Since the beginning of 2017, companies are required to archive their e‑mails in a legally compliant manner. The essential basis for this are the so‑called GoBD (also the “Grund­sät­ze zur ord­nungs­mä­ßi­gen Füh­rung und Auf­be­wah­rung von Bü­chern, Auf­zeich­nun­gen und Un­ter­la­gen in elek­tro­ni­scher Form so­wie zum Da­ten­zu­griff”. Im Original here to be found). In this context, a lot is said about “legally secure” and “GoBD-compliant” mail archiving. But what does GoBD-compliant actually mean? When is a mail archiving GoBD-compliant and when not?

We explain what really matters when it comes to GoBD conformity.

It is important to consider the term 'GoBD compliant' and its meaning carefully, as there are many misunderstandings and the essential aspects often remain hidden. So let's take a closer look at the details:

The tax authorities explain in the GoBD which requirements apply to IT-supported accountingprocesses apply. (Furthermore, the GoBD unambiguously state that any product certifications of mail archiving solutions, including and especially legally ineffective are. (see GoBD, Chapter 12 (para. 179 and 181)).

Correctly, the tax administration therefore presents the „Process“ and not the „Product“ in focus: The legally secure mail archiving means that the entire Process surrounding the email must be considered with respect to the GoBD requirements and not solely or in isolation the technical component that ultimately archives the emails (Benno MailArchiv).

Implementing a GoBD-compliant mail archiving that is also legally compliant and secure therefore means, that the combination of hardware, software and organization must ensure the completeness, integrity and retrievability of tax-relevant e-mails. The technology alone (and especially the mail archiving software) is in fact only a means to an end or a part of the overall solution “Mail archiving”, which covers the entire process that encompasses the entire process around the e-mail topic.

To establish a legally compliant and legally secure mail archiving of all commercially and tax-relevant e‑mails in the sense of HGB, AO, GoBD, it is, according to the requirements of the GoBD, necessary, in addition to the technical setup of the mail archiving, to create a procedural documentation for documenting the compliance of the overall procedure “mail archiving” to create. The documentation must, in particular, describe the interfaces between the mail archiving software and the surrounding systems and the flow of the e‑mails into the archive, as well as include coordinated control and maintenance procedures (i.e., organization or “Orgware”) thereafter.

As we have already presented in our Whitepaper „Legal Aspects of Legally Compliant Mail Archiving“ in detail have been presented, the legislator expects that the procedural components, data and document archives of the implemented mail archiving are verifiable by an expert third party regarding their formal and factual correctness within a reasonable time. (This also applies to the verifiability of individual business transactions as well as to the verifiability of the system and the processes occurring therein). The verifiability of the regularity of the mail archiving requires the existence of a procedural documentation accordingly mandatory.

Die Finanzverwaltung versteht unter der Verfahrensbeschreibung bzw. -dokumentation eine Beschreibung des organisatorischen und technischen Verfahrens bzgl. der Verarbeitung steuerlich relevanter Informationen. Es geht also bei GoBD-konformer oder rechtssicherer Mailarchivierung ganz klar nicht alleine um das technische Produkt der “Mailarchivierungssoftware”, sondern immer und unausweichlich darum, den gesamten Prozess, also Technik + Anwendungsumfeld incl. Organisation zu gestalten und nachvollziehbar zu dokumentieren.

Conclusion

GoBD-konform“ therefore does not denote a specific product feature or characteristic that can be created or guaranteed solely by the technical product „Mailarchivierungssoftware“ . On the contrary: „GoBD-konform“ regarding mail archiving means that the part of the accounting process, which is linked with e‑mails in any technical or organizational manner, must meet the requirements of the GoBD.

Legal Notice / Disclaimer

This post does not constitute legal advice. It is for general information only. We assume no responsibility for the accuracy or completeness of the information. Any liability is excluded.