Who or what is efsta?

efsta (acronym for European Fiscal Standards Association) is an association of European companies and institutions with the purpose of creating and establishing standards for the documentation of business transactions required to be recorded within a framework of national and international guidelines. 

Who can use the process?

The process is used by companies subject to taxation, to prove the accuracy of their records to auditing and tax authorities. There are no restrictions as to who can use the process.

Is a membership required to use the process?

No, an efsta membership is not required for the use of the process.

Which data is stored?

As a standard requirement of the process a fiscal record must be transferred for each transaction. It consists of the receipt number and total (incl. sales tax). Grand total and sequence number are computed and registered, the fiscal signature is issued.

In principle all transferred data is stored and encoded. It is therefore possible to store additional data for a different use with the association.

Who has access to the data?

Access to the data is only given via an access code (with a ticket) issued by the owner of the data. The access code can be restricted as to time and data content.

Is long-term storage and access to the data guaranteed?

Yes, storage of each transferred transaction record is guaranteed for the obligatory record retention period as a minimum.  During this period the data can be accessed at any time.   

Is the integrity of the data guaranteed vis-a-vis auditing authorities?

Yes, efsta guarantees vis-a-vis auditing authorities that the data stored cannot be changed. 

Who to contact for technical assistance?

For users of the process the first contact is their system provider or software producer. System providers or software producers receive support from efsta IT Services GmbH (support@efsta.net). There is also a ticket system available.

What is individual verification or signature verification?

Every recepient of a receipt (invoice or sales slip) can verify the validity of the receipt. The examiner needs to be in possesion of the receipt. By entering the fiscal signature (FN) of the receipt total (payment amount; these two items form the access code for each receipt) on efsta.net, the authenticity of the issuer and the integrity of the receipt is confirmed (verified) or shown to be incorrect.

Link to individual verification

Which systems are required for the process?

To be able to use the process, the so-called EFR (Electronical Fiscal Register) is required. A software module with an individual certificate (provided free of charge after registration) runs as a background service under Windows 32/64bit and under Linux.

Your internet provider and your software producer must support the process

Which encoding system is being used?

Efsta encoding technics were developed in cooperation with the University of Hagenberg. The encoding process is AES256.

Where is the data encoded?

The process is based on the principle that “no data is leaving a business (data owner) without being encoded”, i.e. every transaction record is encoded locally before being transferred to the efsta data center.

What happens if the network or internet connection is interrupted?

The EFR (Electronic Fiscal Register) can operate offline to bridge service interruptions and failures. As the registration of a receipt is done in two steps (1. local registration and encoding and 2. transfer), a service interruption does not affect the user. Receipts produced during the offline period will be duly transferred after the connection is re-established. 

What is a certificate required and who issues it?

Every user receives one or more Class B certificates issued by efsta. These are necessary to ensure a secure SSL transfer as well as to encode the data and create the signature.

Can efsta staff access the data?

No, without an access code no one is able to read the data in decipherable form. As the code is neither deposited nor produced at efsta, data center employees cannot access data.

Can the process be utilized by companies with several locations?

Yes, the process supports companies with various divisions and any number of locations.

How is authentication an registration done?

To avoid an additional authentication process as well as the necessity of further access data, e.g. user name and password for users, authentication is always done via a trustworthy authentication agency, which the businesses in question have already been using. These agencies are country specific.

Registration is done via an online portal, which can only be accessed via the above-mentioned authentication agency.

Can an efsta interface be certified?

Yes, certification is planned, however it won’t be a prerequisite for using the process.

What costs are involved?

As it is not a commercial product the process together with the API connection and the EFRU software as well as future updates are available free of charge (patent pending).

For system maintenance and upkeep as well as regular overhead (computer capacity, data storage, issuing of individual certificates and administration etc.) a small annual fee, which will be communicated to the members, will be charged.