Legal obligation

Beginning on January 1, 2018, all cash register software, cash registers and other POS systems have been required to be secured (see the 2016 Finance Law published in BOI of August 3, 2016).

Scope

All POS softwares and systems, used by a VAT registrant, to record the payments of its private customers received in return for the supply of goods and services rendered.

Concerned data

All payment data related to the completion of a transaction (also when a transaction is only simulated by using a “school” or “test” type module), whether it is for the sale of goods or services and which may lead to the issue, whether prior, simultaneous, or subsequent to payment, of proof of payment (note, ticket, invoice, etc.) as well as all data related to the receipt (immediate or expected) of the payment in return.

The data set to ensure traceability and to guarantee the integrity of the data contributing to the completion of the transaction, as well as the data making it possible to generate archive data, according to a reliable method, are also concerned.

Implications for softwares and POS systems

The softwares and POS systems must correspond to the conditions of inalterability, security, storage and archiving of data enforced by law.

Proof of conformity

Compliance can be justified:

  • By a certificate issued by an accredited body under the conditions set out in Article L.433-4 of the Consumer Code; or
  • By an individual certificate from the publisher of the accounting or software system or the cash management system concerned, in accordance with a model set by the administration.

Only one of these two documents suffices to justify compliance with the conditions provided by law.

Note that if a company has more than one POS system, it must submit a certificate or a self-attestation for each of its products.

The attestation is individual, so it is not allowed to proffer the attestation of another, even if they use the same versions of the software.

The attestation must explicitly mention that the software complies with the conditions of inalterability, security, preservation and archiving of the data provided. It must indicate precisely the name and references of this software (including the version of the software concerned).

The certificate remains valid for later minor versions of the software or POS system.

The attestation may be issued on a physical medium (for example, by handing over a document when purchasing the software or system to be completed by the taxable person with his full identity and the date of his purchase) or in a digital medium (for example, by downloading online a certificate to be completed by the taxable person with mention in particular to his complete identity).

Risks for users and publishers

When the non-conformity is noted by the controllers, the customer has a period of 30 days to provide proof of conformity. If this non-compliance is confirmed, he is liable for:

  • A fine of € 7,500 per non-compliant cash register.
  • A systematic tax audit.
  • 60 days to comply (otherwise a new fine of € 7,500).

The production of a false document is a criminal offense punishable by three years’ imprisonment and a fine of € 45,000 pursuant to Article 441-1 of the Penal Code. These penalties apply to publishers and taxable persons who submit to the administration a false copy of a certificate or a false self-attestation while knowing its fraudulent nature.

fiskaltrust and the law

We have developed a software interface, which helps the compliance of software and POS systems, thanks in particular to:

– Inalterability:

  • Preservation of the original data recorded, rendered unmodifiable a posteriori.
  • Any necessary modification is made by compensation (reverses the movement and then captures the desired movement).
  • The integrity of the recorded data is guaranteed over time by a reliable technical process.

– Traceability and security of data:

  • This security is provided by a reliable technical process, that is to say, a process that guarantees and allows verification that data can be returned in the state of their original registration. This is a technique of chaining records.

– Data retention and archiving:

  • The payment data being data used for the establishment of the company’s accounting, fiskaltrust proposes to keep these for a period of ten years (only 6 years are required by law).
  • The fiskaltrust interface allows the archiving of recorded data at a chosen periodicity, at least annually or by exercise. The purpose of the archiving procedure is to freeze the data and to fix the date of the archived documents. It provides a technical device to ensure the integrity of the records produced over time and their compliance with the original settlement data, from which it is created.
  • Archives can be read easily by the administration in case of control.

Contact our team of experts today! 

Call us on +33 (0)1 70 99 53 53 or send us an e-mail at contact@fiskaltrust.fr 

We look forward to discussing with you the solutions that fiskaltrust offers to help your business