchange of electronic documents across the network. 

  PASR refers to additional rules and operational guidelines set by a local PEPPOL authority, tailored to the needs and regulations of their jurisdiction. For a service provider, this means beyond complying with the global Peppol framework, they must also meet the localised conditions to operate within the specific market. These cover areas like registration processes, data privacy standards, or reporting obligations. 

• Ensure its products meets the Peppol Interoperability standards for the UAE (PINT AE) and all associated specifications as outlines in the Data Dictionary)
• Implement any further technical or procedural requirements that may be issued by the Ministry.

3)Obligations for tax registration:

• All service providers are mandated to be registered for Corporate Tax in accordance with Federal Decree-Law no:47 of 2022. Additionally, registration for VAT is required where applicable, following Federal Decree-Law no:8 of 2017.

4)PSP Product Information Security requirements need to be satisfied.

A PSP Product will be considered in compliance with the State's information security requirements, for meeting the eligibility criteria, if the following requirements are met: 

• Implementation of multifactor authentication  for user access. This enhances the security reducing the risk of unauthorised access by requiring users to provide multiple forms of verification before accessing systems, even if login credentials are compromised.  This typically includes a combination of something that the user knows like a password, something the user has like a security token/ mobile device, or a biometric verification.
• Data encryption both in transit and at rest. This is crucial for protecting sensitive information from unauthorised access.

1. Encryption in transit ensures that data transmitted over networks is encrypted, preventing interception or tampering during transmission.
2. Encryption at Rest protects data stored on devices or servers by encrypting it, safeguarding against unauthorized access in case of physical theft or unauthorized server access.

• Regular security monitoring.
• Valid ISO/IEC 27001 certification for the product.
• The Service Provider must adhere to all regulatory obligations specific to the End Users, including application and data hosting, storage, archival and residency requirements, such as national cloud security policy and critical information infrastructure protection policy.

5)Self declaration condition:

The service provider submits the self-declaration form in the following format, they will be considered to be eligible. The service provider has to state that: 

• It is not under liquidation, bankruptcy, or subject to criminal proceedings affecting financial standing.
• It is not blacklisted by any governmental authority.
• It commits to offering a minimum of 100 free eInvoice exchanges and reporting services per annum from the date of the signature of the end-user agreement.
• Ensures the confidentiality of all the data and information accessed or acquired while delivering Peppol services, except where disclosure is required in accordance with the applicable laws.
• Abide by any additional Ministry prescribed obligations.

6) Insurance requirements:

For meeting the eligibility criteria, the service provider must meet the following insurance requirements: 

• Keep a professional indemnity insurance, which is issued by an insurance company operating in the UAE, with total liability of no less than AED 2,500,000
• Crime insurance coverage from an insurance company operating in the UAE, of no less than AED 5,000,000
• Cyber fraud insurance from an insurance company operating in the state, of no less than AED 5,000,000.

Steps to apply for the accreditation of service providers in UAE.

For the service provider to be get accreditation in UAE, they are to follow the following step: 

Accreditation Application: 

• A Service Provider seeking Accreditation under is required to submit a formal application to the Ministry in the form and manner prescribed by the Ministry.
• The application must be accompanied by all necessary information and supporting documents as specified by the Ministry, intended to demonstrate the Service Provider’s eligibility against the criteria set forth.
• Upon receiving a complete application, the Ministry will conduct a review and, within ninety (90) Business Days, either issue a decision on the application or request additional information from the Service Provider.
• If additional information is requested, the Ministry will then issue a decision to approve or reject the application within thirty (30) Business Days of receiving the requested details.
• If the application is approved, the Ministry will notify the Service Provider within five (5) Business Days from the approval date.

• The Ministry reserves the right to reject an application under the following circumstances: 

  • If the service provider fails to meet the eligibility criteria.
  • For any other reason deemed appropriate by the ministry.

• Any decision to reject an application will in

  1. Testing procedures for pre-approval:
• Following the approval of the accreditation, the Service Provider is required to successfully complete the Pre-Approval testing procedures, which include:
• Interoperability Testing
• The Service Provider must complete interoperability testing through services provided by OpenPeppol, demonstrating its capability to send and receive Electronic Invoices and Electronic Credit Notes in compliance with PINT AE and relevant technical specifications within the Peppol Interoperability Framework.
• Verification Testing
• The Service Provider must conduct verification testing to confirm its ability to verify End Users with the Federal Tax Authority and to successfully onboard End Users to the Electronic Invoicing System.
• Upon completion of these testing procedures, the Ministry will review the outcomes and issue a notification to the Service Provider within seven (7) Business Days from the date the testing is concluded.

3)Production Certificate and access

After successfully completing the Pre-Approval testing procedures, the Service Provider must undertake several additional steps before Pre-Approval can be officially granted. These steps collectively verify the operational readiness of the Service Provider to deliver Electronic Invoicing Services under the official framework:   

• Obtain a production Public Key Infrastructure  certificate from OpenPeppol in accordance with the Peppol Interoperability Framework.
• Acquire access to the EmaraTax production End User verification Application Programming Interface from the Federal Tax Authority.
• Perform a trial onboarding run using the production API, registering End Users into the Peppol Interoperability Framework.

• Conduct a trial operational run within the Peppol production environment, utilizing the  Public Key Infrastructure certificate and successfully meeting both the international Peppol testing standards and the State’s specific requirements. 

  1. Granting pre-approval

Upon successful completion of the application review, pre-approval testing and production environment readiness, the service provide will be granted with the pre- approval from the Ministry. 

This Pre-Approval allows the Service Provider to begin provisionally offering Electronic Invoicing Services within the State. The Service Provider is then required to complete the remaining Accreditation testing obligations outlined within a timeline to be determined and communicated by the Ministry. 

5)Granting accreditation:

a) Following the issuance of pre-approval, the service provider must fulfill the final accreditation testing requirements, which include: 

• Tax Data Reporting Testing

The Service Provider must complete testing to validate its ability to transmit Tax Data documents, generated from Electronic Invoices and Electronic Credit Notes, to the Federal Tax Authority.  

• OpenPeppol Testing Services

The Service Provider must successfully complete all required testing services established by OpenPeppol.

• Operational Readiness Trial Run

A trial run must be conducted in the production environment in coordination with the Authority to confirm full operational readiness.

b) Upon successful completion of these obligations mentioned above, the Ministry shall:

• Formally grant Accreditation to the Service Provider.

• Publish the details of the newly Accredited Service Provider for public and stakeholder reference.

  c) The Accreditation status granted under this provision will remain valid for two (2) years from the date of issuance.

6)Ongoing evaluation of accreditation:

To maintain the integrity of the Electronic Invoicing System, and ensure Accredited Service Providers continue to comply with all applicable criteria and obligations under this Decision, the Ministry reserves the right to request relevant records, information, and documentation from any Accredited Service Provider at any time. The Service Provider must submit the requested materials within the timeline specified by the Ministry. This enables the Ministry to periodically monitor performance, technical compliance, financial standing, and adherence to security, operational, and regulatory requirements.

What are the steps to renew the accreditation?

1. Application for Renewal:

An Accredited Service Provider wishing to continue offering Electronic Invoicing Services must apply to the Ministry for the renewal of its Accreditation. This application must be submitted no later than seventy (70) Business Days before the expiration of its current Accreditation.

1. Documentation requirements:

The application renewal under the above clause, must include sufficient documentation to demonstrate continued compliance with the eligibility criteria and obligations, particularly: 

1. Proof of fulfilment of eligibility requirements that is put forward by the Ministry.
2. Evidence of valid and enforceable insurance policies, which is mentioned under the insurance requirements.
3. Confirmation of ongoing compliance with PSP Product information security requirements, including a valid ISO/IEC 27001 certification and notification of any changes to the Service Provider’s business or product environment.

4. Any other information or documents the Ministry may request.  

   3)Review Process:

The Ministry may assign an independent third party to carry out the review and assessment processes associated with the renewal application, as deemed necessary.

 4) Decision Timeline:

The Ministry will issue a decision to approve or reject the renewal application within sixty (60) Business Days from the date of receiving the complete application and shall notify the Service Provider of the outcome within five (5) Business Days from the date the decision is issued.  

  5) Grounds for Rejection:

A renewal application may be rejected in the following cases:

a) Failure to meet the eligibility criteria 

b) Incomplete submission of the required documentation and evidence confirming ongoing compliance.

c) Any other reason the Ministry deems appropriate.

6) Rectification Period:

If a renewal application is rejected, the Ministry will provide written reasons and allow the Service Provider a rectification period of no less than twenty (20) Business Days to resolve the issues identified.

7) Expiry and cancellation: 

Accreditation will be automatically cancelled, and all associated links to represented Persons will be revoked if:

a) The Service Provider fails to submit a renewal application within the prescribed timeline given for the renewal (70 business days)

b) The Service Provider does not rectify the cause of rejection within the prescribed timeline.   

What happens when your accreditation is terminated?  

1. Grounds of Termination 

   The Ministry may terminate the Accreditation of a Service Provider in any of the following circumstances:

   a) Upon request by the Accredited Service Provider wishing to voluntarily cease operations. The Service Provider must offboard all End Users and settle any outstanding obligations before submitting the termination request.

   b) If the Accredited Service Provider fails to comply with, or no longer meets, the conditions of Accreditation outlined in the eligibility criteria.

   c) If the Ministry receives validated complaints from End Users concerning the conduct, responsibilities, or obligations of the Service Provider.

   2) Notification of termination: 

   The Ministry shall notify the Accredited Service Provider of the termination decision within five (5) Business Days, providing the reasons for the decision.

 3) Service Provider’s Obligations

Upon receiving the termination notice, the Accredited Service Provider must inform all its associated End Users of the termination within five (5) Business Days.

4) Delisting Process

Termination results in the delisting of the Service Provider from the Central Register and all related systems within five (5) Business Days following receipt of the termination notification.

5) Notification to OpenPeppol

Following termination, the Ministry will formally notify OpenPeppol to remove the Service Provider from the OpenPeppol website and directory.

6) Finality of Decision

Termination decisions are considered final and cannot be appealed before any judicial authority under the following circumstances:

1. If the Service Provider fails to file an objection against the termination notice within forty (40) Business Days from the date of receiving the termination notice.
2. If the Ministry rejects the objection filed by the Service Provider.

7) Temporary Disqualification 

In cases where termination occurs when the Accredited Service Provider fails to comply with, or no longer meets, the conditions of Accreditation outlined in the eligibility criteria, the Service Provider will be disqualified from applying for Accreditation for a period of two (2) years from the date of termination notification.  

Objection against the termination of accreditation

1. Grounds for objection:

A Service Provider whose Accreditation has been terminated, they have the right to formally object to the decision on either of the following grounds: 

1. The Service Provider has met the conditions for eligibility for Accreditation.
2. The complaints received by end-users by Ministry, leading to termination were baseless, unreasonable, or unjustifiable.

2)  Submission of Objection: 

The Service Provider must submit its written objection to the Ministry within forty (40) Business Days from the date of receiving the termination notice. The objection must clearly state the reasons for contesting the decision and be supported by relevant documentation.

3) Review and decision:

The Ministry will review the objection and issue a decision to accept or reject it within thirty (30) Business Days of receipt. The Service Provider will be informed of the Ministry’s decision within five (5) Business Days after the decision is made.

4) Submission format:

The objection must be submitted in the format and manner specified by the Ministry.

5) Outcome of a successful objection:

If the objection is accepted by the Ministry: 

1. The Service Provider’s Accreditation will be reinstated.
2. Its details will be re-published as an Accredited Service Provider.
3. OpenPeppol will be notified to re-list the Service Provider in its official directories.

Conclusion

Navigating the accreditation process as an e-invoicing service provider in the UAE requires a clear understanding of the regulatory framework, technical requirements, and integration protocols mandated by the Federal Tax Authority. This guide has outlined the essential steps and considerations to help your organization prepare for and successfully achieve accreditation.

As a trusted and accredited E-Invoicing Service Provider, Flick Network brings proven expertise in supporting businesses through this process, offering fully compliant, scalable, and efficient solutions tailored to the UAE’s evolving digital tax ecosystem.

For more info visit us now.