The technical security device consists of a security module, a storage medium and a standardised digital interface.

The technical security device receives information from the electronic record-keeping system (e.g. a cash register), protects the data to be recorded against modification or deletion, and stores the secured records in a standardised format. Financial authorities can then request the protected data and audit it for completeness and accuracy.

Data protected with a signature can be exported and stored outside of the technical security device. When doing so, it is, of course, essential that it is stored securely and in compliance with regulations.

Unfortunately we do not offer a newsletter, mailing list or other automatic notification system. In principle, all information regarding the Act to prevent tampering with digital primary accounting records can be found on our website.

The contact person for the act is the Federal Ministry of Finance, which is the responsible body.

You can find up to date technical information under 'Act to prevent tampering with digital primary accounting records'. The relevant technical guidelines and protection profiles are also published here.

Contact details for further technical questions: registrierkassen@bsi.bund.de

Contacts for further questions on the steps involved in the certification process can be found under Product Certification.

Contact the manufacturer of your cash register/your record-keeping system and ask what technical security devices can be connected to the system and how your cash register can be updated for use with the technical security device.

The aim of the technologically open approach is to find the most pragmatic possible way of integrating technical security devices into existing cash register systems. This includes in particular the possibility of connecting several cash register systems to a centralised security device.

In principle, there are various technical implementation options, for example local (e.g. using smartcards) or remote (as a 'cloud' solution), provided the necessary safety and inter-operability requirements of the BSI are met and this is demonstrated as part of the certification.

No. In principle, several devices can use a shared security device.

All transactions must always be performed using only a single TSE. Because of the security requirements, it is fundamentally not possible to secure individual transactions using multiple security devices.

Anyone can manufacture technical security devices, and the principle of technological openness applies. For the use of a technical security device to comply with the legal requires, documentation must be provided that the security and interoperability requirements of the BSI are complied with.

There will not be an individual implementation of the guidelines that all users are required to adopt.

Examples of (potential) providers of security devices or security modules may include manufacturers that work in the development of security elements, smartcards, hardware security modules (HSM) or data recorders. For reasons of equal treatment, the BSI cannot provide the names of any manufacturers.

Information regarding certified technical security devices is published after a certification is completed on the pages of the BSI under Product Certification.

In general, you should contact the manufacturer of your till or record-keeping system and ask which devices are available for your system.

The technical security device uses cryptographic keys to sign recordings. Certificates (files), which "certify" the secure origin of the key, are not linked to a person, in accordance with the requirements of the BSI. However, it may be the case that this is required by the concept of the TSD manufacturer. In each case, the financial authorities must be aware of the keys used. In other words, they must be registered to a tax-paying entity with the financial authorities.

The technical security device contains a function to export stored data. This exported data can be securely retained in an appropriate location. The retention requirements of the tax authorities must be complied with. If the data is retained securely, then it can be deleted in other locations.

If the data is requested for auditing, you must provide it in the export format of the security device.

This depends on how the manufacturer of the security device has implemented the export interface. The data can be deleted from the technical security device provided it is securely retained in another location. The retention requirements of the tax authorities must be complied with.

No. The technical security device receives data and places a 'security layer' (meta-data and signature) over it. How this security layer is to be formatted and how the secured data can be exported from the security device is set out by the BSI in its guidelines.

The content and format of the data that must be entered into the security device externally for the purposes of protection is stipulated by the Federal Ministry of Finance.

The certification obligation is restricted to the technical security device. It is not required that the entire cash register system itself be certified. From 1 January 2020, all cash register systems must be equipped with a certified technical security device and be connected to it via a defined interface.

The certification obligation is restricted to the technical security device. It is not required that the cash register software itself be certified. From 1 January 2020, all cash register systems must be equipped with a certified technical security device and be connected to it via a defined interface.

Information regarding certified technical security devices is published after a certification is completed on the pages of the BSI under Product Certification.

Cash register systems can, however, be updated before completion of the certification process, regardless of whether the security module is certified.

Information regarding certified technical security devices is published on the pages of the BSI under Product Certification.

In principle, Section 1 of the 'Ordinance establishing the technical requirements for electronic recording and security systems in commercial transactions (Kassensicherungsverordnung, Cash Register Anti-Tampering Ordinance, KassenSichV) applies here.

The BSI cannot assess whether an individual product or system is affected.

In principle, anyone can manufacture technical security devices, and the principle of technological openness applies in their implementation. In order for these security devices to be permitted for use, they must meet the requirements of the BSI. Conformity with the requirements must be demonstrated by a corresponding certification.

The BSI is aware of several German/European manufacturers that are currently producing or have previously produced comparable security devices.

Unfortunately, in view of its equal treatment of manufacturers, the BSI cannot provide a list of these manufacturers. The question of when and to what extent a manufacturer discloses the relevant details to the market is subject to its own planning processes and responsibility.

If you wish to contact (potential) manufacturers of security devices and security modules directly and ask them for further information, you could direct your enquiries towards manufacturers of security elements / smartcards / HSMs / data recorders.

In principle, there are various technical implementation options, either local (e.g. using smartcards) or remote (as a 'cloud' solution), provided the necessary security and inter-operability requirements of the BSI are met and this is demonstrated as part of the certification. If using a remote TSE, it must fundamentally always be reachable by all connected electronic record-keeping systems.

Yes. As part of technological openness, it is possible to use remote technical security devices or components of technical security devices. With this type of technical security device, however, a certified security module application must also be implemented in the cash register or the cash register network that allows a secure connection to be established with the remote hardware security module. With this type of security module application (BSI PP-SMAERS), the certification requirements are low, meaning that they can also be implemented in software.

As per Section 5 of the German Cash Register Anti-Tampering Ordinance, requirements for technical security mechanisms are set out in the BSI's well-known technical guidelines and security profiles. Accordingly, a technical security mechanism only conforms to this Ordinance if it also complies with the BSI's technical guidelines and security profiles.

The standards published by the BSI specify that the transaction number issued by a security module must be unique and sequential, and that it must be incremented by the security module each time a transaction is started. In particular, the security module must never issue an identical transaction number to two different transactions, even if these transactions originate in processes involving two separate cash registers.

The transaction number references the key within the security module. Following a key change, the transaction number starts again at '0'.

In order to comply with BSI standards, the transaction number in each SMAERS (Security Module Application for Electronic Recordkeeping Systems) instance must therefore be unique, and a separate signature key must be used within CSP for each SMAERS (Security Module Application for Electronic Recordkeeping Systems).

This unambiguous key assignment offers a significant advantage while also limiting the impact of a potential system compromise.

Information on certification can be found here.

The certificates for a TSE normally expire after eight years and include the requirement for the security characteristics to be reassessed after five years.

The Technical Guidelines are published under the following links:

• BSI TR-03153
• BSI TR-03151
• BSI TR-03116-5

The protection profiles are published under the following links:

• BSI PP-SMAERS
• BSI PP-CSP in the configuration required by Protection Profile-Module CSP Time Stamp Service and Audit (PPM-TS-Au)

The technical guidelines and protection profiles are each only available in one language. The choice of language is generally based on the relevant target group and usage and the provisions arising from the national and international context.

The certification costs for a technical security device consist of the costs of the evaluation for the appointed testing body and the fees payable to the BSI.

The BSI fees for the certification process are set by the BSI Cost Regulation.

The BSI cannot make any statements regarding the costs of the evaluation, as they are primarily based on the negotiations between a manufacturer and the relevant testing body.

The timing and duration of the certification processes (TR and Common Criteria) mainly depends on your negotiations with the testing bodies or evaluation facilities and the maturity level of your product.

The BSI defines the requirements for the technical security device (TSE). The manufacturer then develops the TSE in line with these requirements. After that, the manufacturer reaches an agreement with a recognised testing laboratory to test its product. The manufacturer is then ready to request the certification process from the BSI. When the tests are complete, the BSI evaluates the testing laboratory's test report and, if the result is positive, issues a certificate. The BSI, therefore, is the certification body.

Several certifications must be performed for a TSE: one certification regarding how the device behaves generally in relation to the record-keeping system (cash register) and multiple security certifications. The security certifications test how well protected the systems are against manipulation.

You can find general information on the certification of products on the website of the BSI under Product Certification.

You can find information on the certification process on the website of the BSI under Product Certification.

Information about applying for a certification can be found on the BSI website under Product Certification.

The contact information for recognised testing bodies for TR-03153-TS compliance auditing can be found here. Please make sure you select the correct recognition area.

The evaluation facilities for Common Criteria protection profile security certification can be found here.

As this is mainly the responsibility of the potential manufacturer, this question should be directed to them. Contractual agreements between the manufacturer and future user could be one option.

In order to meet the legal requirement that all processes with mandatory recording are logged promptly, the security module must manage the system time independently to make manipulation at the recording times more difficult. There are no strict requirements with regard to the accuracy of the internal time source; in particular, the system time does not need to be updated in a deactivated state. Instead, the system time in the security module may be synchronised with external time sources manually or automatically. The setting of the system time is another process with mandatory recording that is triggered internally by the security module.

Contact details for further technical questions: registrierkassen@bsi.bund.de