Fiscal Requirements
RKSV (Registrierkassen Sicherheitsverordnung)
The RKSV is an Austrian regulation aimed at ensuring the integrity and security of electronic cash register systems. It mandates that cash registers must have a secure method for recording and archiving transaction data in an audit-proof manner, making it tamper-proof. For the signing process, a signature device is mandatory.
As the underscore sign "_" is used as signature payload field separator, you may not use it in fields TL, TT, TN.
Any occurrence will be replaced by "/" within EFR.
Furthermore, the cash register number (TL+TT) must not exceed 49 characters in length.
Features of EFR
The EFR fulfillls the following functions:
- Signature generation with a connected siganture unit
- Chaining of receipts
- Management and encryption of totals
- Automatic generation of status receipts (starting receipt, monthly / yearly statement receipt, closure receipt)
- DEP-Export according to RKSV (Cashier Security Ordinance) directly at the POS system respectively per data transfer out of cloud storage to FON
- Automatic generation of mandatory reports to the treasury (Startup, yearly statement receipt, closure vouch)
- Tamper-proof archiving (encrypted in cloud-storage, only entrepreneur possesses key)
- Fulfillment of mandatory archivation regulation according to BAO §131 ff (minimum of 7-year archiving)
Journal and DEP (Datenerfassungsprotokoll)
An EFR journal is a contiguous protocol of transactions and informational records, basically without formal constraints. Coherence is assured by the unique EFR ID (e.g. '000123456AB'), client name (e.g. 'def', '01_1') and record sequence number SQ (1 – n). In online mode the local journal is fed to cloud storage.
Independently, the fiscal law claims a DEP to have a unique 'KassenID' (EFR client) and the possibility for initialization and closing.
'Startbeleg' initialization is done automatically with the first transaction registration. Fields 'KassenID' and 'UID' (TaxId) are also fixed if a valid signature (smartcard, HSM) was generated.
'KassenID' is derived from ESR fields TL (Transaction Location) and TT (Transaction Terminal), so TL+TT has to be unique within a company and shall not change during operation.
If 'KassenID' changes (e.g. because the computer was moved to another store and TL was set accordingly), the EFR closes the current DEP ('Schlussbeleg') and opens ('Startbeleg'). All steps are recorded in the journal file.
In Online mode, the corresponding reports will be forwarded automatically from the cloud to the Fiscal System 'Finanz-Online'.
Signature device failed
If the signature device failed, the transaction was still processed successfully and the receipt can be printed. You must then check why the signature device is not working.
Response:
<TraC SQ="2345">
<Result RC="OK">
<ErrorCode>#SIGNDEV_BROKEN</ErrorCode >
<UserMessage>Sicherheitseinrichtung ausgefallen</UserMessage>
</Result>
<Fis>
<Code>_R1-AT2_01/1_2264_2016-03-01T17:36:27_3,49_6,63_2,23_0,00_0,00_V8WmZ6Bt_1269983002239886020764477
48182_btEC7xqxak0=_U2ljaGVyaGVpdHNlaW5yaWNodHVuZyBhdXNnZWZhbGxlbg==</Code>
<Link>EFSTA.NET#33700384003797881019</Link>
<Tag Name="Info" Value="Sicherheitseinrichtung ausgefallen" Label=""/>
</Fis>
</TraC>
| Command | Description |
|---|---|
RC="OK" | Transaction has been received properly, and has been signed according to RKSV using a substitute signature. Monitoring has started, and will result in automatic notification of the Treasury Service if the security device is not restored within 48 hours |
<ErrorCode>#SIGNDEV_BROKEN</ErrorCode> | Information only, since Registration was successful (RC="OK") |
<UserMessage>Sicherheitseinrichtung ausgefallen</UserMessage> | UserMessage is to be shown to the system operator (Message-Box). As long as the failure isn’t corrected, this error is displayed every day on the first receipt |
<Code>..._U2ljaGVyaGVpdHNlaW5yaWNodHVuZyBhdXNnZWZhbGxlbg==</Code> | Within the signature compliant to regulation the notification „Sicherheitseinrichtung ausgefallen“ is contained (base64-encoded) |
<Tag Name="Info" Value="Sicherheitseinrichtung ausgefallen" Label=""/> | Upon the actual receipt the <Tag>-elements have to be printed, in this case the string Sicherheitseinrichtung ausgefallen |
Show zero-receipts ("Nullbelege")
The austrian fiscal law regulates generation of signed receipts without amount ("Nullbeleg") for documentation and reporting to the online system of the fiscal authority ("Finanz Online", "FON"). The respective receipts and QR codes can be found on the web page http://localhost:5618/control "Steuerung". In online environments the necessary report to FON is done automatically, whereas for offline systems the generated QR codes have to be scanned with the official fiscal smartphone app.
| ESR.NFS | TY | Purpose |
|---|---|---|
| Startbeleg | START | Initializes the signature chain. Generated automatically with the first transaction registration. In online systems the signature is reported to FON, if offline scan the QR code "Startbeleg anzeigen" with the FON App. |
| Monatsbeleg | MONTH | Documents the grand total at the end of each month. Generated automatically with the first registration in a new month. |
| Jahresbeleg | YEAR | Similar to "Monatsbeleg". Online: reported to FON automatically, else scan from "Jahresbeleg" until February 15th of the new year. |
| Schlussbeleg | CLOSE | Final close of a signature chain. Usually issued manually with "Kasse außer Betrieb nehmen". CLOSE and START also are performed automatically on change of the register ID (ESR.TL+ESR.TT). Online: reported to FON automatically, else scan from "Schlussbeleg". |
| Nullbeleg | NULL | During a fiscal examination, the immediate generation of a proof receipt will be requested. Use "Nullbeleg erstellen" (or a similar function in your cash register application). Online: generated signatures are always reported. |
| Sammelbeleg | SIGNDEV_RESTORED | If hardware signature (smartcard, HSM) fails, receipts are tagged with "Sicherheitseinrichtung ausgefallen" and a surrogate signature value is used. As soon as the signature device is available again, a signed proof receipt is required. The whole process is handled by EFR automatically, but signatures can be listed using "Sammelbelege Protokoll". |
Verify Signature - GET /control/verify
For support purposes only.
| Query | code | Enter whole Fis.Code |
| key | Optional: EncryptKey (base64); needed to decrypt foreign code | |
| Authentication | As long as key is specified no permission is required, else the local EncryptKey is used for decryption - request needs to be submitted from localhost. | |
| Request Example | http://localhost:5618/control/verify?code=...&key=... | |
| Response Header | Content-type | text/plain |
| Installation | For certificate information within response a certificate request to the CA's PKI is performed over LDAP protocol. For this module ldapjs is required – please install manually using npm. |
Zero receipt (Nullbeleg)
There are two ways to create a zero receipt, depending on whether the cash register assigns a transaction number (TN) or not.
The zero-amount receipts required by RKSV (start, monthly, yearly, closure and grand total following security device failure receipt) are generated, saved, and respectively checked by the EFR automatically as required. They can be reviewed at any time via web-browser at http://localhost:5618/control
POST /control/null
| Response | HTML Creates a signed zero receipt and proofs it with the Fiscal Authority (in online mode). | |
| Request Header | Content-type | Application/xml (or application/json resp.) triggers a XML/JSON data object response, the relevant signature is delivered in element lastNull. |
Register a transaction without positions
<Tra>
<ESR D="2016-03-01T19:03:48" TL="01" TT="1" TN="2303" />
</Tra>
Close DEP - POST /control/close
| Authentication | Local operation only (localhost) or Profile.Password authorization | |
| Response | HTML Closes the current DEP ('Datenerfassungsprotokoll'). In online mode the appropriate reports are sent to the Fiscal Authority. | |
| Request Header | Content-type | Application/xml (or application/json resp.) triggers a XML/JSON data object response, the relevant signature is delivered in element repClose. |
VAT Handling
For signature purposes, single receipt/control positions are to be assigned to the following tax groups:
| Tax group | TaxG | Tax rate |
|---|---|---|
| Normal | A | 20% |
| Ermässigt-1 | B | 10% |
| Ermässigt-2 | C | 13% |
| Null | D | 0% |
| Besonders | E | 19% |
| F | 7% | |
| Corona Abgesenkt | G | 5% |
This is achieved either by directly expressing TaxG="A" (A-F) or by matching of value if the percent value is denoted. TaxG="F" is used in a few small Austrian areas ("Zollausschlussgebiete") for victuals; in fiscal signature revealed in "Null" according to law.
Turnovers not fitting into one of the predetermined tax groups (eg. Prc="15%" or TaxG="N") are entered into group "Null", according to RKSV (TaxG="D").
Temporary Lowered VAT Rate 5%
[Announcement of Austrian Tax Authority BMF 6/11/2020]
To fight the effects of Corona crisis, restaurants and cultural institutions are subject to a lowered tax rate (both 20% and 10% lowered to 5%) for the period from 07/01/2020 to 12/31/2020.
This new regulation is taken into account from EFR version 1.10.5 (2.0.5 resp.) forward, in /EFR/app/AT/TaxG.cfg. In the fiscal signature (QR code) amounts are assigned to group "Null" according to findok.bmf.gv.at § 4.6.6. The receipt should show the lowered tax rate, alternatively it may be amended manually or by a stamped text.
Automatic reporting process to Finanz Online
In Austria, it is necessary to report a cash register start-up to the Austrian Ministry of Finance via Finanz Online (FON).
In order to be able to use the automatic reporting process in efsta, you must first create a so-called "web service user for cash registers" for the RKSV in the online finance web portal. One FON web service user is needed per company (UID).
Setting up the FON Web Service User
- Log into FinanzOnline with your access data.
- Select the "Admin" - "Single User" menu. At this section, you can assign the user identification, i.e. the name of a new user. This may be any name with 8-12 characters, which must contain at least one letter AND one number. Then enter an alphanumeric term in the PIN field with a length of 8-128 digits, containing at least one number and one letter. In the next field, please repeat your new PIN for confirmation.
Special characters or umlauts must not be used for the user name.
- Click the "Create" button to set up a new user for the cash register web service. The corresponding user identification (TID) is then immediately displayed on the page.
- This specifically created user only has authorization to access the cash register web service and cannot be used for any other web services or to access FinanzOnline, with the exception of the session web service.
The FON web service user and their access data must then be entered in the efsta portal so that the mandatory reports to the tax authorities are made automatically:
- Select COMPANY in the left menu bar
- By clicking on the setting icon you can display the details of your company and add the FON data