Introduction to ZATCA Phase 2: The Integration Phase

As Saudi Arabia continues its digital transformation journey, the Zakat, Tax, and Customs Authority (ZATCA) has moved into the most critical stage of the e-invoicing mandate: Phase 2 (Integration Phase). Unlike Phase 1, which focused on generating and storing electronic invoices, Phase 2 requires real-time or near-real-time integration between your accounting software and ZATCA’s Fatoora Portal.

For Saudi SMEs, this isn’t just a technical upgrade—it’s a fundamental change in how business transactions are recorded and reported. At Qeemah, we have designed our platform to handle these complexities automatically, ensuring you remain compliant without disrupting your operations.

Key Differences: Phase 1 vs. Phase 2

Understanding the shift is vital for any business owner or accountant. The following table summarizes the evolution of requirements:

Feature	Phase 1 (Generation)	Phase 2 (Integration)
Objective	Generate & Store XML/PDF Invoices	Real-time Integration & Validation
Invoice Types	Standard & Simplified	Standard, Simplified, Credit/Debit Notes
Format	Any electronic format (PDF/Image)	XML (UBL 2.1) or PDF/A-3 (with XML)
ZATCA Interaction	No direct reporting required	Real-time (B2B) or 24hr Reporting (B2C)
Security	Basic QR Code	Cryptographic Stamp, UUID, ICV, PIH

Technical Requirements for Phase 2 Compliance

To be compliant with Phase 2, your accounting software must generate invoices containing specific technical identifiers. These ensure the integrity and traceability of every transaction.

1. Universally Unique Identifier (UUID)

Every invoice must have a 128-bit UUID. This is a globally unique ID generated by the system to ensure that no two invoices in the world share the same identification number.

2. Invoice Counter Value (ICV)

This is a non-resetting counter that tracks the number of invoices issued by a specific device or EGS (E-Invoicing Generation Suite). It prevents the deletion or tampering of invoice sequences.

3. Previous Invoice Hash (PIH)

This is the most critical security feature. Each invoice contains a digital ‘fingerprint’ (hash) of the previous invoice. This creates a chain of records, making it impossible to insert or delete an invoice from the history without breaking the chain.

4. Cryptographic Stamp

For B2C (Simplified) invoices, the system must apply a digital signature or ‘stamp’ provided by ZATCA during the onboarding process to verify the authenticity of the issuer.

💡 Pro Tip: You can verify if your current QR codes are compliant using our ZATCA QR Decoder. For the full technical breakdown of TLV encoding and Phase 2 cryptographic tags, see our ZATCA QR Code Requirements guide.

Standard vs. Simplified Tax Invoices in Phase 2

ZATCA distinguishes between two main types of transactions, each with its own workflow in Phase 2:

✅ Standard Tax Invoices (B2B / B2G)

Used for transactions between businesses or government entities.

Workflow: Clearance. The invoice must be sent to ZATCA in real-time. ZATCA validates it and returns it with a ‘Cleared’ status. Only then is it legal to share with the buyer.
Requirement: Must include the buyer’s VAT number and address.

✅ Simplified Tax Invoices (B2C)

Used for transactions between a business and an individual consumer.

Workflow: Reporting. The invoice is issued to the customer immediately. However, it must be reported to ZATCA within 24 hours of issuance.
Requirement: Must contain a QR code that includes the cryptographic stamp.

The Onboarding Process: How to Connect to Fatoora

Before you can start issuing Phase 2 invoices, your system must be ‘onboarded’ to the ZATCA production environment. This involves three main steps:

Generation of CSR: Your ZATCA-compliant software generates a Certificate Signing Request.
Sandbox Testing: Testing the connection in a non-production environment to ensure XML structures are correct. Check our Sandbox vs Production guide for details.
Production Onboarding: Obtaining the final CCSID (Compliance Cryptographic Stamp Identifier) to start live operations.

Common ZATCA Rejection Errors and How to Avoid Them

Integration often leads to technical errors if the data isn’t perfectly formatted. Here are some common codes SMEs encounter:

KSA-1: Invalid VAT category code. Ensure your tax settings match ZATCA’s expected categories (S, Z, E, O).
KSA-3: Missing Previous Invoice Hash. This usually happens if the database sequence is broken.
KSA-9: Invalid QR Code encoding. QR codes must be TLV (Tag-Length-Value) encoded.

Check our full list of Top 15 ZATCA Rejection Errors to stay ahead of the curve.

Checklist for Phase 2 Readiness 📋

Audit Your Software: Does your accounting software really comply with ZATCA? Run the 5-point test before anything else.
Verify your Wave: Check which wave your business falls into based on your 2022 or 2023 VAT-taxable revenue.
Update Software: Ensure your provider is an accredited ZATCA solution.
Clean Data: Ensure all customer VAT numbers and addresses are accurate in your CRM.
Train Staff: Accountants must understand the 24-hour reporting rule for B2C invoices.
Test XML: Use the ZATCA XML Viewer to inspect your invoice structures.

How Qeemah Simplifies ZATCA Phase 2 for You

Navigating Phase 2 alone is risky and technically demanding. Qeemah (قيمة) is built specifically for the Saudi market, automating the entire integration process so you can focus on growth.

Automatic Onboarding: Connect to the Fatoora portal in just a few clicks.
Real-time Clearance: We handle the B2B clearance and B2C reporting workflows in the background.
Built-in Validation: Our system checks for errors before submission, preventing ZATCA rejections.
Secure Archiving: All UUIDs, Hashes, and XML files are stored securely for the mandatory 10-year period.

Ready to automate your compliance? Explore Qeemah Features | View Pricing Plans | Contact our Saudi Experts

ZATCA Phase 2 E-Invoicing Requirements: Complete 2026 Guide for Saudi SMEs