Then we should request the two separate files, but the user won’t be able to do the conversion so he will need some asistance to setup it.
Normally a company has a single certificate and uses the same one for signing and for authentification. The key point here is that for authentification the oficial certificate generated by The Authorities is required. For signing any certificate can be used despite the same authentication certification can be also used.
The authentication certificate is use to identify the company with tax authorities, so if it is stolen anyone can act as the company with the tax authorities. Thats the rist.
There is a risc of impersonation. With such certificate I can act as this company with the tax authorities. For example I can alter the tax declaration by declaring an higher amounts and increasing the debt with the tax authorities.
If it is only that I do not think it is a high risk as no money transfer is involved and wrong declaration could be reverted.
But of course this suppose that the authorities support the revocation of leaked certificates.
@florin you are mixing concepts.
Ticketbai is a requirement for companies to inform the local Tax agency within a region in Spain. The equivalent is called “Verifactu” and that is the legal requirement, but not facturae.
@florin
Ticketbai and Verifactu is about inform your customer invoices to the tax office.
facturae is about the xml format to interchange invoices between parties. You are required only if you have to forward your invoices to authorities using the face.gob.es platform.
The marketing stuff from 2022 that you link tells you that still waiting for a date of when is going to be a legal requirement to use the facturae xml format, but it looks that maybe they will be using faceb2b.gob.es