TECHNICAL, LEGISLATION
UAE E-Invoicing Data Retention: How Long to Keep Records, Where to Store Them, and What the FTA Can Access
Once your UAE e-invoicing system is live, a new obligation begins: keeping the invoice data accessible, secure, and retrievable for the FTA for periods of 5 to 15 years. This guide explains every retention period, what the law actually says about where data must be stored, the extension rules that most businesses overlook, and what your ASP contract must include to protect you.
reading time: 11 min
SOURCES: MOF OFFICIAL PUBLICATIONS
may 2026
aiverix research
Data retention is the compliance obligation that businesses tend to think about last — and the one that creates risk for the longest period of time. Your invoicing system goes live in 2027. Your mandatory retention period begins on the same day. If the FTA requests access to an invoice from that year in 2031 — four years later — you must be able to produce it immediately, in complete and readable form. If your data management practices were not set up correctly at go-live, you may not be able to comply with that request. And a failure to produce records on FTA request is a separate violation with its own penalty consequences under the UAE Tax Procedures Law. This article covers everything you need to understand about the UAE’s e-invoicing data retention requirements — before your system goes live.
“
OFFICIAL SOURCES:
UAE Electronic Invoicing Guidelines V1.0, Section 5.4 — Ministry of Finance, 23 February 2026
Article 11, Ministerial Decision No. 243 of 2025 on the Electronic Invoicing System
Article 3, Cabinet Decision No. 74 of 2023 — Executive Regulation of Federal Decree-Law No. 28 of 2022 on Tax Procedures
Federal Decree-Law No. 28 of 2022 on Tax Procedures (Tax Procedures Law)
UAE Electronic Invoicing Guidelines V1.0, Section 5.4 — Ministry of Finance, 23 February 2026
Article 11, Ministerial Decision No. 243 of 2025 on the Electronic Invoicing System
Article 3, Cabinet Decision No. 74 of 2023 — Executive Regulation of Federal Decree-Law No. 28 of 2022 on Tax Procedures
Federal Decree-Law No. 28 of 2022 on Tax Procedures (Tax Procedures Law)
The Basic Retention Periods
Article 11 of Ministerial Decision No. 243 of 2025 requires that any person subject to the Electronic Invoicing System must store electronic invoices, electronic credit notes, and any associated data within the timeframes prescribed under the UAE Tax Procedures Law. The Tax Procedures Executive Regulation — Cabinet Decision No. 74 of 2023 — sets those timeframes specifically.
There are three standard retention periods, each applying to a different category of person or record type.
There are three standard retention periods, each applying to a different category of person or record type.
5
YEARS — VAT-REGISTERED PERSONS
5 years following the end of the Tax Period to which the records relate. This applies to all Taxable Persons registered for VAT. The clock starts from the end of the tax period — not from the invoice date.
5 years following the end of the Tax Period to which the records relate. This applies to all Taxable Persons registered for VAT. The clock starts from the end of the tax period — not from the invoice date.
5
YEARS — ALL OTHER PERSONS
5 years from the end of the calendar year in which the document was created. This applies to all persons in scope for e-invoicing who are not required to register for any tax type.
5 years from the end of the calendar year in which the document was created. This applies to all persons in scope for e-invoicing who are not required to register for any tax type.
7
YEARS — REAL ESTATE RECORDS
7 years from the end of the calendar year in which the document was created. This applies to any e-invoicing records related to real estate transactions — regardless of the entity type.
7 years from the end of the calendar year in which the document was created. This applies to any e-invoicing records related to real estate transactions — regardless of the entity type.
For most UAE businesses — VAT-registered companies across trading, manufacturing, professional services, and technology — the standard retention period is 5 years following the end of the relevant tax period. For a business with a quarterly VAT period ending December 31, 2027, the 5-year clock starts January 1, 2028 and runs through December 31, 2032. All invoices issued during that tax period must be accessible until that date.
5 YRS
Standard — VAT-registered businesses, from end of tax period
5 YRS
Standard — non-tax-registered persons, from end of calendar year
7 YRS
Real estate records — from end of calendar year
+4 YRS
Extension — during an active FTA audit or dispute
The Extension Rules That Most Businesses Overlook
The base retention periods of 5 and 7 years are not always the final answer. The Tax Procedures Executive Regulation provides for two extension situations that can push the retention obligation significantly beyond the standard period.
Extension 1: Active audit, dispute, or FTA notification
If any of the following three events occur, all taxable persons must retain their data for an additional 4 years beyond the standard period:
-
Ongoing dispute with the FTA
If you are in a formal dispute with the FTA — for example, contesting a penalty or a tax assessment — all records related to the disputed period must be kept for 4 years after the standard period ends. -
Ongoing tax audit
If the FTA has begun a tax audit that covers a period for which your standard retention period has ended or is about to end, you must extend retention by 4 years from the date the standard period expires. -
FTA notification of intent to conduct an audit
If you receive written notification from the FTA that they intend to conduct an audit — even if the audit has not yet started — the 4-year extension is triggered from that notification date.
Extension 2: Voluntary disclosure in year 5
If you submit a voluntary disclosure — a self-correction of a tax error or omission — and that submission falls within the fifth year from the end of the relevant tax period, you must retain all records for an additional 1 year from the date of the voluntary disclosure. This extension exists to ensure the FTA can verify the voluntary disclosure against the original records.
PRACTICAL IMPLICATION: PLAN FOR UP TO 9−11 YEARS
In practice, businesses that maintain conservative data retention policies should plan for a potential total retention period of 9 years (5 base + 4 extension) for standard transactions, and 11 years (7 base + 4 extension) for real estate transactions. This is not a theoretical maximum — any business that becomes subject to an FTA audit after year 5 will need those records to be accessible.
The right approach is not to delete records at the end of the base period. It is to maintain records on a rolling basis and implement a formal records disposal policy that only removes data after confirming no open audit, dispute, or FTA notification exists.
In practice, businesses that maintain conservative data retention policies should plan for a potential total retention period of 9 years (5 base + 4 extension) for standard transactions, and 11 years (7 base + 4 extension) for real estate transactions. This is not a theoretical maximum — any business that becomes subject to an FTA audit after year 5 will need those records to be accessible.
The right approach is not to delete records at the end of the base period. It is to maintain records on a rolling basis and implement a formal records disposal policy that only removes data after confirming no open audit, dispute, or FTA notification exists.
What "Within the UAE" Actually Means for Cloud Storage
Article 11 of MD No. 243 of 2025 states that electronic invoices, credit notes, and associated data must be stored "within the State" — within the UAE. This language has caused significant confusion among businesses that store data on international cloud platforms such as AWS, Google Cloud, Microsoft Azure, or regional data centres outside the UAE.
The official UAE Electronic Invoicing Guidelines clarify the intent of this requirement in a way that is practical and reassuring for businesses using global cloud infrastructure.
The official UAE Electronic Invoicing Guidelines clarify the intent of this requirement in a way that is practical and reassuring for businesses using global cloud infrastructure.
“
The reference to 'within the State' should be interpreted as requiring that Electronic Invoices, Electronic Credit Notes and the associated data be maintained in a way that enables them to be retrieved and provided when requested by the FTA, irrespective of the geographic location of the servers, databases, or cloud-based solutions used to store them.
In plain language: the requirement is about accessibility and retrievability, not about physical server location. Your data can be stored on servers outside the UAE — on a global cloud platform, in a data centre in another country, or through an international ASP with data infrastructure in Europe or Asia — as long as three specific conditions are met.
-
Integrity and secure retention
Invoice records and associated data must be retained in an electronic system that preserves their integrity — meaning the data cannot be altered after the fact — and ensures secure retention against loss, corruption, or unauthorised access. -
Prompt availability on FTA request
The storage infrastructure, wherever it is physically located, must enable you to provide the required records promptly when the FTA requests them. "Promptly" is not defined in days, but it implies immediate or near-immediate access — not a request that takes weeks to fulfil because data is in long-term cold storage. -
Complete and readable form
Records must be capable of being retrieved and reproduced by the FTA in a complete and readable form. This means the data must be in a format the FTA can actually use — not encrypted in a proprietary format that requires specialist software to decode, and not fragmented across multiple systems in a way that makes complete retrieval impractical.
WHAT THIS MEANS FOR INTERNATIONAL BUSINESSES
If your business uses a global ERP or cloud accounting platform that stores data on international servers — SAP hosted in Germany, Oracle hosted in the US, a regional data centre in Singapore — you are not required to replicate or migrate your data to UAE-based servers to comply with the retention requirement.
What you are required to do is ensure that your data management agreement with your cloud provider or ASP explicitly guarantees prompt access and retrieval of UAE e-invoice data, and that the data is stored in a format that can be reproduced completely and readably for the FTA. This should be a specific clause in your ASP service agreement and your cloud provider contract.
If your business uses a global ERP or cloud accounting platform that stores data on international servers — SAP hosted in Germany, Oracle hosted in the US, a regional data centre in Singapore — you are not required to replicate or migrate your data to UAE-based servers to comply with the retention requirement.
What you are required to do is ensure that your data management agreement with your cloud provider or ASP explicitly guarantees prompt access and retrieval of UAE e-invoice data, and that the data is stored in a format that can be reproduced completely and readably for the FTA. This should be a specific clause in your ASP service agreement and your cloud provider contract.
What "Associated Data" Means — and What It Does Not
The retention requirement covers electronic invoices, electronic credit notes, and "associated data." The Guidelines provide a specific definition of associated data to prevent businesses from over-retaining or misunderstanding the scope.
“
Associated data refers only to the information required to support the integrity, authenticity, and auditability of an Electronic Invoice or Electronic Credit Note. It does not extend to general business or transaction-related documentation, nor to ancillary commercial information, unless such data is specifically required to confirm the completeness and accuracy of the Electronic Invoice or Electronic Credit Note record itself.
In practical terms, associated data includes the XML invoice file itself, the transmission confirmation from your ASP, the FTA tax data reporting confirmation, and any validation or rejection records related to the invoice. It does not include your general contract documentation, purchase orders, delivery notes, or other commercial records — unless those specific documents are needed to verify the completeness or accuracy of the invoice itself.
This distinction is important for businesses that have large volumes of transaction-related documentation. The e-invoicing retention requirement does not extend your obligation to retain all supporting commercial documents. Your general document retention policy — driven by other laws such as the Companies Law, the Commercial Transactions Law, and VAT regulations — continues to apply separately.
This distinction is important for businesses that have large volumes of transaction-related documentation. The e-invoicing retention requirement does not extend your obligation to retain all supporting commercial documents. Your general document retention policy — driven by other laws such as the Companies Law, the Commercial Transactions Law, and VAT regulations — continues to apply separately.
The XML Format Requirement
Electronic invoices in the UAE are issued, transmitted, and received in XML format. The Guidelines confirm that electronic invoices will not feature a QR code or barcode — unlike Saudi Arabia’s ZATCA system where the QR code is embedded in the invoice.
The retention obligation applies to the XML data — the structured invoice file — not to a human-readable PDF version. Many ERP systems generate a PDF rendering of an invoice for internal use or for sending to buyers who have not yet implemented e-invoicing. This PDF is not the legal record. The XML file transmitted through your ASP is the legal document of record. Your data retention system must preserve the XML, not just the PDF.
This is a practical configuration point for your ASP and your ERP team. Confirm that your ASP stores the transmitted XML for each invoice and makes it retrievable on request. Confirm that your compliance dashboard or ASP portal provides a way to retrieve individual invoice XML files — not just summary reports. If your ASP cannot provide individual XML retrieval, that is a gap in your data retention capability that needs to be resolved before go-live.
The retention obligation applies to the XML data — the structured invoice file — not to a human-readable PDF version. Many ERP systems generate a PDF rendering of an invoice for internal use or for sending to buyers who have not yet implemented e-invoicing. This PDF is not the legal record. The XML file transmitted through your ASP is the legal document of record. Your data retention system must preserve the XML, not just the PDF.
This is a practical configuration point for your ASP and your ERP team. Confirm that your ASP stores the transmitted XML for each invoice and makes it retrievable on request. Confirm that your compliance dashboard or ASP portal provides a way to retrieve individual invoice XML files — not just summary reports. If your ASP cannot provide individual XML retrieval, that is a gap in your data retention capability that needs to be resolved before go-live.
Your Responsibilities vs Your ASP's Responsibilities
One of the most common misunderstandings about e-invoicing data retention is who is responsible for it. The answer from the official framework is clear: the compliance obligation rests with the business — the person in scope for e-invoicing — not with the ASP.
WHAT HAPPENS IF YOU SWITCH ASP PROVIDERS
If you switch from one ASP to another after go-live, you must ensure that all invoice data from your previous ASP is either transferred to your new ASP or retained in another accessible system. The compliance obligation to retain data does not transfer to the outgoing ASP — it remains with your business.
Before signing any ASP contract, confirm: what happens to your historical invoice data if you terminate the contract? Does the ASP provide an export of all transmitted invoice XML files? How long does the ASP retain data on their systems after contract termination? These questions are not standard in ASP sales conversations — you need to ask them directly.
If you switch from one ASP to another after go-live, you must ensure that all invoice data from your previous ASP is either transferred to your new ASP or retained in another accessible system. The compliance obligation to retain data does not transfer to the outgoing ASP — it remains with your business.
Before signing any ASP contract, confirm: what happens to your historical invoice data if you terminate the contract? Does the ASP provide an export of all transmitted invoice XML files? How long does the ASP retain data on their systems after contract termination? These questions are not standard in ASP sales conversations — you need to ask them directly.
The Retention Requirement and Real-Time FTA Visibility
One important clarification about how the retention requirement interacts with the FTA’s real-time data access. When your ASP transmits an invoice, a Tax Data Document is reported to the FTA in near real time. This means the FTA already has a copy of the tax-relevant data from every invoice transmitted through the EIS from the moment of transmission.
However, the FTA’s real-time receipt of tax data does not replace or reduce your retention obligation. The FTA’s copy of the Tax Data Document is for their purposes — tax reporting, reconciliation, and fraud detection. Your obligation to retain the full invoice XML, including all non-tax fields, transmission confirmation data, and associated records, is separate and runs for the full statutory period regardless of what the FTA has already received.
Think of it this way: the FTA’s real-time data gives them the tax headline. Your retained XML gives them the full verified document when they need to examine a specific transaction in detail. Both serve different purposes, and both are required.
However, the FTA’s real-time receipt of tax data does not replace or reduce your retention obligation. The FTA’s copy of the Tax Data Document is for their purposes — tax reporting, reconciliation, and fraud detection. Your obligation to retain the full invoice XML, including all non-tax fields, transmission confirmation data, and associated records, is separate and runs for the full statutory period regardless of what the FTA has already received.
Think of it this way: the FTA’s real-time data gives them the tax headline. Your retained XML gives them the full verified document when they need to examine a specific transaction in detail. Both serve different purposes, and both are required.
Practical Checklist: Data Retention Setup Before Go-Live
Retention Is a Long-Term Obligation, Not a Go-Live Checkbox
Most of the work of UAE e-invoicing implementation is completed within the first few months of going live. Data retention is different — it is an obligation that runs silently for years after implementation and only becomes visible when the FTA exercises its right to request records.
The businesses that handle retention well are those that set up their systems correctly at the start: an ASP contract that guarantees XML retrieval and data export, a cloud or ERP infrastructure that preserves data integrity over a 5-to-9-year horizon, a records disposal policy that checks for open audits before deleting anything, and a clear understanding of who in the organisation is responsible for producing records if the FTA makes a request.
The businesses that run into problems are those that assume their ASP handles everything — and then discover, years later, that their ASP’s standard contract only retained data for 2 or 3 years, or that switching providers left a gap in historical records that cannot be reconstructed.
Aiverix retains transmitted invoice data for the full statutory period and provides individual XML retrieval through our compliance dashboard. Data retention terms are explicit in our service agreement. Request a no-cost compliance assessment at aiverix.ae — including a review of your current data management setup against the retention requirements.
The businesses that handle retention well are those that set up their systems correctly at the start: an ASP contract that guarantees XML retrieval and data export, a cloud or ERP infrastructure that preserves data integrity over a 5-to-9-year horizon, a records disposal policy that checks for open audits before deleting anything, and a clear understanding of who in the organisation is responsible for producing records if the FTA makes a request.
The businesses that run into problems are those that assume their ASP handles everything — and then discover, years later, that their ASP’s standard contract only retained data for 2 or 3 years, or that switching providers left a gap in historical records that cannot be reconstructed.
Aiverix retains transmitted invoice data for the full statutory period and provides individual XML retrieval through our compliance dashboard. Data retention terms are explicit in our service agreement. Request a no-cost compliance assessment at aiverix.ae — including a review of your current data management setup against the retention requirements.