Since the beginning of 2017, companies have been required to archive their emails in accordance with the law. The essential basis for this is the so-called GoBD (i.e. the "Principles for the proper management and storage of books, records and documents in electronic form as well as for data access". Available in the original here). In this context, a lot is being said about "legally secure" and "GoBD-compliant" email archiving. But what does GoBD-compliant actually mean? When is email archiving GoBD-compliant and when is it not?

We explain what really matters when it comes to GoBD conformity.

It is important to consider the term 'GoBD compliant' and its meaning carefully, as there are many misunderstandings and the essential aspects often remain hidden. So let's take a closer look at the details:

The financial administration explains in the GoBD which requirements apply to IT-supported accounting processes. (In addition, the GoBD makes it clear that any product certifications of mail archiving solutions are ineffective. (see GoBD, Chapter 12 (Section 179 and 181)).

Correctly, the financial administration focuses on the 'process' and not the 'product': Secure mail archiving means that the entire process

Implementing a GoBD-compliant mail archiving system, which is also legally compliant or legally secure, therefore means that the combination of hardware, software and organization must ensure the completeness, integrity and retrievability of tax-relevant emails. The technology alone (and in particular the mail archiving software) is in fact only a means to an end or part of the overall solution "mail archiving", which covers the entire process surrounding the topic of email.

To establish a legally compliant or secure mail archiving of all commercially and tax-relevant emails in the sense of HGB, AO, GoBD, it is necessary in the sense of the requirements of the GoBD, in addition to the technical setup of the mail archiving, to create a process documentation to document the correctness of the overall process “mail archiving” . The documentation must describe the interfaces between the mail archiving software and the surrounding systems and the flow of emails into the archive, as well as coordinated control and maintenance procedures (i.e. organization or “Orgware”) contain.

As we have already explained in detail in our whitepaper "Legal Aspects of Compliant Mail Archiving“, the legislator expects that the process components, data and document holdings of the implemented mail archiving can be reviewed by a knowledgeable third party with regard to their formal and substantive correctness within a reasonable time. (This refers to both the auditability of individual business transactions and the auditability of the system and the processes running therein). The auditability of the orderliness of mail archiving necessarily requires the existence of process documentation.

The financial administration understands by the process description or documentation a description of the organizational and technical process with regard to the processing of tax-relevant information. So it's not just about the technical product of the “mail archiving software“, but always and inevitably about designing the entire process, i.e. technology + application environment incl. organization and documenting it in a comprehensible way.

Conclusion

GoBD-compliant“ therefore inevitably does not refer to a specific product property or a feature that can be produced or guaranteed solely by the technical product “mail archiving software”. On the contrary: “GoBD-compliant“ with regard to mail archiving means that the part of the accounting process that is related to emails in any technical or organizational way must meet the requirements of the GoBD.

Legal Notice / Disclaimer

This post does not constitute legal advice. It is for general information only. We assume no responsibility for the accuracy or completeness of the information. Any liability is excluded.