Punishable levels of the new anti-fraud law art. 201bis software and box B, according to the new release.

In this post we want to explain how we interpret, from , the update issued by the tax agency on how the sanctions will be applied to development companies as of October 12, 2021.

News on October 11, 2021 on the new anti-fraud law art. 201 bis software and box B.

The new publication that you can find at this link sheds a little more light on the measures that apply to invoice and ilegal dual-use software as of October 12, 2021 and its consequent sanctions on development companies. Specifically, we summarize the most important characteristics:

  • The sanction will only apply to development companies and distributors, not to end customers. This substantial change exempts end customers from these responsibilities.
  • Sections e and f relating to the audit dimensions of “integrity, conservation, accessibility, legibility, traceability and inalterability of the records, as well as their legibility by the competent bodies of the Tax Administration, under the terms of article 29.2.j) of this Law;” and certification, are excluded (later we will see that this is not the case in practice) until the regulation is generated.
  • Software that:
  1. allow different accounts to be kept under the terms of article 200.1.d) of this Law.
  2. allow not to reflect, totally or partially, the annotation of transactions carried out;
  3. allow recording transactions other than the entries made;
  4. allow altering transactions already registered in breach of applicable regulations;

Once we have met with some inspectors and with lawyers in this regard, we want to make an interpretation so as not to lower our guard in development companies. Specifically, we have three levels of sanction for development companies from our point of view:

Level 1 punishable. Intentional.

Functionalities that could be interpreted by the sanctioning body as intentionally allowing bad practices that in turn enable situations of fraud or B-box. For example, suppose that the creation and deletion of a company leaves no trace in the software, allowing work with accounting in parallel, among others…

Level 2 punishable. Bad practice by design.

That software that allows manipulations not strictly designed for fraud but that could be used by the user, such as deleting an invoice that has already been sent or printed, in a state of already issued and registered, among others…

Level 3 punishable. due to lack of controls.

Suppose that a facility can be accessed directly and bypassing all the security of the data stored in the database and modifying the amounts in an invoice, without leaving a trace or alert of that alteration of a transaction already carried out, among others…

Why start the adaptation, advice and audit offered by ?

Far from relaxing the concerns of the software that generates invoices, from our point of view certain worrying issues are fueled, which require our audit, advice and implementation consultancy.

Let us understand that the situation has worsened for development companies. The dimensions that will soon be required affect the 3 sanctionable levels, for example integrity, conservation, legibility, inalterability, … without the control measures that we advise our clients today it is impossible to comply with sections a, b, c and d that remain punishable as of October 12, 2021.

On the other hand, the application of measures that go in this direction is costly, between 2-3 months according to our estimates, obviously depending on different factors. Starting the process of our implementation audit now, which is based on the best practices in the sector, including TICKETBAI and NF525, will only increase the degree of compliance to the maximum and prepare it for the regulatory measures that will be largely shared by our recommendations as certified auditors.

So much so that our commitment is, at zero cost, to continue with the technical audit in those technical aspects when the regulation is developed, with those clients who have already started the audit process with us.

We are at your disposal at and on the phone +34 911 407 851 to attend to your requests for Audit, Advice and Implementation Consulting .


Informative clause Privacy Regulations


Informative clause Privacy Regulations


Informative clause Privacy Regulations