Beta Preview: SolaBill is currently in beta. Some certifications, integrations, and status indicators shown on this site are provisional and may not reflect final production readiness yet.

S
SolaBill
Home Features Pricing Docs Compliance About Contact
AR Talk to Sales Login
Final recheck from official sources

UAE eBilling Service Provider Full Requirement Checklist

Includes MoF legal requirements, server/data location controls, required experience, and Peppol four-corner model obligations. Last reviewed on February 13, 2026.

This is an implementation checklist, not legal advice. Final interpretation remains with UAE Ministry of Finance and relevant Peppol Authorities.

Source alignment note: MoF service page (updated January 28, 2026) states minimum two years experience. The February 2025 programme deck is marked draft and contains earlier framing.

Accreditation Requirements

Nine requirement categories covering legal eligibility, documentation, technical compliance, and operational readiness.

1

MoF Mandatory Eligibility

Decision 64 of 2025

Be a juridical entity either incorporated in the UAE or established in a foreign jurisdiction and licensed to conduct business in the UAE.

Be an active Peppol-certified Service Provider that has successfully completed OpenPeppol conformance tests.

Have minimum two years of operating and managing an eInvoicing system, supported by evidence.

Meet company registration conditions, including minimum paid-up capital of AED 50,000.

Meet Corporate Tax registration obligations and VAT registration where mandatory.

Meet Article 7 service-provider requirements, Article 9 security requirements, Article 10 self-declaration, and Article 11 insurance requirements.

2

Required Application Documents

Article 7

Trade License and commercial registration details.

Representative Power of Attorney and authorized signatory details.

Verifiable proof of eInvoicing experience and supporting proof for paid-up capital requirements.

Audited financial statements for the most recent financial year; if unavailable at filing, submit within 6 months after year-end.

ISO 22301 certification; if unavailable at filing, submit within 3 months after year-end.

Corporate Tax registration certificate and VAT registration evidence where registration is mandatory.

Signed Service Provider Agreement with OpenPeppol or another Peppol Authority.

Technical environment design, MFA details, encryption-at-rest/in-transit details, and regular security monitoring details.

Proof of ongoing support and maintenance, and proof of update/upgrade handling model.

Signed declarations: not in liquidation/bankruptcy, not blacklisted, no qualifying adverse litigation, confidentiality commitment.

Self-declaration commitment to provide 100 free eInvoice exchange and reporting services per year from end-user agreement signature date.

Insurance documents are mandatory at pre-approval testing result submission stage.

3

Server, Hosting & Data Location

Decision 243 / Articles 9, 11, 12

Store and archive eInvoices, eCredit Notes, and associated eInvoicing data within the State (UAE), per Decision 243 / Article 11.

Retain eInvoicing records within the timelines prescribed under the Tax Procedures Law.

Comply with end-user regulatory requirements for hosting, storage, archival, residency, and critical information infrastructure policies (Decision 64 / Article 9).

Submit complete service architecture and documented data-flow/data-location evidence for production, backup, archival, and log datasets.

Implement and evidence encryption, monitoring, continuity, disaster recovery, and audit logging controls across the full environment.

Notify the Authority of any system failure within 2 business days from occurrence (Decision 243 / Article 12).

4

Security & Operations Evidence

Articles 9, 11 — Insurance & ISO

Maintain multifactor authentication to secure user access.

Encrypt all data in transit and at rest.

Conduct regular security monitoring.

Hold valid ISO/IEC 27001 certification for the PSP Product.

Professional indemnity insurance from a UAE-operating insurer, minimum AED 2,500,000.

Crime insurance and cyber fraud insurance from UAE-operating insurers, minimum AED 5,000,000 each.

5

MoF Accreditation Workflow

6-step application to production

1. Submit application with all evidence; MoF responds within 90 business days, then 30 days after additional info.

2. Complete pre-approval testing: OpenPeppol interoperability test and End User verification/onboarding test.

3. Obtain production OpenPeppol PKI certificate and EmaraTax End User verification API, then complete trial runs.

4. Receive Pre-Approval and complete remaining accreditation testing within Ministry timeline.

5. Complete tax data reporting testing, OpenPeppol testing, and production operational readiness trial.

6. Receive Accreditation and publication in official list; validity is 2 years.

6

Peppol Join & Legal Onboarding

OpenPeppol authority process

Join as a Peppol Service Provider through a Peppol Authority process.

Execute required provider agreements and policy commitments.

Complete conformance testing and authority onboarding before production.

Maintain active compliance with guidance and release updates published by OpenPeppol.

7

Model Requirements: Peppol 4-Corner + UAE DCTCE 5-Corner

Interoperability & tax reporting architecture

Peppol 4-Corner Model

Peppol interoperability is based on the 4-corner model.

As a provider, you operate the service-provider corners for sender/receiver exchange and trust.

Interoperability requires strict use of agreed document and transport specifications.

UAE DCTCE 5-Corner Extension

UAE programme adopts a 5-corner DCTCE model with a central data platform/reporting corner.

Must support exchange and mandatory reporting of tax data to the Authority platform.

Integration architecture should explicitly map corner responsibilities and controls.

Issuer/Recipient obligations under Decision 243 are fulfilled through the appointed ASP.

Notify appointed ASP of registered-data changes within 5 business days from Authority confirmation.

8

Peppol Technical Baseline Requirements

Transport, discovery, encryption & UAE profile

Core Peppol Standards

Use SML + SMP for dynamic participant/service discovery.

Implement Peppol AS4 profile controls for message transport and security.

Support mandatory signature/encryption handling and certificate trust chain requirements.

UAE-Specific Profile

TLS 1.2+ required; TLS 1.3 recommended in Peppol transport security profile.

Maintain conformance with currently effective specification and policy versions.

Support PINT BIS Billing AE v1.0.2 and PINT TDD AE v1.0.2 (effective January 21, 2026).

Support UAE 5-corner reporting flow; ASP validates mandatory fields and reports tax data to Corner 5.

Support AS4-based reporting integrations per MoF/FTA requirements (not API-only transport).

9

Rollout, Deadlines & Penalty Exposure

Decision 244 / Cabinet Decision 106 of 2025

Phase Deadlines

Phase 1 — Revenue ≥ AED 50M

Appoint ASP by July 31, 2026 • Implement by January 1, 2027

Phase 2 — Revenue < AED 50M

Appoint ASP by March 31, 2027 • Implement by July 1, 2027

Phase 3 — Government Entities

Appoint ASP by March 31, 2027 • Implement by October 1, 2027

B2C transactions are currently out of mandatory scope until a later ministerial decision.

Issuer must transmit eInvoice/eCreditNote within VAT-law timeline or within 14 days from transaction date.

Renewal & Penalties

Renewal application no later than 70 business days before expiry; MoF decision window is 60 business days.

Valid for 2 years, non-transferable; non-compliance must be remedied within MoF period (min 20 business days).

Maintain continuous compliance evidence (insurance, ISO27001, security controls) and notify material changes.

Penalty Examples (Cabinet Decision 106/2025)

  • AED 5,000 per month delay for non-implementation/non-appointment
  • AED 100 per late eInvoice/eCreditNote (capped AED 5,000/month)
  • AED 1,000 per day delay for required notifications

Voluntary eInvoicing adopters are outside scope of Decision 106 penalties until mandatory.

Termination possible for cessation/non-compliance; End Users notified within 5 days; 2-year re-application ban.

Objection rights: submit within 40 business days of termination; MoF decides within 30 business days.

Primary Sources Used

Official sources used for this final recheck, including referenced legislation.

MoF Accreditation of e-Invoicing Service Providers

Updated Jan 28, 2026

Ministerial Decision No. 64 of 2025

Official English PDF

MoF UAE eInvoicing Programme

Feb 2025 draft deck

MoF Legislation Index

Decisions 243/244/64/106

Ministerial Decision No. 243 of 2025

Official English PDF

Ministerial Decision No. 244 of 2025

Official English PDF

Cabinet Decision No. 106 of 2025

Official English PDF

MoF Rollout Timeline & Accreditation Rules

Implementation schedule

MoF Penalties Notice

Cabinet Decision 106/2025

MoF eInvoicing FAQs

Frequently asked questions

Peppol Join (New Participants)

Onboarding guide

Peppol Tools & Guidance

Support resources

Peppol Interoperability

Four-corner model

OpenPeppol Certification Testbed

Support & testing

Peppol eDelivery Specifications

AS4/SML/SMP & policy

Peppol AS4 Profile

Transport security baseline

Peppol AE Release Notes

PINT AE v1.0.2 effective date

Need Help With Accreditation?

SolaBill provides a fully compliant UAE eBilling platform. Talk to our team about how we can support your accreditation journey.

Contact Us Back to Compliance