Want to create an interactive transcript for this episode?
Podcast: Chaos Computer Club - recent audio-only feed
Episode: How the EU created Electronic Invoices without considering Security (god2025)
Description: Companies within the European Union are increasingly required to be able to issue and process electronic invoices according to EU standards. For example, since January 2025, companies in Germany have been required to support electronic invoices in B2B contexts.
While it is desirable to standardize invoice data formats, the EU standards have severe problems. They are overly and needlessly complicated, and security was not given much consideration. An unfortunate design choice to use a problematic "standard" (XSLT 2/3) only supported by a single implementation with inherent security problems makes security vulnerabilities in electronic invoicing software even more likely.
The EU standard...