Billing-software certification — a world-unique regime, since 2010
In Portugal you cannot issue an invoice with just any software: the program itself must be certified by the tax authority (the AT). Introduced by Portaria n.º 363/2010, this regime — unique worldwide in its earliness and scope — forces every program to cryptographically sign invoices and carry a certificate number. It is the oldest and most systematic anti-fraud lock in Europe.
History — Portaria 363/2010 and beyond
In 2008, SAF-T (PT) already let the AT audit billing — but nothing technically stopped a company from editing or deleting invoices before generating the file. To close that gap, Portugal pushed the control upstream, into the software itself.
Portaria n.º 363/2010 (23 June 2010) creates mandatory certification: every billing program must sign each document with a private key declared to the AT, chain the signatures, and display its certificate number. Roll-out was staged by turnover threshold, then generalised by Decreto-Lei n.º 198/2012. Decreto-Lei n.º 28/2019 overhauled all billing obligations and prepared the arrival of ATCUD and the QR code (2023).
2008 | SAF-T (PT) mandatory: the AT can audit billing, but nothing
| yet prevents editing invoices after the fact.
|
2010 | Portaria n.º 363/2010 (23 June) — creates MANDATORY billing-
| software certification. Every program must cryptographically
| sign each document and obtain an AT certificate number.
|
2010-2011 | Phase-in by turnover threshold: large companies first
| (turnover > 250,000 EUR), then progressively lowered.
|
2012 | Decreto-Lei n.º 198/2012 + Portaria 22-A/2012: generalisation,
| mandatory "Processado por programa certificado" notice.
|
2013 | Coupled with e-fatura — the certified invoice feeds the
| monthly SAF-T submission to the AT.
|
2019-2020 | Decreto-Lei n.º 28/2019 — overhaul of billing obligations,
| confirms certification and prepares ATCUD + QR code.
|
2023 | ATCUD + QR code mandatory on the certified invoice: software
| signing is now doubled with an enforceable, scannable unique
| document code. Governance — AT, certificate registry
The Autoridade Tributária e Aduaneira processes
certification requests, assigns a number (e.g. 1234) and
publishes the
public list of certified software.
To be certified, a vendor submits a declaration of conformity, a feature
description, and demonstrates that its program meets the technical
requirements (signing, chained hash, immutability, valid SAF-T).
The vendor stays liable: any version that alters the signing mechanism
must be re-submitted. The AT can revoke a certificate. The certificate
number appears in the SAF-T Header (field
SoftwareCertificateNumber) and on every printed invoice.
Technical mechanism — RSA signature + notice
The core of the scheme is a cryptographic chain. For each
invoice the software computes an RSA-SHA1 signature over a
string made of the date, the system date, the document number, the total
— and the previous invoice's hash within the same series. This
hash is stored in the SAF-T (Hash field) and lets the AT
verify that the sequence has not been altered.
--- Mandatory footer notice on the invoice ---
Processado por programa certificado n.º 1234/AT
--- Technical block generated by the certified software ---
InvoiceNo : FT 2026A/00417
ATCUD : JFHA3T7N-417
SystemEntryDate : 2026-06-12T10:14:33
Hash : kEr8mQ2...base64(RSA-SHA1)...==
HashControl : 1 (AT private-key version)
--- Hash computation (chaining) ---
text_to_sign = InvoiceDate ; SystemEntryDate ;
InvoiceNo ; GrossTotal ;
Hash_of_previous_invoice
Hash = base64( RSA-SHA1( text_to_sign, vendor_private_key ) )
# The vendor's private key is paired with a public key declared
# to the AT at certification time. The AT can therefore verify the
# integrity and sequence of ALL invoices. A world-unique regime
Several countries have since introduced software anti-fraud schemes, but Portugal remains the pioneer and the most complete:
| Country | Scheme | Year | Chained signature |
|---|---|---|---|
| Portugal | Mandatory AT certification | 2010 | Yes (RSA-SHA1) |
| France | VAT anti-fraud law (POS software) | 2018 | Immutability, no AT RSA chain |
| Germany | KassenSichV / TSE (POS) | 2020 | Hardware TSE module |
| Spain | VeriFactu / TicketBAI | 2024-2026 | Chained hash (inspired by PT model) |
| Hungary | Online Számla (real-time reporting) | 2018 | Reporting, not software certification |
Adoption — the whole PT software market
- Several thousand certified programs are listed in the AT public registry — from large ERPs (Primavera, PHC, Sage) to billing SaaS (Moloni, InvoiceXpress, Vendus, KeyInvoice, Bill.pt).
- Market condition: no vendor can sell billing software in Portugal without certification — it is a structuring barrier to entry.
- Near-universal coverage: outside micro-entities below thresholds, every Portuguese invoice is now issued by a certified program.
- Source of inspiration: Spain's TicketBAI / VeriFactu (2024-2026) explicitly reuses the Portuguese chained-hash logic.
Common pitfalls
- Invoice without the certificate notice. Omitting "Processado por programa certificado n.º XXXX/AT" makes the invoice non-compliant, even if everything else is correct.
- Editing an issued invoice. A certified invoice is immutable: to correct it you issue a credit note (NC), never an edit. Any attempt breaks the hash chain.
- Mixing series. Hash chaining is per series. Issuing out of order across series, or reusing a number, invalidates the sequence and blocks e-fatura submission.
- In-house tool not certified. A company building its own billing tool must certify it like any vendor — internal use does not exempt it.
- Confusing software certification with SAF-T. SAF-T is the file; certification guarantees that the software producing it is tamper-proof. The two are linked but distinct.