Microsoft Self-Responsible Declaration of the computer billing system

In accordance with the provisions of the Spanish regulations, specifically in Article 13 of the Royal Decree 1007/2023, of December 5, which regulates the requirements for billing systems (‘Royal Decree 1007/2023’), and Article 15 of the Ministerial Order HAC/1177/2024, of October 17, which develops the technical specifications for such systems; Microsoft Corporation hereby issues this responsible declaration required for invoicing software producers. Microsoft Corporation also commits to maintaining and updating the software in accordance with any future regulatory changes affecting invoicing system requirements, ensuring that the certified compliance extends throughout the product’s lifecycle.

1.a) Name of the software system referred to in this responsible declaration.

Microsoft Dynamics 365 Business Central

1.b) Identifier code of the computer system referred to in paragraph (a) of this declaration of responsibility.

Business Central

1.c) Full identifier of the specific version of the computer system covered by this declaration of responsibility.

2025 release wave 1

1.d) The hardware and software components of the computer system covered by this declaration of responsibility, together with a brief description of what the computer system does and its main functionalities.

Dynamics 365 Business Central is a versatile cloud-based business management solution for small and mid-sized organizations that automates and streamlines business processes and helps companies manage their business. Highly adaptable and rich with features, Dynamics 365 Business Central enables companies to manage their business, including finance, manufacturing, sales, shipping, project management, services, and more. Companies can easily add functionality that is relevant to the region of operation, and that is customized to support even highly specialized industries. Business Central is fast to implement, easy to configure, and simplicity guides innovations in product design, development, implementation, and usability.

Dynamics 365 Business Central provides a way for companies to securely store and move information through different business systems. In addition, companies can set the component up to comply with GDPR and other industry requirements. That includes the ability to limit access to protected information and create audit trails that help organizations maintain accountability. Ensuring security and compliance, it future-proofs businesses with regular updates.

Integration components:

Dynamics 365 Business Central complies with the Anti-Fraud Law (Law 11/2021) and the “Create and Grow” Law and includes the necessary technical functionalities to operate as a VERI*FACTU system. Thanks to its native integration with the B2Brouter API, it enables:

  1. Issuance of electronic documents with QR codes and digital fingerprints.

  2. Assurance of integrity and traceability of records.

  3. Automatic and secure transmission of records to the Spanish Tax Agency (AEAT).

1.e) Indication of whether the computer system referred to in this declaration of responsibility has been produced in such a way that, for the purposes of complying with the Regulation, it can only be operated exclusively as ‘VERI*FACTU’.

Yes. Microsoft Dynamics 365 Business Central has only been developed for use as VERI*FACTU for the purposes of Royal Decree 1007/2023. Additionally, this system can also be used by those users who are registered with the Suministro Inmediato de Información (SII), having a functionality adapted to comply with this other regulation.

1.f) Indication of whether the computer system referred to in the tax return can be used by several taxable persons or by the same user to support the invoicing of several taxable persons, in accordance with the specifications given in section 2.6 of the Annex.

Yes.

1.g) Types of signature used to sign billing and event records in the event that the computer system referred to in this responsible declaration is not used as ‘VERI*FACTU’.

As this is an invoicing product that can only be used exclusively in the ‘VERI*FACTU’ mode, there is no express electronic signature of the invoicing records generated. The regulations consider the invoicing records signed, when they are correctly sent to the electronic services of the Tax Agency with due authentication, by means of the appropriate qualified electronic certificate.

1.h) Company name of the entity producing the computer system which this declaration of responsibility refers to.

Microsoft Corporation

1.i) Spanish tax identification number (NIF) of the person or entity producing the computer system which the responsible declaration refers to. If they do not have a Spanish NIF, they must state another identification number that they have, indicating what type of identification it is and the country that issued it, all in accordance with the specifications given in this respect in section 2.6 of the Annex.

The entity is established in the United States of America. The Federal TIN (Tax Identification Number) is 91-1144442.

1.j) Full contact postal address of the person or entity producing the computer system to which the declaration of responsibility relates.

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052-6399

USA

1.k) The entity producing the computer system to which this declaration of responsibility refers certifies that said computer system, in the version indicated therein, complies with the provisions of Article 29.2. j) of Law 58/2003, of 17 December, on General Taxation, in the Regulation that establishes the requirements to be adopted by the computer or electronic systems and programs that support the invoicing processes of business people and professionals, and the standardisation of formats for invoicing records, approved by Royal Decree 1007/2023, of 5 December, in Order HAC/1177/2024, of 17 October, and in the electronic headquarters of the State Tax Administration Agency for everything that completes the specifications of the aforementioned order.

1.l) Date on which the entity producing this computer system subscribes to this declaration of responsibility for this computer system:

July 22, 2025

- Place where the entity producing this computer system subscribes to this declaration of responsibility for this computer system:

Microsoft Corporation

One Microsoft Way

Redmond, WA 98052-6399

USA

ANNEX

2.a) Other forms of contact with the company producing the computer system referred to in this responsible declaration:

BCVATcertificates@microsoft.com

2.b) The Internet address of the company producing the computer system referred to in this responsible declaration:

https://go.microsoft.com/fwlink/?linkid=2347317

2.c) Detailed explanation of how the computer system to which the declaration of responsibility refers complies with the different technical and functional specifications contained in the Order.

The computer system referred to in this responsible declaration complies with the different technical and functional specifications contained in Order HAC/1177/2024, of 17 October, and in the electronic headquarters of the State Tax Administration Agency for everything that completes the specifications of the said order, as follows.

In relation to the technical and functional compliance based on requirements in Order HAC/1177/2024, of October 17, and in the electronic headquarters of the State Agency of Tax Administration for everything that completes the specifications of said order, including:

  • SHA256 fingerprint algorithm

  • Integrity control between invoice and record

  • Consolidation into a transactional unit

  • Access control and traceability

  • Backup and error recovery policies

Through B2BRouter connector, Business Central communicates with the tax authorities to send invoice information. In this way, Business Central automatically sends the posted sales invoices to the B2BRouter platform, which then handles clearance with AEAT and delivery to the customer. Business Central maintains a complete audit trail, starting from the creation of the e-invoice after posting the sales document, through to its transmission to B2BRouter. B2BRouter, in turn, maintains its own audit log for the subsequent steps. You can find the responsible declaration of B2B Router through this link: Responsible declaration B2BRouter (https://go.microsoft.com/fwlink/?linkid=2347318).

For more details on setup and usage, please refer to our documentation: Set up VERIFACTU [ES] - Business Central | Microsoft Learn (https://go.microsoft.com/fwlink/?linkid=2347406).