ecosio-vertex-logo
Vertex-Logo
English English
17 minute read

Why invoice retention isn't the same as legal archiving

Legal archiving

For many businesses, legal archiving of invoices is still treated as a storage problem. That approach can meet invoice retention requirements while still leaving gaps in compliant invoice archiving when you need to evidence integrity, origin, and retrieval.

An invoice is created, exchanged, saved in an ERP (enterprise resource planning) system, document management system, cloud repository or e-invoicing platform, and retained for the legally required period. On the surface, that sounds sufficient. If the document is available for ten years, surely the compliance requirement has been met?

Not necessarily.

When it comes to e-invoicing and tax-relevant documents, long-term retention is only one part of the requirement. Legal archiving (sometimes also called legal e-archiving) isn’t simply about keeping a copy of a document. It is about preserving the evidential value of that document over time, using electronic archiving controls where needed.

That means being able to prove that the document is authentic, complete, unchanged, accessible and readable throughout the full preservation period.

In other words: storage keeps the file. Legal archiving preserves the evidence.

TL;DR

  • Retention is about keeping invoices for the required period
  • Legal archiving is about preserving evidential value so the invoice remains trustworthy over time
  • You need to be able to demonstrate integrity (no unauthorised changes), authenticity (origin), and legibility throughout the preservation period
  • Metadata and auditability matter as much as the invoice file itself
  • If you are expanding e-invoicing compliance, treat archiving as part of the compliance chain, not an afterthought

The misconception: “we store it, so we’re compliant”

As e-invoicing becomes more widely mandated around the globe, it is easy to focus on issuing, receiving and validating structured invoices. But what happens after exchange is often underestimated.

A common assumption is that if a business stores invoices for the legally required retention period, it has fulfilled its archiving obligation. This is where the misunderstanding begins.

Retention answers one question: “How long must the document be kept?”

Legal archiving answers a much broader set of questions:

  • “Can you prove that this is the original document or a legally reliable representation of it?”
  • “Can you prove that it has not been altered?”
  • “Can you prove who issued it and when?”
  • “Can you retrieve it without undue delay?”
  • “Can it still be read and interpreted years from now?”
  • “Can you provide evidence of all of this to an auditor or tax authority?”

These are very different standards. A retained invoice may exist in a system. A legally archived invoice must remain trustworthy.

Why this matters for e-invoicing

Invoices are not ordinary business records. They are tax-relevant documents, and they support VAT (value added tax) reporting, deduction rights, audit trails, commercial disputes and regulatory inspections.

The EU VAT Directive makes this clear. Taxable persons must store issued and received invoices, and the authenticity of origin, integrity of content and legibility of stored invoices must be guaranteed throughout the storage period. It also allows member states to define specific rules on storage location, access and preservation conditions.

This is why e-archiving can’t be reduced to “put the invoice somewhere safe”. The archive must preserve the characteristics that make the invoice reliable as evidence.

That becomes even more important as e-invoicing moves from simple document exchange to structured, regulated and often near-real-time reporting ecosystems. In many markets, invoices are validated, cleared, reported or exchanged through mandated platforms. Once that transaction has occurred, you still need to preserve the invoice and associated evidence in a way that can withstand scrutiny years later.

eIDAS 2.0 raises the bar for electronic archiving

The updated European Digital Identity framework, Regulation (EU) 2024/1183 (often referred to as eIDAS 2.0), introduces a specific section on electronic archiving services. This is important because it places electronic archiving firmly within the EU trust services framework.

Article 45i distinguishes between general electronic archiving services and qualified electronic archiving services. Electronic documents preserved using an electronic archiving service can’t be denied legal effect simply because they are electronic. But documents preserved using a qualified electronic archiving service benefit from a stronger legal position: they enjoy a presumption of integrity and origin for the duration of the preservation period.

That distinction matters.

It means that the question isn’t only whether a document has been stored. The question is whether the preservation process provides a trusted evidentiary framework around your document.

Article 45j then sets out what qualified electronic archiving services are expected to ensure. These include durability and legibility beyond the technological validity period, protection against loss and alteration, preservation of integrity and origin, and the ability to provide an automated report confirming that retrieved documents enjoy the presumption of integrity from the beginning of the preservation period to the moment of retrieval.

This last point is especially powerful. A legally robust archive isn’t just a passive repository. It should be able to produce evidence that the document remained trustworthy over time.

A compliant e-archive needs controls that preserve evidential value. The exact legal requirements differ by jurisdiction, but the underlying principles are consistent.

1. Integrity

The archive must protect the document from unauthorised alteration and make any change detectable. This is where hashing, cryptographic fingerprints and controlled preservation packages become important.

The Italian metadata model is a useful example here: it includes the document hash, the algorithm applied and a persistent identifier as part of the metadata needed to verify document integrity.

The point isn’t the technology for its own sake, but the evidence it creates: a reliable way to demonstrate that the document retrieved later is the same document that entered the archive.

Integrity isn’t the same as access control. Preventing users from editing a file is useful, but legal archiving needs stronger evidence: proof that the content has not changed over time.

2. Authenticity and origin

The archive must preserve evidence of where the document came from and who was responsible for it.

This can involve:

  • Digital signatures
  • Electronic seals
  • Certificates
  • Issuer metadata
  • Transmission evidence
  • Role-based process controls

Authenticity is therefore not something an archive can simply assert. It needs to be supported by verifiable evidence: the document’s source, the process that brought it into the archive, the controls applied during preservation, and the records that link the archived object back to the original transaction.

3. Time anchoring

The archive must preserve the time context of the document.

For e-invoicing, timing matters. The issue date, transmission date, receipt date, clearance date, validation date and archive entry date may all become relevant in an audit or dispute. Legal archiving therefore often relies on trusted time references, timestamps, protocol records or other mechanisms that prove when a document or preservation event occurred.

This is especially relevant when signatures or certificates may expire before the end of the retention period. The archive needs to preserve the evidentiary value beyond the original technical validity period.

4. Durability and long-term readability

Keeping a file for ten years isn’t enough if it can no longer be opened, interpreted or presented in a legally meaningful way. A retained file that can’t be rendered or interpreted later may not be usable evidence.

Article 45j of eIDAS 2.0 specifically refers to durability and legibility beyond the technological validity period. This is one of the clearest ways to explain the difference between storage and legal archiving.

A platform may retain a file. A legal archive must ensure that the document remains readable and usable over time, even as systems, software, formats and certificates change.

The Italian conservation model is a useful example because it treats legibility as part of the preservation obligation.

A stronger archive preserves the ability to interpret the file correctly, including the format, metadata, rendering requirements and any supporting evidence needed to understand the document in the future.

For structured e-invoices, this is particularly important. Businesses may need to preserve not only a PDF rendering, but also the structured XML, metadata, attachments, signatures, validation evidence and any legally relevant transmission records.

5. Metadata and contextual evidence

An invoice without context is weak evidence. Legal archiving requires metadata that allows the document to be identified, searched, interpreted and linked to the correct business and compliance context.

Examples include:

  • Unique document identifiers
  • Invoice number and issue date
  • Sender and recipient
  • Document type
  • Registration data
  • Format information
  • Hash and algorithm
  • Signature or seal information
  • Retention period
  • Links to previous versions or corrections
  • Associated attachments
  • Classification and access restrictions

The Italian metadata model is a useful example because it goes well beyond simple file storage. It supports identification, verification, search, interpretation, version control, retention management and auditability.

This is exactly the point: legal archiving isn’t just the document. It’s the document plus the evidence needed to understand and trust it.

6. Controlled access and retrieval

A legal archive must support controlled access, search and retrieval.

In practice, this means authorised users must be able to retrieve documents, but access must be governed. The archive should support auditability around who can access what, under which permissions, and for which purpose.

This matters because retrieval isn’t the same as download. The Italian conservation model captures this through the concept of producing or exhibiting a conserved document when required. A legal archive should be able to produce the right document, with the right evidence, to the right authorised party, in a form that can be relied on during an audit or inspection.

Legal archiving is therefore not only about preserving documents. It’s also about being able to present them correctly when required. That typically includes an audit trail showing access, preservation actions, and any detected changes.

7. Protection against loss, corruption and unauthorised change

Legal archiving requires a controlled preservation environment.

That includes security, backup, monitoring, resilience, access control and procedures to detect degradation or corruption. eIDAS 2.0 expressly refers to safeguarding electronic data and documents against loss and alteration.

The Italian conservation model similarly treats preservation as a governed system made up of rules, procedures, technologies and responsibilities. A legal archive should therefore be treated as a governed preservation system, not just storage infrastructure. It needs defined controls and operational responsibilities that protect the document throughout its lifecycle.

8. Evidence reports and auditability

This may be the most underappreciated point. You don’t only need the invoice. You need to demonstrate that the invoice has remained reliable throughout the preservation period.

This is where eIDAS 2.0 is particularly useful. Article 45j requires qualified electronic archiving services to allow authorised relying parties to receive an automated report confirming that retrieved data and documents enjoy the presumption of integrity from the beginning of the preservation period to retrieval.

That is a strong concept for the blog because it makes the difference visible.

Basic storage says “Here is the file”, while legal archiving says “Here is the file, here is its origin, here is proof it hasn’t changed, here is the preservation history, and here is the evidence report confirming its integrity.

Italy: a practical example of why storage alone isn’t enough

Italy is one of the clearest examples of the difference between retention and legal archiving.

Under Italy’s digital preservation framework, electronic documents are not simply kept in a folder for a defined number of years. They are managed through a formal conservation process, with defined roles, responsibilities, metadata, formats, preservation packages and controls.

The model includes concepts such as:

  • Pacchetto di versamento: the submission package sent to the conservation system
  • Pacchetto di archiviazione: the archival package generated for preservation
  • Pacchetto di distribuzione: the package provided back to the user when documents are retrieved
  • Rapporto di versamento: the document confirming acceptance of the submission package
  • Responsabile della conservazione: the party responsible for defining and governing conservation policies
  • Manuale di conservazione: the document describing the preservation system, roles, processes, architecture and security measures

The value of this example isn’t the Italian terminology itself. The important point is that legal archiving is treated as a governed preservation process, with defined inputs, outputs, responsibilities and evidence, rather than as a place where files are simply stored.

If you operate in Italy, this demonstrates why a simple retention policy isn’t enough. Legal archiving requires a structured, auditable process that preserves authenticity, integrity, legibility and retrievability over time.

Why storage location also matters

Another misconception is that the storage location is irrelevant as long as the document can be retrieved.

That isn’t always true.

The EU VAT Directive allows member states to require taxable persons to notify the location of invoice storage if it is outside their territory. It also allows member states to require domestic storage in certain cases where electronic storage does not guarantee full online access to the data.

This does not mean every country requires local storage. But it does mean storage location, access rights and the ability of tax authorities to retrieve documents can be legally relevant.

If you operate across multiple countries, this becomes a practical compliance issue. A central archive may be operationally efficient, but it must still support local legal requirements around access, location, format, retention period and evidentiary controls.

The simplest way to explain the distinction is this: retention is about duration, whereas legal archiving is about trust. Retention asks “Did we keep the invoice for the required period?”, while legal archiving asks “Can we prove the invoice is authentic, unchanged, readable, accessible and legally reliable throughout that period?”

That difference matters because a document that can’t be trusted may fail precisely when you need it most: e.g. during an audit, investigation, dispute or tax inspection.

What businesses should look for in an e-archiving solution

When evaluating e-archiving in the context of e-invoicing, it helps to look beyond storage capacity and retention settings.

A legally robust e-archiving solution should support:

  • Preservation of the original invoice and relevant associated data
  • Integrity controls, such as hashing or cryptographic fingerprints
  • Evidence of origin, such as signatures, seals, certificates or validated sender information
  • Trusted time references or timestamps
  • Long-term readability of structured and human-readable formats
  • Preservation of metadata and contextual information
  • Controlled access and retrieval
  • Audit trails and evidence reporting
  • Protection against loss, corruption and unauthorised change
  • Support for country-specific requirements, including storage location and retention rules
  • Clear roles, responsibilities and process documentation

The key question isn’t simply “Where are my invoices stored?”, but “What evidence can I produce to prove that those invoices have remained legally reliable over time?”

Conclusion: e-archiving is becoming part of the compliance chain

As e-invoicing mandates expand, businesses are moving from paper-based records to structured, regulated digital transaction flows. That shift makes archiving more important.

In a paper world, the archive was often treated as the end of the process. In a digital world, archiving becomes part of the compliance chain.

Invoices must be created, exchanged and validated correctly. They must also be preserved in a way that protects their evidential value for the full legal retention period. As a result, long-term platform retention isn’t enough on its own.

A retained invoice may show that a file exists. A legally archived invoice helps you prove that the file can still be trusted. And in tax compliance, that distinction matters.

Make sure your archive stands up in an audit

If you’re reviewing your e-invoicing compliance approach and want to make sure retention and legal e-archiving are covered end to end, we can help you understand what’s changing across markets and what a defensible approach to invoice retention and archiving looks like in practice.

Get in touch today to discuss how to stay compliant as e-invoicing and archiving requirements evolve.

Legal archiving is the controlled preservation of documents so they remain legally reliable over time. For invoices, this means preserving authenticity of origin, integrity of content, legibility, metadata, audit trails and retrievability throughout the required retention period.

Invoice retention is about keeping invoices for a legally required period. Legal archiving goes further by preserving the evidence that proves the invoice is authentic, unchanged, readable, accessible and legally reliable throughout that period.

Not always. Storing an invoice may meet basic invoice retention requirements, but legal archiving usually requires additional controls such as integrity protection, metadata, audit trails, access control, long-term readability and evidence of origin.

Legal archiving is important for e-invoicing because electronic invoices are tax-relevant documents. Businesses must be able to prove authenticity, integrity and legibility of stored invoices during audits, inspections or disputes, often years after the invoice was issued or received.

5. What does compliant invoice archiving need to prove?

Compliant invoice archiving should prove that an invoice is authentic, complete, unchanged, readable, accessible and linked to the correct business context. It should also preserve supporting evidence such as metadata, timestamps, signatures, seals, transmission records and audit trails.

6. What is authenticity of origin in invoice archiving?

Authenticity of origin means being able to prove who issued or sent the invoice and that the source is reliable. In electronic invoice archiving, this may be supported by digital signatures, electronic seals, certificates, sender metadata, transmission evidence or controlled processes.

7. What is integrity of content in invoice archiving?

Integrity of content means that the invoice has not been altered without authorisation. Legal archiving solutions often support this through hashing, cryptographic fingerprints, preservation packages and audit trails that make changes detectable.

8. What should businesses look for in an e-archiving solution?

Businesses should look for an e-archiving solution that supports integrity controls, evidence of origin, trusted timestamps, long-term readability, metadata preservation, controlled access, audit trails, evidence reporting, country-specific requirements and protection against loss or unauthorised change.

Subjects
Back to overview

most read

Keep on reading

12 minute read

Beyond data residency: how data sovereignty defines French e-invoicing

Learn why data sovereignty matters for French e-invoicing and how PAs, SecNumCloud 3.2, and probative archiving reduce risk.

6 minute read

Meeting German e-invoicing requirements just got easy…

Meeting German e-invoicing requirements can be complex. Use ecosio’s free validators to check XRechnung, UBL, CII and ZUGFeRD invoices instantly.

9 minute read

The secrets of successful e-invoicing migration: expert insights

Learn how KPMG’s experts approach successful e-invoicing migration, from provider selection to strategy and implementation

8 minute read

Malaysia e-invoicing: everything businesses need to know

Learn how e-invoicing in Malaysia works under IRBM’s MyInvois platform, plus key deadlines and how best to prepare

11 minute read

How difficult is switching e-invoicing solution provider?

Switching e-invoicing solution providers may be easier than you think. Learn the steps, risks, and how to make migration smoother.

8 minute read

How to keep track of e-invoicing regulations

Discover how to stay on top of changing e-invoicing regulations with ease. The three main approaches compared.

12 minute read

Germany e-invoicing explained

E-invoicing in Germany is mandatory for B2B receiving from 2025 and phased issuing through 2028. See formats, timeline, and how to prepare.

8 minute read

The ultimate guide to the UAE e-invoicing mandate

Learn how UAE e-invoicing will impact your business, including timelines, requirements, and how to prepare for Peppol-based compliance

8 minute read

The Philippines' e-invoicing mandate explained

Discover Philippines’ e-invoicing mandate, including timeline, scope, requirements, and key steps to achieve BIR EIS compliance

14 minute read

A definitive guide to China’s e‑fapiao system

Learn how China’s e‑fapiao system works. Understand clearance‑based e‑invoicing rules, timelines and AR/AP impacts.

7 minute read

Greece e-invoicing requirements explained

Greece e-invoicing requirements: key deadlines, myDATA rules, and practical steps to stay compliant with B2B and B2G mandates in 2026

7 minute read

ANAF RO e-Factura and e-invoicing in Romania

Explore RO e-factura in Romania and how best to stay compliant with ANAF while simplifying your e-invoicing workflows
1

🇫🇷 Prêt pour la facturation électronique en France ?

Accédez à notre kit de préparation et obtenez :

  • – Une vision claire des obligations à venir
  • – Les clés pour choisir la bonne solution
  • – Des outils pour évaluer votre conformité
  • – Des conseils d’experts concrets
Accéder au kit
Upcoming Webinar

Global E-invoicing Compliance with ecosio and BDO - 11 June 2026. Save your seat!