Technology partner selection for a UAE ASP platform is not a procurement decision — it is a regulatory risk decision. The partner you choose will be embedded in your firm's compliance infrastructure for years. When their platform fails, your firm bears the consequences. This guide gives you eight weighted criteria, a practical scoring framework, 25 due diligence questions, eight red flags that end the evaluation, and seven non-negotiable contract clauses.
Most accounting firms treat technology partner selection the way they treat other SaaS purchases — comparing feature lists, watching demos, and negotiating price. For UAE e-invoicing ASP platforms, this approach is dangerous. Three factors make this evaluation uniquely high-stakes.
Regulatory liability flows through to your firm. When your accounting practice operates as an MoF-accredited ASP, your clients' compliance obligations are discharged through your platform. If the technology partner's infrastructure generates validation errors, misroutes Peppol messages, or misses FTA reporting windows, the penalties under Cabinet Decision No. 106 of 2025 fall on your clients — and your firm bears the advisory liability.[1]
Credentials are independently verifiable — and must be checked. Unlike most B2B technology purchases where due diligence depends on vendor self-disclosure, the UAE e-invoicing space has public registries. The OpenPeppol certified service provider list is publicly searchable.[2] The MoF pre-approved ASP list is publicly accessible.[3] A partner who cannot be independently verified on both registries should not proceed past the initial screening stage, regardless of how compelling their pitch.
Switching costs once clients are integrated are enormous. Once 10 clients have completed ERP integration with your white-label platform, migrating to a different technology partner is a 4–6 month re-integration project per client — while those clients remain legally exposed without an active ASP appointment. The technology partner selection decision is effectively permanent for the first contract cycle. There is no low-stakes way to get it wrong.
25%
Weighting of MoF/Peppol credentials — the single most important criterion and the first to verify
Pass/Fail
Criteria 1 and 6 are mandatory gates — any fail disqualifies the partner regardless of other scores
25 questions
Due diligence questions every shortlisted partner must answer in writing before a commercial conversation
8 red flags
Responses or behaviours that end the evaluation immediately — no exceptions, no follow-up
7 clauses
Non-negotiable contract terms — any partner who refuses these is declining the partnership
The Eight Evaluation Criteria — Weighted and Ranked
Eight criteria are organised into four categories: Compliance Credentials, Technical Capability, Commercial Terms, and Strategic Fit. Each carries a weighting for the scoring framework. Total weight sums to 100%.
Criterion 1 · Compliance Credentials
25%
MoF Pre-Approval & Peppol Certification
The partner must be listed on the
MoF pre-approved ASP list[3] and the
OpenPeppol certified service provider registry.
[2] Verify the exact legal entity name on both — it must match the entity signing your contract. Also confirm Peppol PKI certificates are current, not pending renewal.
⚠ Mandatory pass/fail — if not listed on MoF registry today, evaluation ends here.
Criterion 2 · Technical Capability
15%
ERP Integration Breadth
A partner that supports only 2–3 ERP systems will constrain your client acquisition reach. Verify native integrations for the ERP systems most common in your target client base: SAP S/4HANA, Oracle Fusion, Microsoft Dynamics 365, Odoo, Tally ERP, and Zoho Books for UAE SMEs. Each unsupported system either excludes a client segment or creates bespoke integration costs charged additionally.
✓ Ask for a certified ERP connector list — not a roadmap of planned integrations.
Criterion 3 · Compliance Credentials
10%
ISO 27001 & ISO 22301 Scope
Both certifications are mandatory MoF requirements.
[4] Critically, the ISO scope statement must explicitly name the e-invoicing platform being licensed to you — not the partner's general IT operations. An ISO certificate issued for an unrelated product line does not satisfy the MoF requirement for your white-label platform. Request the scope statement page, not just the certificate cover.
✓ Verify: scope page explicitly names the ASP platform components.
Criterion 4 · Technical Capability
10%
UAE Data Hosting
All e-invoice data and FTA reporting logs must reside in UAE-hosted infrastructure. The MoF Guidelines V1.0 explicitly prohibit cross-border data transfer.
[5] "UAE-compliant cloud environment" is not sufficient — the partner must name the specific cloud region: Azure UAE North, AWS UAE (ap-south-1 in UAE), or equivalent UAE-sovereign infrastructure.
✓ Ask for the specific cloud provider, region name, and data centre address in writing.
Criterion 5 · Technical Capability
10%
PINT-AE Compliance & Uptime SLA
Confirm the partner implements UAE's
PINT-AE v1.0+ specification — not a generic UBL 2.1 stack claiming compatibility. UAE PINT-AE includes UAE-specific mandatory fields not in generic international implementations. The minimum acceptable uptime SLA is
99.9% (≈8.7 hours annual downtime) with contractual financial penalties for breach — a stated SLA without consequences is a marketing claim, not a commitment.
✓ Request 12 months of historical uptime data from their monitoring system (StatusPage or equivalent).
Criterion 6 · Commercial Terms
15%
True White-Label Ownership
The fundamental test: when your client uses the platform, whose name do they see and whose contract do they sign? In a genuine white-label arrangement: the platform runs under your firm's brand and domain; the technology partner is invisible to end clients; client contracts sit between your firm and the client; you set your own pricing without approval from the partner; and the partner is contractually prohibited from contacting your clients directly.
⚠ Mandatory pass/fail — any partner brand visible to your clients disqualifies the arrangement.
Criterion 7 · Strategic Fit
10%
GCC Expansion Capability
The UAE Peppol platform is reusable across Saudi Arabia (
ZATCA Fatoorah), Oman (Fawtara, mandatory from August 2026), and Bahrain.
[6] A partner already deployed in Saudi Arabia under ZATCA brings proven GCC compliance capability and a shorter expansion path. Evaluate their stated roadmap for each GCC market and their track record of delivering on previous regulatory roadmap commitments.
✓ Ask for live client references in Saudi Arabia, not just "ZATCA compatibility" claims.
Criterion 8 · Commercial Terms
5%
Exit & Data Portability
No partnership lasts forever. The time to negotiate exit terms is before signing, not when a crisis forces the issue. Key questions: In what format and timeframe can all client invoice data, transaction history, and audit trails be exported upon termination? Data must be exportable in PINT-AE XML or equivalent structured format — not proprietary formats that require the partner's software to read. Does the agreement include transition assistance at no additional charge?
✓ Resistance to data portability provisions is the clearest signal of lock-in intent.
Evaluation Criteria Weighting — 100% Total
MoF/Peppol credentials and white-label ownership together account for 40% — the two criteria that are also mandatory pass/fail gates
Weighting reflects regulatory risk profile of UAE e-invoicing ASP platform selection. Criteria 1 and 6 are also mandatory pass/fail gates — any fail disqualifies regardless of weighted score.
The Weighted Scoring Framework
Score each shortlisted partner from 1 (does not meet requirement) to 5 (exceeds requirement) against each criterion. Multiply score by weighting to produce a weighted score. The partner with the highest total weighted score — subject to passing the Criterion 1 and Criterion 6 mandatory gates — is your recommended choice.
| Criterion |
Weight |
Gate? |
Score (1–5) |
Weighted Score |
| 1. MoF Pre-Approval + Peppol Cert. | 25% | PASS/FAIL | __ / 5 | __ × 25% |
| 2. ERP Integration Breadth | 15% | — | __ / 5 | __ × 15% |
| 3. ISO 27001 + 22301 Scope | 10% | — | __ / 5 | __ × 10% |
| 4. UAE Data Hosting | 10% | — | __ / 5 | __ × 10% |
| 5. PINT-AE + SLA Reliability | 10% | — | __ / 5 | __ × 10% |
| 6. True White-Label Ownership | 15% | PASS/FAIL | __ / 5 | __ × 15% |
| 7. GCC Expansion Capability | 10% | — | __ / 5 | __ × 10% |
| 8. Exit and Data Portability | 5% | — | __ / 5 | __ × 5% |
| Total Weighted Score | __ / 100 (after passing both mandatory gates) |
Evaluation principle: Evaluate technology partners the way the MoF evaluates ASP applicants — through verifiable evidence, not stated credentials. Every claim should be independently confirmable via the public registries cited above. If a partner cannot produce documentation for a requirement, treat that as a disqualifying signal, not an invitation to follow up later. The urgency of the 2026 deadline does not lower the due diligence bar — it raises it.
The 25 Due Diligence Questions Every Partner Must Answer
Send these questions to every shortlisted partner before accepting a demo or proposal. Partners who decline to answer specific questions before a commercial conversation, or who respond with generalities rather than specifics, are signalling that the answers would not reflect well on them. Request written responses — not verbal commitments in a sales call.
A — Compliance Credentials (5 Questions)
1
Provide your exact legal entity name as it appears on the MoF pre-approved/accredited ASP register. Confirm it is identical to the entity that would sign our partnership agreement.
3
Provide the scope statement page of your ISO 27001 certificate, confirming it explicitly covers the e-invoicing platform you are licensing to us — not your general IT operations.
4
Provide the scope statement page of your ISO 22301 certificate, confirming the same.
5
Confirm your professional indemnity insurance — what is the AED coverage amount and the name of the UAE-registered insurer? Is the policy renewed annually or multi-year?
B — Technical Capability (8 Questions)
6
Name the specific cloud provider and UAE region where client invoice data is hosted. Provide written confirmation that no data crosses outside UAE borders at any stage of processing, reporting, or archiving.
7
Which version of the
PINT-AE billing specification does the platform currently implement? Provide evidence of compliance testing results against the UAE-specific mandatory fields.
8
List every ERP system for which you hold a certified, production-deployed integration — not planned connectors or beta integrations. Provide reference contacts for at least one live deployment on each major ERP.
9
What is your contractual uptime SLA? What are the financial penalties for SLA breach? Provide 12 months of historical uptime data from your public monitoring system.
10
Describe your FTA Tax Data Document (TDD) pipeline — how is the TDD generated, transmitted, and acknowledged? What is your failure and retry protocol when FTA acknowledgement is not received?
11
What is your Peppol PKI certificate renewal schedule, and who in your organisation is accountable for ensuring renewal before expiry? Has your certificate ever lapsed or been suspended?
12
What is your average time from an MoF specification change (e.g. PINT-AE schema update) to a compliant platform release deployed to all clients? Provide a concrete example from the Saudi Arabia or Singapore Peppol environment.
13
Describe your sandbox testing environment for UAE e-invoicing. Can we run pre-go-live validation tests on our client configurations before production deployment?
C — White-Label & Commercial Terms (7 Questions)
14
Describe precisely what "white-label" means in your model. Does the client-facing portal operate under our firm's brand and domain? Does your company name, logo, or contact details appear anywhere in the client interface — including email notifications, error messages, system status pages, or invoice PDFs?
15
Who does the client sign a contract with — our firm, or you? If a client has a dispute about platform performance, does our firm handle it, or are clients directed to you?
16
Can we set our own subscription pricing, onboarding fees, and add-on charges without approval or restrictions from you? Are there any minimum price floors or margin-sharing requirements?
17
What are the exact terms regarding client contact restrictions? Are you contractually prohibited from approaching our clients directly to offer your platform independently of our partnership?
18
What are the contract duration and renewal terms? Is there an auto-renewal clause, and if so, what is the notice period required to prevent renewal?
19
What happens to our clients and our MoF accreditation if your company is acquired, ceases trading, or loses its own MoF pre-approved status during our contract term?
20
Is an exclusivity provision available for a defined geography or client segment — for example, exclusive UAE mid-market accounting firm access within a specific emirate?
D — Track Record & Exit Terms (5 Questions)
21
How many white-label ASP partners are you currently active with in the UAE, and how many production clients are live on the platform today? Provide reference contacts for at least two active white-label partners willing to speak to their experience.
22
What is your white-label partner churn rate over the past 24 months? What were the most common reasons partners ended the relationship?
23
In what format and within what timeframe can we export all client invoice data, transaction history, and FTA audit logs upon contract termination? Is this data exportable in PINT-AE XML or another structured, non-proprietary format?
24
Does the partnership agreement include a transition assistance clause to support migration to a different provider — and is this included in the base agreement or charged additionally?
25
Are you currently involved in any litigation, regulatory investigation, or MoF compliance inquiry? Are there any known material changes to your ownership, funding status, or UAE operations planned in the next 12 months?
How to interpret responses: A prepared, credible technology partner will answer all 25 questions specifically and in writing within 5–7 business days. Vague answers, verbal-only responses, or requests to "discuss this on a call" for written questions are signals that the answers are not favourable. A partner who cannot answer Question 1 — their own legal entity name on the MoF register — in their first response is not ready for a serious evaluation.
Eight Red Flags That End the Evaluation
The following responses or behaviours during the evaluation process should immediately remove a partner from consideration — no exceptions, no benefit of the doubt, no follow-up.
🚩
"Our MoF accreditation is in process."
Pre-approved status is publicly verifiable on the MoF list. If the partner is not listed today, they cannot support your accreditation application and cannot guarantee they will be listed by your target go-live date. "In process" is not a status that enables your clients to meet the July 2026 deadline.
🚩
Cannot provide the ISO certificate scope page — only the cover.
A partner who shows a certificate cover but not the scope statement is either hiding a scope mismatch or is not certified for the specific e-invoicing operations being discussed. Both are disqualifying. This is the most common discovery made by accounting firms after signing — and one of the most common accreditation delays from our guide to
avoiding the five most common UAE ASP accreditation mistakes.
🚩
"Data is stored in a UAE-compliant environment."
This is marketing language, not a technical specification. "Compliant" is self-declared. If the partner cannot name the specific cloud provider and UAE region where data is hosted, the data may not be in the UAE at all — which is a direct violation of the MoF Guidelines and a disqualifying condition for your own accreditation.
[5]
🚩
The partner brand appears in the client interface.
If the platform shows the technology partner's name, logo, support email, or contact details anywhere a client can see — including system notifications, invoice PDFs, or error messages — this is not a white-label arrangement. It is a co-branded reseller model that undermines your firm's ownership of the client relationship and makes every client a prospect for the partner to serve directly at contract renewal time.
🚩
Resistance to data portability provisions in the contract.
A partner who refuses to commit to structured PINT-AE XML data export upon termination is engineering lock-in by design. This is the clearest signal that the relationship is intended to be difficult to exit. Client data is your firm's asset — not the partner's. Any refusal to confirm data portability is a refusal of the partnership on acceptable terms.
🚩
No UAE client references willing to speak.
Claims of UAE ASP experience without verifiable reference contacts should not be accepted. A partner with genuine UAE production deployments will have clients willing to be referenced. A partner without references is likely claiming experience they do not yet have — which means your firm would be the production validation exercise, not a supported launch.
🚩
Verbal commitments only — refuses to confirm key terms in writing before contract.
A partner who makes reassuring claims verbally in a sales call but deflects written confirmation of those same terms before signing is giving you a preview of how they will behave during the contract. Commitments on SLA performance, regulatory update timelines, client contact restrictions, and data portability must be in the contract — not in a salesperson's meeting notes.
🚩
Peppol PKI certificate expired or the entity name doesn't match the contract entity.
An expired certificate means the partner is currently non-compliant on the Peppol network.
[2] An entity name mismatch between the OpenPeppol registry and your proposed contract entity means the certification does not cover the legal entity you are contracting with. Both are immediate disqualifiers.
The Seven Non-Negotiable Contract Clauses
Once a preferred partner has been identified through the scoring process, the following clauses must appear in the partnership agreement. Any partner who refuses to include these terms should be treated as declining the partnership.
| Clause |
What It Must State |
Why It Is Non-Negotiable |
| White-Label Exclusivity |
Technology partner brand is invisible to end clients in all interfaces, communications, invoice outputs, and system reports |
Protects your client ownership and prevents the partner from using your client base as a prospecting list for their own direct sales |
| MoF Status Maintenance |
Partner commits to maintain MoF pre-approved/accredited status and Peppol certification throughout the contract term; provides 30-day notice of any compliance change |
Protects your MoF accreditation — if the partner loses their status, your clients' invoices cannot be processed and your clients face immediate compliance exposure |
| Regulatory Update Obligation |
Partner is contractually obligated to deliver compliant platform updates within a defined timeframe (e.g. 14 business days) following any MoF or PINT-AE specification change |
The MoF Guidelines V1.0 will be revised — this clause prevents your firm bearing the cost of each revision as a platform upgrade charge |
| Client Non-Solicitation |
Partner is prohibited from approaching, marketing to, or contracting directly with any client introduced through this partnership during the contract term and for 24 months after termination |
Without this, the partner has economic incentive to build relationships with your clients and cut your firm out of the value chain at renewal |
| SLA with Financial Penalties |
99.9%+ uptime SLA with defined financial credits for breach; response time SLAs for critical incidents (e.g. P1 response within 30 minutes) |
An SLA without financial consequences is unenforceable in practice — it becomes a service aspiration, not a contractual commitment |
| Data Portability on Exit |
All client invoice data, transaction history, and FTA audit logs exported in PINT-AE XML or structured non-proprietary format within 30 days of termination notice; partner retains data for 90 days post-export window |
Client invoice data must be retained for FTA audit purposes — if it is trapped in a proprietary format, your clients face both operational and regulatory exposure on exit |
| Transition Assistance |
Partner provides 90 days of transition support at no additional charge upon termination, including technical documentation, data migration support, and continuity of service during the transition period |
Without this, partner has incentive to make migration as difficult as possible to discourage exit — a standard "hostile exit" lock-in tactic |
Final recommendation on timing: Do not sign a partnership agreement under deadline pressure. The urgency of the July 2026 Phase 1 deadline is real — but signing a deficient agreement is worse than beginning 4–6 weeks later with the right partner. Budget a minimum of 6 weeks for the full evaluation: 2 weeks for RFQ responses and initial screening, 2 weeks for demos and technical due diligence, and 2 weeks for commercial negotiation and legal review. The time invested in rigorous selection will be repaid many times over during the partnership lifetime.
✅ Key Takeaways from This Guide
- Technology partner selection for a UAE ASP platform is a regulatory risk decision, not a procurement exercise. Criteria 1 (MoF/Peppol credentials, 25% weight) and Criterion 6 (true white-label ownership, 15% weight) are mandatory pass/fail gates — any partner who fails either is disqualified regardless of other scores.
- The 25 due diligence questions and 8 red flags are the minimum evaluation standard. A partner who answers all 25 in writing, specifically and within a week, is demonstrating operational maturity. A partner who hedges, deflects, or gives verbal-only responses is demonstrating the opposite.
- The seven non-negotiable contract clauses — white-label exclusivity, MoF status maintenance, regulatory update obligation, client non-solicitation, SLA with penalties, data portability, and transition assistance — are the minimum acceptable terms. Any partner who refuses any of these clauses is declining the partnership on acceptable terms.
Wisdom ITS Answers All 25 Questions — In Writing
MoF pre-approved. Peppol-certified. ISO 27001 and ISO 22301 scoped to the ASP platform. UAE-hosted on Azure UAE North. True white-label — your brand, your domain, your contracts, your pricing. We welcome the full due diligence framework above and will provide written responses to all 25 questions before any commercial conversation.
Download Our Due Diligence Pack
Request Written Q&A Responses
References & Sources
- Cabinet Decision No. 106 of 2025 — UAE e-Invoicing Penalty Framework (AED 5,000/month for failing to appoint ASP; AED 100/invoice penalties; liability structure). uaelegislation.gov.ae
- OpenPeppol — Peppol Certified Service Providers Registry (publicly searchable list of all certified Peppol service providers; last updated 11 March 2026). peppol.org
- UAE Ministry of Finance — Pre-Approved e-Invoicing Service Providers (official public MoF list; updated periodically; businesses directed here to select their ASP). mof.gov.ae
- UAE Ministry of Finance — Accreditation of e-Invoicing Service Providers (ISO 27001 and ISO 22301 as mandatory accreditation conditions; Ministerial Decision No. 64 of 2025). mof.gov.ae
- UAE Ministry of Finance — Electronic Invoicing Guidelines V1.0 (February 2026) (UAE data hosting requirement; cross-border data transfer prohibition). mof.gov.ae (PDF)
- Saudi Arabia ZATCA — E-Invoicing Roll-out Phases (Fatoorah Wave 24; GCC precedent and platform reusability reference). zatca.gov.sa
- OpenPeppol — PINT-AE Billing Specification (UAE-specific PINT-AE mandatory fields and XML schema). docs.peppol.eu
- PwC Middle East — UAE Ministerial Decision No. 64 of 2025 Analysis (accreditation criteria and document requirements overview). pwc.com/m1/en
About Wisdom ITS: Wisdom Information Technology Solutions LLC is a Dubai-registered software company specialising in tax technology, e-invoicing infrastructure, and fintech platforms for the UAE and GCC markets. Our white-label ASP platform is built on Peppol-certified architecture for accounting, audit and tax firms.
wistech.biz
