User Guide

ZATCA Compliance

ZATCA Compliance is the Saudi compliance operations runbook for invoice QR output, Wave 2 readiness, XML handling, and routing between reporting and clearance. It is designed for practical finance and billing control: clean seller identity data, controlled onboarding credentials, testable routing behavior, and evidence retention for audit and periodic review.

Roles & permissions

  • Compliance Owner / Admin
  • Configures: ZATCA enablement, Phase, Enable Wave 2, Environment, and sensitive credentials (CSID, CSID Secret, Device Serial, CSR/Certificate/Private Key/Certificate Chain).
  • Reviews: onboarding status, route policy, and readiness before production changes.
  • Should not change freely: seller identity values and route overrides without finance review.
  • Finance Lead
  • Configures: seller name and VAT governance policy.
  • Reviews: invoice QR values, sample XML outcomes, and monthly evidence quality.
  • Should not change freely: technical onboarding credentials without compliance owner approval.
  • Billing Operations
  • Configures: invoice preparation discipline and exception queues.
  • Reviews: route outcomes (reporting/clearance), failed invoices, and corrective actions.
  • Should not change freely: certificate artifacts or production environment settings.
  • ERP Administrator
  • Configures: access controls, operational permissions, and environment hygiene.
  • Reviews: who can run onboarding, who can override per-invoice routes.
  • Should not change freely: policy-level compliance ownership boundaries.
  • Reviewer / Auditor
  • Configures: evidence review checklist only.
  • Reviews: QR/PDF/XML sample sets, onboarding evidence, and monthly compliance packs.
  • Should not change freely: production settings or credentials.

Ownership split recommendation:

  • Seller data ownership: Finance + Compliance.
  • Credentials ownership: Compliance Owner/Admin only.
  • Routing policy ownership: Compliance + Billing Operations with approval trail.
  • Invoice review ownership: Billing Operations + Finance reviewers.

Setup checklist

  1. Confirm seller name and VAT number accuracy.
  2. Decide KSA-only scope (including Visible only for KSA companies (SA) behavior).
  3. Select Environment for pilot (sandbox/simulation) or production.
  4. Set Phase and decide Enable Wave 2 timing.
  5. Enter CSID and CSID Secret.
  6. Enter Device Serial.
  7. Paste CSR (PEM), Certificate (PEM), Private Key (PEM), and Certificate Chain (PEM).
  8. Complete onboarding using OTP from FATOORA where applicable.
  9. Build a pilot invoice sample set.
  10. Validate invoice QR values and PDF QR presence.
  11. Validate reporting vs clearance route logic on sample invoices.
  12. Complete production go-live checklist with owners and signoff evidence.

Key workflows

  1. Basic seller setup
  2. Enable ZATCA.
  3. Set seller name and VAT number.
  4. Apply KSA-only scope.
  5. Create test invoice.
  6. Verify QR values.
  7. Save pilot evidence.
  8. Wave 2 credentials setup
  9. Enable Wave 2.
  10. Choose Environment.
  11. Add CSID and CSID Secret.
  12. Set Device Serial.
  13. Add CSR/Certificate/Private Key/Certificate Chain.
  14. Validate readiness before transmission.
  15. OTP onboarding
  16. Obtain OTP from FATOORA portal.
  17. Enter OTP in onboarding flow.
  18. Run onboarding in simulation or production.
  19. Confirm credentials become active.
  20. Document onboarding success event.
  21. Generate and save XML
  22. Select invoice.
  23. Generate XML.
  24. Sign output.
  25. Save XML to invoice-linked storage.
  26. Review with finance/compliance.
  27. Report vs clear invoice
  28. Determine B2B or B2C context.
  29. Apply auto route or controlled override.
  30. Send via reporting or clearance path.
  31. Review outcome.
  32. Archive status and evidence.
  33. Pilot rollout and monthly evidence pack
  34. Export monthly invoice sample set.
  35. Check QR presence and key values.
  36. Confirm XML generation outcomes.
  37. Review reporting/clearance outcomes.
  38. Build evidence pack for review/audit.
  39. Log issues and corrective actions.

Reports

This module is output/evidence oriented. Recommended packs:

  • QR invoice sample set
  • Contains: sample invoices with QR presence and value checks.
  • Used by: Finance Lead, Reviewer/Auditor.
  • Supports: pilot acceptance and monthly compliance confidence.
  • XML file set
  • Contains: generated invoice XML files linked to invoice IDs.
  • Used by: Compliance Owner, Billing Operations.
  • Supports: readiness and transmission workflow review.
  • Reporting/Clearance outcome pack
  • Contains: route decision, route result, exception records.
  • Used by: Billing Operations, Compliance Owner.
  • Supports: route-policy validation and exception handling quality.
  • Pilot validation evidence
  • Contains: onboarding proof, sample checks, signoff notes.
  • Used by: Implementation Lead, Finance Lead.
  • Supports: go-live decision.
  • Monthly compliance review evidence
  • Contains: recurring sample checks, issue list, corrective actions.
  • Used by: Compliance Owner, Internal Review/Audit.
  • Supports: sustained control after go-live.

Troubleshooting / FAQ

  • QR not appearing on invoice
  • Check ZATCA enablement, seller/VAT values, and invoice generation path.
  • Wrong seller/VAT values in output
  • Re-validate seller identity settings ownership and master data update discipline.
  • KSA scope not behaving as expected
  • Recheck country/entity scope and Visible only for KSA companies (SA) policy.
  • Missing CSID or CSID Secret
  • Block live routing until credentials are complete and validated.
  • Invalid CSR/certificate/private key setup
  • Re-paste PEM artifacts and confirm matching certificate chain.
  • Onboarding failure
  • Verify OTP validity, environment selection, and operator permissions.
  • XML generation failure
  • Review invoice completeness and Wave 2 credential readiness before retry.
  • Reporting vs clearance confusion
  • Publish explicit route policy per invoice type with examples.
  • B2B/B2C route confusion
  • Use invoice-type checks and controlled per-invoice override only when needed.
  • Confusion with E-Invoicing (EU)
  • Keep separate ownership, settings, and runbooks; EU is a different compliance track.

Need help with this section? Contact our team for guided setup support.