January 6 2023

Italian electronic invoicing and billing service providers. An issue of confidentiality and conflicts of interest.

The Italian electronic invoicing system can be a large-scale espionage system if analyzed in detail.

Electronic invoicing is a system that allows you to issue, transmit and receive invoices in electronic format, instead of paper invoices. In Italy, electronic invoicing was introduced with the Law n. 124 of 4 August 2017, with the aim of simplifying the administrative obligations of companies and reducing the use of paper.

Starting from 1 January 2019, electronic invoicing became mandatory for the sale of goods and services provided to the public administration and, starting from 1 July 2019, also for transactions between private individuals.

To issue an electronic invoice, it is necessary to use special software, which must be able to generate the file in XML format compliant with the technical specifications defined by the Revenue Agency. The electronic invoice must then be sent to the Revenue Agency through the Exchange System (SDI), which takes care of forwarding it to the recipient.

Electronic invoicing has numerous advantages, both for companies and for the public administration. Among the benefits for businesses, there are reduced costs of printing and sending invoices, greater efficiency in document management and the possibility of avoiding errors in completing invoices. For the public administration, on the other hand, electronic invoicing allows greater traceability and transparency of operations, as well as saving time and money in document management.

SDI Exchange System

The Exchange System (SDI) is the IT system that manages the transmission of electronic invoices between companies and the Public Administration in Italy. It is a platform that allows you to exchange documents in electronic format, in a secure and certified way, via the Internet.

The operation of the SDI is quite simple: when a company issues an electronic invoice, it is transmitted to the SDI through a secure internet connection. The SDI, in turn, delivers the electronic invoice to the recipient, which can be another company or a public body.

SDI was designed to be easily usable by any business, regardless of size or industry. To use the SDI, companies must have a "PEC" (Certified Electronic Mail), i.e. an e-mail address which guarantees the authenticity of the origin and the integrity of the content of the messages sent.

Once the PEC has been obtained, companies can access the SDI using a "user id" and a password, which are provided by the Agency for Digital Italy (AgID), the body that manages the system. Once logged in, companies can send and receive electronic invoices quickly and easily, without having to use other systems or software.

What is the unique Electronic Invoicing code?

The univocal code is an alphanumeric string assigned by the Agency for Digital Italy (AgID) to each person who intends to send or receive electronic invoices through the Exchange System (SDI) in Italy.

The univocal code has a length of 7 characters and is uniquely assigned to each subject, in such a way as to uniquely identify it within the system. For example, a company that has obtained the unique code "ABCDEFG" will be able to use it to send or receive electronic invoices through the SDI, without having to use other systems or software.

There are two types of unique codes: the unique code "F" (for "Invoicers"), which is assigned to companies that issue electronic invoices, and the univocal code "P" (for subjects "Invoicing service providers"), which is assigned to companies that offer electronic invoicing services to other companies.

The unique code is assigned by the AgID at the request of the interested party, who must fill in an online form and provide some identifying data, such as the name and address of the company. Once the unique code has been obtained, the interested party can use it to send or receive electronic invoices via the SDI.

The birth and diffusion of private electronic invoicing platforms.

Cloud electronic invoicing platforms are an invoice management solution based on the use of software managed via the internet. This type of platform has become popular in recent years due to its practicality, efficiency and the possibility of reducing billing management costs.

One of the first e-invoicing software in the Cloud was launched in 2010. This software offers a number of tools for managing invoices, such as creating invoices, managing deadlines and generating reports.

In the following years, other companies have developed similar software, which offers a series of advanced features for invoice management, such as the ability to integrate the software with other business systems and to generate invoices automatically from orders or other sources of information .

Today, cloud electronic invoicing platforms are widely used by small and medium-sized businesses, thanks to their ease of use and the ability to access data at any time and from any device connected to the internet. Furthermore, these platforms offer greater security than traditional invoice management methods, as the data is stored on secure servers and protected from unauthorized access.

It should be noted that there is no legal obligation to use intermediaries for electronic invoicing, being able to directly use the web portal of the revenue agency, however it is undeniable that the functions of these invoicing platforms in the Cloud are so advanced and better than the one offered by the revenue agency to be preferred.

In most cases, however, they are almost the only choices considering that they are always heavily sponsored through advertising on the web and even on TV and the end user often does not even know the existence of the possibility of using the Revenue Agency portal.

Conflicts of interest of Billing Service Providers and their customers.

Conflicts of interest can be a major problem in the relationship between billing service providers and their customers. One of the main conflicts of interest concerns the possibility that the billing service provider manages software that competes with that used by the customer.

For example, the billing service provider may offer billing software that the customer uses to manage their invoices. The customer could then enter all of his customers and related services within the billing software, providing the billing service provider with detailed visibility into his business and customers.

In this case, the billing service provider could have access to important information about the client's businesses and customers, which could be used to develop competitive strategies or to try to acquire the client's customers.

To manage these conflicts of interest, purely theoretical It is important that the billing service provider takes adequate measures to protect sensitive customer information and to ensure that this information is not misused. For example, the billing service provider may take appropriate security measures to protect customer data and may also enter into non-disclosure agreements with its customers to ensure that sensitive information is not shared with third parties.

Furthermore, It is important for the billing service provider to be transparent about its activities and interests so that customers can make informed decisions about using the billing software.

Can we trust?

For example, let's imagine that we have a service provider that offers payment system services for restaurants (POS) in addition to the e-invoicing system. The service provider could also have among its customers the company "ACME POS Restaurants" (invented name ed) and be tempted to use the information at its disposal to develop competitive strategies or to try to acquire the customers of its customers. For example, the service provider could decide to download the list of customers and the related emails of his customers to propose customized commercial offers, also knowing the costs of the service and therefore being able to be competitive.

This type of behavior represents a clear conflict of interest and could cause significant harm to the service provider's customers. Unfortunately, this type of risk is often difficult to predict and escapes the control of supervisory bodies such as the Privacy Guarantor who obviously deems the declaration of intent, secrecy and confidentiality of the private company that acts as a Service Provider formally valid and correct. electronic billing services.

Inside Job and unfaithful employees.

Data leaks are a major problem for organizations of all sizes. Often, these leaks are the result of intentional actions by disloyal employees who exploit their knowledge and access to data for profit.

An example of this type of data loss would be an employee launching a SQL query to harvest data to sell on the black market. Even if the organization has implemented the best security technologies and adopted best practices to protect the data, the unfaithful employee can still use their access to the data to perform this malicious action.

Hacker attacks and data breaches.

Data breaches are an ever-present threat to organizations of all sizes. Even companies that have implemented the best security technologies and adopted best practices to protect data can be exposed to this type of risk.

An example of a data breach is the case of Ho Mobile, an Italian telecommunications company that suffered a data leak in 2020. The data breach affected around 2 million customers and allowed attackers to access personal information such as names , addresses, telephone numbers and email addresses.

The Ho Mobile data breach demonstrated that no company is immune to this type of threat, and that it is important that organizations take appropriate measures to protect their customers' data.

When a data breach, a hacker attack, a trojan will attack one of these organizations of electronic invoicing service providers, we will understand how the current electronic invoicing service as it is designed, implemented and involving private organizations could in all respects be a large system of industrial espionage against the Italians.

Do you have doubts? Don't know where to start? Contact us!

We have all the answers to your questions to help you make the right choice.

Chat with us

Chat directly with our presales support.


Contact us by phone during office hours 9:30 - 19:30

Contact us online

Open a request directly in the contact area.


Managed Server Srl is a leading Italian player in providing advanced GNU/Linux system solutions oriented towards high performance. With a low-cost and predictable subscription model, we ensure that our customers have access to advanced technologies in hosting, dedicated servers and cloud services. In addition to this, we offer systems consultancy on Linux systems and specialized maintenance in DBMS, IT Security, Cloud and much more. We stand out for our expertise in hosting leading Open Source CMS such as WordPress, WooCommerce, Drupal, Prestashop, Joomla, OpenCart and Magento, supported by a high-level support and consultancy service suitable for Public Administration, SMEs and any size.

Red Hat, Inc. owns the rights to Red Hat®, RHEL®, RedHat Linux®, and CentOS®; AlmaLinux™ is a trademark of AlmaLinux OS Foundation; Rocky Linux® is a registered trademark of the Rocky Linux Foundation; SUSE® is a registered trademark of SUSE LLC; Canonical Ltd. owns the rights to Ubuntu®; Software in the Public Interest, Inc. holds the rights to Debian®; Linus Torvalds holds the rights to Linux®; FreeBSD® is a registered trademark of The FreeBSD Foundation; NetBSD® is a registered trademark of The NetBSD Foundation; OpenBSD® is a registered trademark of Theo de Raadt. Oracle Corporation owns the rights to Oracle®, MySQL®, and MyRocks®; Percona® is a registered trademark of Percona LLC; MariaDB® is a registered trademark of MariaDB Corporation Ab; REDIS® is a registered trademark of Redis Labs Ltd. F5 Networks, Inc. owns the rights to NGINX® and NGINX Plus®; Varnish® is a registered trademark of Varnish Software AB. Adobe Inc. holds the rights to Magento®; PrestaShop® is a registered trademark of PrestaShop SA; OpenCart® is a registered trademark of OpenCart Limited. Automattic Inc. owns the rights to WordPress®, WooCommerce®, and JetPack®; Open Source Matters, Inc. owns the rights to Joomla®; Dries Buytaert holds the rights to Drupal®. Amazon Web Services, Inc. holds the rights to AWS®; Google LLC holds the rights to Google Cloud™ and Chrome™; Microsoft Corporation holds the rights to Microsoft®, Azure®, and Internet Explorer®; Mozilla Foundation owns the rights to Firefox®. Apache® is a registered trademark of The Apache Software Foundation; PHP® is a registered trademark of the PHP Group. CloudFlare® is a registered trademark of Cloudflare, Inc.; NETSCOUT® is a registered trademark of NETSCOUT Systems Inc.; ElasticSearch®, LogStash®, and Kibana® are registered trademarks of Elastic NV Hetzner Online GmbH owns the rights to Hetzner®; OVHcloud is a registered trademark of OVH Groupe SAS; cPanel®, LLC owns the rights to cPanel®; Plesk® is a registered trademark of Plesk International GmbH; Facebook, Inc. owns the rights to Facebook®. This site is not affiliated, sponsored or otherwise associated with any of the entities mentioned above and does not represent any of these entities in any way. All rights to the brands and product names mentioned are the property of their respective copyright holders. Any other trademarks mentioned belong to their registrants. MANAGED SERVER® is a trademark registered at European level by MANAGED SERVER SRL, Via Enzo Ferrari, 9, 62012 Civitanova Marche (MC), Italy.

Back to top