Starting in April, Mexico will require certain digital service providers to grant the tax authority, known as SAT, permanent online and real-time access to limited information in their systems or records to verify tax compliance.
While Mexico has long been an early adopter of technology-driven compliance (notably electronic invoicing), the new law represents an escalation in both frequency and proximity—from platform-generated reports to an access-based portal where authorities can see transaction-level data in real time.
The rules in the 2026 miscellaneous tax resolution (resolución miscelánea fiscal, or RMF) provide the first operational picture of what “real-time access” will mean and how platforms are expected to execute it.
Advisers should confirm whether the groups’ Mexico-facing activities fall within the RMF’s covered digital services, then perform an analysis of what data should be made available.
Early coordination with IT, security, and privacy teams is key. Collaborative work should focus on designing a segregated, read-only compliance environment (with credentials for tax authorities) that can be implemented and documented ahead of the April 30 submission.
Legal Details
The RMF targets taxpayers providing digital services, including those covered by parts of Mexico’s value-added tax law, known as LIVA.
It obligates in-scope platforms to allow permanent online, real-time access to information that enables verification of tax obligations under parameters to be set by SAT through general rules.
The provision contemplates SAT entering agreements with Mexico’s Agency of Digital Transformation and Telecommunications to support the technological and analytical side of implementation.
Taxpayers must submit access details to SAT before April 30. Platforms must inform SAT of any changes to the access mechanism within 10 days of each change.
Data in Scope
RMF distinguishes between providers of “direct” digital services and digital intermediation platforms such as marketplaces and similar models, each with different required data sets.
Digital services in scope include downloading or accessing images, movies, or text, online clubs or dating sites, and distance learning. RMF contemplates a database that includes, per transaction: the type of service/operation, the customer’s Mexican taxpayer ID when an invoice is requested, the price excluding VAT, any VAT charged and total price, invoice folio/identifying data, and the payment method.
In practical terms, this isn’t merely a sales ledger. It suggests that SAT expects traceability from commercial transaction to invoicing artifact and VAT determination, as well as a direct way to test the platform’s VAT collection and reporting posture.
For marketplaces and other platforms that intermediate between sellers/service providers and customers, the scope expands substantially.
In addition to transaction identifiers and tax attributes, the database must include information on the sellers (Mexican residents and nonresidents) who use the platform to do business. Items described in the RMF and technical analyses include business name, tax ID, domicile, banking information, and more.
This is consistent with Mexico’s broader policy direction of having platform intermediaries not only as tax collection points (through VAT and income tax withholding regimes), but also as data concentrators.
Access, Not Reporting
Mexico’s choice here is architectural. Many jurisdictions are tightening digital-platform reporting, but most do so through periodic information returns, standardized reporting schemes, or annual seller reports. Mexico’s approach behaves more like continuous auditability than classical reporting.
That distinction has two immediate consequences.
First, the compliance burden shifts from preparing a report to maintaining a secure, queryable data environment with audit-grade integrity and day-plus-one refresh cycles. KPMG Mexico and EY Mexico both emphasize daily updating, secure storage, and five-year availability, which implies operational controls closer to financial reporting systems than to ad hoc compliance extracts.
Second, the model creates an interface problem. Even if SAT’s access is limited to tax verification, the platform exposes data through credentials and a defined access mechanism. The RMF’s focus on user/password delivery and manuals suggests that the first implementation wave may resemble portal-based or controlled database access.
Overall, tax compliance risks center on scope creep into non-tax data, cybersecurity vulnerabilities from permanent access, and privacy hurdles for cross-border platforms. To mitigate these, experts recommend using dedicated data marts, strict system isolation, and robust access controls to ensure data proportionality and security while meeting regulatory expectations.
Penalties and Consequences
The RMF states that failure to comply can lead to temporary blocking of the digital service in Mexico, tying system-level compliance to business continuity.
This is consistent with Mexico’s existing toolkit for nonresident digital service providers, where access blocking has been used as a coercive mechanism in VAT compliance.
From a governance standpoint, this is a blunt instrument: It can be highly effective in accelerating compliance, but it raises the stakes for implementation detail—especially where the rules depend on evolving technical specifications and security controls.
OECD Alignment
Mexico’s policy objective, which is using platforms as collection and information hubs to improve compliance in the digital economy, tracks the Organization for Economic Cooperation and Development’s approach in a broad direction.
OECD model work on platform reporting was driven by the recognition that platform operators are uniquely positioned to capture and validate information about sellers and transactions, improving compliance and reducing the tax gap.
However, Mexico’s access-based, near-real-time model is more aggressive than the OECD’s baseline for standardized platform reporting.
The OECD Model Rules for Reporting by Platform Operators are designed around periodic reporting obligations (including annual reporting with defined categories and timing) rather than continuous system access. The model emphasizes a harmonized approach to limit fragmentation and duplicative compliance burdens.
The OECD International VAT/GST Guidelines stress principles that become relevant when evaluating Mexico’s design choices: proportionality, certainty, and minimizing undue compliance costs while countering evasion and avoidance. On that basis, Mexico is aligned with OECD standards in principle. It leverages platforms to enhance VAT and income tax compliance in digital and gig economies.
However, the new rule is potentially misaligned in mechanism, because permanent real-time access isn’t the OECD’s prevailing model and may challenge the OECD’s proportionality and compliance-cost principles unless implementation is tightly scoped, standardized, and demonstrably limited to tax verification.
This article does not necessarily reflect the opinion of Bloomberg Industry Group, Inc., the publisher of Bloomberg Law, Bloomberg Tax, and Bloomberg Government, or its owners.
Author Information
Rafael Benevides is head of tax at Adyen, Latin America, and director at the GTECS Association of Tax Professionals in Tech, specializing in international taxation, compliance, and tax controversy in the technology sector.
Write for Us: Author Guidelines
To contact the editors responsible for this story:
Learn more about Bloomberg Tax or Log In to keep reading:
See Breaking News in Context
From research to software to news, find what you need to stay ahead.
Already a subscriber?
Log in to keep reading or access research tools and resources.