The Digital Operational Resilience Act (DORA) sets uniform rules for digital resilience in the financial sector — what does this mean for e‑invoicing providers?
EU Regulation 2022/2554 entered into force on 17 January 2025. An IT provider can be critical for one client but not for another — the assessment lies with the financial institution itself.
DORA sets uniform rules for digital resilience in the financial sector. Financial entities must manage ICT risks and reflect specific obligations in contracts with their IT vendors.
DORA distinguishes between standard ICT services and services supporting critical or important functions: if the failure of a service would materially impair a firm's financial performance or regulatory compliance, it triggers additional contractual obligations.
Must be included in every contract between a financial firm and an IT provider:
Additional requirements when a service supports a critical or important function:
In the CAL&F case study, e-invoicing is generally seen as an ancillary process:
Does not directly affect lending or factoring
Can be temporarily replaced by paper invoices
Many alternative providers available
Many financial firms deem e-invoicing non-critical and apply only basic Article 30(2) requirements. However, the final classification always rests with the bank or factoring company.
If a service provider considers its service non-critical, it sends a negative declaration — a statement that:
Even if a function is deemed non-critical, the contract must include mandatory Article 30(2) elements:
Provider agrees to give access to data and liaise with supervisory authorities.
Provider helps investigate and resolve ICT incidents at no extra cost.
Rules for retrieving data upon contract termination or provider insolvency.
Provider takes part in client's training and testing activities.
Invoice-Portal's logs and data enable clients to meet their monitoring and reporting duties: every event is recorded, documents are preserved in original form, and reports can be produced on demand.
DORA and e‑invoicing: assessing criticality
/in eInvoice NewsThe Digital Operational Resilience Act (DORA) sets uniform rules for digital resilience in the financial sector — what does this mean for e‑invoicing providers?
Greece: the e‑Invoicing mandate is pushed back
/in eInvoice NewsGreece is modernising the way companies issue and report invoices with structured electronic invoices validated via the myDATA platform, now with extended deadlines.
Mandatory E-Invoicing in Poland
/in eInvoice NewsPoland is moving forward with a major compliance change: mandatory electronic invoicing (e-invoicing) through the National e-Invoicing System (KSeF). This reform will transform how businesses issue and receive invoices.
Belgium Mandates PEPPOL ID 0208 for B2B e-Invoicing from 1 January 2026
/in eInvoice NewsStarting 1 January 2026, Belgium will require all B2B invoices between Belgian VAT-registered companies to be exchanged as structured electronic invoices via the PEPPOL network.
Christmas greetings from the Invoice Portal 2026
/in eInvoice NewsGlobal e-Invoicing & Peppol Update — December 2025
/in eInvoice NewsAs 2025 draws to a close, electronic invoicing continues its rapid transformation from a digital convenience into a mandatory standard of business and tax compliance worldwide. The Peppol network remains at the centre of this change.