The Tax Agency “proves us right”

Aligned on the right path.

In this post we want to spread the webinar “New Anti-Fraud Law: how does it affect my company’s management system?” that you will find in the following link .

Webinar organized by the “El Mundo CyL” Press Club in which the following participated (among others): Mr. José Borja Tomé – IT director of the State Tax Administration Agency (AEAT) – and Mr. Javier Hurtado Puerta – director of the Department of Financial and Tax Inspection of the State Tax Administration Agency (AEAT) – .

Once this webinar has been reviewed, we would like to break down the main conclusions that were discussed in it, and that perfectly describe, coincide, our way of working with our clients since August 2021.

Clarifications from the Tax Agency that prove us right in our methodology and work plan, in compliance with the Software Antifraud Law.

Once we have seen, and understood in depth, the content of this webinar, we would like to highlight some issues that fully coincide with how we work with our clients and how to approach the different issues of the Law and the Regulation:

1. Complexity

We are facing an extremely complex situation, transversal in the organization, affecting processes, computer security measures, secure development, contracts, cybersecurity and other issues that affect no less than 3 entities: software manufacturers, marketers and end customers.

We have been working on this line for months, explaining the importance of our adhesion document with clients, the importance of other issues that go along this line, the complexity and recommendation not to attack this Regulation Law without having an expert consulting and auditing company in this stuff.

2. Difficulty

It is commented that the Tax Agency will give validity to comply with the Regulation in those cases where there is online communication of invoices. But let’s not forget (as they comment) that the Law is not only invoices, we are talking about other areas such as management and accounting . In addition, let us understand that real-time communication with the AEAT (as discussed in this video) seems to be mandatory for the taxpayer, so the software must continue to have measures that guarantee the maximum integrity, conservation, traceability… of the information. information. In our audit report, we carry out a complete risk assessment that identifies more than 30 risk scenarios that make a software not comply with the Law and/or the Regulation.

3. Transversality

Given the complexity and difficulty of compliance, at we have been working with clients for months and saying in all our webinars (where hundreds of development companies have attended) not to wait until the last minute to start the audit and adaptation . Let us understand that security processes, both computer and contractual, processes and methodologies take weeks to implement (if not months), take months to deploy and other issues that obviously recommend being proactive and addressing this problem incrementally and over time. enough.

4. Computer security and cybersecurity

It is not enough to control the risk levels, which we have already discussed with our clients and which can be seen in the following link , if not, as the IT director of the AEAT comments in the webinar and us from the beginning, good security practices based on ISO27001, ISO27017 and cybersecurity must be applied.


As leaders in Spain in adapting computer solutions to this Law, we have spent months evangelizing and working in harmony with all the issues that arise in the commented webinar (AEAT).

As CISA certified auditors, collaborators with the justice system and leaders in other audits for the Tax Agency, medical collegiate organization, etc., we recommend that you hire professional services that help you adapt your software to this Law, which is so transversal that it affects all those interested in the chain of invoices, management and accounting.

Contact us and we will propose a way of collaborating that will fit your needs.


Informative clause Privacy Regulations


Informative clause Privacy Regulations


Informative clause Privacy Regulations