This is one of the most intensely and extensively discussed questions regarding legally compliant email archiving. It is certain (we experience it almost daily): there is enormous ignorance and unhealthy half-knowledge in the world. We want to shed some light on this.

To get to the bottom of the question of what characterizes a legally compliant email archiving, we draw on a case from practice: Recently, a customer inquiry in connection with Benno MailArchiv revealed that the customer only wanted to archive the emails of selected email mailboxes. So far so good. Technically, this is easily feasible with Benno MailArchiv. But be careful! Legal compliance is not defined solely by the technical product used for email archiving!

The question of the "legal compliance" of an email archiving solution begins where a decision is made about whether or not to archive emails.

Against the background of the valid requirements of the legislator for lawful email archiving, it is extremely tricky to exclude certain email addresses from archiving in principle. This only works (purely legally speaking) if it is absolutely certain that no emails that are subject to archiving are sent or received via the email addresses excluded from archiving. This brings us to the next pitfall. Which emails are subject to archiving?

The obligation to archive emails exists due to commercial and tax law requirements. The legal basis is therefore defined in the HGB and in the AO. To give just one (!) example of emails that are subject to archiving: in the sense of the AO, all emails or email-based communicated information that correspond to the status "insofar as they are relevant for taxation" must be archived in a manner compliant with the law. In practice, this means emails whose content (e.g.) relates to a business transaction or otherwise has an impact on the taxation of the company subject to archiving. Generally, this can include almost everything that has been sent or received via email.

This gradually closes the circle: How must emails be archived in compliance with the law now?

Lawful email archiving means operating a form and procedure of archiving that is suitable to cover the requirements for lawful email archiving. What are the requirements? For example (to highlight just one aspect), it is about the requirement of timeliness of archiving. In other words: emails received by the company must be archived as promptly as possible (which minimizes potential manipulation possibilities before archiving, etc.). This results in concrete requirements for the archiving solution itself, but above all for the process of archiving.

There are still some other requirements. They all require the design of various procedural aspects. This means that in the end, not only the technical solution 'Mail archiving software Benno MailArchiv' must meet certain requirements, but also the entire process, the application environment, etc. in which the mail archiving takes place.

In short: First, organizational measures must be taken to ensure that all requirements for lawful mail archiving are met. Only then do the technical aspects (implementation in software) come into play.

In a nutshell: A technical solution (such as Benno MailArchiv) alone (i.e. without accompanying organizational measures) never is able to represent a lawful mail archiving.

To finally map the last requirement of compliant email archiving, namely the verifiability of the solution by third parties in a reasonable time, it is finally established that without a suitable procedural documentation for compliant email archiving, verifiability cannot be established and thus the entire solution without a suitable procedural documentation is not compliant.

And that means: Compliant email archiving solution is the sum of organizational measures, technical solution (email archiving software like Benno MailArchiv itself), overall technical implementation and final procedural documentation. Only in this way can all statutory requirements for email archiving be verifiably mapped. A software alone, i.e. without accompanying measures, is never suitable for mapping compliant email archiving.

We look back on many years of know-how regarding this complex of questions and advise you gladly on compliance, legal requirements and their implementation. For professional reasons, neither these explanations nor our consulting services in this context represent legal advice.