We have updated our pricing. Nothing has changed for private customers. Brand new: fileee Business


The principles for the proper keeping and storage of books, records and documents in electronic form and for data access explained.

Definition of the GoBD

The abbreviation GoBD stands for: Principles for the proper keeping and storage of books, records and documents in electronic form and for data access. These principles, issued by the German Federal Ministry of Finance (BMF), contain criteria and guidelines that companies must fulfill when using electronic accounting.
GoBD briefly explained:

Requirements and background of the GoBD

As part of the GoBD, audit-proof storage describes the storage of digital data in terms of correctness, completeness, security, availability, traceability, immutability and access protection. These are to be understood as central requirements for audit security and are recorded in chapter three under "General requirements" of the GoBD guidelines:
Since the demands on companies and IT-supported systems are becoming greater with increasing digitalization, the GoBD have also been adapted. In the latest version dated November 28, 2019, for example, topics such as mobile scanning or cloud systems are also included. A mobile scan is another import path into the system when capturing receipts.

However, the GoBD itself is not a legal text, but formally describes the criteria on the basis of which a tax audit takes place. What are the requirements and background of the GoBD? We explain briefly:

1. what are the GoBD?

Even if the letter from the BMF reads like a legal text, these principles formally "merely" set out criteria according to which it can be determined in a tax audit whether a company has complied with the proper keeping of books or records. Thus, compliance with the GoBD is in the hands of the taxpayer and the verification of this is in the hands of the tax office.

The GoBD describe the following points:
Important: In this context, the retention periods specified in Section 147 (3) of the German Fiscal Code (AO) of 6 or 10 years must always be observed (to be found under Chapter 3, Item 27 of the GoBD Guidelines).

These four rules must be observed in digital archiving in order to be considered GoBD-compliant: Inalterability, completeness, traceability and availability.

2 To whom do the GoBD apply?

All taxable entrepreneurs who generate profit income in any form are equally obliged to comply with the GoBD.

Based on the German Fiscal Code (Section 90 (3), items 141 to 144, AO ) and the individual tax laws (Section 22 UStG, Section 4 (3) sentence 5, Section 4 (4a) sentence 6, Section 4 (7) and Section 41 EStG), the GoBD obligate not only companies that are required to keep accounts but also self-employed persons, freelancers and small entrepreneurs who are not required to keep accounts to retain all tax-relevant data in accordance with the specified requirements.

Anyone who can ensure that the requirements anchored in the GoBD are met over the entire period of the retention periods is acting in compliance with the GoBD.

3. violations of the GoBD and consequences of non-compliance

In the event of non-compliance with the principles or violations of the GoBD, there are various consequences depending on the extent. If deficiencies in compliance with the GoBD are discovered during a tax audit and in particular in such a way that further deficiencies result from this, such as amounts being falsified or concealed as a result, this may have consequences under criminal tax law. As described above, the tax office proceeds according to the criteria of the GoBD during an audit and, depending on the extent, can, for example, demand tax arrears or interest on arrears, make estimates or even impose fines.

4. which documents are affected by the GoBD?

The GoBD concern all tax-relevant data. According to § 147 para. 1 AO, these are as follows:
  • Books
  • Records
  • Inventories
  • Financial statements
  • Business and commercial letters

Important areas here are: Financial accounting, payroll accounting, cost accounting, bank accounts, asset accounting.

In addition, other documents are subject to retention and are therefore affected by the GoBD if they are relevant to the business. This also includes e-mails. E-mails must be archived and are subject to retention if the text of the e-mail contains relevant information for an invoice, for example. The e-mail does not have to be stored additionally if it only serves as a transmission medium and does not contain any relevant information.

5. GoBD-compliant accounting with the help of a DMS

The GoBD do not prescribe which system is to be used. Electronic archiving is primarily technology-neutral. However, it is advisable to use a DMS that is designed in accordance with the GoBD guidelines. For example, the GoBD stipulate: "The storage of data and electronic documents in a file system does not regularly fulfill the requirements of immutability, unless additional measures are taken to ensure immutability" (GoBD chapter 8, point 110).

In addition to the criterion of immutability (GoBD chapter 3.2.5), the other criteria of audit-proof archiving must be present: Traceability and verifiability (GoBD chapter 3.1), completeness (GoBD chapter 3.2.1), accuracy (GoBD chapter 3.2.2), timely posting and records (GoBD chapter 3.2.3) and order (GoBD chapter 3.2.4). Here, audit-proof archiving acts as a prerequisite for GoBD-compliant archiving.

In this context, a DMS does not ensure audit compliance or compliance with the GoBD on its own, but can only be seen as an aid to implementation. In addition, the performance of the various systems differs.

Tip: A comprehensive list of the requirements for a DMS in relation to GoBD compliance can be found at Bitkom in the "GoBD Checklist for Document Management Systems".

What else do I need to consider when complying with the GoBD?

In addition to the requirements for the DMS, the GoBD also regulates the requirements for the taxpayers, i.e. the internal recording and processing procedures as well as the behavior of the users.

The company itself is responsible for complying with the GoBD. This includes the following:
  • First, a digital system must be selected that meets the criteria of the GoBD with regard to digital filing.
  • Receipts must be captured in a timely manner (for example, via scan or import) and uploaded to the system. This can be done manually or automatically. It is important that the chronological sequence can be traced here as well. For a timely capture, one speaks of 8 to 10 days.
  • Likewise, procedural documentation must be created. This documentation must contain information on the data processing procedure: "The procedural documentation usually consists of a general description, user documentation, technical system documentation and operational documentation" (GoBD Chapter 10.1, item 153).
  • In addition, responsibilities must be clarified within the team: Who approves the data? Who checks the data?

The system itself is responsible for the availability and visibility of the necessary data, including history, as well as for audit-proof archiving and automatic creation of electronic files in terms of proper structure and coherence.
GoBD-compliant filing with the help of a DMS

fileee BUSINESS meets the requirements of the GoBD and supports your company in the audit-proof archiving of your electronic documents.
Any questions?

GoBD - Frequently asked questions

What does GoBD mean?
The GoBD are the "Principles for the proper keeping and storage of books, records and documents in electronic form as well as for data access" and were rewritten and defined by the Federal Ministry of Finance on November 28, 2019. These principles regulate the requirements to be met by digitally mapped processes from the perspective of the tax authorities.
What is revision security?
"Revision" means "alteration", "correction" or also "revision" and is understood in connection with "security", i.e. protection against it, in such a way that something is protected from change in this sense. In the context of documents, this term is used both in the technical and organizational area in the context of the electronic storage of data. The GoBD regulates the requirements for audit-proof storage.
What is the difference between GoBD and audit security?
The GoBD is the set of rules with the requirements for audit-proof storage and how audit security is given. Audit security is therefore a part of the GoBD and whoever acts in conformity with the GoBD, acts audit secure at the same time. In addition, the GoBD regulates, for example, the "data security" under the point 103 in chapter 7: "The taxpayer has to protect his DP system (...) against unauthorized inputs and changes (e.g. by access and access controls)". (from:
What does GoBD compliance mean?
The implementation of the GoBD. Anyone who can ensure that the requirements anchored in the GoBD are met acts in compliance with the GoBD.
When is a DMS GoBD-compliant?
A DMS is GoBD-compliant if audit-proof storage is ensured and the GoBD requirements are met. The GoBD checklist from Bitkom breaks these down again directly for document management systems and explains the various points in connection with implementation.

All-around secure and GoBD-compliant with fileee Business

Start now with fileee Business
DSGVO Compliant
Developed and hosted in Germany
Secure SSL encrypted
© 2024 fileee. All Rights Reserved.
DSGVO Compliant
Developed and hosted in Germany
© 2024 fileee. All Rights Reserved.