======================================================================== GOBD COMPLIANCE CHECKLIST German Principles for Digital Accounting and Record-Keeping Version: 2025 | docutools.pro ======================================================================== The GoBD (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form) govern how tax-relevant data and documents must be processed, stored, and archived digitally in Germany. ------------------------------------------------------------------------ 1. GENERAL ORGANISATIONAL REQUIREMENTS ------------------------------------------------------------------------ [ ] Process documentation (Verfahrensdokumentation) exists and is up to date → Describes all IT systems, processes, and workflows related to accounting [ ] Internal control systems (IKS) defined and documented [ ] Responsibilities clearly assigned and documented in writing [ ] System or process changes are logged ------------------------------------------------------------------------ 2. IMMUTABILITY AND TRACEABILITY ------------------------------------------------------------------------ [ ] Original documents (especially e-invoices, receipts) stored immutably [ ] No overwriting of original files possible [ ] Every change to a record is logged with timestamp and user identity [ ] Complete audit trail available for all changes [ ] Digital originals treated as originals (no re-printing required) ------------------------------------------------------------------------ 3. RETENTION PERIODS ------------------------------------------------------------------------ [ ] Retain for 10 years: [ ] Annual financial statements, balance sheets [ ] Accounting records (including e-invoices) [ ] Account ledgers, cash books [ ] Payroll records [ ] Contracts with tax relevance [ ] Retain for 6 years: [ ] Business correspondence (incoming and outgoing) [ ] E-mails with contractual character [ ] Business letters [ ] Retention periods start at the end of the calendar year of origin [ ] Periods extended accordingly during ongoing tax audits ------------------------------------------------------------------------ 4. MACHINE READABILITY (DATA ACCESS) ------------------------------------------------------------------------ [ ] Tax-relevant data stored in machine-readable format [ ] Export function available for standardised formats (e.g. GDPdU/IDEA) [ ] Full data access for tax authority possible at any time (§ 147 para. 6 AO): [ ] Direct read access (Z1) [ ] Indirect access with evaluation by own staff (Z2) [ ] Data carrier handover (Z3) ------------------------------------------------------------------------ 5. DATA SECURITY AND INTEGRITY ------------------------------------------------------------------------ [ ] Regular data backups with documentation of schedule [ ] Backup stored outside the production system (at least one off-site copy) [ ] Recoverability of backups tested regularly [ ] Protection against unauthorised access (access rights, password policy) [ ] Up-to-date antivirus and firewall protection [ ] Physical security of server / data centre standards ------------------------------------------------------------------------ 6. ELECTRONIC INVOICES (E-INVOICING) ------------------------------------------------------------------------ [ ] E-invoices (XRechnung, ZUGFeRD, Factur-X) retained in original format [ ] XML file archived unchanged (not only saved as PDF) [ ] Inbound e-invoices archived directly from inbox [ ] Outbound e-invoices archived immediately after dispatch [ ] Metadata (date, invoice number, supplier/customer) correctly indexed [ ] PDF/A-3 attachments in ZUGFeRD fully archived alongside XML ------------------------------------------------------------------------ 7. DIGITAL DOCUMENT STORAGE (SCANNING PAPER DOCUMENTS) ------------------------------------------------------------------------ [ ] Scanning process documented (devices, settings used) [ ] Legibility of the digitised document ensured [ ] Original paper documents retained after scanning if no release granted [ ] „Replacing scanning" (ersetzendes Scannen) only if authorised via process documentation [ ] Image quality and colour fidelity sufficient for future legibility ------------------------------------------------------------------------ 8. CLOUD AND EXTERNAL SERVICE PROVIDERS ------------------------------------------------------------------------ [ ] Data Processing Agreement (DPA) concluded with cloud provider [ ] Data location within EU/EEA or with equivalent protection level [ ] Tax authority can access outsourced data (right of data access remains) [ ] Contractual provision for data return upon termination ------------------------------------------------------------------------ 9. PREPARING FOR A TAX AUDIT ------------------------------------------------------------------------ [ ] Test run of GDPdU export / IDEA validation successfully completed [ ] All required access credentials documented and securely stored [ ] Contact person for tax auditor named [ ] Process documentation current and complete ------------------------------------------------------------------------ COMMON MISTAKES TO AVOID ------------------------------------------------------------------------ ✗ Process documentation missing or outdated ✗ E-invoices archived as PDF only — XML original missing ✗ Accounting records modified without complete audit trail ✗ Backups not tested or stored only at the same physical location ✗ Cloud data outside the EU without adequate safeguards ✗ Retention periods not monitored systematically ------------------------------------------------------------------------ LEGAL BASIS ------------------------------------------------------------------------ • GoBD (BMF letter of 28 Nov 2019, IV A 4 - S 0316/19/10003) • §§ 238–241a HGB (accounting obligation) • §§ 145–147 AO (tax retention obligation) • §§ 14, 14a, 14b UStG (invoice requirements) • GDPR (where personal data is involved) ======================================================================== © 2025 docutools.pro — Free to use. Not legal advice. ========================================================================