Fiscalization and the technical security device (TSE)
D-Trust offers two TSE solutions: a hardware module and a cloud variant. In addition to FAQs and helpful downloads, you can contact our support team with any questions or requirements regarding APIs, tools, etc. at this address: firstname.lastname@example.org.
FAQs – frequently asked questions regarding fiscalization and the TSE
The German legislator has laid down the framework conditions in the Digital Primary Accounting Record Anti-Tampering Act, in the German Fiscal Code and the Cash Register Anti-Tampering Ordinance (KassenSichV, Kassensicherungsverordnung). The technical specifications for the development and certification of the technical security device (TSE) have been defined by the Federal Office for Information Security (BSI). The Fiscal Code Application Decree in turn specifies specifically how the TSE is to be used and also describes the data interface with the tax authorities.
The ‘Principles for the Proper Management and Storage of Books, Records and Documents in Electronic Form as well as Data Access’ (GoBD) need no explanation. As an administrative regulation of the Federal Ministry of Finance, it defines the principles according to which traders should organize their bookkeeping. One of the main principles being that entrepreneurs must ensure that the original content of a book entry always remains traceable.
The GoBD also lists various hardware and software options to ensure that this can be maintained. But these options remain vague and do not provide a binding concept. This is precisely where the Cash Register Anti-Tampering Ordinance steps in, providing details and explaining first and foremost which concrete technical measures traders should take to make their systems tamper-proof. It not only prescribes the introduction of a technical security device (TSE), but also defines its three components.
Beginning 1 January 2020, all electronic POS systems must be equipped with a technical security device (TSE). In accordance with the expired non-objection regulation of 6 November 2019, the Federal Ministry of Finance (BMF) did not object if this was not implemented by 30 September 2020. Irrespective of the decision by the Federal Ministry of Finance, the majority of federal states have opted for a transitional period after expiration of the non-objection regulation. With the exception of Bremen, these federal states granted an extension until 31 March 2021 which was subject to certain conditions.
Electronic cash registers which, due to their design, cannot be retrofitted with a certified TSE can continue to be used until 31 December 2022. This exception applies only to POS systems purchased between November 2010 and 31 December 2019.
All of the federal states (with the exception of Bremen) introduced a so-called transitional period until 31 March 2021 for implementation of the Cash Register Anti-Tampering Ordinance.
However, this was subject to the following conditions: Anyone who has had their POS systems retrofitted with a TSE module must have placed a binding order or ordered installation in good time – in Berlin, Lower Saxony, Rhineland-Palatinate and Saxony by 31 August, in the other federal states (except Bremen) by the end of September 2020. The respective service provider had to confirm that installation is not possible by 30 September. As an alternative to the classic TSE hardware, companies can opt for a cloud-based solution. Note: In Rhineland-Palatinate and Thuringia, the relevant tax office must also be additionally notified in due time.
No, if these devices basically only compile shopping baskets and if the sales process always takes place via dedicated downstream recording systems, such as cash registers, no connection to a TSE is required. However, if these devices have a cash register function, they must be connected to a TSE.
This depends on the place of payment. Orders with online payment in the webshop and collection in the store are not affected. Orders or even reservations with collection and payment in the store must be signed like normal purchases.
TSE module hardware: Technical security device (TSE)
Basically, all cash register solutions can be used with the TSE module. Bundesdruckerei provides the programming interface in Java and C. Cash register programs that are not compatible with these two programming languages can be integrated by the cash register manufacturers themselves. Solution support regarding other development languages, such as Visual Basic (VB6, VBA, VB.net), C#, C++ or even Delphi, is available on request. If you have specific questions, please feel free to contact our experts by e‑mail at email@example.com.
Our solution provides the export interface according to TR- 03153 5.1/TR03151 4.5.1. The interface for DSFinV-K export contains additional cash register-specific information and can therefore only be implemented by the cash register software.
The TSE module is delivered as a final product in microSD format. Using an adapter, the TSE module can also be used for USB and SD card connections.
If each cash register or accounting device has a dedicated TSE module, this ensures that each business transaction is recorded according to specifications.
If several individual electronic recording systems are connected to a cash register system, it is possible for the required digital records to be protected with a single TSE module shared by all electronic recording systems in the network.
For more information, we recommend that you send any fiscal questions you may have regarding connection and use of the TSE to: IVA4@bmf.bund.de.
The data logged by the TSE are basic digital records. This data must be protected against loss. ‘Best practice’ requires that regular backups of the TSE log data be made at the end of the day together with the necessary backup of the cash register data. For heavily used recording systems or when large amounts are recorded, intraday backups may also be necessary. After exporting the data to a secure archiving system, the TSE can delete the log data.
TSE log data is kept in TAR format. This is an easy-to-read, non-compressed and non-encrypted archive format that is generated when the TSE data is exported.
The data logged by the TSE are basic digital records. The required retention period is at least ten years and may be extended due to audits, etc.
The TSE log data can be stored in a digital archive, for instance, and must be presented when an audit takes place. Provided that the TSE log data is stored in a secure long-term archive, the TSE does not have to be stored after its period of use has expired.
Cloud solution: Fiskal Cloud in partnership with Deutsche Fiskal
The Fiskal Cloud is made up of the following basic components:
- a central web service to which the cash registers and recording systems must be connected and
- a local SMAERS (Security Module Application for Electronic Record-keeping Systems) component, which is a mandatory BSI requirement. The local component must be used directly on the cash register or the back office of the business premises and manages secure communication with the web service in the cloud.
The local security component implements the BSI requirements and ensures legally compliant operation even if the online connection fails. The TSE therefore operates in compliance with the law even if the cash register has offline functionality, thus enabling the operator to continue using the cash function.
Generally speaking, all cash register solutions with online capability can be connected.
Yes, Fiskal Cloud is an online fiscalization solution. In the event that the online connection fails, it is ensured that the cash registers can continue to operate.
If no permanent online connection to the system is possible, an offline and a hybrid variant are available to ensure use in compliance with legal requirements.
Fiskal Cloud is available certified for a wide range of operating systems and operating system variants. Installation can be carried out locally in the cash register, decentrally at a branch and, under certain circumstances, centrally in the cloud or in the operator’s data centre.
For more information about Fiskal Cloud, go to: https://www.deutsche-fiskal.de/.
The central task of cash register providers is to connect the technical security device (TSE) to their systems in accordance with the uniform digital interface (EDS). The basis for the uniform digital interface is the ‘Secure Element API’ [BSI TR-03151]. The following three stand-alone EDS areas must be implemented:
- Integration interface: this enables integration of the TSE into the electronic recording system.
- Export interface: this is used to export the saved, secured log messages. Integrity as well as the timely recording can be checked with this data.
- Digital interface of the tax authorities for cash register systems (DSFinV-K): for the purpose of carrying out external tax audits or cash register inspections, the individual data recorded must be exported in this additional third EDS interface format.
It is also mandatory for providers to implement TSE management, i.e., processes that ensure, for instance, TSE initialization, reading of the TSE serial number for registration with the financial authorities, possible replacement of the protection device after five years and certificate renewal.
The provider of the TSE must ensure its overall certification by the Federal Office for Information Security (BSI). After five years, the TSE manufacturer must have the TSE recertified. These certificates are currently valid for five years.
The cash register operator has no obligations with regard to certification. The only task which the cash register operator has – if this has not already taken place – is to contact their cash register provider and obtain a cash register system with a TSE.
No, only the technical security device (TSE) must be certified. Certification of the recording system (for instance, the cash register system) is not required.
After five years, the manufacturer of the TSE must have the technical security device recertified. As things stand at present, the certificates for signing receipts are valid for five years. After that, renewal is required.
With Fiskal Cloud, it is not necessary to replace the TSE when a new certificate is used.
More information about our fiscalization solutions can be found here.