PSD2, eIDAS and PEPPOL: standardization within the EU

With the unstoppable evolution of technology, new needs are emerging every day in the market. Companies, aware of this situation, try to create new business opportunities to obtain benefits and meet customer expectations.  

In the meantime, responsible administrations seek to develop trade-friendly legislation while protecting both the business and the consumer. 

Therefore, it is necessary to analyze and know the different regulations that currently concern the services of digitalization of the full cycle of documents in Spain and the European Union: digital signature, electronic invoice and payment management, with special emphasis on the latter, due to the “new” regulation affected by Directive (EU) 2015/2366 on Payment Services (also known as PSD2).

With these regulations, we can see how the current trend at a European level is directed towards the standardization in digital format of business and administration processes.

grafico-psd2-en

Digital signature: eIDAS

“Although Spain was the fourth country in the world to legislate on electronic signatures with the Royal Decree Law 14/1999, it seems impossible that almost 20 years later we are still talking about how there is still a great ignorance at an organizational level. This is how Victor Salgado, a partner at the firm Pintos & Salgado (specialized in legal solutions in the field of new technologies), described the situation in Spain with regard to the knowledge of the organizations in matters of legality regarding electronic signatures. 

In Europe, things were slower, and it was necessary to wait until 2014, for a common European legislation to appear: the European Regulation (Nº910 / 2014) of Electronic Signature, known as eIDAS Regulation. 

eIDAS determines the characteristics that a digital signature must have in order to have full legal validity throughout the European Union. Complying with these characteristics is what allows us to ensure the full legality of all forms of electronic signature that we provide at Docuten. 

Electronic invoice: PEPPOL and other regulations

Legislation in Spain

The electronic invoice also has a broad legislative path in Spain, with a series of very relevant milestones:

  • Since 2003 it is possible, with full legal and fiscal validity, to invoice electronically in Spain, thanks to Royal Decree 1496/2003 .
  • In 2012, Royal Decree 1619/2012 enters into force , which ceases to make the use of electronic signature mandatory for an electronic invoice to be valid. Thus, the technological complexity disappears as braking element for the adoption of the model.
  • In 2015, the Law that impulses the electronic invoice and creation of the accounting record of invoices within the Public Sector (Law 27/13) , which makes the sending of electronic invoices to clients of the AAPP, becomes effective. In addition, this year FACe is created and the rest of the invoice entry points that allow administrations to receive these invoices.
  • In 2018, electronic invoicing in Spain is reinforced with the entry into force of the Public Sector Contract Law (Law 9/2017) and the creation of FACeB2B , General Point of Entry of Electronic Invoices between Companies. The creation of FACeB2B aims to boost electronic invoicing between private companies, as it becomes the free point of interconnection between suppliers of electronic invoicing solutions.

European legislation

In Europe, the first legislation in this regard is Directive 2014 / 55UE on Electronic Invoicing in public procurement . This directive obliges all AA.PP. of the EU to be prepared to receive electronic invoices according to a standard format (European format EN16931) and through a single channel (PEPPOL) from April 18th, 2019 . Optionally, the AA.PP. premises may defer compliance by one year, until April 2020.

PEPPOL (Pan European Public Procurement Online) is an electronic distribution network that makes it easier for companies to transport electronic invoices both in the public and private sectors.

This homogenization represents a qualitative leap for the European Single Market , as it facilitates the issuance and receipt of electronic invoices throughout the EU.

Where are we going

As can be seen, there are more and more cases in which governments force companies to invoice electronically. And there are EU countries that have gone further:

In Italy, from January 1st, 2019 it is mandatory to electronically issue all invoices or tickets, through the centralized node SDI (equivalent to FACe in Spain) for all companies and freelancers with tax domicile in Italy, which are more than five millions. In fact, the invoice is not considered issued until the SDI registers it.

The case of Portugal is also notable, as it was one of the first countries to anticipate the implementation of a common electronic invoice format in the European Union. Since the beginning of 2019 it imposed the obligation to invoice electronically in the B2G area.

What will the road in Spain and the rest of the EU be? It is never easy to predict the future, but all the signs indicate that sooner or later, all invoices in Europe must be electronic .

Payments and collections: PSD2

The regulation that affects payments is Directive (EU) 2015/2366, on Payment Services (DSP2 or, better known by its acronym in English, PSD2).

PSD2 incorporates and repeals Directive 2007/64 / EC (PSD1), which defined the path, at the legal level, to establish a single payment market in the EU. 

The new Payment Services Directive aims to help create a more integrated and efficient single market, focusing on three objectives:  

  • Offer payment services according to technological innovations , including payments through Internet and mobile devices.
  • Strengthen the protection of both consumers and businesses.
  • Democratize the sector and increase competition. 

Some of the measures that have been taken to achieve these objectives are: 

  • The prohibition of surcharges for payments with credit or debit cards.
  • The reduction of the cost assumed by the consumer in unauthorized payment transactions due to fraudulent use, loss or theft of a card or other payment method.
  • Provide access to new payment services for banking infrastructures. 
  • Increase authentication security requirements for greater protection of users ‘ financial data. 

Perhaps the most notorious measure of this directive to strengthen consumer safety is known as SCA or Customer Enhanced Authentication System, which requires suppliers to require at least two authentication methods (such as biometric features or passwords) with the in order to reinforce user security.

New payment services

As we have already explained, one of the objectives of this regulation is to democratize the sector and increase competition by reducing the obstacles that new agents could encounter until now to access the banking sector. For this reason, this regulation accommodates two new payment services:

  • Payment initiation services:  are platforms that act as intermediaries between the client and the seller, allowing a payment to be made without using any means, such as a card or a bank account, at the time of making the transaction. The customer stores his bank details on this platform, so that it is he who manages the payment order with the bank.

These services offer advantages for both consumers and merchants as, on the one hand, the consumer will not need to enter their bank details every time they make an online purchase and, on the other hand, the merchant is guaranteed that the payment has been made at the time and can process the order.

  • Aggregator accounts: are services that provide information on bank accounts that users have associated with that service. They allow for easy comparisons between expenses and revenues, so that users have greater control over their accounts.

In order for these new services collected in PSD2 to perform their function, the customer must give prior authorization for them to access their bank details.

Deferral of the directive

The entry into force of the PSD2 directive was scheduled for 14 September 2019. However, members of the European Economic Area (EEA) have agreed to apply a moratorium period extending to 18 months in countries such as Germany, France or the United Kingdom.

In Spain, it has been agreed that this period will be 14 months, plus a flexible amortization period. Under this agreement, the directive will not be mandatory, at least, until November 2020, and the term may be extended until March 14, 2021.

It should be noted that, with the entry into force of this directive, which is undoubtedly an advance in the face of standardization of payments and collections in all member countries, Besepa* will strengthen and improve its value proposition, as it will be able to work with banks throughout the European Union. 

* Besepa , a product of Docuten, is the tool that simplifies the management of recurring collections of companies and the relationship with banks.

Trend towards standardization

If there is one thing we can get out of these regulations, is that the current trend in Europe revolves around the democratization and standardization of all processes, pushing the digital transformation of companies. 

The standardization of processes allows not only to promote trade and facilitate the exchange of documents between companies and public administrations in all countries of the Union, but also to increase the fiscal control. Regulations concerning payments also strengthen the security of consumer information.

For this, Docuten’s commitment is to take advantage of this common framework with a solution that allows the complete cycle of business documents to be digitized: signing of labor and commercial contracts, receipt and issuance of invoices electronically and management of recurring collections, always complying with all regulations in force in Spain and the European Union.