How to view and inspect PDF e-Invoices?
Tools
• ZUGFERD • FACTUR-X • XRECHNUNGEN • UBL • PEPPOL • XML •
From a cybersecurity and information protection perspective, the rise of hybrid PDF e-invoices introduces a specific question: how can organizations inspect, validate, and audit electronic invoices without exposing sensitive financial data to external systems, ERP platforms, or cloud services?
To address this, Kibervarnost.si built the Batch PDF e-Invoice Viewer, Converter & Validator, a browser-based tool that allows finance professionals to view, extract, validate, and convert electronic PDF invoices entirely client-side and free of charge.
First, what is a hybrid PDF invoice?
Hybrid formats such as ZUGFeRD, Factur-X, and other EN 16931-compliant profiles combine two layers in a single file. The PDF contains a human-readable visual representation of the invoice, while an embedded XML file contains the structured machine-readable data. This XML typically follows standards such as Peppol BIS Billing 3.0, UBL 2.1, or CII (CrossIndustryInvoice). In practice, the PDF is what people see, the XML is what accounting systems and tax authorities process.
ZUGFeRD is one of three permitted e-invoice formats in Germany that comply with EN 16931. ZUGFeRD is a hybrid format consisting of an XML file embedded in a PDF. ZUGFeRD is managed by FeRD (Forum elektronische Rechnungen Deutschland).
This dual structure is powerful for automation and compliance, but it also creates complexity. Many organizations receive hybrid PDFs without having direct ERP access, or they need to verify embedded XML independently from their accounting system. Uploading invoices to third-party viewers or cloud validators introduces unnecessary data exposure risks, especially when dealing with supplier banking details, VAT numbers, customer identifiers, and transaction data.
The Batch PDF e-Invoice Viewer solves this by operating fully in the browser. All parsing, XML extraction, rendering, and validation happen locally on the user’s device. No data is uploaded, transmitted, or stored. There is no registration, no login, and no tracking. From a security standpoint, this significantly reduces the attack surface and eliminates the risk of sensitive invoice data being retained by external services.
The tool supports Peppol BIS 3.0, UBL 2.1, CII (CrossIndustryInvoice), ZUGFeRD 2.x, Factur-X, and EN 16931-compliant hybrid PDFs. It automatically extracts embedded XML when present and displays key invoice data, including invoice identifiers, issue dates, buyer and order references, supplier and customer details (including Peppol IDs), line items, VAT breakdowns, totals, allowances or charges, and payment information such as IBAN and BIC.
Batch processing of e-invoices
For audit and operational workflows, it provides batch processing capabilities. Users can load multiple PDF or XML invoices at once, review them individually, or generate a consolidated batch summary with totals grouped by currency. Export options include readable TXT summaries for documentation purposes and structured CSV files suitable for Excel or accounting workflows.
Basic client-side validation checks are also performed, including required field presence, profile identifiers, and sum consistency. This makes the tool particularly useful for accountants, finance teams, auditors, system integrators, and small to medium-sized businesses that need to inspect, verify, or document electronic invoices without relying on ERP systems or third-party servers.
From a cybersecurity perspective, minimizing data exposure while maintaining transparency and verifiability is essential. A privacy-first, client-side approach ensures that invoice data never leaves the device, aligning with EU data protection expectations and reducing compliance risk.
Feedback from the community is highly appreciated. The goal is to continuously improve the validator, expand format coverage, and strengthen validation logic based on real-world requirements.
Privacy First
All of these tools are designed with privacy in mind. Processing happens entirely on the user’s computer using JavaScript, with no uploads, no server-side storage and no tracking. For accountants, auditors and consultants handling sensitive financial data, this local-only approach is not just convenient but increasingly necessary.
Unlike many online converters:
- Invoices never leave your computer
- No servers, no uploads
- No analytics or tracking
- Designed for handling sensitive financial and GDPR data
- Aligned with strict EU privacy expectations
- Completely free and always will be
This makes the tools suitable for auditors, accountants, consultants, and security-conscious organizations. E-invoicing with UBL and Peppol is no longer optional, it is core business infrastructure.
clanek055En