Compliance — CTC

Stand up compliant CTC and e-invoicing rails

This playbook sequences policy, architecture, and testing for continuous transaction controls across Italy’s Sistema di Interscambio, Mexico CFDI 4.0, India GST e-invoicing, Saudi Arabia ZATCA Phase 2, Poland’s KSeF rollout, and France’s PPF/DPF framework so finance and tax teams land filings without penalties.

Updated with Poland KSeF revised go-live windows, France’s 2026 phased PPF/DPF obligations, and ZATCA Phase 2 packaging nuances.

Related research: France B2B e-invoicing delay, Poland KSeF deferral, and Saudi Arabia ZATCA Phase 2 readiness.

Map jurisdictional requirements

  • Italy SDI. FatturaPA XML, qualified digital signatures for some sectors, exchange via SDI with near real-time clearance, and 10-year archiving with integrity and timestamping.
  • Mexico CFDI 4.0. SAT-approved PAC certification, real-time stamping, complemento payments, and cancellation acknowledgement with business justification codes.
  • India GST e-invoicing. IRN generation through Invoice Registration Portals for supplies above prevailing turnover thresholds, QR codes on invoices, and real-time acknowledgement tied to GST returns.
  • Saudi Arabia ZATCA Phase 2. JSON-based e-invoices with UUIDs, QR codes, cryptographic stamps, tamper-evident storage, and integration with ZATCA APIs for clearance (B2C reporting and B2B clearance).
  • Poland KSeF. Structured FA(2) schemas with authentication via qualified certificates or tokens, central clearance through the National e-Invoicing System, and mandatory use postponed but still expected with staged onboarding.
  • France PPF/DPF. Platform de Dématérialisation Partenaire (PDP) and Portail Public de Facturation (PPF) model with phased adoption from 2026; mandates structured invoice formats (UBL/CII/Factur-X) and e-reporting for cross-border transactions.

Document local archiving rules (often 7–10 years), language and currency constraints, and evidence needed for VAT deduction and audit defense. Maintain a matrix linking each obligation to data fields, signing requirements, and error handling rules.

Design interoperable CTC architecture

Adopt a hub-and-spoke integration pattern that isolates country-specific adapters from ERP systems. Key components include:

  • Schema and rules engine. Validate invoice payloads against local schemas (FatturaPA, CFDI, FA(2), UBL/CII) with deterministic error messages so rejections can be corrected quickly.
  • Signature and timestamp services. Use HSM-backed signing for jurisdictions requiring qualified electronic signatures or seals. Align timestamps to trusted time sources to satisfy archiving integrity rules.
  • Clearance and reporting connectors. Build API clients for SDI, SAT PACs, IRP, ZATCA, KSeF, and PPF/DPF. Include throttling, retries, and evidence capture (request/response logs, IDs, acknowledgements) for audits.
  • Evidence vault. Store original payloads, acknowledgements, QR codes, hashes, and reconciliation logs in WORM-capable repositories with retention per country.
  • Business continuity. Queue invoices when platforms are unavailable, use fallback providers where allowed (multiple PACs in Mexico, multiple IRPs in India), and predefine manual contingencies consistent with local rules.

Operationalise controls and reconciliations

  • Data quality and validation. Enforce master data controls for tax IDs, addresses, and VAT rates. Apply pre-clearance checks for withholding, reverse charge, and exemptions to avoid rejection.
  • Reconciliation. Match cleared invoices to ERP records, payments, and VAT filings. Track missing acknowledgements, duplicate submissions, and cancellations with automated alerts.
  • Change management. Monitor schema updates (e.g., CFDI addenda, ZATCA controls, KSeF API changes) and run regression testing before deployment. Maintain evidence of test cases and approvals for auditors.
  • Incident response. Define playbooks for platform outages, certificate revocation, and mass rejection events. Capture timelines and regulator communications to demonstrate diligence.

Train finance and shared service centres on exception codes, retry policies, and local documentation requirements so cycle times stay within statutory windows.

Assure compliance and readiness

Execute readiness assessments per jurisdiction, covering certification prerequisites (for example, ZATCA solution categorisation, PAC contracts, or PDP onboarding). Test interoperability with trading partners for clearance and post-audit evidence sharing.

Maintain dashboards that track clearance status, rejection rates, turnaround times, and archive integrity. Provide tax, finance, and audit stakeholders with monthly attestation packages containing sample invoices, hashes, and reconciliation proof.

Plan for phased expansions: adjust turnover thresholds in India, onboarding waves in France, and mandatory dates in Poland. Keep contract clauses and service levels aligned with future-state obligations to avoid rework.