Obligatory use of secure POS [Point-of-Sale] software

The Finance Law for 2016, supplemented and simplified by the decision of the Minister for Action and Public Accounts on 15 June 2017, makes it mandatory to use secure POS software and systems as from 1 January 2018.

General Principle

The law targets any entity in France required to collect VAT (though exceptions may exist) that records payments by its customers who are not in the VAT system using POS software or a POS system, regardless of how payment is made. Transactions affected are deliveries of goods and services that are not invoiced and concern all tools that automate calculations and make a record of collection transactions. Such POS software and systems must be certified, starting on 1 January 2018, and the user companies are to charge the costs of obtaining these certificates to expenses.

Conditions and technical aspects

The Finance Law for 2016 sets four conditions for certifying the POS software or system:

– Inalterability: The integrity of the data recorded must be guaranteed over time by any reliable technical process. Therefore, the payment data must not be able to be modified after they are originally recorded. If corrections become necessary, new transactions must be recorded, which in turn will be subjected to the condition of inalterability. All transactions must be recorded in a database.

– Security: The POS software or system must (through any reliable process) secure the starting data, the amended data recorded and the data making it possible to produce the evidential documents issued.

– Retention: Administrative doctrine clarifies that the obligation to close is daily, monthly and annual. The system must calculate inalterable data among which the grand total for the accounting period the period total and the perpetual total (the aggregate since the start of use of the application). The user of the software must retain the data recorded in its POS software for a minimum of six years. The data pertaining to the details of the collections (ticket number, date, cash register number, tax-inclusive total, VAT, detail of the items, etc.).

– Archiving: The data must be archived at least once at the end of each period or financial year. It is possible to perform a purge, removing the data from the POS software and storing them on an external archiving medium (a thumb drive, hard disk or optical disk).

The publisher’s responsibility

The publisher is the company that holds the source code of the POS software or system and that is in control of modifying the software’s specifications. It therefore has a responsibility for the security condition; it must obtain certification and produce a certificate for the POS software or system. It must also ensure that the archives can easily be read by the taxation authority (though no form of archive is dictated).

Procedures for proving compliance with the conditions

The user has two ways of proving compliance with the conditions set by law:

– by presenting the certification of the POS software issued by the two bodies currently accredited by COFRAC, the national accreditation authority: AFNOR Certification and the National Metrology and Testing Laboratory (“LNE”). An EU certifier may also certify the POS software or system. The list of certified POS software is available for consultation on the websites of the two accredited bodies.

– by presenting a certification, produced by the publisher of the software, that must contain mention of compliance with the four conditions cited above, as well as the name, reference and purchase date of the POS software or system. In the case of subsidiaries of a group or a chain of stores, where the POS systems are identical, a single certification is enough for all of them.

Right to monitor and penalties

Tax authority employees are able to carry out spot checks in the business premises of an entity subject to VAT to check on possession of the certificates required for each copy of the POS software or systems. The company may be fined €7,500 for each copy of the POS software or system for which no certificate can be produced.

We are entirely available if you have any further queries about the issues discussed in this newsletter or about any other accounting, tax, social security or law related topic.

Leave a Reply