Tax
-
March 13, 2026

2026 Tax Audit Framework: Substance of Transactions and the “Attack” on the Digital Seal Certificate (CSD)

The tax reform that took effect on January 1, 2026, marks a paradigm shift. The tax authority has moved away from a reactive approach to become an entity with the power to conduct predictive audits and impose immediate penalties. 

The core of this strategy is set forth in Article 49-Bis of the Federal Tax Code (CFF) and in the stricter provisions of Articles 17-H Bis and 29-A of the CFF, which aim to combat the issuance of fraudulent digital tax receipts (CFDIs) online, shell companies, and the simulation of transactions. 

1. "Materiality" is no longer just a criterion—it is now the law

Previously, “materiality” was an interpretive concept used by the Tax Administration Service (SAT) in its audits; however, starting with the 2026 tax year, tax regulations stipulate that a CFDI is valid solely and exclusively if it actually covers transactions that are real, existing, and verifiable. 

  • Presumption of Falsity: If the SAT detects indications that a taxpayer issues invoices without assets, personnel, or infrastructure (Article 69-B), it may initiate an expedited verification procedure under Article 49-Bis of the CFF, as discussed below
  • Audiovisual Inspection Authority: SAT auditors are now authorized to collect photographic, audio, and video evidence to document the absence of infrastructure.

The primary objective is to verify that invoiced goods and/or services have a real basis, ensuring that taxpayers possess the actual means to provide the services or sell the products they invoice.

2. Expedited Procedure (Article 49-Bis, CFF)

The Tax authorities will apply this procedure when they presume that CFDIs are false (i.e., they do not meet the requirements of Article 29-A, Section IX of the CFF). It is important to note that this procedure does not follow the general rules for on-site audits under Article 49, but instead operates under a simplified framework with strict deadlines and the immediate suspension of CFDI issuance.

This rapid verification mechanism seeks to interrupt the tax effects of suspicious transactions and generally operates as follows:

  • Execution Period: Maximum of 24 business days.
  • Immediate Precautionary Measure: Temporary suspension of the Digital Seal Certificate (CSD) from notification of the order until the final resolution, effectively halting the issuer’s invoicing activities and significantly impacting business continuity.
  • Limited Right to Be Heard: The audited taxpayer has only 5 business days to submit evidence (e.g., contracts, logs, deliverables, photographs, emails) and present arguments to demonstrate the actual existence of the transactions performed.
  • Authority’s ResolutionThe authority has 15 business days to issue a resolution. 
  • Consequences for Third Parties: If the presumption is not rebutted, the taxpayer’s name and Federal Taxpayer Registry (RFC) will be published on the SAT website and in the Official Gazette (within 45 business days following notification). 
  • Consequences for third parties: If taxpayers fail to rebut the presumption made by the tax authority, their name and Federal Taxpayer Registry (RFC) number will be published on the SAT website and in the Official Gazette of the Federation (within 45 business days of notification).

Third parties that received such CFDIs must file an amended tax return within 30 calendar days of publication in the Official Gazette to reverse the related tax effects. Failure to do so will result in the temporary restriction of their CSD (Article 17-H Bis, Section XIV).

  • Criminal Implications:The SAT will pursue criminal action against any activity involving false tax receipts, in accordance with Article 113 Bis of the CFF.

3. Key Audit Focus Areas for 2026

A. Payment Traceability and “Definite Date” in Digital Form

In 2026, the SAT requires that substance be demonstrated not only through deliverables but also through complete financial traceability. Bank statements alone are no longer sufficient; cash flow must precisely align with the declared economic capacity of the supplier. Additionally, contracts must be notarized to ensure a legally recognized “definite date.”

B. Artificial Intelligence Algorithms

During the 2026 fiscal year, tax authorities have strengthened their use of technological tools. While artificial intelligence (AI) was previously announced, authorities have now refined their risk models to conduct more precise and targeted audits.

According to recent financial reports, this technology enables the SAT to automatically identify taxpayers simulating pension schemes, using invoicing companies, or presenting inconsistencies between invoiced and reported amounts. The aim is to maintain tax collection without introducing new taxes, relying instead on digital efficiency.

C. Denial of Registration in the RFC

In general terms, registration may be denied when legal representatives, partners, shareholders, or any individuals within a legal entity’s structure fall under any of the following circumstances:

  • Their CSD is restricted.
  • They are identified as issuers of invoices for nonexistent transactions.
  • They appear on the final list of taxpayers who improperly transferred losses (Article 69-B Bis of the CFF).
  • They are identified as issuers of false CFDIs under Article 49-Bis.
  • They have definitve tax liabilities.
  • They hold outstanding, unsecured tax debts.
  • They are classified as “non-located” taxpayers.
  • They have a final criminal conviction for a tax offense.
  • Individuals who have treated as deductible those tax receipts that support nonexistent transactions.
  • They are part of another legal entity subject to any of the above conditions.

4. CSD Restriction: The SAT’s “Panic Button”

New Grounds 2026 Description and Risk
Recipient Omissions If a taxpayer receives CFDIs from an invoicing entity and fails to correct the situation within 30 days, their CSD will be automatically restricted.
Inconsistencies on Codes Restriction applies when CFDIs do not match the corresponding income code or type of receipt.
  • When the permit code issued by the National Energy Commission has not been declared.
  • In cases where fuels are sold without having been imported or acquired in compliance with applicable regulations, among others
Definitive Tax Liabilities When unpaid liabilities exceed four times the invoiced amount of the prior year.
Geolocation Mismatch When the auditor’s GPS does not match the declared tax domicile in three separate verifications.

5. Strategic Impact and Preventive Defense

The recommendation for 2026 is to transition from traditional accounting to Dynamic Tax Compliance:

  1. Supplier Compliance:Monthly audits of the supply chain. It is no longer sufficient that a supplier is not currently on a “blacklist”; their actual infrastructure must be assessed.
  2. Substance File (Defense File): Must include photographic evidence, access logs, email metadata, and proof of service supervision.
  3. Tax Mailbox Monitoring:Given the 5-business-day response window, failure to monitor official communications may be fatal to business continuity.

6. Checklist: 2026 Substance File (Defense File)

To ensure business continuity during a SAT audit under Article 49-Bis of the CFF, immediate availability of documentation is critical. In 2026, taxpayers have only 5 business days to prove that transactions were real, valid, and legally substantiated.

This file must be compiled at the time the transactions are carried out, not upon receipt of a notification from the tax authorities. Some recommended practices are as follows:

This file must be submitted at the time the transactions are carried out, not when the tax authorities issue a notice. Here are some recommendations:

1. Legal and Identity Documentation (“Who”)

  • Contract with Definite Date: Document notarized before a public notary.
  • Supplier Tax Compliance Opinion:Obtained in the same month as the transaction (positive status).
  • Tax Identification Certificate and Tax Status Certificate:Updated to validate the economic activity.
  • REPSE Registration (if applicable):For specialized services, including a valid registration number verified on the Ministry of Labor and Social Welfare (STPS) platform.

2. Infrastructure and Capacity Evidence (“With What”)

  • Photographic/Video Report:Evidence of the supplier’s facilities or of uniformed personnel performing the service at your premises.
  • Asset Listing: Inventory of machinery or tools used by the supplier to carry out the operations.
  • Access Logs: Records of entry and exit of external personnel at your facilities (signatures, biometric records, or security logs).

3. Service Traceability / Deliverables (“How”)

  • Daily/Weekly Work LogsDetailed description of activities performed, man-hours, and responsible personnel.
  • Digital or Physical Deliverables:Reports, manuals, blueprints, diagnostics, or screenshots of implemented software.
  • Follow-up Communications:PDF files of email threads or messages from management platforms documenting requests and progress reviews.

4. Financial Traceability (“How Much”)

  • Bank Statement: Copy of the transaction showing the outflow of funds to the supplier’s account (matching interbank account details).
  • Payment Complement (REP):Must be linked to the original CFDI and issued within the statutory timeframe.
  • Purchase or Service Order:Internal document authorizing the expense prior to invoice issuance.

Storage Recommendation:

Given the 2026 tax environment, and in light of the considerations outlined above, we strongly recommend that the Defense File be fully digital and centralized, given the very short response times, which may significantly impact taxpayers’ operations. 

Conclusions 

The 2026 Tax Reform has transformed tax compliance into an exercise in operational risk management. Key conclusions for senior management include:

  • End of Presumed Good Faith: The current system operates under a presumption of irregularity that the taxpayer must rebut immediately. The authority no longer waits for year-end audits; instead, it intervenes in real time in the taxpayer’s cash flow through the restriction of the Digital Seal Certificate (CSD).
  • Technology as a Double-Edged Sword:While the SAT uses AI to detect inconsistencies, companies must also adopt technology to protect themselves. The cost of not investing in validation and documentation systems is equivalent to the risk of total operational paralysis.
  • Systemic Vulnerability:The greatest risk in 2026 is not internal error, but third-party failure. A compliant company may be effectively shut down due to a supplier’s negligence or failure to detect changes in its value chain status.
  • Toward a Documentation Culture:Substance is no longer merely an accounting issue—it is a matter of operational survival. Companies must institutionalize evidence generation for every transaction, turning daily operations into pre-constituted proof for tax authorities.

The audit environment in Mexico continues to evolve, with trends that go beyond the incorporation of technological processes and data management, establishing a new reality in terms of compliance procedures and the manner in which companies must respond to information requests from the tax authorities.

Authors: C.P. Juan Carlos Rodríguez Domínguez | C.P. Raúl Serrano Espinosa

PÉREZ GÓNGORA Y ASOCIADOS
Tax · Audit · Advisory
Contact us
We know your time is valuable. At PGA we optimize our clients' time so they can focus on growing their business. Find out more on how we can help.
Subscribe to our Newsletter:
Thank you for subscribing! You will receive our news soon.
Oops! Something went wrong while submitting the form.
How can we help you?
TaxAuditFinancial Advisory
Legal and Accounting SupportInsightsContact us
Our offices
Monterrey
Dr. Coss 623 Sur, Centro, Monterrey, Nuevo León
+52 818 345 3635
CDMX
Paseo de la Reforma 300 Piso 18, Juárez, Cuauhtémoc
+52 55 8310 3000
© Pérez Góngora y Asociados. All rights reserved.
Privacy NoticeCode of Conduct