Among the news introduced by the final version of the Italian Budget Law 2019, published on no. 302 of December 31^st, 2018 of the Official Gazette, the use of e-invoices – which was already mandatory with regard to all relationships involving public bodies since 6th June 2014 – has become compulsory even in relationships between private and consumer parties provided that the supply of goods and/or services are carried out between residents or subjects established in the territory of the State.

The newly introduced obligation to make use of e-invoicing had been welcomed with the usual skepticism that generally characterizes all those regulatory impositions requiring businesses to adopt different approaches in the management of documents and/or the introduction of a new data exchange systems with the relating costs in terms of design and implementation.

The term “electronic invoicing” identifies the digital process that produces and manages invoices during their life cycle – from their generation to their issuing/receipt; their storing for a period fixed by law in 10 year- and it pursues the aim of: diminishing costs; preventing tax fraud; simplifying the performance of tax obligations.

It is to be noticed, that Italy is the first European State to have imposed the use of electronic invoices, in view of the fact that, it is also the Member State having the highest IVA gap which, according to the data released by the EU Commission on September 2018 was about 35,9 billion of Euro. Identified as the elective mean to eliminate tax evasion, through the e-invoicing introduction, Italy aims to allow public bodies to undertake a real time checking on the amount of Iva declared and paid by taxpayers in order to enable public bodies to stop suspicious transaction in an expeditious way.

As it was anticipated above, from January 1^st, 2019 the duty of making use of e-invoicing obligation has been extended to all B2B (i.e. Business to Business) and B2C invoicing (i.e. Business to Consumer). However, not all partita iva holders are subject to the e-invoicing duty. Indeed, to be involved it is only 56% since some professional sectors are still exempted.

It is the case of companies and self-employed workers, eligible to make use of the benefit system provided by art. 27 paragraphs 1 and 2 of Law Decree n. 98 of 2011 or of the flat- rate of art. 1, paragraphs from 54 to 89 of Law n. 190 of 2014, and of small farmers; non-professional sports associations; subjects who do not resides in Italy that are part of transactions that are linked to the same country.

Instead, for those who are demanded to make use of e-invoicing it is no longer possible to issue paper made invoices. In such cases in fact the issued document would be considered as non-issued.  Furthermore, those who fails to comply with the obligation are subjected to the application of an administrative penalty - ex art. 6 of Legislative Decree n. 417 of 1997- between 90 % and 180 % of the tax amount relating to the income which was not correctly documented or recorded during the financial year.

Anyway, the Fiscal Decree enacted in relation to the Budget Law of 2019 provides for the cancellation and reduction of penalties until September 2019 with regard to monthly IVA-payers and until June 30th for three-monthly IVA-payers IVA.

But how does the e-invoicing technically work in B2B relationships?

Tax payers are required to obtain an e-inviocing software (for either pc or mobile app) or to make use of an online one (cloud based) consenting them to generate a XML (eXtensible Markup Language) file, which is already in use by public bodies.

Notably, the e-invoicing system introduction has determined a significant raise in the demand for software solutions. In this view, it also highlighted the existence of a young and growing market that already counts at least ten service providers.

In relation to the content requirements of e-invoices, they are the same of those of paper invoices, but they are translated into XML language.

Accordingly: tax payers are identified either through a code named “Codice Destinatario” which is made of 7 alphanumeric charters or through a pec (certified e-mail) address; the type of document contained within the file shall be duly identified (i.e. debit or credit notes, invoice, receipt, etc.); the rules on date and number of documents are the same that were applicable to paper invoices.

The invoice realized according to the above-described process is then signed in digital way with a qualified electronic signature by the issuer or intermediary to guarantee: the authenticity of the signature origins; the integrity of the content; and the readability of the date of issuance until the end of the period of storing.

The invoice shall be sent to the receiver, by the last day of the month following the date of issuing, through the use of a free IT platform called System of exchange (Sdi), managed by the Tax Authority (Agenzia delle Entrate) with the help of Sogei, an Information Technology company controlled by the MEF - which, by virtue of law, represent a compulsory passage for all e-invoices issued to public administrations and private parties.

There are three possibilities to send e-invoices: files can be uploaded to web service, up to 5 MB; files can be uploaded to FTP, up to 150 MB (in this way more invoices can be sent at the same time); files can be uploaded to PEC, up to 30 MB (in this way more invoices can be sent at the same PEC).

When the file is uploaded, the professional, the company, or the authorized intermediary shall wait the confirmation of the receipt of the files through the application included in the SdI tools section.

The SdI verifies every elaborated file, calculates the alphanumeric code that characterized the document (hash), deliver the original to the addressee, confirms the same delivery by sending a notification to the addresser.

All issued and received e-invoices may be found by the user in a specific web area made available by Tax Authority; in addition, the issuer and the receiver of an e-invoice is obliged to store it for tax purposes by making use of the so-called electronic “Package”, generated by an IT process and aiming at the “closure” of the annual e-invoicing.

The e-invoicing obligation could be seen in the view of a more and more diffused dematerialization intent that relates to most business process of companies in the aim of implementing corporate values represented by a high degree of digital maturity; meeting the challenge of converting the meaningful obligations imposed on companies by the law on electronic invoicing into a real opportunity, in terms of both increasing their productivity and improving their image will, therefore, be up to the same companies.

E-invoicing and data protection: the position of the service provider.

In spite of all the positive aims pursued by the newly introduced invoicing system, there are growing concerns in matter of a potential contrast between e-invoicing and privacy issues. With an order of November 2018, the Italian Data Protection Authority raised the attention to the potential implications of the newly introduced invoicing systems in matters of privacy. According to the aforementioned authority, concerns entail relevant contrast with the GDPR, the amount of information stored and the risk of an abusive use of the same information by third parties.

More in particular, the Data Protection Authority underlined the issues arising from the growing number of service providers involved in the invoicing acting. In fact, since such providers act as intermediaries between the tax payers and public bodies, they shall adopt measures and technical solutions to guarantee the compliance with the existing rules.

Intermediaries and services providers involved in the e-invoicing system may well be considered as being either data processors or sub-processors pursuant to art. 38 of the GDPR, depending on the shape of their organization or transactions. In this view, model and forms  of which the providers decide to make use, ought to shaped in compliance with the requirements set forth in the GDPR.

The risk of an improper use of personal data processed within the e-invoicing procedure exists and it relates to the illicit use of tax payers’ data and their comparison with the earnings of same fields professionals.

As a consequence, it is desirable for the Tax Authority to make aware the Data Protection Authority of the initiatives undertaken in order to make the e-invoicing comply with the GDPR.