Service Provider - Tax Portal

what is E-invoicing

What is E-invoicing

Intro Service Provider

Introduction

The Oman Tax Authority (OTA) is pleased to present the Service Provider Accreditation Criteria under the national e-Invoicing initiative, Fawtara. These criteria outline the mandatory requirements, technical standards, and compliance obligations that entities must meet in order to qualify as Accredited Service Providers (SPs).

This document serves as a reference guide for all interested service providers to understand the accreditation process, the supporting evidence required, and the expectations set by the Authority. It aims to ensure a transparent, fair, and secure digital ecosystem that enables seamless e-invoice exchange across Oman.

OTA encourages all potential service providers to review the criteria carefully and prepare accordingly as part of the accreditation journey.

Service Provider Criteria:

Asset Publisher

1. Commercially registered in mainland Oman Requirement

Mainland commercial registration with relevant activity.
Documents required: Mainland commercial registration with relevant activity.

2. Paid up Capital of at least OMR 60,000

Documents required: Latest audited financial statements of the company.

3. Company or parent company operational for at least 1 year for Riyada card holders and at least 2 years in all other cases

Documents required:
- Audited ISO22301 certificate OR commercial registration.
- Riyada card for Riyada card holders.

4. Declaration of no bankruptcy, insolvency and criminal proceedings

Documents required: Self declaration notarized by the Omani court or OCCI.

5. Not subject to a tax debt collection process

Documents required: TMS record will be reviewed by OTA.

6. Technical and Security Requirements

- Technical Design Document
- High Level Architecture (Application, Integration, Infra, Data)
- Hardware/Software details including versions and upgrade plan
- Support and SLA details
- Data hosting location and backup/retention policy
- Multifactor Authentication (MFA) evidence
- Encryption at Rest screenshots
- Encryption in Transit SSL/TLS evidence
- Security Monitoring tools/SOC/SIEM
- Incident response plan and SLA
- Proof of regular security monitoring
- ISO/IEC 27001 Certification