Dokmatiq DOKMATIQ
Compliance & law

GoBD

German federal tax administrative rules governing the proper management and retention of digital, tax-relevant records.

Also known as: Grundsätze ordnungsmäßiger Buchführung, GoBD 2019, German digital bookkeeping rules

Short definition

GoBD is the German abbreviation for the “Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff” — the principles for the proper management and retention of books, records and documents in electronic form, including rules for data access.

It is an administrative circular of the German Federal Ministry of Finance (BMF), most recently overhauled in the BMF letter of 28 November 2019, with more recent adjustments.

GoBD describes how electronic bookkeeping in Germany must be performed to be recognised for tax purposes. It is not a law in itself but binds the tax administration and tells companies which criteria an audit will use.

The core principles

GoBD derives from §§ 145 ff. AO and § 239 HGB and translates their requirements into the digital world:

  • Traceability and verifiability — an expert third party must be able to reconstruct every business transaction in reasonable time
  • Completeness — no gaps; every receipt, every entry captured
  • Accuracy — records match the real-world facts
  • Timely posting — short temporal gap between transaction and entry (typically within a month)
  • Order — systematic, clearly organised capture
  • Immutability — subsequent changes must be detectable as such

What “audit-safe” means in this context

A system is audit-safe under GoBD when:

  1. Receipts are stored unchanged
  2. Every edit is logged (audit trail)
  3. Reproduction of records is possible at any time
  4. The data remains legible — even if the original software no longer exists

The last point is why formats like PDF/A are especially suited for long-term retention: they preserve visual rendering for decades.

Retention periods

Under § 147 AO:

Document typeRetention
Commercial and business letters, other records6 years
Invoices, books, inventories, balance sheets, accounting vouchers10 years

The period starts at the end of the calendar year in which the last entry was made or the document was created.

What tax auditors expect

During an external audit (Betriebsprüfung), the tax office may request three access modes (Z1/Z2/Z3):

  • Z1 – direct data access — the auditor works on the system
  • Z2 – indirect data access — the company runs evaluations on request
  • Z3 – transfer on data carrier — export, typically in the GDPdU/GoBD format (CSV plus descriptor file)

Companies that digitise in a GoBD-compliant way can serve these requests with reasonable effort. Those that don’t risk an estimation by the tax office — rarely in the company’s favour.

Digital invoices and GoBD

From 2025 the e-invoicing mandate and GoBD interlock:

  • An e-invoice (XRechnung/ZUGFeRD) must be retained in its original format — not as a printout or PDF export
  • A ZUGFeRD PDF/A-3 satisfies both worlds at once: machine-readable XML plus human-readable PDF, long-term archivable
  • A pure XRechnung XML must be stored in a technically or organisationally immutable way (WORM storage, signed archive, GoBD-certified DMS)

On top, long-term PAdES signatures and qualified timestamps are commonly used to prove immutability cryptographically.

GoBD-grade archiving with the Dokmatiq API

# Convert incoming invoice to PDF/A-3 and add a qualified timestamp
curl -X POST https://api.dokmatiq.com/v1/pdf/convert \
  -H "Authorization: Bearer $DOKMATIQ_KEY" \
  -H "X-Target-Profile: PDF/A-3b" \
  --data-binary "@incoming.pdf" | \
curl -X POST https://api.dokmatiq.com/v1/pdf/timestamp \
  -H "Authorization: Bearer $DOKMATIQ_KEY" \
  --data-binary @- \
  -o archived.pdf

The result is an archive-grade PDF/A-3 with a qualified timestamp. Combined with WORM storage or a GoBD-certified DMS, this forms a robust retention strategy.

Procedural documentation

An often-overlooked part of GoBD: every company must maintain a Verfahrensdokumentation — a written description of how the digital processes work, which systems are involved and how the GoBD principles are implemented concretely. Without it, even a technically correct system may be deemed incomplete during an audit.

Common pitfalls

  1. “Print the PDF and scan it back” is not enough — the original file is what counts, not the scan
  2. No email archive — business-relevant emails (including invoice attachments) are subject to the retention obligation
  3. No procedural documentation — one of the first questions a tax auditor raises
  4. “Cloud backup” ≠ “audit-safe” — immutability must be demonstrably guaranteed technically and organisationally

Ready to use it via API?

Get started for free. No credit card. 100 documents per month included.

Start for free Back to glossary