Please note that the FAQs are a general assistance and not a (tax) legal advice. The text makes reference to the respective legal regulations, however, no liability is assumed for the information.

The cash register regulation (KassenSichV) is a regulation effective 1 January 2020 for the implementation of new standards regarding the protection against manipulation of electronic recording devices (e.g. cash registers, electronic/computer-based cash register systems. The KassenSichV mainly applies to business transactions in which the seller's service is followed by payment (via cash, card payment, voucher), a quid pro quo of the customer - the so-called performance upon counter-performance.

In order to effectively prevent manipulation of digital records of business transactions, the integrity, authenticity and completeness of the data must be ensured. The tamper protection is essentially ensured by a so called technical security system (TSE): During the recording, the data is recorded and checked, processed in a specific format and by use of electronic signatures stored in a tamper-proof manner. The data can be exported at any time, so that you can quickly and easily provide all the necessary information to the tax authorities (cash register inspection).

The affected recording devices must be supplemented with a certified technical security system (TSE) with the effectiveness of the regulation on 1 January 2020. (At the beginning of November 2019, the Federal Ministry of Finance (BMF) has issued a so-called "Non-Compliance Regulation". The implementation of the TSEs shall take place as soon as possible - however, there will be no imposition of sanctions until 30 September 2020.)

The technical security system consists of a security module, a memory for permanent storage of the data and a uniform digital interface (API).The technical security system is addressed by the electronic cash register system and assumes the protection of data. Each entry is thereby protected through electronic signatures. The secure records are permanently saved in a specified format.

The technical security system is therefore an addition to an already existing electronic cash register system.

As an A-Trust partner, you don't have to worry, we offer an all-round carefree package: Our solutions are easy to integrate and 100% legally compliant. The integration into your existing cash register system is possible without any problems, all of our solutions are open to all types of technology - there are no restrictions regarding compatible cash register systems and no additional hardware is required. We guarantee compliance with all requirements of the KassenSichV (cash register regulation) and the DSFinV-K (digital interface of the financial administration for cash register systems) for our solutions with the highest security standards.

Fiscalization is the tamper-proof, electronic recording and storage of transactions with the use of cash registers. Detailed information on storing the basic records can be found under § 3 KassenSichV (cash register regulation); § 146a AO (Fiscal Code).

A-Trust successfully implemented fiscalization in Austria already in 2017 and established itself as the market leader in this area.

An electronic recording device is a digital cash register system that electronically documents tax-relevant business transactions.

All recording devices (electronic and computer-based cash register systems), which record cash transactions among other things, are relevant in the context of the cash register regulation (KassenSichV). Detailed information on electronic recording devices can be found under § 1 KassenSichV (cash register regulation); 3.1 BSI (Federal Office for Information Security) TR-03153; 1.2 AEAO (Fiscal Code Application Decree) to § 146a.

The technical security system (TSE) is the essential component for the achievement of anti-fraud protection and represents an addition to your cash register system, which is open to all types of technologies. The TSE consists of a uniform digital interface, a security module and a storage medium. The TSE receives data from the cash register system via the integration interface. The security module supplements this data with further information and checks the related transaction data, protects and stores it in a uniform format in the storage medium and enables the data to be made available via the export interface in the event of an inspection by the tax authorities. In the event of a fault, the TSE also documents when the operation was interrupted and resumed. Detailed information can be found under § 5 KassenSichV (cash register regulation); 1.1, 3.2, 3.3, 4 - 7 BSI (Federal Office for Information Security) TR-03153; BSI TR-03151 SE API; 3 AEAO (Fiscal Code Application Decree) to § 146a.

The uniform digital interface consists of an export interface and an integration interface. The uniform digital interface is on one hand the link to the electronic recording device and ensures the receipt of the transaction data. On the other hand, the provision of the secured application data or system messages, audit data and the corresponding log data is ensured via TAR archives. Information on the uniform digital interface can be found under § 4 KassenSichV (cash register regulation); 3.2 3.3, 3.4, 5 BSI (Federal Office for Information Security) TR-03153; BSI TR-03151, SE API; 4 AEAO (Fiscal Code Application Decree) to § 146a.

The security module ensures the authentication of the data and the secure logging of the processes to be recorded. Among other things, it fulfills the functions of creating the log data, connecting and protecting the application and log data. The in this way secured application and log data form the basis for the data to be submitted in the event of an inspection. Detailed information on the security module can be found under 3.2, 3.3, 3,5, 4 BSI (Federal Office for Information Security) TR-03153; 3 BSI TR-03151 SE API.

The storage medium assumes the storage and provision of all secured data for the export in the event of an inspection (cash register inspection). a.sign TSE is a cloud-based solution, there are several implementations regarding the number of possible transactions. Detailed information on the storage medium can be found under § 3 KassenSichV (cash register regulation); 3.2, 3.3, 6 BSI (Federal Office for Information Security) TR-03153; 4.5.3 BSI TR-03151 SE API, 8 AEAO (Fiscal Code Application Decree) to § 146a.

An electronic recording device must start a transaction for every business transaction. In the course of the transaction recording, certain information (e.g. data about the process, payment method, information on the electronic recording device and the technical security system) must be recorded. Detailed information on the logging of digital basic records can be found under § 2 KassenSichV (cash register regulation); 3.3 BSI (Federal Office for Information Security) TR-03153, 2 BSI TR-03151 SE API; 1.6 - 1.9, 3.3, 3.5 AEAO (Fiscal Code Application Decree) to § 146a.

With the effective date of the cash register regulation (KassenSichV), the electronic recording device has to be supplemented by a technical security system in order to be protected against manipulation. The technical security system supplements the recording device with the logging of business transactions. In addition, other processes (e.g. immediate cancellations, test entries) and system functions are documented so that all processes are traceable.

 It is obligatory to issue receipts. The customers have to be provided immediately with proof of the transaction. The receipt may be handed over physically in form of paper or transmitted electronically, depending on the customer's requirement. The content of the receipt is defined in the context of the cash register regulation (KassenSichV) (e.g. information of the issuing business, date of transaction, information on the electronic recording device and the technical security system). In some cases, exemption from the obligation to issue receipts may be requested from the responsible tax authorities. Detailed information can be found under § 6 KassenSichV (cash register regulation); § 146a AO (Fiscal Code); 3.8 BSI (Federal Office for Information Security) TR-03153; 3.6.6.1, 5, 6 AEAO (Fiscal Code Application Decree) to § 146a.

Taxpayers or their authorized representatives must fulfill the notification obligation in § 146a (4) AO (Fiscal Code). This means, that within one month of the procurement of the electronic recording device a variety of information has to be provided to the responsible tax authorities by use of an official form. The information must include the following items:

   *  Name and tax number of the taxpayer

   *  Type of TSE (composed of BSI (Federal Office of Information Security) issued certification ID and serial number of the certified TSE)

   *  Type of electronic recording device used

   *  Number of electronic recording devices used per business location

   *  Serial number of the electronic recording device used

   *  Date of purchase or date of decommissioning of the electronic recording device used

The types of reporting are differentiated between registration, deregistration and correction. The electronic recording device that is registered by the taxpayer shall be clearly assigned to one business location. A separate notification has to be issued for each business location. However, several electronic recording devices can be covered within one business location in one notification. In the event of decommissioning, whereby loss is included as well, the same has to be reported by the taxpayer to the responsible financial authorities.  More detailed information on the notification obligation can be found in Section 9 of the application decree to § 146a of the Fiscal Code.

Note:  There are rumors from the BMF, the Federal Ministry of Finance, that a more modern form of transmission (interface) will be announced soon.

Tax authorities are authorized to carry out a so-called "cash register inspection", i.e. an inspection of the respective recording device. The inspection of the cash register system takes place unannounced, but within the usual working hours. The inspectors must legitimize themselves with an official ID and should be granted access to the cash register system. The correct operation of the electronic recording device will be checked. This also includes the operation of the technical security system (TSE), with the effectiveness of the cash register regulation (KassenSichV). Detailed information can be found under §§ 146a and 146b AO (Fiscal Code); 4 AEAO (Fiscal Code Application Decree) to § 146a.

Make sure that your recording device and the technical security system complies with the provisions of the cash register regulation (KassenSichV) and that they are reported to the responsible tax authorities. A-Trust guarantees compliance with all requirements of the KassenSichV (cash register regulation) and the DSFinV-K (digital interface of the financial administration for cash register systems) for the a.sign TSE products with the highest security standards.

In order to be prepared for a cash register inspection, you should verify whether the receipts from the recording device (including the journal of the TSE) are provided in the required electronic format at all times. In addition, it is advisable to provide selected employees with the necessary access and usage right and to familiarize the same with the recording device so that the inspection can also be carried out in the absence of the entrepreneur. Detailed information on the handling and functions of the technical security system can be found under 4,5 BSI (Federal Office of Information Security) TR-03151 SE API, and the detailed instructions for the function test of a technical security system under BSI TR-03151 TS, as well as the information on the reporting requirements under § 146a AO (Fiscal Code); 3.5 BSI TR-03153, BSI TR-03151 SE API; 2, 9 AEAO (Fiscal Code Application Decree) to § 146a.

The A-Trust TSE solutions support the export of data according to BSI (Federal Office of Information Security) TR-03151.

Therefore, the data is exported in the format (TAR), which is required for the cash register inspection.

The export functions offer the following filter options:

1. by transaction number (from - to or a specific number)
2. by date
3. by client ID (only one recording system)

In the event of a malfunction or failure of the technical security system, the same has to be recorded accordingly (downtime and reason). The TSE will document when the operation was interrupted and when it was resumed. In addition, the cash register users are obliged to promptly remedy the specific cause of failure.

If only the TSE has failed and the electronic recording device is working, further transactions can be carried out. The failure of the TSE must, however, be evident on the receipt (e.g. missing transaction number). The receipt issuance obligation continues to exist, even if not all data is available on the receipt.

In the event that the recording device fails as well, the recording may take place on paper during the malfunction. The downtimes are to be documented. In this case, there is no obligation to issue receipts. Cash register users are obliged to immediately remedy the respective cause and, if possible, provide evidence (e.g. invoice of repair).

In the event that only the printing or transmission unit of the electronic recording device fails, the recording device shall still be used. In this case, there is no obligation to issue receipts.

Detailed information can be found under item 6 AEAO (Fiscal Code Application Decree) to § 146a.

The TSE logs processes by linking data from the cash register system - i.e. application data and data generated by the security module - i.e. log data. The logging starts directly with the start of the to be recorded process.

The security module is a tamper-proof transaction counter (transactions are provided with a unique consecutive number), tamper-proof signature counters (issued signatures are provided with a unique consecutive number), a time source for the unambiguous identification of a transaction to a specific time, it also saves the log data (checksum, signature). The data is electronically signed in the course of the backup. Electronic signatures are generated with a certificate or the associated key pair. The electronic certificate used is clearly assigned to the user of the cash register system and the security module manages the associated key pair.

Detailed information can found under § 2 KassenSichV (cash register regulation); 3.1, 3.3, 5.1 BSI (Federal Office for Information Security) TR-03153; 2 BSI TR-03151 SE API; 3 AEAO (Fiscal Code Application Decree)  § 146a.

The cash register regulation stipulates that uniform interfaces, open to all types of technology, have to be created for the integration into the electronic recording device and the export of data. This is to ensure that the TSE is compatible with all cash register systems available on the market, regardless of the respective implementation and the underlying hardware and software.

The TSE has to be initialized prior to its productive use. To make this process easier for you, the required data is already entered into the TSE during the production by A-Trust.

Following the initial operation of the TSE, the responsible tax authorities have to be informed of the same.

If a TSE is no longer in use, it must be decommissioned (permanent deactivation of the key pair in the security module), the same has to be reported as well. Detailed information of the same can be found under § 146a AO (Fiscal Code); 3,5 BSI (Federal Office for Information Security) TR-03153; BSI TR-03151 SE API; 2,9 AEAO (Fiscal Code Application Decree) to § 146a.

In the A-Trust partner area you will find information about the API, code samples and support material.

A-Trust partners can find information on further support options in the partner contract.

Persons without a partner contract are able to receive support for the integration and operation of the A-Trust TSE solutions under a support agreement.

General information on the functions and function calls in the TSE can also be found in the Technical Guidelines of the BSI (Federal Office for Information Security) (BSI TR-03153).

A receipt issuing obligation is provided for in § 146a AO (Fiscal Code). In the event that the TSE is unavailable, the obligation to issue receipts still applies - see TSE failure.

DSFinF-K (digital interface of the financial administration for cash register systems) specifies the data to be generated by the cash register.

The two files associated with the TSE are specified in the A-Trust TSE sample codes in the partner area:

                *    tse.csv

                *    transactions_tse.csv

The certification only affects the manufacturer of the TSE, neither the manufacturer of the cash register software nor the user of the cash register system need to be certified.

• BSI TR-03151 - Secure Element API - Description of the interface to be implemented
• BSI TR-03153 - Technical security systems for electronic recording devices
• Fiscal Code § 146a
• Fiscal Code § 146b - cash register inspection
• Application decree for § 146a AO (Fiscal Code)
• KassenSichV (cash register regulation)
• DSFinV-K (interface of the financial administration for cash register systems)
• FAQ BSI (Federal Office of information Security)

Our Offline-Solutions is alrerady aviable.
The code samples are published and we don't expect any major changes.

The A-Trust TSE is a library, which is integrated by the cash register software.

This library can be used by any programming language, which is able to incorporate dynamic libraries (.dll, .so, .dylib).

In a comparable context (RKSV (cash register security regulation) cash register Austria), we even supported Cobol developers successfully.