Rele­vant ques­ti­ons & ans­wers about KassenSichV

In the summer of 2019, the Minis­try of Finan­ce cla­ri­fied fur­ther ques­ti­ons on the Kas­sen­SichV and spe­ci­fied some open points. We exp­lain what is cur­r­ent­ly hap­pe­ning and what you need to know now. 

Johannes Ferner

Johan­nes Ferner

Unter­neh­mer, Finanz & Technik-Experte

Here you find ans­wers to in depth ques­ti­ons about the Kassensicherungsverordnung.

  1. The cur­rent com­mu­ni­ca­ti­on of the finan­ce ministery
  2. Busi­ness tran­sac­tions and other operations
  3. TSS & data sto­rage in the cloud
  4. DSFinV‑K the data stan­dard for cash registers
  5. Rece­i­pts and elec­tro­nic receipts
  6. Fail­u­re of the tech­ni­cal safety device (TSS)
  7. Log­ging process
  8. Fail­u­re to meet requirements

You want to know more about the basic ques­ti­ons about the Kas­sen­SichV? In our basic FAQs you’ll find all the answers.

  1. What is the Kassensicherungsverordnung?
  2. From when does the new regu­la­ti­on apply?
  3. Why is the Kas­sen­SichV imple­men­ted and what ist its goal?
  4. Do the GoBD requi­re­ments still apply?
  5. What does pro­tec­tion against mani­pu­la­ti­on mean?
  6. Which sys­tems are exempt from the KassenSichV?
  7. What is the finan­cial audit all about?

Advan­ced FAQs zur KassenSichV

What is the latest state­ment of the Minis­try of Finan­ce on the KassenSichV?

The German Federal Minis­try of Finan­ce (BMF) publis­hed in June the final ver­si­on of the Anwen­der­erlass § 146a AO. Remin­der: The § 146a AO, in other words the Kas­sen­si­che­rungs­ver­ord­nung, was intro­du­ced on Decem­ber 22, 2016 by the Act on Pro­tec­tion against Mani­pu­la­ti­on of Digi­tal Records (Kas­sen­ge­setz) and app­lies from 1.1.2020.

The letter cla­ri­fies and pro­vi­des detail­ed defi­ni­ti­ons of indi­vi­du­al AEAO sec­tions of § 146a. We sum­ma­ri­ze the most important points for you.

What are busi­ness tran­sac­tions and other operations?

The latest infor­ma­ti­on given by the Minis­try of Finan­ce inclu­des a defi­ni­ti­on of busi­ness tran­sac­tions, namely:

Busi­ness tran­sac­tions are all legal and eco­no­mic tran­sac­tions that docu­ment, or influ­ence, or change the profit or loss or the com­po­si­ti­on of assets in a com­pa­ny within a cer­tain period of time.”

There are also examp­les of busi­ness tran­sac­tions that can occur in elec­tro­nic record­ing sys­tems. These are:

  • input/ output sales
  • sub­se­quent can­cel­la­ti­on of a receipt
  • tip
  • vou­chers (genera­ting and redemp­ti­on of vouchers)
  • pri­va­te money with­dra­wals and pri­va­te deposits
  • change amount booking
  • salary pay­ment from the cash regis­ter as well as
  • money trans­fer

Other ope­ra­ti­ons

The regu­la­ti­on also refers to “other ope­ra­ti­ons” — mea­ning record­ing pro­ces­ses that are trig­ge­red not by a busi­ness tran­sac­tion, but by other events in the use of the elec­tro­nic record­ing system and that are requi­red for veri­fia­ble docu­men­ta­ti­on of the cor­rect and com­ple­te record­ing of the busi­ness transactions.

This is con­cer­ning, for example:

  • trai­ning bookings
  • immedia­te can­cel­la­ti­on of a tran­sac­tion recor­ded just before
  • rece­i­pt cancellation
  • issued offers as well as
  • unfi­nis­hed busi­ness tran­sac­tions (for examp­le, purcha­se orders).

Note­wor­thy: a tran­sac­tion is based on at least one tran­sac­tion. While the pro­cess rela­tes to the ope­ra­ti­ons in the record­ing system, a tran­sac­tion sums up the secu­ri­ty steps that occur within the tech­ni­cal secu­ri­ty device (TSE) to the ope­ra­ti­on in the respec­ti­ve record­ing system. 

» up

Is it pos­si­ble to store the data and also to imple­ment the tech­ni­cal secu­ri­ty system in the cloud?

Yes! A cloud-based imple­men­ta­ti­on of the tech­ni­cal safety system is inten­ded by the BSI and BMF (The Federal Minis­try of Finance). 

In order to get a more on-point defi­ni­ti­on of the tech­ni­cal safety system, the requi­red pro­to­col data and their sto­rage are tho­rough­ly defi­ned below.

Sto­rage media: both cloud and hard­ware sto­rage are possible.

In the latest state­ment of the BMF, the requi­re­ments regar­ding the relia­bi­li­ty of the sto­rage medium are expli­ci­tly formulated. 

It is clear that a phy­si­cal iden­ti­ty of secu­ri­ty module and sto­rage medium is not requi­red. The sto­rage medium can thus be met with a cloud sto­rage or even with a con­ven­tio­nal data sto­rage menium (memory card or simi­lar). We recom­mend the up-to-date and future-proof option of sto­rage in the cloud.

» up

Uni­ver­sal digi­tal inter­face for finan­cial audits (DSFinV)

Also in this area, there is now more transparency:

In the case finan­cial audits, the secure app­li­ca­ti­on data must be made avail­ab­le for veri­fi­ca­ti­on of the log­ging.All data recor­ded with the elec­tro­nic record­ing system must be made avail­ab­le in a machi­ne-read­a­ble format . The data, as well as its format are defi­ned in theDigi­tal inter­faces of the finan­cial admi­nis­tra­ti­on for elec­tro­nic record­ingsys­tems” (DSFinV).

The DSFinV‑K app­lies to elec­tro­nic or com­pu­ter-aided cash regis­ter sys­tems and cash registers.

Was means DSFinV‑K?

The “Digi­tal Finan­cial Admi­nis­tra­ti­on for Cashiers” inter­face (DSFinV‑K) is a stan­dar­di­z­a­ti­on of data stan­dards for cash regis­ters. It is an important step in the direc­tion of plan­ning and legal cer­tain­ty for entre­pre­neurs. Ver­si­on 2.0 was released in August and brings even more cla­ri­ty. The details will be publis­hed here short­ly on the Kas­sen­SichV blog.

» up

What will the rece­i­pt output look like in the future? What has to be con­si­de­red with respect to elec­tro­nic receipts?

The rece­i­pt can be pro­vi­ded both elec­tro­ni­cal­ly and prin­ted. If the rece­i­pt is sub­mit­ted in elec­tro­nic format (for examp­le, via SMS or e‑mail), the cus­to­mer must first­ly agree.

Only dis­play­ing the rece­i­pt on the cash register’s screen is not enough to ful­fill the rece­i­pt issuing obli­ga­ti­on. Howe­ver, it is pos­si­ble to trans­fer the docu­ment via QR-code or NFC. Basi­cal­ly, a stan­dar­di­zed data format must be used for elec­tro­nic docu­ment output. Cus­to­mers must be able to access the rece­i­pt by using a stan­dard soft­ware. Cus­to­mers must be able to access the rece­i­pt by using a stan­dard software. 

The­re­fo­re, there is no reason any­mo­re not to use a paper­less cash regis­ter in the future! This saves tons of toxic ther­mal paper — an important step in the right direc­tion. Inci­dent­al­ly, fis­ka­ly has been rely­ing on the inno­va­ti­ve tech­no­lo­gy of e‑receipts for many years. Find out more on fiskaly.com.

QR Code for a Demo receipt in Germany

What hap­pens if the cer­ti­fied tech­ni­cal secu­ri­ty system fails?

On a docu­ment, cer­tain data must be prin­ted in order to vali­da­te the cor­rect record­ing in the case of a check in the record­ing system.

The pre­sen­ta­ti­on of the inspec­tion cha­rac­te­ris­tics of a docu­ment with a QR codeis pos­si­ble. The app­li­ca­ti­on of the QR code is vol­un­ta­ry. We defi­ni­te­ly recom­mend the use of QR codes, as this sup­ports the tes­ting process.

The BZSt pro­vi­des the fol­lowing examp­le:

Feld

Beschrei­bung

<qr-code-ver­si­on>

Ver­si­ons­num­mer des QR-Codes, ist immer: V0

<kassen-seri­en­num­mer>

Seri­en­num­mer (Client-Id) der Kasse

<pro­cess­Ty­pe>

pro­cess­Ty­pe (siehe oben)

<pro­cess­Da­ta>

pro­cess­Da­ta (siehe oben)

<trans­ak­ti­ons-nummer>

Trans­ak­ti­ons­num­mer der TSE

<signa­tur-zaeh­ler>

Signaturzähler der finish­Tran­sac­tion-Ope­ra­ti­on der TSE

<start-zeit>

Log-Time der start­Tran­sac­tion-Ope­ra­ti­on der TSE im Format
“YYYY-MM-DDThh:mm:ss.fffZ”

<log-time>

Log-Time der finish­Tran­sac­tion-Ope­ra­ti­on der TSE im Format
“YYYY-MM-DDThh:mm:ss.fffZ”

<sig-alg>

Signa­tu­r­al­go­rith­mus

<log-time-format>

Log-Time-Format

<signa­tur>

Prüfwert / Signa­tur der finish­Tran­sac­tion-Ope­ra­ti­on der TSE

<public-key>

Öffentlicher Schlüssel (base64 codiert)

Bei­spiel QR-Code des Bun­des­zen­tral­amts für Steu­ern (BZSt)

V0;955002–00;Kassenbeleg-V1;Beleg^0.00_2.55_0.00_0.00_0.00^2.55:Bar;
18;112;2019–07-10T18:41:04.000Z;2019–07-10T18:41:04.000Z;ecdsa-plain-
SHA256;unixTime;MEQCIAy4P9k+7x9saDO0uRZ4El8QwN+qTgYiv1DIaJIMWRiuAiAt+s
aFDGjK2Yi5Cxgy7PprXQ5O0seRgx4ltdpW9REvwA==;BHhWOeisRpPBTGQ1W4VUH95TXx2
GARf8e2NYZXJoInjtGqnxJ8sZ3CQpYgjI+LYEmW5A37sLWHsyU7nSJUBemyU=

QR Code example of the BZSt
» up

What hap­pens if the cer­ti­fied tech­ni­cal secu­ri­ty system fails?

If fail­u­re of the tech­ni­cal secu­ri­ty system occurs, the down­ti­me and its reason must be docu­men­ted. Howe­ver, the rece­i­pt issuing obli­ga­ti­on under § 146a (2) AO shall not apply only if the record­ing system is com­ple­te­ly out of service.

If the elec­tro­nic record­ing system can con­ti­nue to ope­ra­te without the func­tio­n­ing cer­ti­fied tech­ni­cal secu­ri­ty system, this fail­u­re must be noti­ce­ab­le on the rece­i­pt. This can be done by means of mis­sing tran­sac­tion number or by any other unique identifier.

If the fail­u­re only affects the tech­ni­cal secu­ri­ty system — whe­ther hard­ware or cloud-based — the elec­tro­nic record­ing system is allo­wed to be used, if you can record the log­gings, until fixing the TSS issue. In case of fail­u­re of prin­ting or trans­mis­si­on unit for the rece­i­pt, the record­ing system can still be used.

In either case, the entre­pre­neur must immedia­te­ly solve the cause of the fail­u­re, take mea­su­res to remedy it and ensure that the requi­re­ments of § 146a AO are met again as soon as possible.

WATCH OUT! A fail­u­re of the TSE does not relie­ve you of the obli­ga­ti­on to issue a rece­i­pt. If not all the requi­red values can be pro­vi­ded for the docu­ment, the elec­tro­nic record­ing system must pro­vi­de at least the date and time docu­ment details.

There are only two situa­tions where the obli­ga­ti­on to issue a rece­i­pt does not have to be met:

  • in case of com­ple­te fail­u­re of the record­ing system
  • in case of fail­u­re of the prin­ting or trans­fer unit (in which case the record­ing system will con­ti­nue to be used).
» up

What is the exact log­ging operation?

The record­ing system must ensure that the fol­lowing pro­ce­du­re is detec­ted by a TSS. Most import­ant­ly is that the start, chan­ges and the end of a busi­ness case or acti­vi­ty are to be recorded.

Start of logging

It is now sti­pu­la­ted that the record­ing system must start a log­ging in the tech­ni­cal secu­ri­ty system immedia­te­ly after the start of a busi­ness tran­sac­tion (see chap­ter 3.3.1 of Tech­ni­cal Gui­de­li­ne BSI TR-03153). 

In this case, a clear and con­ti­nuous tran­sac­tion number of a signa­tu­re coun­ter is man­da­to­ry, tog­e­ther with a test value gene­ra­ted by the cer­ti­fied tech­ni­cal secu­ri­ty system.

Updating a logging

No later than 45 secondsafter a change in the data of the ope­ra­ti­on, the data of the cer­ti­fied tech­ni­cal secu­ri­ty system must be updated. Here, genera­ting a test value by the tech­ni­cal secu­ri­ty system is optio­nal. he tran­sac­tion number can be retai­ned and the signa­tu­re coun­ter is incre­a­sed by 1 each time it is updated with test value calculation.

Com­ple­ting a logging

If the ope­ra­ti­on is com­ple­ted, the tran­sac­tion must be com­ple­ted within the cer­ti­fied tech­ni­cal secu­ri­ty system. The TSS must gene­ra­te a test value in this case. Again, the tran­sac­tion number is retai­ned and the signa­tu­re coun­ter is incre­a­sed by 1. Only at this log­ging step, the com­ple­ti­on time is inclu­ded in the log data.

Ope­ra­ti­on star­ting timestamp

In princip­le, the time at which the elec­tro­nic record­ing system starts or ends an ope­ra­ti­on is cru­cial here. Before issuing a rece­i­pt, the ope­ra­ti­on must be completed.

Data of the operation

The ope­ra­ti­on data con­tent can be defi­ned dif­fer­ent­ly depen­ding on the nature of the ope­ra­ti­on. In princip­le, howe­ver, all data recor­ded with the elec­tro­nic record­ing system must be made avail­ab­le in a machi­ne-read­a­ble . This is defi­ned in the “Digi­tal Inter­faces of Finan­cial Manage­ment for Elec­tro­nic Record­ing Sys­tems”(DSFinV). For cash regis­ters, the format (DSFinV‑K) is based on the DFKA taxo­no­myi.e. the uni­form, cross-indus­try format for cash regis­ter data.

Ope­ra­ti­on type

The tech­ni­cal gui­de­li­nes regar­ding the tech­ni­cal con­tent of the data to be backed up were kept rather gene­ral. Hedging can be done for a wide varie­ty of types of data. The nature of the pro­cess makes it pos­si­ble to dis­tin­guish the struc­tu­re of the con­tent that is to be pro­tec­ted
. The fol­lowing tran­sac­tion types are defined:

  • sales rece­i­pt
    The term refers to all com­ple­ted tran­sac­tions that lead to a rece­i­pt accord­ing to § 146a Abs. 2 AO. This cate­go­ry also inclu­des the com­ple­ted tran­sac­tions, which repre­sent busi­ness tran­sac­tions in which only the entre­pre­neur hims­elf works.
  • order
    This term refers to the long-las­ting orde­ring pro­ces­ses. But also the orders to the invoice or pay­ment which are dis­play­ed within the record­ing system in one operation.
  • other ope­ra­ti­ons
    All ope­ra­ti­ons that are unre­la­ted to TSEs, fea­ture calls and events fall into this category.
» up

What hap­pens if my cash regis­ter does not ful­fill the requi­re­ments of § 146a AO?

For cash regis­ters which are acqui­red after 25/11/2010 and before 01/01/2020, a tem­pora­ry dero­ga­ti­on app­lies. If the cash regis­ters alrea­dy meet the requi­re­ments of the Federal Minis­try of Finan­ce letter of 26.11.2010 but are not upgrade­ab­le to ful­fill the Kas­sen­SichV requi­re­ments due to their design, they may con­ti­nue to be ope­ra­ted until latest 31.12.2022. In this case, this must be demons­tra­ted and atta­ched to the pro­ce­du­ral documentation.

Atten­ti­on: the exemp­ti­on does not apply to PC cash regis­ter systems!

You can read about the cur­rent status of the tran­si­ti­on period in our blog arti­cle on the preli­mi­na­ry release of the TSE.

» up

Basic FAQs about the KassensichV

What is the Kassensicherungsverordnung?

The Kas­sen­si­che­rungs­ver­ord­nung (Kas­sen­SichV) regu­la­tes the tech­ni­cal requi­re­ments for elec­tro­nic record­ing and secu­ri­ty sys­tems, such as com­pu­te­ri­zed cash regis­ter sys­tems and cash regis­ters. The regu­la­ti­on is desi­gned to pro­tect against mani­pu­la­ti­on of com­pa­nies’ basic digi­tal records.

In short: whenever cash tran­sac­tions (cash, EC card, credit card, vou­chers) are recor­ded, these records must be pro­tec­ted against tam­pe­ring accord­ing to the KassenSichV.

From 1.1.2020 cash regis­ters in Ger­ma­ny must be equip­ped with a tech­ni­cal safety system (TSS). Read more about the topic TSS!

» up

From when does the Kas­sen­si­che­rungs­ver­ord­nung apply?

The new regu­la­ti­on was adop­ted alrea­dy in autumn 2017. Howe­ver, it does not apply until 01.01.2020.

From this point on, cash regis­ters in Ger­ma­ny must be equip­ped with a cer­ti­fied tech­ni­cal safety device (TSE). Read more about TSE here!

And what is the pur­po­se of Kas­sen­SichV? What ist the goal?

Some POS sys­tems are still desi­gned so that they keep tech­ni­cal pos­si­bi­li­ties for the sub­se­quent mani­pu­la­ti­on of the basic records open. In order to put a end to this mani­pu­la­ti­on, and thus poten­ti­al tax evas­i­on, the Kas­sen­SichV was adop­ted in Ger­ma­ny in 2016.

By and large, Kas­sen­SichV is man­da­ted to ensure the tamper-proofing of busi­ness records and record­ing sys­tems. More spe­ci­fi­cal­ly, a pro­tec­tion struc­tu­re based on:

  • the inte­gri­ty
  • authen­ti­ci­ty and
  • com­ple­teness of the records

Inci­dent­al­ly, Ger­ma­ny is one of the last Euro­pean coun­tries to intro­du­ce the so-called fis­ca­liz­a­ti­on of cash regis­ters. In many other coun­tries, simi­lar regu­la­ti­ons have been in force for years. In Aus­tria, a simi­lar regu­la­ti­on came into force in 2017. Here you’ll find the step-by-step imple­men­ta­ti­on guide.

» up

Do the GoBD requi­re­ments still apply?

Yes! Until now, the immu­ta­bi­li­ty of tran­sac­tions has been regu­la­ted by GoBD (Princi­ples for the proper manage­ment and reten­ti­on of books, records and docu­ments in elec­tro­nic form and for data access). 

Howe­ver, this is neit­her law, nor regu­la­ti­on, but merely an admi­nis­tra­ti­ve requi­re­ment of the Minis­try of Finan­ce. The new regu­la­ti­on now regu­la­tes the pro­tec­tion against tampering. 

What does pro­tec­tion against mani­pu­la­ti­on mean?

To be able to find out whe­ther sub­se­quent mani­pu­la­ti­ons of sales has taken place at a cash regis­ter, these must be kept tamper-proof and checkable.

The che­cking is car­ri­ed out by means of a jour­nal, which can be expor­ted and che­cked by tax aut­ho­ri­ties with soft­ware for mani­pu­la­ti­on and mis­sing data. Each log­ging is pro­vi­ded with an elec­tro­nic signa­tu­re, which works on the princip­le of Blockchain. 

The tech­ni­cal secu­ri­ty system ( TSS) is respon­si­ble for the pro­tec­tion against manipulation.

Read more about the TSE!

» up

Which record­ing sys­tems are exclu­ded from the KassenSichV?

Here the rules are clear­ly defi­ned. Accord­ing to the Kas­sen­SichV §1 Abs 1 Satz 2 the fol­lowing cate­go­ries are to be excluded:

  • ticket ven­ding Machines
  • ticket prin­ters
  • elec­tro­nic accoun­ting programs
  • Goods and ser­vice machines
  • ATMs
  • taxi­me­ter
  • odo­me­ter
  • as well as money and goods play equipment

This inclu­des a spe­cial case:
“An elec­tro­nic record­ing system with cash func­tion that meets the requi­re­ments of ‘Mini­mum Requi­re­ments for Risk Manage­ment — MaRisk’ and the ‘Ban­king Super­vi­si­on Requi­re­ments for IT’ (BAIT) of the Federal Finan­cial Super­vi­so­ry Aut­ho­ri­ty, as amen­ded, and by a credit insti­tu­ti­on i.S.d. § 1 (1) KWG. ”

What is the finan­cial audit all about?

The tax aut­ho­ri­ties have been able to carry out unan­noun­cedcash regis­ter checks — a so-called cash regis­ter inspec­tion — since Janu­a­ry 1, 2018. This is in addi­ti­on to prior tax audit procedures.

Among other things, the audi­tors of the Minis­try of Finan­ce can use audi­t­ing soft­ware to deter­mi­ne whe­ther the cash regis­ter has under­go­ne any sub­se­quent mani­pu­la­ti­on.

If any lack is detec­ted during the inspec­tion, it may lead to an exter­nal audit. If the audi­tor finds out incon­sis­ten­ci­es or that the recor­ded data does not meet the requi­re­ments, the entre­pre­neur must expect that his profit will be reas­ses­sed and the taxes will be reevaluated.

Read more about the topic cash regis­ter checks!

» up

White­pa­per about Kassensicherungsverordnung

Down­load now

Send down­load link to:

Abon­nie­ren Sie unse­ren News­let­ter, um monat­lich exklu­si­ve News zu erhal­ten. Der News­let­ter ist jeder­zeit abbe­stell­bar. Sub­scri­be to get exclu­si­ve con­tent and news every month. You can unsub­scri­be anytime.

You might also be inte­res­ted in this:

Kontaktlos Bezahlen

Server site Germany 

Data sto­rage fis­ka­ly Cloud — Server Site Ger­ma­ny At fis­ka­ly we take a tho­rough inte­rest in data pro­tec­tion and data secu­ri­ty, becau­se our cus­to­mers’ data

Weiterlesen » 
17. Decem­ber 2020  No Comments 

Cer­ti­fi­ca­ti­on of the TSS

How is the Tech­ni­cal Secu­ri­ty System (TSS) Cer­ti­fied? The requi­re­ments for the com­pon­ents SMAERS (Secu­ri­ty Module App­li­ca­ti­on for Elec­tro­nic Record Kee­ping System) and CSP (Cryp­to­gra­phic

Weiterlesen » 
30. Sep­tem­ber 2020  No Comments 

Copyright fiskaly GmbH 2019