Digitalisation in Administration – The German Electronic Invoicing Ordinance

Hits the mark. Since 27 November 2019, it has been possible for businesses that work for federal administrative authorities to submit electronic invoices. In a year from now, on 27 November 2020, electronic invoicing will become mandatory. Businesses should use the time that remains to familiarise themselves with the new regulations.


Background of the Regulations 

The regulations are based on the digital strategy that has been adopted by the Federal Government with a view to promoting digitalisation, in particular, in order for the administration to become more modern and less bureaucratic.  The “German Ordinance Governing Electronic Invoicing in Federal Public Procurement” – in short: “Electronic Invoicing Ordinance” – (E-Rechnungsverordnung) was passed already on 6 September 2017 and governs the invoicing of goods and services upon completion of public contracts.  The Ordinance is based on a German law that ultimately implements European requirements.

Who Is Subject to the Ordinance? 

The Ordinance imposes the obligation on public authorities to accept and process electronic invoices.  In the future, this will be complemented by an obligation incumbent upon all businesses that work for federal authorities to issue electronic invoices.  Exceptions to this rule will only be made for invoices which are issued upon completion of a directly awarded contract and do not exceed the amount of EUR 1,000, which relate to certain defence- and safety-specific contracts, or which are issued as part of a so-called “agency borrowing arrangement”.  The Electronic Invoicing Ordinance initially applies only at the federal level, leaving out the German federal states and municipalities.  The federal states are instead obliged to implement the European requirements relating to electronic invoicing individually.  The deadline for implementation by the state authorities is 1 April 2020; by contrast, there are no uniform rules for the obligation of businesses to issue such electronic invoices.

What Requirements Need to Be Fulfilled? 

The core element of any electronic invoice is a structured electronic format that allows the document to be processed automatically.  PDF files, image documents and scanned paper invoices are, therefore, excluded.  The invoice must be issued and transmitted in said format.  As a general rule, the Ordinance designates the national data exchange standard XRechnung for this format.  XRechnung is not an independent file format but rather an XML-based data model that has been chosen by the IT Planning Committee (IT-Planungsrat) as authoritative for the implementation of the European requirements.  This ensures above all compliance with the criterion of “interoperability”, as required by the European Directive.

The Ordinance, in addition to stipulating the general obligation to use XRechnung, also provides for the option to use a different standard; the wording shows, however, that the recommendation is to use XRechnung.  Where an alternative standard is used, it must meet the European requirements; in particular, it must be interoperable.  The European requirements for the data model result from the definition provided by the European Committee for Standardization CEN (Comité Européen de Normalisation).  In particular, an alternative to XRechnung might be ZUGFeRD, a document format which consists of two elements, combining the visual presentation of the invoice (as a PDF) and the machine-readable, structured presentation of the data (as XML).  This makes it possible for businesses to implement verifiable and revision-proof electronic invoicing without always having to convert the XML format, which is only machine-readable.

As a mandatory requirement, the invoice must be transmitted via a federal administration portal, which is, however, still in the process of being set up.  Businesses need to register with the administration portal with a user account, so as to ensure that electronic invoices can be allocated quickly and unambiguously.  As a further requirement, the receipt and the formal accuracy or inaccuracy of a submitted electronic invoice must be recognised automatically, and the issuer of the relevant invoice notified accordingly.

Another issue that needs to be taken into account when transmitting invoices is the technical and statutory requirements that need to be observed.  Data security and data protection are of particular importance in this context if the electronic invoices contain personal data, which will generally be the case.  This is where the General Data Protection Regulation (GDPR) comes into play, which requires that appropriate technical and organisational measures be taken to protect personal data.  In the light of the increasingly more serious risk situation in the area of cybersecurity, such measures are indispensable for protecting the confidentiality and integrity of data and acting in compliance with data protection requirements.  An example would be the minimum standard of transport encryption, which should, however, be supplemented with end-to-end encryption when handling critical data.

Our Comments

By passing the Electronic Invoicing Ordinance, the Federal Government has continued to pursue its digital strategy.  By introducing the obligation to issue electronic invoices, the Federal Government has gone beyond the measures required by the European Directive, which merely required that administrative bodies be obliged to accept electronic invoices.  In spite of this, the introduction of an obligation to issue electronic invoices can contribute to the development of a uniform standard among businesses and, in the process, also facilitate electronic invoicing between businesses.

In addition to the obvious effect of saving invoicing costs, this could also result in business processes being optimised, thus producing positive effects for the economy.  When implementing the Electronic Invoicing Ordinance, businesses should also, however, keep an eye on the statutory requirements regarding data protection and IT security.  Otherwise, there is not only a risk of data breaches occurring and the related bad publicity, but also of administrative fines and claims for damages being incurred.

Gerrit Feuerherdt

Yvonne Wolski
Research Assistant