1. ------IND- 2017 0178 D-- EN- ------ 20170522 --- --- PROJET
Ordinance
of the Federal Ministry of Finance
Ordinance establishing the technical requirements for electronic
recording and security systems in commercial transactions
(Cash Register Anti-Tampering Ordinance – Kassensicherungsverordnung,
KassenSichV)
A. Problem and objective
Tax enforcement in Germany is functional, effective and efficient. However, the technical
capabilities currently available for handling digital primary accounting records, in particular
cash register records, constitute a serious problem for uniform tax enforcement. Due to
increasing automation, it is now possible to delete or edit digital primary accounting
records, such as in electronic cash registers, undetected.
In order to guarantee that digital primary accounting records are tamper-proof, it is
necessary to introduce both statutory regulations and technical measures.
The Cash Register Anti-Tampering Ordinance [Kassensicherungsverordnung,
KassenSichV] further specifies the requirements of § 146a of the Fiscal Code
[Abgabenordnung, AO].
B. Solution
The KassenSichV sets out:
–
which electronic recording systems fall under the provision in § 146a AO,
–
when and in what manner the digital primary accounting records must be logged
within the meaning of § 146a AO,
–
how these digital primary accounting records must be stored,
–
the requirements for a standardised digital interface,
–
the requirements for the technical security device,
–
the requirements for the receipt to be issued, and
–
the certification costs.
C. Alternatives
None.
-2-
D. Budgetary expenditure without compliance costs
None.
E. Compliance costs
E.1 Compliance costs for citizens
There will be no change in compliance costs for citizens.
E.2 Compliance costs for businesses
The compliance costs for businesses arising from the ordinance are already indicated in
the Digital Primary Accounting Record Anti-Tampering Act [Gesetz zum Schutz vor
Manipulationen an digitalen Grundaufzeichnungen] of 22 December 2016 (Federal Law
Gazette I, page 3152), which includes the power to issue ordinances. The obligation to
issue receipts included in the parliamentary procedure in the act, for the use of electronic
recording systems – the requirements for which are specified in this ordinance – gives rise
to around EUR 8.817 million in annual compliance costs, in addition to the costs already
included in the act.
Administrative expenses associated with reporting obligations
The additional compliance costs involve EUR 8.817 million in administrative expenses
associated with reporting obligations.
The additional current compliance costs for businesses are subject to the ‘one in, one out’
rule by virtue of the specification by the federal government first appearing in the
ordinance (Cabinet decision of 25 March 2015). The necessary compensation can be
provided using a regulatory proposal that has already been enacted.
E.3 Administrative compliance costs
The tax authorities of the federal states will not incur any additional costs. The
standardised digital interface ensures a seamless verification process and a small
decrease in the administrative burden. The Federal Office for Information Security
[Bundesamt für Sicherheit in der Informationstechnik, BSI] will incur minor additional
costs.
F. Other costs
No other direct costs will be incurred by businesses, including medium-sized enterprises.
No impact is expected on individual prices or price levels, in particular consumer price
levels.
-3-
Ordinance of the Federal Ministry of Finance
Ordinance establishing the technical requirements for electronic
recording and security systems in commercial transactions
(Cash Register Anti-Tampering Ordinance –
Kassensicherungsverordnung, KassenSichV)*)
of …
On the basis of § 146a(3), sentence 1 of the Fiscal Code [Abgabenordnung, AO],
inserted by virtue of Article 1(3) of the Act of 22 December 2016 (Federal Law Gazette I,
p. 3152), the Federal Ministry of Finance, in consultation with the Federal Ministry of the
Interior and the Federal Ministry of Economic Affairs and Energy, and taking into account
the resolution of the Bundestag of ... [insert: Date of the resolution of the German
Bundestag] with reservation of the powers of the Bundestag:
§1
Electronic recording systems
Electronic recording systems within the meaning of § 146a(1), sentence 1 AO are
electronic or computerised cash register systems or cash registers. This does not include
ticket vending machines, ticket printers, electronic bookkeeping programs, goods or
services machines, ATMs, taximeters or odometers, or cash or goods gaming machines.
§2
Logging of digital primary accounting records
For every accounting record of a commercial transaction or other process within the
meaning of § 146a(1), sentence 1 AO, an electronic recording system must start a new
transaction immediately. The transaction shall contain the following:
1.
the process start time,
2.
a unique serial transaction number,
3.
the process type,
4.
the process date,
5.
the payment type,
6.
the process end time or process abort time,
7.
a test value and
8.
the serial number of the electronic recording system or the serial number of the
security module.
*)
Notified in accordance with Directive (EU) 2015/1535 of the European Parliament and of the Council
of 9 September 2015 laying down a procedure for the provision of information in the field of technical
regulations and of rules on Information Society services (OJ L 241, 17.9.2015, p. 1).
-4The security module provides tamper-proof recording of the times under sentence 2,
subparagraphs 1 and 6, the transaction number under sentence 2, subparagraph 2 and
the test value under sentence 2, subparagraph 7. Transaction numbers must be created
in such a way that any gaps in transaction records are detectable.
§3
Storage of primary accounting records
(1) The current commercial transactions or other processes within the meaning of §
146a(1), sentence1 AO must be stored in a manner that is complete, unedited and
tamper-proof on a non-volatile storage medium.
(2) The stored commercial transactions or other processes within the meaning of §
146a(1), sentence 1 AO shall be concatenated as transactions in such a way that any
gaps in accounting records are detectable.
(3) If the stored digital primary accounting records are transferred, in whole or in part,
from an electronic recording system to an external electronic storage system, it is
necessary to ensure the concatenation of all transactions in accordance with paragraph 2
and satisfaction of the requirements for the standardised digital interface in accordance
with § 4.
(4) Compression of primary accounting records in an electronic storage system is not
permitted for the duration of storage in accordance with § 147(3) AO if this means
readability cannot be guaranteed.
§4
Standardised digital interface
The standardised digital interface is a data record description for standardised data
export from the storage medium under § 3(1) and the electronic storage system for
transfer to the tax authority official tasked with cash register verification or external
auditing. This ensures standardised structuring and description of the data to be recorded
in accordance with § 146a(1) AO in a data schema and data field description for logging in
accordance with § 2 and storage in accordance with § 3. This applies regardless of the
manufacturer software.
§5
Requirements for the technical security device
In technical guidelines and protection profiles, the Federal Office for Information
Security [Bundesamt für Sicherheit in der Informationstechnik, BSI], in consultation with
the Federal Ministry of Finance, shall establish the technical requirements for the security
module, the storage medium and the standardised digital interface, as well as the
organisational requirements for assigning the serial number of the electronic recording
system. The latest versions shall be published in the Federal Tax Gazette Part I and on
the BSI website.
-5§6
Requirements for receipts
A receipt shall include at least the following:
1.
the complete name and complete address of the supplying business,
2.
the receipt issue date and the process start time within the meaning of § 2, sentence
2, subparagraph 1 and the process end time within the meaning of § 2, sentence 2,
subparagraph 6,
3.
the quantity and type of the objects supplied or the scope and type of the other
service,
4.
the transaction number within the meaning of § 2, sentence 2, subparagraph 2,
5.
the total amount of the fee and the applicable tax amount for the supply or other
service and the applicable tax rate or, in the case of tax exemption, an indication that
the supply or other service is tax-exempt and
6.
the serial number of the electronic recording system or the serial number of the
security module.
The information on a receipt shall be legible to everyone without assistance from a
machine. A receipt may be issued in paper form or, with the permission of the recipient,
electronically in a standardised data format.
§7
Certification
(1) Certification of technical security devices is subject to § 9 of the BSI Act [BSIGesetz] and the BSI Certification and Recognition Ordinance [BSI-Zertifizierungs- und Anerkennungsverordnung] (Federal Law Gazette I, p. 2231), as amended. Verification
and assessment may also be conducted by expert bodies recognised by the BSI, which
are also accredited in accordance with Regulation (EC) No 765/2008 of the European
Parliament and of the Council of 9 July 2008 setting out the requirements for accreditation
and market surveillance relating to the marketing of products and repealing
Regulation (EEC) No 339/93 (OJ L 218, 13.8.2008, p. 30), as amended.
(2) The applicant shall cover the costs of certification. The BSI Cost Ordinance [BSIKostenverordnung] of 3 March 2005 (Federal Law Gazette I, p. 519), repealed by Article
3(1) of the Act of 18 July 2016 (Federal Law Gazette I, p. 1666), as amended, shall apply
until it is no longer in force.
§8
Entry into force
This ordinance shall enter into force on the day following its promulgation.
Approved by the Bundesrat.
-6-
Explanatory statement
A. General part
I.
Objective and necessity of the provisions
Tax enforcement in Germany is functional, effective and efficient. However, the technical
capabilities currently available for handling digital primary accounting records, in particular
cash register records, constitute a serious problem for uniform tax enforcement. Due to
increasing automation, it is now possible to delete or edit digital primary accounting
records, such as in electronic cash registers, undetected.
In order to guarantee that digital primary accounting records are tamper-proof, it is
necessary to introduce both statutory regulations and technical measures.
The Cash Register Anti-Tampering Ordinance [Kassensicherungsverordnung,
KassenSichV] further specifies the requirements of § 146a of the Fiscal Code
[Abgabenordnung, AO].
II.
Main content of the ordinance
The KassenSichV sets out:
–
which electronic recording systems fall under the provision in § 146a AO,
–
when and in what manner the digital primary accounting records must be logged
within the meaning of § 146a AO,
–
how these digital primary accounting records must be stored,
–
the requirements for a standardised digital interface,
–
the requirements for the technical security device,
–
the requirements for the receipt to be issued, and
–
the certification costs.
III.
Alternatives
None.
IV.
Compatibility with European Union law and international treaties
This ordinance is compatible with European Union law and international treaties
concluded by the Federal Republic of Germany.
The restriction of fundamental freedoms is permitted under European law owing to the
justification ‘effective fiscal supervision’, which counts as an overriding reason relating to
the public interest. For a community to function, all members have to pay their taxes and
duties according to their earnings. The planned regulations are necessary because it is
becoming increasingly difficult or complex for external audits to detect technical tampering
-7with digital primary accounting records, which form the basis for the collection of taxes.
The current statutory provisions do not allow external auditors to easily discover
tampering with digital primary accounting records on site. The regulations are also
proportionate because they merely provide for a certified technical security device that
logs all digital primary accounting records during normal use, without any additional action
required from the taxpayer. The need for these measures as well as their proportionality
are also demonstrated by the planned regulations being technology-neutral. The
certification procedure ensures that technical security devices developed in other Member
States can, in principle, also be recognised.
V.
1.
Legal consequences
Legal and administrative simplification
The introduction of an obligation for a certified technical security device in cash registers
and computerised cash registers is designed to prevent tampering with digital cash
register accounting records and to ensure simplified auditing of these digital primary
accounting records by the tax authorities.
2.
Sustainability aspects
The proposal is in line with sustainable development, in that it ensures federal tax
revenues. It does not bear any relation to any other indicators in terms of sustainability.
3.
Demographic effects
The proposal has no direct impact on demographics.
4.
Budget expenditure without compliance costs
None.
5.
Compliance costs
5.1 Compliance costs for citizens
There will be no change in compliance costs for citizens.
5.2 Compliance costs for businesses
The compliance costs for businesses arising from the ordinance are essentially already
indicated in the Digital Primary Accounting Record Anti-Tampering Act [Gesetz zum
Schutz vor Manipulationen an digitalen Grundaufzeichnungen], which includes the power
to issue ordinances.
The receipt issue obligation included in the parliamentary procedure in the act, for the use
of electronic recording systems – the requirements for which are specified in this
ordinance – gives rise to around EUR 8.817 million in annual compliance costs in addition
to the costs already included in the act.
Based on a figure of 2.1 million devices and assuming 30 commercial transactions a day
for 22 days per month/device, this comes to a total of 19.8 billion commercial transactions.
At the same time, based on the cash registers already in existence, it is assumed that
receipts are already printed and issued in 95 per cent of cases. De facto, this would mean
additional costs in 5 per cent of cases. Thus, at an estimated duration of 2 seconds per
receipt, a rate of EUR 19.30/hour and an additional 990 million receipts, this comes to
EUR 10.615 million in additional costs for the receipts. Materials costs also apply (paper)
-8for printing, estimated at EUR 5.5 million. Based on increasing digitisation, a number of
receipts are already issued electronically in a standardised data format. It can be
assumed that this already occurs for 25 per cent of receipts issued. Consequently, the
additional costs will be reduced to around EUR 11.757 million. Moreover, § 146a(2),
sentence 2 AO provides for an exemption from the obligation to issue receipts. In
accordance with § 148 AO, the tax authorities may grant an exemption from an obligation
to issue receipts in cases of sales of goods to multiple unknown persons on the grounds
of reasonableness after due consideration of an obligation to issue receipts. It is assumed
that the tax authorities will grant an exemption from an obligation to issue receipts, in
accordance with § 148 AO, on the grounds of reasonableness after due consideration of
an obligation to issue receipts in 25 per cent of cases. Consequently, the additional costs
will be reduced to around EUR 8.817 million.
The additional current compliance costs for businesses arising from this regulatory
proposal are subject to the ‘one in, one out’ rule by virtue of the specification by the
federal government first appearing in the ordinance (Cabinet decision of 25 March 2015).
The necessary compensation can be provided using a regulatory proposal that has
already been enacted.
5.3 Administrative compliance costs
The tax authorities of the federal states will not incur any additional costs. The
standardised digital interface ensures a seamless verification process and a small
decrease in the administrative burden. The Federal Office for Information Security
[Bundesamt für Sicherheit in der Informationstechnik, BSI] will incur minor additional
costs.
6.
Other costs
No other direct costs will be incurred by businesses, including medium-sized enterprises.
No impact is expected on individual prices or price levels, in particular consumer price
levels.
7.
Other legal consequences
The different living situations of men and women do not reveal any effects contrary to the
goals of equal treatment policy pursuant to § 2 of the Joint Rules of Procedure of the
Federal Ministries.
VI.
Time limitation, evaluation
The provisions are designed to have a lasting effect, meaning that a time limitation does
not come into consideration.
The regulations shall be evaluated two years after entry into force. The evaluation shall
include an examination of whether the scope of the KassenSichV needs to be expanded
in order to prevent tampering with digital primary accounting records.
-9B. Specific part
Re § 1 (Electronic recording systems)
§ 1 KassenSichV lists the systems that fall under the definition of electronic recording
systems and thus also require a certified technical security device. This covers electronic
or computerised cash register systems or cash registers, including tablet-based cash
register systems or software solutions (e.g. cash sale modules).
The meaning of ‘computerised cash register system’ includes IT solutions for connecting
peripheral devices (e.g. printers or external data carriers) or peripheral software to a PC or
electronic cash register system. A PC cash register can store data on an internal data
carrier or externally by means of data transfer.
An electronic cash register is a data capture device specialised in the sale of goods or
services (e.g. recycling deposit machines) that must create electronic accounting records
for documentation of individual sales. This kind of cash register may be connected to one
or more input stations.
Cash register scales are cash registers if they meet the technical requirements and/or
functionality of an electronic cash register.
For clarification, § 1, sentence 2 KassenSichV stipulates that ticket vending machines,
ticket printers, electronic bookkeeping programs, goods and services machines, ATMs,
taximeters and odometers, as well as cash and goods gaming machines do not fall under
electronic recording systems within the meaning of § 146a(1), sentence 1 AO.
Re § 2 (Logging of digital primary accounting records)
Re sentence 1
§ 2 KassenSichV establishes the requirements for logging individual electronic primary
accounting records within the meaning of § 146a(1), sentence 1 AO. Based on these, the
electronic recording system in use must start a new transaction immediately, i.e.
concurrently, for every commercial transaction or other process subject to the recording
requirement within the meaning of § 146a(1), sentence 1 AO. This transaction ensures
that data is merged in a uniform process so that the individual digital primary accounting
records logged are subsequently tamper-proof.
Other processes include those that run immediately when the cash register is activated
(e.g. pressing a button, bar code scan process), regardless of whether this results in a
commercial transaction. This means that every cash register activation is logged. Other
processes include commercial processes that do not ultimately result in a commercial
transaction or which are essentially unsuitable for processing a commercial transaction,
but which constitute a process in the undertaking, such as incomplete commercial
transactions, cancellations, quotations, training entries or other processes.
Therefore, every transaction shall include the process start time, a unique serial
transaction number, the process type, the process data, the process end time or process
abort time and a test value.
Re sentence 2
Re subparagraph 1
The process start time in accordance with § 2, sentence 2, subparagraph 1 KassenSichV
is the time at which the electronic recording system is activated.
- 10 Logging the process start time shall ensure that the transactions are recorded in a timely
manner, are searchable by time and are completed within a reasonable time frame. This
is also designed to prevent subsequent recording on a second cash register.
The time source is not specified: a specific technology is not mandated. Some options
here include an internal time source, an external time source (signed NTP) or a
combination (daily reconciliation with an external time source with subsequent use of an
internal time source). For the time source, it is only vital that the transaction time be strictly
increasing. If the clock is set back, such as due to daylight saving time, this must be
logged.
Re subparagraph 2
To ensure record gaps are detectable, the security module also assigns a transaction
number to each transaction, which is used as an input in determining the test value. In
accordance with § 2, sentence 4 KassenSichV, the transaction number must be created in
such a way that any gaps in transaction records are detectable. To facilitate the
completeness check, the transaction number must be unique and serial. This enables any
changes to records to be applied (such as exchange or deletion).
Re subparagraph 3
In accordance with § 2, sentence 2, subparagraph 3 KassenSichV, the transaction must
include the process type, e.g. cancellation, invoice, etc.
Re subparagraph 4
Process data (§ 2, sentence 2, subparagraph 4 KassenSichV) means all data relevant to
the transaction in question, i.e. the information that must be included on an invoice, for
instance, within the meaning of § 14(4) of the Turnover Tax Act [Umsatzsteuergesetz] in
conjunction with §§ 31 to 33 of the Turnover Tax Implementation Ordinance
[Umsatzsteuer-Durchführungsverordnung].
Re subparagraph 5
In accordance with § 2, sentence 2, subparagraph 5 KassenSichV, every transaction must
include information on whether or not the payment was in cash. If the process is not a
commercial transaction, but rather a training entry, for instance, then the payment type
should be ‘none’ in accordance with § 2, sentence 2, subparagraph 5 KassenSichV.
Re subparagraph 6
The process end time or process abort time under § 2, sentence 2, subparagraph 6
KassenSichV refers to the time at which the event was concluded.
Re subparagraph 7
The test value in § 2, sentence 2, subparagraph 7 KassenSichV ensures the integrity of
every record. The function of a test value may be ensured by signature procedures, for
instance. The state of the art for the suitability of mechanisms to generate a test value
may be derived from § 5 of the BSI technical guidelines.
Re subparagraph 8
The serial number of the electronic recording system or the serial number of the security
module in § 2, sentence 2, subparagraph 8 KassenSichV acts as an identification feature
and is provided in addition to the receipts within the meaning of § 6 KassenSichV.
- 11 Re sentence 3
In accordance with § 2, sentence 3 KassenSichV, the security module determines the
process start time, the process end time or process abort time, the unique serial
transaction number and the test value.
Re § 3 (Storage of primary accounting records)
Re paragraph 1
§ 3(1) KassenSichV establishes the requirements regarding storage of primary accounting
records. Based on this, the record (commercial transaction or other process) within the
meaning of § 146a(1), sentence 1 AO must be stored. This storage must ensure that the
current commercial transactions or other processes that are logged are continuously
stored and retrievable. It is necessary to ensure concatenation and satisfaction of the
requirements for the standardised digital interface in the transfer to a non-volatile storage
medium.
In electronic data processing, a non-volatile storage medium refers to various data
carriers whose stored information is permanently retained, i.e. even when the electronic
recording system is not in operation or is not connected to the power supply.
Re paragraph 2
§ 3(2) KassenSichV stipulates that the stored digital primary accounting records within the
meaning of § 146a(1), sentence 1 AO must feature complete concatenation of all
transactions. Concatenation of transactions makes record tampering visible.
Concatenation is a data structure in which the data is arranged and interlinked in a certain
way. It ensures that every item in a concatenated list includes a reference to the next item
and the preceding item, creating a totality of items from the individual items.
Re paragraph 3
§ 3(3) KassenSichV establishes the requirements regarding storage. Electronic storage
refers to uneditable, long-term storage of electronic records. The electronic recording
system must also be located on a non-volatile storage medium.
Re paragraph 4
In cases of compression, data is compressed to decrease the size of a database in order
to reduce storage space requirements. It is not permitted to compress primary accounting
records in the electronic storage system for the duration of storage in accordance with §
147(3) AO if this means readability cannot be guaranteed. This ensures concatenation
and satisfaction of the requirements for the standardised digital interface for storage.
Re § 4 (Standardised digital interface)
The standardised digital interface is a data record description for standardised data export
from the electronic recording program or the electronic storage system for transfer to the
tax authority official tasked with cash register verification or external auditing for
verification of records in terms of integrity, authenticity and completeness. A data record is
a set of data fields with interrelated content that bear a direct relationship with one another
or share common characteristics.
The standardised digital interface shall ensure standardised structuring and description of
the data to be recorded in accordance with § 146a AO in a data schema and data field
description, regardless of the cash register program or other program used.
- 12 The standardised digital interface helps to avoid doubts and uncertainties regarding the
content of electronic files and data fields and technical difficulties in processing electronic
data, as well as to reduce audit times. Thanks to the standardised structuring and
description of the files and data fields, regardless of the recording program, the
standardised digital interface also facilitates integration with profit calculation and/or
bookkeeping. A final definition and list of the data subject to recording and storage
requirements are not connected with the standardised digital interface.
The standardised digital interface applies to the security level, as detailed in § 2
KassenSichV, not to the statutory requirements for the individual data.
Re § 5 (Requirements for the technical security device)
In technical guidelines and protection profiles, the BSI, in consultation with the Federal
Ministry of Finance, shall establish the requirements for the security module, the storage
medium and the standardised digital interface, as well as the organisational requirements
for assigning the serial number of the electronic recording system.
The measurement accuracy of price-calculating measurement devices (e.g. cash register
scales, petrol pumps with cash register functions) is guaranteed by measurement and
calibration legislation.
Re § 6 (Requirements for receipts)
§ 6 KassenSichV establishes the minimum requirements for receipts to be issued.
Re sentence 1
In accordance with § 6, sentence 1, subparagraph 1 KassenSichV, the complete name of
the supplying business and its address must be indicated on the receipt to enable unique
allocation.
The receipt issue date and the process start time within the meaning of § 2, sentence 2,
subparagraph 1 KassenSichV and the process end time within the meaning of § 2,
sentence 2, subparagraph 6 KassenSichV must appear on the receipt in accordance with
§ 6, sentence 1, subparagraph 2 KassenSichV and, in accordance with § 6, sentence 1,
subparagraph 4 KassenSichV, the unique serial transaction number within the meaning of
§ 2, sentence 2, subparagraph 2 KassenSichV.
The quantity and type of the objects supplied or the scope and type of the other services
must appear on the receipt in accordance with § 6, sentence 1, subparagraph 3
KassenSichV. The definition of the service must enable it to be clearly and
comprehensibly identified. Customary commercial descriptions of items are adequate.
In accordance with § 6, sentence 1, subparagraph 5 KassenSichV, the receipt must
include total amount of the fee and the applicable tax amount for the supply or other
service and the applicable tax rate or, in the case of tax exemption, an indication that the
supply or other service is tax-exempt.
For unique allocation of a receipt to the electronic recording system that issued the
receipt, the receipt in accordance with § 6, sentence 1, subparagraph 6 KassenSichV
must indicate the serial number of the electronic recording system or the serial number of
the security module.
Re sentence 2
In accordance with § 6, sentence 2 KassenSichV, the information on the receipt issued
must be legible without additional assistance, i.e. with the naked eye.
- 13 Re sentence 3
The receipt may be provided in paper form or, with the permission of the recipient,
electronically in a standardised data format. The receipt must be created as soon as the
commercial transaction is executed. The obligation to issue receipts and provide them to
parties in a commercial transaction shall not give rise to any obligation on parties to take
the receipt.
Re § 7 (Certification)
Re paragraph 1
The BSI shall have the technical security module certified. Certification is subject to § 9 of
the BSI Act [BSI-Gesetz] and the BSI Certification and Recognition Ordinance [BSIZertifizierungs- und -Anerkennungsverordnung], as amended. Verification and
assessment of an application for certification by the BSI may also be conducted by expert
bodies recognised by the BSI, which are also accredited by a national accreditation body
in accordance with Regulation (EC) No 765/2008 of the European Parliament and of the
Council of 9 July 2008 setting out the requirements for accreditation and market
surveillance relating to the marketing of products and repealing Regulation (EEC)
No 339/93 (OJ L 218, 13.8.2008, p. 30), as amended. The following bodies count as
national accreditation bodies:
1.
bodies entrusted or set up in accordance with § 8 of the Accreditation Body Act
[Akkreditierungsstellengesetz], and
2.
any other body appointed as a national accreditation body by a Member State of the
European Union or a European Economic Area state under Article 4(1) of Regulation
(EC) No 765/2008.
This ensures that European law is taken into account and guarantees market access. This
is a special regulation for cash register security in the commercial sector.
If a certified technical security device is modified by a security-related update or if other
security-related changes are made to the certified security device, the certification will no
longer apply to the technical security device modified in this respect unless the technical
security device is recertified with the update or the other security-related changes (see §§
8 to 12 of the Ordinance on the procedure for granting security certificates and
recognitions by the BSI – the BSI Certification and Recognition Ordinance).
If it comes to light that a certified technical security device no longer meets the statutory
requirements or technical requirements of the KassenSichV, this shall be published in the
Federal Tax Gazette Part I and on the BSI website (see § 7 of the BSI Certification and
Recognition Ordinance). Within the framework of this publication, it should be noted that
the certification has formally expired and after expiry of a reasonable period of notice, it
shall no longer be permitted to use the technical security device whose certification has
expired, unless the requirements of the KassenSichV have been met within this time
frame.
Re paragraph 2
In accordance with § 7(2) KassenSichV, the certification costs shall be covered by the
applicant, e.g. the manufacturer of the security device. The BSI Cost Ordinance [BSIKostenverordnung] of 3 March 2005, as amended, shall apply.
- 14 Re § 8 (Entry into force)
§ 8 KassenSichV specifies that this ordinance shall enter into force on the day following its
promulgation.
- 15 -
Document name:
Author:
Version:
Zuleitungsexemplar_1808228.doc
Federal Ministry of Finance
02.05.2017 08:20