Compliance built into your operations — not bolted on.
NETBUE delivers advanced e-invoicing and regulatory technology solutions across the GCC, with deep specialisation in Oman's Fawtara programme. Our platform enables businesses to generate, exchange, and archive invoices in full compliance with national mandates — built on the globally recognised PEPPOL network standard.
PEPPOL Five Corner Model — How Fawtara works
Oman's Fawtara is built on the PEPPOL Five Corner Model — the same global architecture used in Singapore, Australia, and the EU. The OTA was officially approved as a PEPPOL Authority on 7 January 2026, making Oman's network a full member of the global PEPPOL ecosystem. NETBUE operates as both Corner 2 and Corner 3.
Seller / Supplier
VAT-registered Oman business issuing invoices — your client who engages NETBUE as their Access Point.
Sending Access Point
Validates, digitally signs, and reports invoices to OTA in real-time, then transmits to buyer's Access Point.
OTA — Tax Authority
Receives real-time invoice data for VAT compliance monitoring, audit, and reporting. Oman PEPPOL Authority.
Receiving Access Point
Receives invoices via PEPPOL AS4, validates, and delivers to buyer's ERP or accounting system.
Buyer / Recipient
VAT-registered business receiving invoices — engages NETBUE as their Receiving Access Point.
Fawtara Rollout Phases
The OTA is rolling out Fawtara in three phases. NETBUE is positioned to onboard clients from Phase 1, with full production operations ahead of the Phase 2 mandate.
| Phase | Timeline | Scope | Status |
|---|---|---|---|
| Phase 1 — Pilot | August 2026 | ~100 large taxpayers selected by OTA | Upcoming |
| Phase 2 — Large Taxpayers | February 2027 | All remaining large VAT-registered companies | Planned |
| Phase 3 — All VAT Businesses | August 2027 | All VAT-registered businesses in Oman | Planned |
Eight Supported Fawtara Document Types
The Faturathi platform supports all eight OTA-mandated document types, covering the full invoice lifecycle for both B2B/B2G and B2C transactions.
Security & Compliance Framework
Every layer of the Faturathi platform is engineered to meet OTA, PEPPOL, and international security standards. NETBUE owns all hardware and software — clients have no infrastructure obligations.
ISO/IEC 27001:2022
Certified Information Security Management System. Mandatory for all PEPPOL Access Points.
AES-256 Encryption at Rest
Transparent Data Encryption (TDE) on SQL Server — full database-level protection.
TLS 1.3 in Transit
Qualys SSL Labs Grade A rating. All OTA API calls over HTTPS/8443. PEPPOL AS4 signed and encrypted.
Multi-Factor Authentication
OTP via registered email for all user logins. Role-Based Access Control (RBAC) across all modules.
24×7 Security Monitoring
Real-time alerts, audit trail, and security dashboard. P1 critical incidents: 15-min response, 4-hour resolution.
10-Year Data Retention
All invoice data retained per Oman VAT Law and PDPL. Automated backup — last test: March 2026 PASS.
Standards & certifications
ISO/IEC 27001:2022 (ISMS) · NIST SP 800-61 Rev 2 (Incident Response) · ISO/IEC 27035:2016 (Security Incident Management) · ISO 22301:2019 (Business Continuity) · ITIL v4 (IT Service Management) · Oman PDPL (Personal Data Protection Law) · OM PINT / UBL 2.1 XML (Fawtara invoice standard) · PEPPOL AS4 transport protocol