Wie ist eine TSE aufgebaut?

Signatures with cryptographic algorithms: RSA or ECC (Elliptic Curve Cryptography) are used to sign the transactions. Secure timestamps: The TSE relies on precise time information to make manipulations traceable in terms of time. Secure storage: Securely stores the signed transactions and protects them against manipulation. The technical structure of a TSE consists of hardware and software components that use cryptography and secure storage solutions to guarantee the immutability of transaction data. A TSE is available as hardware (USB, Micro SD) or cloud-based.

Was ist eine Technische Sicherheitseinrichtung (TSE) und warum ist sie in Deutschland vorgeschrieben?

A TSE prevents manipulation of digital POS systems to avoid tax fraud. It was introduced with the Cash Register Security Ordinance (KassenSichV) and has been mandatory since January 1, 2020.

Wie funktioniert eine TSE?

The TSE cryptographically signs transactions and provides them with secure timestamps to ensure the immutability and traceability of the data. This data is stored on secure storage media.

Welche TSE-Optionen unterstützt efsta?

efsta supports both hardware TSEs (e.g. USB, Micro SD) and cloud-based TSE solutions such as Fiskaly and Deutsche Fiskal Cloud. In addition, TSE server solutions such as the Epson TSE server are compatible.

Ist eine TSE verpflichtend für alle Kassensysteme in Deutschland?

Yes, according to KassenSichV, all electronic POS systems in Germany must be equipped with a certified TSE.

Kann ich verschiedene TSE-Hersteller mit efsta integrieren?

Yes, efsta offers a technology-agnostic platform that enables the integration of all certified TSEs, whether hardware- or cloud-based.

TSE – Technical Security Device in Germany

In Germany, it has been mandatory since 2020 to equip electronic recording systems (point-of-sale systems, PMS, etc.) with a technical security device to prevent the manipulation of sales data. The TSE records every transaction in a tamper-proof manner, adds an electronic signature, and stores it in an audit-proof format. The goal is to ensure transparency and tax compliance in the retail sector by enabling the tax authorities to review every transaction if necessary.

fiscalization Germany

Tamper-proof POS systems with a certified TSE

Features of a tamper-proof Technical Security Device (TSE)

The Cash Register Security Regulation (KassenSichV) stipulates that electronic recording devices such as cash registers, PMS systems, or ERP systems must be operated with a TSE certified by the BSI (Federal Office for Information Security).
‍
One of the most important requirements for digital source records, particularly for cash register records (GoBD and KassenSichV compliant), is ensuring that data is stored in a way that is unalterable and traceable at all times.

This is required in the form of audit-proof data archiving. To meet these requirements, the use of a certified Technical Security Device (TSE) is essential. This protects transaction data from manipulation and enables the complete recording and storage of all relevant information. In addition, standardized digital interfaces are necessary to ensure that the tax authorities have access to audit-relevant data at all times. In this context, data exports from TSE data (TSE TAR files) or a DSfinV-K export (Digital Interface of the Tax Authorities for POS Systems) must be taken into account during audits.

The TSE consists of three main components

Security module

The security module records every transaction in a tamper-proof manner and provides it with an electronic signature. Each individual transaction thus receives a forgery-proof identity that can be checked later.

Storage module

Here, the data of all transactions is securely stored for a certain period of time. It enables audit-proof storage of the data required for tax audits. The TSE TAR data is structured in such a way that the tax authorities can view and check it if necessary.

Digital interface

The interface makes it possible to read out the stored data and make it available for audits. This enables the tax authorities to carry out a simple and standardized audit in the DSFinV-K format without manual intervention in the POS system.

The TSE must be certified by the Federal Office for Information Security (BSI) and integrated by the POS software so that all transactions are recorded and secured in a legally compliant format. These requirements are part of the Cash Security Ordinance (KassenSichV), which has been in force in Germany since January 1, 2020 and is intended to promote transparency and tax compliance.

TSEs are available in various form factors: as USB or SD card or as Cloud TSE.

Requirements for a tamper-proof TSE infrastructure:

Certified TSE

The Technical Security Device (TSE) ensures the complete and tamper-proof recording of all transactions by signing all processes. This prevents manipulation and ensures compliance with the legal requirements of the KassenSichV.

Flexible integration

According to the legal definition, a TSE must be connected to and operated with an electronic recording device. TSEs are available from various manufacturers as hardware or cloud-based solutions and must be integrated depending on the system/customer requirements. The efsta middleware EFR is technology-agnostic for all certified TSEs and facilitates legally compliant use in the long term.

How to meet the TSE requirements with efsta

efsta offers a versatile solution for companies that want to use different TSE solutions.

Our platform supports both physical hardware TSEs and cloud-based TSE services.

You can easily integrate Epson, Swissbit or Diebold-Nixdorf hardware TSEs (USB, micro SD) as well as cloud TSEs such as Fiskaly or Deutsche Fiskal Cloud.

In addition, efsta supports TSE server solutions such as the Epson TSE server and the Diebold-Nixdorf Connect Box, so companies can flexibly decide which solution best suits their IT infrastructure. The automated certificate storage ensures easy and efficient management of your TSE systems.