Will the KassenSichV take effect on 01.01.2020? Will there be a solution by then? We took a closer look a these two important questions.
Unternehmer, Finanz & Technik-Experte
Our customers frequently ask when there will be a certificated TSS. The answer is: timely. But the description of details is not that easy. All participants work hard to reach a easy and sustainable solution. But good things take their time. In this article we describe our interpretation of the current situation and the possibilities as of today.
The KassenSichV will definitely take effect on 01.01.2020; this is defined in the legal rank and will not change. Due to the circumstances, however, this is difficult to implement. Here, we will inform you about how you can operate a TSS with a provisional release and what this means.
It is currently not realistic to expect a fully certified TSS with SMA and CSP by 01.01.2020 on the market . Due to the evaluation lead times, fully certified TSS are not expected until the new year. In addition the specifications and protection profiles are currently being revised. From our point of view there will be no certificated TSS by 01.01.2020, but there will be a provisional release of the BSI.
Currently there are some rumors about a decree of the BMF with which details on the application of TSS are expected. We expect this announcement at the beginning of October 2019.
The CSP is currently being redefined as “CSP light”, which is intended to address the application case in cloud operation.
What does this mean in the case of a hardware solution compared to a cloud solution? At present only a provisional release of the TSS by the BSI is realistic. This means that a complete certification of all components cannot currently be carried out on time. The provisional release is limited to one year and can be extended for another year. During this period, the CSP must be adapted and certified. TSS and SMA must also be recertified.
A cloud TSS is not affected by a potential exchange and the associated financial and time expenditure. The implementation as well as the certification concerns only the components in the fiscaly cloud, not however the components with the final taxpayer locally. In the worst case, if something should change at the interfaces, a software update is necessary.
With a hardware-only solution, there is a risk that the hardware will have to be updated within these two years. Once a TSS has been fully certified (probably between 2020/2021), the certification is valid for five years, afterwards the TSS has to be recertified. If adaptations are necessary in the meantime, existing hardware TSS must be actualized with an update.
As of 01.01.2020 there will be some manufacturers (incl. fiskaly) which are in the status ‘in evaluation’.
As soon as we have received the status ‘in evaluation’, it is possible to get a provisional release from the BSI (see also FAQ of the BSI). We are already working closely with the BSI to ensure a smooth evaluation process. Within the next two years the complete certification (incl. CSP) will take place. With the provisional release for the TSS and SMA one can go into operation (according to KassenSichV).
Data storage fiskaly Cloud — Server Site Germany At fiskaly we take a thorough interest in data protection and data security, because our customers’ data
How is the Technical Security System (TSS) Certified? The requirements for the components SMAERS (Security Module Application for Electronic Record Keeping System) and CSP (Cryptographic
German KassenSichV and the decrees of the states: How you are able to continue working in compliance with the law from 1st October 2020
Copyright fiskaly GmbH 2019
