LEGAL REQUIREMENTS 27. FEB 2025
Do e-invoices need to be signed or encrypted?
The e-invoice is on its way:
In this blog post, we will use the term “e-invoices” to refer to “E-Rechnungen” (electronic invoices).
Since the beginning of 2025, e-invoices are mandatory – a milestone in the digitalization of business processes. However, electronic invoices introduce new challenges. There are no built-in security or trust features in the e-invoice sent as an email attachment. That’s why we want to help by answering the following questions:
- How can companies ensure that incoming invoices are genuine?
- How can manipulations be detected and transfer to fraudulent bank accounts be avoided?
After the introduction of mandatory e-invoices on January 1, 2025, under the law called “Wachstumschancengesetz” of March 2024, the requirements of Section 14(1) of the German VAT Act (UStG) remain in effect.
For your convenience, we have translated this law using DeepL:
Source: Federal Ministry of Justice (only in German)
What to consider when communicating by email with attached e-invoices (only in German)
Video (11 min): Do e-invoices need to be signed or encrypted?
Digital cryptographic email signatures & encrypted email as an industry standard also protect e-invoices
Proven technologies for securing business communication also show their strengths in the transmission of e-invoices.
Digital cryptographic email signatures verify both the sender and the content. These signatures help prevent fraud, ensuring you and your business partners don’t fall victim to scams.
- Can I trust the invoice in the email attachment? Is the sender genuine?
- Have details like bank account information been altered?
A valid signature shows the sender is trustworthy, but always double-check that the sender’s email address is correct. That’s because scammers can still generate valid signatures, but they can’t do so for email addresses they don’t own.
Digital signatures create trust and prevent financial and legal risks from manipulation or fraud. Highlighting the use of digital signatures enhances your company’s reputation, reassuring your partners to trust only emails with your digital cryptographic signature.
Do e-invoices also need to be encrypted?
The answer: It depends.
Encryption requirements under laws like GDPR, NIS2, or DORA also apply to emails with e-invoices. The specific context in which invoicing takes place is crucial.
- If your business is part of a supply chain affected by NIS2 regulations, encryption is mandatory, including for emails with attached e-invoices.
- Imagine you’re sending out an invoice that lists the names of participants for a workplace smoking cessation course. In this case, GDPR applies, and the email with the e-invoice attached must be encrypted.
Email encryption protects the email content, including attachments, from being spied on and manipulated. The sending company and the receiving company both need software solutions and email certificates for this. Z1 SecureMail is ideally suited for this.
Should encryption be paired with digital signatures?
Yes, encrypted emails should also be signed. This adds a second layer of protection, at no additional cost, and is widely regarded as a best practice.
What are the next steps that companies should take to ensure the security of e-invoices?
All companies are well advised to create trust in digital communication. Digitalization can only work if security is taken into account, and email security plays a central role in this. A universal solution that can secure all email communication between all participants, including email attachments, pays for itself very quickly. The advantage is enormous if a solution can be controlled centrally and there is no additional work for employees. Z1 SecureMail offers exactly that and much more with CertMagic®.
CertMagic® saves you time and effort in certificate handling, even for challenges you didn’t know existed or might not yet understand without prior experience. Customers who have switched to us from other solutions report up to 80% savings in effort. This is a real competitive advantage for our customers.
Z1 SecureMail signs all outgoing emails without additional effort
The security rule “sign all outgoing emails” is preconfigured as the Z1 SecureMail Policy and serves as a basic protection for all business communication. Your business partners and even private customers who usually don’t have certificates don’t need to install any special software to validate your emails. These days, a company can’t do more to provide security for its customers and partners.
As you can see, if you opt for Z1 SecureMail, e-invoices as attachments in emails are secure. Our solutions, Z1 SecureMail Gateway and Z1 SecureMail ONE, offer all the features you need to create trust in your email communication. The effort for you is minimal, because the necessary certificate management runs automatically in the background thanks to CertMagic®. CertMagic® is available exclusively in our Z1 SecureMail products.
or check out the pricing and feature overview.
Z1 SecureMail – features and pricing
