New call-to-action

AFNOR FD Z42-029: Standards vs Laws in E-invoicing Archiving

30 June 2026 | 6 min read | Business to Government compliance, Global e-invoicing and e-reporting

Author: Thierry Julien, CEO of TJC Group

Why compliance should focus on outcomes, not prescribed standards: a French e-invoicing flaw

The French e-invoicing mandate will come into force in September 2026. In May 2026, AFNOR published a practical guide on how to archive electronic invoices correctly under the 2026 reform. AFNOR is France’s Standardisation Association, and coordinates the development of national standards across multiple sectors and fields. It also represents France in international standardisation bodies such as ISO and CEN/CENELEC. One important remark: AFNOR does not make laws: it develops voluntary consensus standards.

“This standard is available free of charge, courtesy of two sponsors, and can be accessed at no cost through the AFNOR Editions shop for three years from the publication date.” In this case, a formal and credible organisation (AFNOR) is getting paid for publishing a document, built by a team of professionally recognised persons, who have not been elected to build laws. Let’s dig into this. Full disclosure: I have been part of a similar group of persons in the past, not that long ago, at a time where money allowed us to print books and distribute them, and I sponsored some.

Before moving on, I’d like to make an important remark: the information that can be found in FD Z42-029 is not incorrect. My disagreement lies in treating standards and laws as equivalent, because this has consequences, which I will illustrate with an example further down in this article.

The archiving of electronic invoices deserves proper attention

The French electronic invoicing reform is bringing renewed attention to a subject that many companies have historically treated as a back-office topic: the archiving of electronic invoices.

Invoices are not just a commercial piece of information. They are tax evidence, accounting evidence, audit material, operational records, and sometimes litigation material. In a digital environment, organisations must be able to demonstrate that the document is authentic, complete, readable, traceable, accessible and retained for the appropriate period.

However, in the current discussion, one distinction is often overlooked: the difference between law, regulation, standards and certification. As an example, a file can be read as a PDF; however, it does not mean it complies with PDF/UA (ISO 14289).

This distinction is not academic. It affects architecture decisions, vendor selection, audit strategy, cost, risk allocation and long-term governance.

Law, regulation and standards: three different things

A law is a binding rule adopted by the legislator. In the context of invoices, this includes rules found in tax law, commercial law and accounting obligations. These rules define what companies must do: retain documents, preserve evidence, guarantee authenticity, integrity and readability, and make relevant information available in case of control. And this was before e-invoicing and e-reporting.

Regulations are also legally binding. In the European context, an EU regulation may be directly applicable across Member States. Regulations can define technical or procedural obligations, but they remain public legal instruments. For example, GDPR is an EU regulation.

The standard is different. It is generally a technical or organisational reference issued by a standardisation body. It may describe good practice, define requirements for a system, specify a format, or provide a common language. Standards are extremely useful because they reduce ambiguity and facilitate interoperability. They help structure controls and give auditors a framework. They build trust.

Yet, a standard is not a legal obligation.

A standard becomes mandatory only when something binding makes it mandatory: a law, a regulation, an insurance condition, or a customer requirement.

This is the key point: standards can help prove compliance, but they are not necessarily compliant themselves. Standards are to be applied to pave the way and make things easier.

The hierarchy should be clear.

  • The law defines the target.
  • The regulation may refine the target or supersede the law in the case of the EU.
  • The standard proposes one credible way to achieve or prove the target.
  • Certification attests that a system, organisation, service or process conforms to certain principles with a built-in selected path.

This matters because companies often confuse “recommended”, “state of the art”, “certified”, “market expected” and “legally required”.

Those categories are not the same.

The problem with turning standards into hidden law

There is a growing tendency in compliance markets to treat standards as if they were laws. However, this trend is not healthy.

It creates regulatory inflation without democratic accountability. Laws are debated, adopted and published through formal processes. Standards are produced through technical committees and market ecosystems. They may be excellent, but they do not have the same legal nature.

It creates market distortion. If a standard or certification is presented as de facto mandatory when it is not, companies may feel forced into a limited set of solutions or providers. This can benefit certified actors, but it can also narrow down competition and increase costs.

It reduces innovation. If the law says “guarantee integrity and readability”, many technical designs may achieve that target. If the market says “only this standardised implementation is acceptable”, innovation is constrained. This is especially problematic in domains such as AI-related document management, enterprise archiving, tax audit and data lifecycle management.

Law should define outcomes, not freeze methods

Effective laws should be outcome-based.

The law should not unnecessarily prescribe how every company must technically achieve them. Technology evolves. Formats evolve. Cloud architectures evolve. AI will change how historical information is accessed, classified and controlled. Data governance models will change. Security expectations will change.

If the law is too prescriptive, it becomes obsolete quickly.

If the law is outcome-based, companies can innovate while remaining accountable.

Standards then play their proper role: they are optional, sometimes temporary, bridges between abstract legal requirements and concrete implementation.

A balanced position on standards

This is not an argument against standards. Quite the opposite. The mature position is balanced:

  • Use standards.
  • Understand their scope.
  • Know when they are mandatory.
  • Know when they are only persuasive.
  • Map each standard requirement to a legal, contractual, audit or risk objective.
  • Avoid spreading fear where the law requires judgement.

Recent French confusion

For years, the French tax administration relied on law voted in parliament (usually during a night session) and what lacked clarity was expressed in Bulletin Officiel des Finances Publiques – Impôts (BOFIP). BOFIP was published by French tax authorities to explain and clarify the law, not to add to the law.

When discussing with tax authorities or expert tax lawyers, standards were of no interest. In just a few years, starting with the cash register and point-of-sale (POS) receipts regulation, the law stated that cash register providers must be certified, not just should be certified. This was a major change. French administrations started to rely on third parties to produce standards. This became even more apparent with e-invoicing, where AFNOR published standards that every company uses in order to prepare for the French e-invoicing and e-reporting process.

A practical use case

Now back to reality. I worked on an RFP recently, for a large company. The requirement list was extensive.

TJC Group Archving RFP AFNOR full snapshot

This is a real-life example (it has, of course, been anonymised). To answer this RFP, solution tenders should comply with 17 norms/standards identified across six categories. One is preferred, 16 are mandatory.

This list you saw was generated with an LLM and prompted for norms and standards only. The reader will notice the results mix norms (ISO 9001) with legal obligations (GDPR). Yet, most topics listed are standards (ISO and NF).

What started as an attempt to benefit some certified actors ended up with a long list of requirements that exclude all of them. What’s the point of being really good at one norm if you need to comply with all of them anyway?

Many requirements are country-specific, and norms/standards are technical ways of solving a generic requirement. I’m convinced that, looking into the details, some of those norms contradict themselves.

When you focus on standards, and not on laws, you may hide behind a list of norms, but you ultimately fail to comply with the law.

Conclusion

From the perspective of a provider, the future of compliance should not be a competition to turn every standard into an informal law. From the customer’s point of view, the future of compliance is not piling up standards in proposals, as a Christmas gift list. We all know Santa will not deliver here.

And there is something quite disappointing in this case: in every country, auditors and tax experts face the same issues. They want to be able to audit trustworthy information. This means completeness, lineage, and a few other topics that are not so difficult to provide. When you read carefully, complying with laws is much easier than complying with related standards.

Back to all Blogs
Business to Government compliance Careers Cybersecurity DART Data Management for S/4HANA Migration Data Privacy Decommissioning of Legacy Systems Enterprise Legacy System Application (ELSA) Events Fichier des Écritures Comptables (FEC) GDPR Compliance Global e-invoicing and e-reporting IT Trends SAF-T Compliance SAP BTP SAP Data Archiving SAP Data Management SAP Highlights SAP Information Lifecycle Management Sustainability Tax and Audit Readiness TJC Group Corporate
June 2026May 2026April 2026March 2026February 2026January 2026December 2025November 2025October 2025September 2025August 2025July 2025June 2025May 2025April 2025March 2025February 2025January 2025December 2024November 2024October 2024August 2024July 2024June 2024May 2024April 2024March 2024February 2024January 2024December 2023November 2023October 2023September 2023August 2023July 2023June 2023May 2023April 2023March 2023February 2023January 2023December 2022November 2022October 2022September 2022August 2022June 2022April 2022March 2022February 2022December 2021November 2021October 2021September 2021July 2021June 2021May 2021April 2021March 2021February 2021January 2021December 2020November 2020October 2020September 2020August 2020June 2020May 2020April 2020March 2020February 2020January 2020December 2019October 2019September 2019July 2019November 2018August 2018July 2018June 2018April 2018February 2018May 2017February 2016December 2015May 2015February 2014March 2013

Recent Articles

Header ASC Archive notes SAP DART extract
SAP DART extracts: How to find the relevant archive files

24 June 2026 |  

7 min read
SAP archiving automation: How TJC ASC goes beyond SARA
SAP archiving automation: How TJC ASC goes beyond SARA

23 June 2026 |  

5 min read

More Like This

TJC Group e-invoicing UAE update June 2026

E-invoicing in the UAE: Key updates for businesses in 2026

16 June 2026 |  

4 min read
E-invoicing landscape in 2026: Top benefits for organisations[

E-invoicing landscape in 2026: Top benefits for organisations

14 May 2026 |  

10 min read

SAP DRC integration: How to optimise your SAP systems

12 May 2026 |  

7 min read