Grudge Match: EDI vs Digital Signatures in Europe
Authored by Nigel Taylor, OpenText and Christiaan van der Valk, Trustweaver
How to implement electronic invoicing and comply with the different country requirements is a challenge for companies. It isn’t easy to decide which technology solution is best to enable you to exchange invoices electronically, whilst maintaining adequate legal evidence to support the exchange. Electronic data interchange (EDI) and digital signatures have both been around for years and therefore it could be argued that they are both champions in their own respective divisions, but which of these contenders could unite the title belts?
There are, at least within the EU, other ways in which a company can prove that its sales or purchase invoices are real and unchanged during their legal life cycle, something that is a fundamental requirement for compliant electronic invoicing. However, today there are no methods other than EDI and electronic signatures that are well defined and understood by businesses and governments alike. Legally, these two methods are also the only ones that are certain to achieve compliance.
This article puts two heavyweights, EDI and electronic signatures, through eight rounds in order to decide on the undisputed king of the e-Invoicing ring.
1st Round – Compliance & Auditability
Legally, if we consider Europe alone, the first round is clear cut. According to the EC VAT Directive, the authenticity of the origin, the integrity of the content and the legibility of an invoice, whether on paper or in an electronic form, shall be ensured from the point in time of issue until the end of the period for storage of the invoice. EDI achieves this by conforming to 1994/820/EC whereby the data is transferred within a secure network and messages sent and received are identical. This may be supported by a summary list and sometimes by a trading partner list. Digital signatures achieve authenticity and integrity by conforming to 1999/93/EC where public key infrastructure (PKI) relies on a combination of mathematics and trusted third party “certification authorities” to attach a small amount of inviolable integrity and authenticity data to every invoice.
Compliance is one thing, auditability is another. There are many solutions that nominally comply but that take so much effort to maintain and time to explain to your business partners, that ultimately the business case for going digital may vanish. A well-managed EDI process will store the different evidence components, starting with the interchange agreement and evidence that the chosen security and other controls were complied with, in such a way as to convince an auditor relatively quickly that the archived invoices messages are authentic and unchanged since issuance. In the case of digital signatures, information about integrity and authenticity is available instantaneously at the click of a mouse. Compared with other methods, where information about compliance will often require long and intrusive audits, EDI and digital signatures both emerge as equal winners.
2nd Round – Complexity
The history of EDI is well known. Typically utilised by larger trading counterparties, EDI has the reputation of being an industrial strength solution capable of processing tens of thousands of electronic documents in a day. Today, EDI solutions exist for all size of company from large multinationals to small and medium-size enterprises (SMEs). EDI can be implemented through a Value-Added Network (VAN), Virtual Private Network (VPN), or via point-to-point connection using a secure internet connection such as AS2 or secure FTP. Interchange agreements are usually signed between all of the different partners in the trading relationship.
If we now consider digital signatures, there is some complexity associated with them, as in practice, tax administrations often favour local Certificate Authorities (CAs) and stricter regimes sometimes require fully qualified digital certificates with Secure Signature Creation Devices (SSCDs). Setting up digital signatures is less complex than EDI, as only a private key, public key and digital certificate are required. The hardest part is obtaining and installing the certificate to sign invoice data securely. Digital signatures are flexible enough to be sent by any means, including the internet, and do not require a specific agreement with the receiver.
Both EDI and digital signatures can be provided in the form of a managed service from solution providers, removing complexity for your organisation. However, on balance, digital signatures win this round.
3rd Round – Data Confidentiality
VAT law isn’t interested in information security; therefore the level of confidentiality is left entirely to partners. This is a key point to remember, as a company’s competitive advantage can be contained within their invoices. Pricing information, quantities, material descriptions, the list goes on… it is just good business sense to ensure your invoices (and purchase orders) are transmitted over a secure network. Security is inherent in correctly implemented EDI, in accordance with 1994/820/EC. Due to the robust nature of the network, and therefore each message sent is within a secure environment by default. On the other hand, the flexibility offered by digital signatures means that they enable invoices to be transmitted over the internet, via email and through unsecure websites. To ensure the security of digitally signed invoices they must be sent over secure protocols; this can be ensured with “pull” invoices that are made available on a secure B2B portal. Confidentiality is difficult to ensure using email for transport.
EDI is the clear winner of this round due to its inherent security in accordance with 1994/820/EC.
4th Round – Data Processing & Integration
The EC VAT Directive defines an invoice primarily by its content, requiring a minimum set of data for an invoice to be accepted as such. These fields are well-defined and have been encapsulated in EDI standards (UN/EDIFACT) for many years. Newer XML standards also have to apply the same fields. In truth, despite harmonisation efforts in the past decade, the data fields required do vary across member states, with individual countries requiring slightly different variations over and above the minimum VAT set. As a result, the invoice files sent by the supplier may be compliant with the rules set by the supplier’s country, but must be converted to the format required by the buyer’s country regulations and also for the buyer’s back-end systems.
This complexity applies to both EDI and digital signature approaches because both methods utilise UN/EDIFACT and XML files. However, the tie-breaker on this round comes with agility of conversion of the files from the supplier’s format to the buyer’s format.
While digital signatures may be used on EDI/XML documents and thus lock the files for security, once applied, these locked documents would need to be re-signed if converted from the supplier’s format to the buyer’s format. As a result, businesses typically delay data conversion for workflow and ERP consumption until the moment that the signed invoice is safely archived for future evidence, which can reduce the agility of the overall process.
By contrast, data processing and integration is inherent within the standard end-to-end EDI process without the use of digital signatures. EDI wins this round because there are no restrictions on when conversion can take place. EDI solutions typically maintain adequate audit trails of mid-term conversion so that tax requirements for long-term auditability can be met.
5th Round – Archiving & Human Readability
Each member state is required to store invoices for a set period and this term varies from country to country. The storage of invoices by electronic means is irrespective of format and so applies to both VAT compliance methods discussed herein. The tie-breaker here is the rule that documents must be presented in a human readable format: digitally signed PDFs are often already human readable, or when XML-based standards are used, human readability is easily achieved through style-sheets. Non-XML EDI must be converted through a rendering tool, typically in real-time, and historically, there was confusion in some countries as to whether EDI must be printed to paper for storage as a compliant invoice.
Verdict: Digital Signatures (by a whisker…)
6th Round – Interoperability
B2B integration solution providers have been interoperating through EDI for many years. There are thousands of existing interchange agreements and the documents have been flowing both domestically and cross-border, although still too many companies use paper invoicing in parallel to ensure VAT compliance. Technically, EDI is very straightforward when interoperating. A good example of this is in France where EDI represents a high percentage of the electronic invoicing marketplace and many service providers interoperate with each other freely. While language translation issues and a limited understanding of international standards and practices by local auditors may create a cross-border legal recognition issue for EDI evidence, EDI generally works well across borders when the two countries accept EDI as a compliance method (as in the EU, commonwealth members in Asia) or have no VAT-like rules (USA). Interoperability using digital signatures can work very well because most signature formats are extremely interoperable, but in practice one may still find proprietary and sector or country-specific implementations that create validation problems.
7th Round – Community
It is difficult to think of a trading partner community when discussing digital signatures. While community is inherent in the end-to-end EDI process, digital signatures are a technology method to ensure evidence. Pure-play e-Invoicing providers that leverage digital signatures often rely heavily on web portals to enable each trading party to connect with any other. These portals build a sense of community as suppliers can connect to and communicate with multiple buyers. This approach can be effective when focusing on a specific industry vertical. They aren’t popular with suppliers who see portals as extra work particularly when they have multiple portals with their different customers.
Despite its integration pedigree, EDI is slower in building these connections between trading partners, due to the more technical nature of the network. EDI’s biggest strength – reliability and security VANs – can also be a weakness when trying to connect diverse communities very quickly. Some vendors have made extensive use of internet technology and portals to facilitate flows between SMEs and larger companies, particularly in the goods not for resale space. In response, B2B integration (EDI) companies have developed innovative and cost-effective internet-based community solutions, SME enablement tools, and are pushing B2B integration into the cloud to connect communities. In this market, where no specific business model has achieved critical mass, the door is still wide open.
Final Round – So who wins?
This truly is a pivotal time for electronic invoicing in Europe, the new European Commission multi-stakeholder forum intends to promote e-Invoicing further by monitoring adoption levels, exchanging best practises, resolving cross-border challenges and harmonising tax compliance in data models.
So of our two contenders, which is the best choice for your company? The truth is it could be either solution or both in parallel for different processes because your business needs will differ from those of your suppliers and customers (and your competitors). At OpenText we have years of experience working with companies around the world and recognise this diversity by offering both EDI and digital signature solutions. We also partner with Trustweaver for comprehensive tax compliant electronic invoicing. So who wins?
Verdict: Everyone!