fiskaly.

Third-party vs self-certification in European fiscalization: France reignited the debate

Rocío Arquiola, Fiscalization Expert Spain
Rocío ArquiolaFiscalization Expert Spain
10 min read

France reopened the discussion and the rest of Europe is watching

European fiscalization regulations differ by country and enforcement models. While some tax authorities require third-party certification of POS software or security components, others permit vendor self-attestation through formal declarations. France just poured fuel on a conversation that both POS vendors, software providers and authorities across Europe have been having for years: should fiscal compliance rely on vendor self-attestation, or on independent third-party certification?

With the French Finance Act changes, self-attestation (“attestation individuelle de l'éditeur”) stopped being a valid way to prove POS compliance as of February 16, 2025. The French tax authorities granted a tolerance period until August 31, 2025, for operators to sign contracts with certifying bodies, before September 1, 2025, and a full certification is expected thereafter, before September 1, 2026. The POS certification process must be conducted by an accredited body such as LNE or InfoCert (NF525), to ensure the ISCA requirements (Inalterability, Security, Conservation, Archiving) are met by all POS systems in France.

What makes this especially interesting is that the discussion is still alive politically: a French Senate amendment proposal aims to reintroduce the editor's individual attestation option alongside certification. That “stop–start” dynamic is exactly why this topic matters for software vendors: your regulatory path in France can become a moving target, affecting product strategy, timelines, costs, launch and even customer retention.

Let's look at how key European countries approach this, and what it really means for vendors.

A snapshot of fiscal certification models across Europe

🇫🇷 France: from the end of self-attestation to mandatory certification… or not?

Fiscalization in France has historically allowed POS software publishers to self-attest compliance with anti-fraud requirements. That option has now been removed, with a transition period in place and third-party certification becoming the default path forward from August 31st 2026 onwards. Even though political discussions continue, the current direction signals a clear preference for external validation over vendor declarations. But the debate is still open, they could still bring self-attestation back to the table.

  • What third-party certification means for vendors in France: of course, higher upfront effort and costs, but clearer conformity signals for customers and reduced long-term legal and fiscal ambiguity. If you need some help with your POS software certification for France, either to get certified with LNE or InfoCert (NF525 certification), let us know here. We’ll be happy to support you.

🇩🇪 Germany: certified security modules, not certified POS systems

Germany's KassensichV framework does not certify POS systems itself. Instead, it mandates the use of a certified Technical Security System (TSS) that cryptographically secures transactions. Compliance is achieved through correct integration with these certified components and adherence to reporting and data-export rules. In any case, POS providers must either obtain the certification themselves or integrate a KassensichV-certified partner like fiskaly.

  • What it means for POS vendors and retailers in Germany: the certification process burden (high cost, long processes, technicalities…) sits in the security layer. Integration quality and operational compliance matter more than formal POS approval.

🇪🇸 Spain: self-certification process at national level, with strong accountability

Spain's national Verifactu system relies on a self-certification model, where software providers issue a responsible declaration (declaración responsable) stating conformity with technical and legal requirements. Enforcement is backed by audits and significant penalties, and deadlines for taxpayers have recently been extended to 2027, but it is already mandatory for point of sale software vendors to provide compliant software to new customers or when releasing new versions of their system, starting July 2025.

At the same time, regional regulations like TicketBAI (Basque Country) follow the same model, where software vendors must be registered through self-attestation with the respective tax authority.

  • What it means for POS vendors in Spain: flexibility and faster rollout at national level, but high legal responsibility and the possibility to face really high fines (shared between POS vendors and their customers). The challenge: software vendors must stay up to date with constantly changing regulatory requirements from the tax authorities (5 different public entities in Spain). That's why integrating a compliant API that supports different legislations across the country like SIGN ES is highly recommended.

🇮🇹 Italy: from certified hardware to certified software

Italy has long enforced fiscalization through approved fiscal hardware devices (RTs). This is now evolving: from 2026 onward, certified software-based fiscal solutions will be allowed as an alternative. In fact, fiskaly is one of the few early-access providers participating in the official pilot phase, a critical milestone in the software certification process for cloud solutions. However, even as they open the door to a more modern and flexible fiscalization model—shifting from hardware to cloud—the certification and approval by the tax authority remain essential. Self-attestation is not part of the model.

  • What it means for POS vendors in Italy: strong regulatory certainty and security, but limited room for experimentation without formal approval. Also, at least for now, cloud-based fiscalization software certification is only accessible to a few players in the market. The process is long, costly, and requires strong technical expertise. That’s why integrating an already certified solution—like SIGN IT will soon be—is highly recommended.

🇵🇹 Portugal: tax authority-certified billing software

Portugal is one of the clearest examples of mandatory tax authority certification for billing and invoicing software. Only certified solutions can be used, and compliance is tightly linked to invoice identifiers, QR codes, and reporting obligations.

  • What it means for POS vendors in Portugal: certification is not optional and it becomes a commercial prerequisite. This implies a longer market entry, but it also ensures a higher system security. If you’re interested in the Portuguese market and are not familiar with ATCUD, QR codes, digital signatures, or UBL 2.1/CIUS-PT, you’d better read this article to find some answers.

🇸🇪 Sweden: self-declared POS, certified control units

Sweden follows a hybrid model: cash registers must include a manufacturer’s declaration confirming compliance, but every setup must connect to a certified control unit that secures transaction data. Once certified, cash registers and control units must be registered online with the Swedish tax authorities (Skatteverket) through their online portal.

  • What it means for POS vendors in Sweden: Sweden doesn’t require hardware-only setups; control units can also be certified cloud solutions via API, as long as all functional and security requirements are met. This provides more flexibility at the POS layer, but non-negotiable security infrastructure requirements. A win-win situation.

🇵🇱 Poland: government-approved fiscal solutions

Poland relies on government-approved fiscal devices. Cash registers must be certified before entering the market. Both the hardware and the software are examined by the fiscal authorities, Poland’s Central Office of Measures. Compliance is achieved by using approved models and following strict activation and reporting rules. 

  • What it means for POS vendors in Poland: no room for self-attestation; compliance is enforced through approved fiscal mechanisms, either hardware or cloud-based.

🇧🇪 Belgium: certified systems by design

Belgium's GKS fiscalization system (for HoReCa industry) combines certified cash register systems, connected to a Fiscal Data Module (FDM) and a Virtual Smart Card (VSC). In this case, compliance depends a lot on hardware, operating within a clearly defined, authority-approved ecosystem.

  • What it means for POS vendors in Belgium: compliance is binary: you are either certified and market-ready, or you are not. High security standards help ensure system quality and accurate data recording.

Self-certification vs third-party certification: the real implications of the certification process for POS vendors

Choosing (or being subject to) one model over the other is not a regulatory detail: it also shapes how fiscal solutions are built, sold, and maintained.

﹟1. Speed to market vs regulatory stability

  • Self-certification allows faster launches, more frequent releases and usually lower upfront costs. Third-party certification adds lead time (audits, test cycles, re-tests after changes), but it can also create a predictable gate that reduces uncertainty for customers.
  • When it’s not regulated, the choice is yours: move fast or plan for consistency.

﹟2. Depth of checks before going live

  • With self-attestation, the robustness of POS compliance checks depends largely on the vendor’s internal processes and implementation. External software certification introduces independent verification before production use, reducing blind spots. In the context of fiscalization, this helps reduce errors, avoid fines, and minimize the risk of getting complaints or losing active customers.
  • Risk: issues discovered post-deployment are always more expensive.

﹟3. Legal exposure and fines

  • Self-certification concentrates liability on the software provider: if something is wrong, you signed the declaration. The certification does not eliminate liability, but it does provide a strong compliance artifact and shared accountability in some cases.
  • Reality: audits almost always happen after systems are live, so if you get them checked before by an external entity or authority, you’ll be reducing risks.

﹟4. Risk of sudden regulatory change

  • The example of France shows how quickly the rules can change. A market built on self-attestation can suddenly require certification, forcing vendors into emergency compliance projects and putting customer relationships at risk. 
  • Certification processes with external agencies rarely start instantly, that means your go-to-market timeline with a certified solution won’t depend solely on you, so it’s important to plan ahead to avoid service disruptions.
  • Key lesson: regulatory reversals hurt most when compliance is “lightweight”.

﹟5. Customer trust and procurement dynamics

  • For many merchants, especially enterprise customers, certification is easier to trust than a self-declaration. Certified POS solutions often face fewer procurement hurdles and shorter sales cycles. 
  • Commercial impact: the certification can become a competitive advantage. We’ve seen it in markets like Germany: the customers who moved early with certification gained the largest market share.

﹟6. Cybersecurity and data integrity

  • Fiscalization systems handle very sensitive transaction data. Third-party certification often enforces minimum security and integrity standards, while self-certification relies on vendor maturity.
  • Reputational risk: a fiscal data breach is never just a tax issue. Take this into account before making a decision.

﹟7. Product architecture and scalability

  • Self-certification favors fast evolution. Certification usually favors stable, modular architectures, where regulated components are isolated from fast-changing features.
  • Best practice: separate the regulated core from the commercial POS layer. This can be achievable by integrating specialized fiscalization APIs like our SIGN services into your POS systems to help you comply.

Final takeaway: compliance models shape markets — not just software

Europe is aligned on the goal of fiscalization, but not on the method. Some countries trust vendors — others trust certifications — and many are tightening controls over time.

For POS vendors, the real challenge is not choosing sides, but designing solutions that can survive regulatory shifts. France’s recent move is a reminder that fiscal conformity strategies must be resilient, not just compliant.

At fiskaly, we believe fiscalization should be secure, scalable, and future-proof — regardless of whether a country requires certification, self-attestation, or something in between.

Need a strong partner?

  • Understanding complex requirements can be tricky. fiskaly helps businesses and software providers to simplify compliance through easily integrated cloud-based solutions and expert technical support.
  • Over 1,600 customers trust our fiscalization solutions.

Optional

Optional

fiskaly.
 blog

3 min read

Self-Attestation for POS in France: What changes and how to stay safe

France may reintroduce self-attestation for POS software, replacing mandatory third-party certification. While this simplifies administration, strict technical requirements remain unchanged and legal responsibility shifts to publishers. Whether you choose self-attestation or LNE/INFOCERT certification, fiskaly is your reliable compliance partner—ensuring security, audit readiness, and peace of mind in every scenario.

Read post