What Retailers and POS/E-commerce Vendors Must Get Right Before Launch
Mexico is not a “fiscal printer” country. It is an online fiscalization market built around electronic tax documents and real-time (or near-real-time) validation. If you’re a retailer planning store expansion, or a POS/e-commerce vendor selling into Mexico, the success of your rollout will depend less on local hardware and more on whether your systems can consistently produce, sign, validate, and archive the right digital documents, at speed, across every channel.
The core concept is CFDI (Comprobante Fiscal Digital por Internet): Mexico’s legally valid digital invoice/receipt format. In Mexico, invoices and “proof of payment” receipts are CFDIs, issued in a structured XML format and validated through an authorized ecosystem overseen by the tax authority, SAT (Servicio de Administración Tributaria).
The Mexican model in one sentence: POS generates, taxpayer signs, PAC stamps, SAT registers
Mexico’s fiscalization is facilitated via the e-invoicing system. A compliant transaction follows a strict logic: your POS or e-commerce backend prepares the CFDI data, the taxpayer digitally signs it, a certified provider validates and stamps it, and the tax authority receives it.
The document describes the three pillars of the system clearly:
The POS or selling system must generate CFDI data correctly and communicate online. There is no separate SAT certification for POS software, but your application still has to meet SAT-defined technical structures, including the required fields and catalog codes.
A PAC (Proveedor Autorizado de Certificación), a private, SAT-authorized certification provider, validates the XML, applies the official digital stamp, assigns the UUID, and transmits the stamped CFDI to SAT. PACs are the certified part of the ecosystem; they are audited and can lose authorization if they fail to meet requirements.
SAT maintains the official registry of electronic documents, defines key verification elements (including the QR code format), and provides verification services for taxpayers and customers.
For implementation teams, the operational implication is simple: your availability is now linked to PAC connectivity. If your checkout cannot reach a PAC reliably, you risk not being able to issue legally valid documents when business happens.
Digital elements you must manage: CFDI XML, CSD certificate, PAC stamp
Mexico’s fiscalization engine is digital, but it is not “just an API.” Three digital elements matter and each has operational consequences.
First is the CFDI XML, the standardized machine-readable document, currently aligned with CFDI 4.0 version.
Second is the taxpayer’s CSD (Certificado de Sello Digital), the cryptographic certificate used to sign each CFDI. The CSD is issued by SAT, is typically valid for four years, and must be renewed, meaning certificate lifecycle management is not optional if you want uninterrupted selling.
Third is the Digital Stamp (Timbre Fiscal Digital) created by the PAC. This stamp embeds the UUID and other validation data into the XML. Without the PAC stamp, a CFDI is not legally valid under SAT rules.
It applies to stores, mobile POS, e-commerce, kiosks: Mexico’s fiscalization is channel-agnostic
Many retailers still treat fiscalization as “store-only.” Mexico does not.
The document states that every taxable sale, regardless of channel—must be documented with a valid CFDI, explicitly listing in-store sales, mobile POS, e-commerce/online sales, and self-service kiosks.
For e-commerce teams, the flow is familiar but stricter than many markets: once payment is confirmed, a CFDI (Ingreso) is generated, stamped by a PAC, registered with SAT, and then delivered to the customer as XML/PDF via email or a download link.
This is the part many vendors underestimate: the CFDI XML is the legal truth. The PDF is only a “representation,” useful for humans, but not the legal artifact.
Sales, returns, voids: the document types and “do not mix” rules
Mexico’s transaction logic is document-driven. If your POS or e-commerce platform is designed around flexible “adjustments,” you will need to adapt it.
A standard sale is documented with CFDI de Ingreso (type I). Returns and refunds are documented with CFDI de Egreso (type E) and must be linked back to the original sale, referencing the original UUID and related fields.
The document highlights a key retail pitfall: mixing sales and returns on one CFDI is not allowed, and returns must be handled as their own transaction/document path.
Voiding (cancellation) is treated as a formal process. The issuer submits a cancellation request via SAT portal or PAC; the recipient can have a role in acceptance/rejection with a 72-hour window in the general process, and CFDI 4.0 requires specifying cancellation reasons. In B2C retail contexts, recipient approval is often not required, but you still need the correct rules and exception handling in your workflow.
Equally important: the document distinguishes “cancelling before stamping” from cancelling an issued CFDI. If the transaction is stopped before certification, your POS can simply not send it to PAC—meaning no UUID exists and SAT has no record. That distinction matters for your cashier flows and your error handling.
Payment methods, currency, VAT: where implementations usually break
Mexico is a catalog-driven world. Payment methods must be captured using SAT-defined codes, and the “paid in full vs deferred” concept is explicit: PUE for paid in one exhibition and PPD for installments/deferred payments. If you accept mixed tender, the system requires rules for how to represent it.
Transactions are supported in MXN, and foreign currency payments can exist, but tax calculation and reporting are tied back to Mexican pesos.
Receipts: what the customer sees can be flexible, but the required elements are not
Mexico allows flexibility in the layout of the customer-facing receipt (PDF/printout/digital representation), as long as the content matches the stamped XML and no mandatory element is omitted or altered. The receipt does not have to be printed if the customer accepts an electronic version, which is especially relevant for online sales.
A practical message for UX teams: you can design a modern receipt experience, but the required fiscal identity fields, UUID, certificate numbers, seals, totals, and the SAT verification QR code rules still have to be respected.
Archiving and audit reality: “five years” is the real compliance horizon
If you expand to Mexico, compliance doesn’t end at stamping. Mexico is an audit-ready system.
The document states that taxpayers must archive the original stamped XML and keep documents accessible for at least five years, with requirements that emphasize integrity (tamper-proof and traceable storage). Storage can be outsourced to a PAC, but access must remain possible upon SAT request.
SAT uses data from PACs for risk assessment, and common triggers include inconsistent reporting, repeated errors, and incorrect codes. The document lists frequent errors such as incorrect product/service codes, missing UUID links, and wrong payment method fields.
Fines are not theoretical. Typicaly they are in the range of approximately 400 to 6,000 MXN per incorrectly issued CFDI, with larger consequences for more serious behavior.
E-commerce: fiscalization plus consumer and data obligations
Mexico’s e-commerce compliance is not only fiscal. There are additional layer of compliance: consumer protection, transparency rules, and data protection obligations.
Online retailers must provide clear, verifiable information, show prices in pesos including VAT and mandatory fees, and avoid deceptive practices. Dark patterns are called out as prohibited. Refund rights and dispute handling must be transparent.
In other words: a Mexico-ready commerce stack needs both a CFDI engine and a consumer-law-safe checkout and post-purchase experience.
What this means for retailers and vendors planning a Mexico launch
Mexico rewards disciplined architecture.
Retailers should treat PAC connectivity, certificate lifecycle, and XML correctness as core go-live criteria, right next to payments and inventory. POS and e-commerce vendors should treat Mexico as a “catalog-and-document” country where compliance is an always-on workflow, not a monthly report.
The winners are usually the teams that design for three things early: resilient connectivity (because stamping is in the critical path), clean master data (because catalogs drive acceptance), and audit-grade archiving (because five years arrives faster than anyone expects).
Source and further reading
This article is based on the document “E-Commerce Legal Requirements in Mexico” (Version 1.0, 26.12.2025) authored by Tara Nedeljković.
Readers can find the original document here: https://www.fiscal-requirements.com/documents/1240