Regulations regarding KSeF - analysis of two published draft regulations on the organization of the National e-Invoice System (KSeF).

On July 1, 2024, the obligation to issue invoices using KSeF will enter into force. To this end, on November 27, the Ministry of Finance published further draft regulations regarding the use of KSeF and the method of issuing invoices, as we have already informed in earlier entry. What changed? Below we discuss the most important provisions in detail.

General observations

First of all, it is worth sharing with you our observation that both of these regulations seem to have been made a bit sloppily and knee-jerk. Therefore, you can approach this type of publication as a kind of drawer cleaning. So, while the Ministry of Finance was working on certain specific solutions regarding the issues we are interested in, due to the change of government, it was probably decided to publish these projects in a hurry. In connection with the above, of course, another conclusion comes to mind: these projects - to put it mildly - are not of the highest quality, that is, in short, they are very superficial and not fully thought out substantively. For example, we found inconsistencies in some provisions regarding the current functionalities that the KSeF API offers. Returning to the point, these two regulations are the most important from the point of view of implementing KSeF in the company, we have a regulation of the Minister of Finance amending the regulation on issuing e-invoices [1] and the second regulation on the use of the KSeF system [2].

Focusing on what we got in strictly KSeF regulations, including the regulation on issuing invoices [1], in fact, we have changes in order, although some logical and substantive errors have also been made. If we were to address these changes, we are talking about:

1. Extending the scope of successful mandatory invoices, in the case of taxpayers exempt from VAT and documenting the supply of goods or services also exempt from VAT.
2. In turn, the scope of mandatory invoice data for some entrepreneurs has been reduced. Here, infrastructure companies were specifically named in the justification.
3. The nomenclature for bus tickets and highway fees has been unified so that they are consistent with the VAT Act.

To sum up, there is nothing in this regulation that changes the assessment of the entire project and how the implementation of KSeF in the enterprise should be treated.

Major changes in the area of permissions

Much more interesting is the regulation of the Minister of Finance on the use of the National e-Invoice System [2]. You could say that in this case the changes are revolutionary. Firstly, the first details about QR codes have appeared. When it comes to rights, the most important and significant change is the abandonment of the current regulation regarding the acquisition of indirect rights. Basically, this type of inheritance was abandoned, i.e. the effect that if we had a role at the KSeF level, we had the option of assigning an analogous role in such a hierarchical sequence. This has been discontinued and we do not have this option at the moment. It was deemed necessary to indicate who should have the authority to issue and access invoices, without automatic assignment of rights.

In terms of issuing or accessing invoices extended catalog of entities authorized to these functionalities of KSeF about:

• the taxpayer indicated by the flat-rate farmer, who is the purchaser of agricultural products and agricultural services from the flat-rate farmer, and
• entity authorized to issue electronic structured invoices

Certificate of the invoice issuer

In addition to the changes mentioned above, a new tool has been introduced in the permissions area, called an authorization certificate. In § 6 section 2 of the project specifies that the authorization certificate (invoice issuer's certificate) is a certificate created by KSeF associated with a pair of encryption keys, which consists of a private key and a public key. The public key is part of the digital certificate of its owner and can be used by anyone interested. However, the private key is protected by the key owner and only he or she can use it. Technically, this looks like standard X.509 certificates with asymmetric RSA or elliptic curve (ECC) keys.

Limited access to the key ensures protection of communication carried out using it. The certificate owner can take advantage of the keys' encryption security features. This owner can, for example, use the certificate's private key to "sign" and encrypt data sent between users and servers, such as messages, documents, and code. The recipient of the signed object uses the public key contained in the signer's certificate to decrypt the signature. Digital signatures ensure the credibility of objects' origins and enable verification of the object's integrity.

The authorization certificate is therefore assigned to the taxpayer or authorized entity and its rights. It allows the taxpayer or authorized entity to authenticate itself in the KSeF. According to § 6 section 3 project the use of an authorization certificate will be required when issuing invoices during the situations referred to in Art. 106nf section 1 and art. 106nh section 1 VAT Act(hereinafter referred to as the Act), i.e. in the event of failure and unavailability of KSeF. Therefore, without having the above-mentioned certificate, the taxpayer will not be able to issue an invoice in the event of a failure or unavailability of KSeF.

KSeF invoice verification code (QR code)

The regulation also introduces: § 2 point 2 of the project something called a verification code, which is actually a QR code. The verification code is a unique string of characters presented in the form of a two-dimensional, square graphic QR code in accordance with the ISO/IEC 18004:2015 standard used to mark structured invoices, invoices referred to in Art. 106nf section 1 and art. 106nh section 1 of the Act, sent to the National e-Invoice System, and VAT-RR invoices and VAT RR CORRECTION invoices issued using KSeF, created by this system, enabling access to invoices in this system and verification of data contained in this invoice.

At the same time, the elements that should be included in the verification code when marking structured invoices made available to the buyer referred to in Art. 106gb paragraph 4 of the Act, in a manner other than using KSeF or used outside KSeF. The code used to mark these invoices includes:

• address of the interface software resource referred to in Art. 106gb paragraph 2 of the Act, indicated in the specification of this software;
• invoice identification number in the National e-Invoice System;
• invoice distinguishing feature (§ 8(1) of the draft).

Verification code elements for marking the invoices in question have been defined separately
in art. 106nf section 1 and art. 106nh section 1 of the Act, made available to the buyer in a manner other than using the National e-Invoice System. The verification code used to mark these invoices includes:

• address of the interface software resource referred to in Art. 106gb paragraph 2 of the Act, indicated in the specification of this software,
• tax identification number (NIP) of the invoice issuer,
• certificate ID of the invoice issuer,
• invoice distinguishing feature,
• distinguishing feature signed with the issuer's certificate

The draft regulation also indicates the need for labeling verification code invoices issued in the manner referred to in Art. 106d section 1 of the Act, if the buyer issuing the invoice does not have a tax identification number (NIP). Such an invoice, apart from the elements referred to in § 8 section 2 points 1, 3-6, also contains the number referred to in Art. 106e section 1 point 24 letter b of the Act, by means of which the purchaser of goods or services is identified for the purposes of value added tax in a given Member State.

IN § 8 section 4 project it was specified that the verification code will be presented in the form of a two-dimensional, square graphic QR code in accordance with the ISO/IEC 18004:2015 standard along with providing, in the case of structured invoices, the number identifying these invoices in the National e-Invoice System, and in the case of invoices referred to in art. 106nf section 1 and 106nh section 1 (i.e. in the event of failure and unavailability of KSeF) – "OFFLINE" markings. The provision should be understood in such a way that in the event of a failure or unavailability of KSeF, instead of the invoice identification number assigned by KSeF, the entity issuing the invoice should enter the "OFFLINE" entry in the appropriate field. This seems understandable, because in the event of a KSeF failure, it will not be possible to obtain the above-mentioned information. number of the structured invoice, clearly identifying it within KSeF.

Finally, it was indicated that a detailed description of the technical requirements for verification codes contains interface software referred to in Art. 106gb paragraph 2 of the VAT Act. For this purpose, the Ministry of Finance plans to present a specification of interface software for approval. This document will describe the technical requirements for verification codes (QR codes).

Source:

1. Regulation of the Minister of Finance amending the regulation on issuing invoices

2. Regulation of the Minister of Finance on the use of the National e-Invoice System