German GoBD Compliance
for Document Digitization — What Your Process Needs to Satisfy

What the GoBD Actually Requires

The GoBD — Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff — is not a standalone law. It is an administrative regulation issued by the Bundesministerium der Finanzen (BMF) that specifies how existing statutory obligations under the German Fiscal Code (Abgabenordnung, AO) and the Commercial Code (Handelsgesetzbuch, HGB) apply to digital record-keeping. The current version was published on November 28, 2019 (file reference IV A 4 – S 0316/19/10003:001), with amendments on March 11, 2024 and July 14, 2025.

The regulation translates two foundational legal provisions into practical rules:

• §147 AO — Tax retention obligation. Governs how long and in what form tax-relevant documents must be kept, and the conditions under which digital records replace paper originals.
• §257 HGB — Commercial retention obligation. Mirrors the AO for commercial law purposes, covering trading books, inventories, financial statements, and commercial correspondence.

Under Section 3, paragraphs 22–26 of the BMF letter, the GoBD establishes that electronic bookkeeping must satisfy the same principles as manual bookkeeping. These include Nachvollziehbarkeit (traceability — every transaction must be trackable from source to ledger), Wahrheit (truthfulness), Vollständigkeit (completeness), Zeitgerechtigkeit (timeliness), and critically, Unveränderbarkeit (immutability — once recorded, data cannot be altered without leaving an audit trail).

GoBD vs. E-Invoicing — a common confusion. The GoBD governs how records are stored, retained, and made accessible to tax auditors. E-invoicing (the mandatory structured electronic invoice under §14 UStG) governs how invoices are transmitted between businesses. The two intersect — an e-invoice must be archived GoBD-compliantly — but they are separate regulatory frameworks. For a complete overview of the e-invoicing mandate timeline and format requirements, see the e-invoicing compliance guide.

GoBD applies to every business that maintains books or records in Germany — from the solo freelancer running an Einnahmen-Überschuss-Rechnung (EÜR) to the GmbH with a full finance team. The framework does not exempt small businesses. What varies is the complexity of the documentation required, not whether the principles apply.

Digitization Protocol — Scan Quality, Timing, and Formats

Section 7 (paragraphs 130–140) of the 2019 GoBD letter explicitly permits ersetzendes Scannen (replaceable scanning) — the digitization of paper documents followed by destruction of the originals. This was a significant liberalization from earlier rules that required retaining paper originals alongside digital copies. Under the current framework, a properly executed scan carries the same evidentiary weight as the original paper document.

However, the permission comes with specific technical and procedural conditions:

Image Quality and Resolution

The digital copy must be bildlich übereinstimmend — pictorially identical to the original. All content must be legible and complete. The GoBD itself does not mandate a specific DPI or file format, but German tax auditors generally expect the following minimums based on the technical standard TR-RESISCAN (Technical Directive for Replaceable Scanning), which is referenced by many Finanzämter as the operational benchmark:

• 300 DPI for standard text documents with 10–12 pt font — this is the practical minimum for legible text and reliable OCR
• 400–600 DPI for small-font documents, thermal paper receipts (which fade over time), or originals with fine print
• Colour or grayscale — black-and-white scans are acceptable for text-only documents, but colour preserves stamps, signatures, and logo details that may be relevant during an audit
• PDF/A or TIFF as the recommended archival formats — JPEG alone is not considered revision-proof because it lacks audit-trail integration and degrades on recompression

Mobile phone photographs are explicitly permitted as a capture method since the 2019 GoBD revision (paragraph 130). A smartphone photo taken under good lighting conditions at the phone's native resolution (typically 12–48 MP, far exceeding 300 DPI at document size) satisfies the image quality requirement — provided the entire document is visible, not cropped, and the text is readable. The photo then enters the same archiving and audit-log workflow as a scanner-produced file.

Timeliness — The 10-Day Rule

The GoBD requires that documents be recorded zeitgerecht — in a timely manner. In practice, German tax authorities expect digitization and recording within 10 business days of document receipt. Cash transactions must be recorded daily. This is not an explicit statutory deadline but a long-standing interpretation by the Finanzverwaltung that auditors apply consistently. Documents accumulated for weeks and batch-digitized at month-end risk being flagged as untimely during a Betriebsprüfung.

Original Document Disposal

Once a document is digitized in compliance with GoBD requirements, the paper original may be destroyed — with three exceptions:

• Documents with special evidentiary value — signed contracts where the original signature's physical characteristics (ink type, pressure marks) might be contested
• Documents required by other laws to be kept in original form — certain customs or export documents
• Until the Verfahrensdokumentation is completed — if your process documentation does not yet cover the digitization workflow, you cannot destroy originals

In most day-to-day cases — invoices, receipts, payslips, delivery notes — compliant digitization followed by paper destruction is fully permitted.

Retention Periods by Document Type

A major legislative change took effect on January 1, 2025. The Bürokratieentlastungsgesetz IV (BEG IV) reduced the retention period for accounting vouchers (including invoices, booking receipts, bank statements) from 10 years to 8 years for documents whose retention period begins after December 31, 2024. Older documents retain their original 10-year period. The current retention landscape is as follows:

The retention period begins at the end of the calendar year in which the document was created or received (§257(4) HGB, §147(3) AO). An invoice dated March 15, 2026 enters retention on December 31, 2026 and must be kept until at least December 31, 2034 (for the shorter 8-year class). If a tax audit is ongoing, the retention period extends automatically until the audit concludes — documents under audit review must never be destroyed.

The Verfahrensdokumentation — Your Audit Shield

If there is one GoBD requirement that causes the most trouble during tax audits, it is the Verfahrensdokumentation (process documentation). Section 10 (paragraphs 152–154) of the GoBD letter requires every business using digital record-keeping to maintain a written description of its IT-supported processes for handling tax-relevant data. This is not optional. Tax auditors routinely request it as the first document in a Betriebsprüfung, and its absence is grounds for challenging the completeness of the entire digital bookkeeping.

A compliant Verfahrensdokumentation covers five areas:

The Verfahrensdokumentation must be treated as a living document. Whenever a system or process changes — new software introduced, scanner replaced, workflow redesigned — the documentation must be updated and versioned. A common finding in audits is a documentation that describes processes from three years ago that no longer match current operations. That gap alone can cause auditors to reject the documentation as unreliable.

How AI Document Extraction Fits Into a GoBD-Compliant Workflow

AI-based document extraction — tools that read invoices, receipts, and contracts and output structured data — can be part of a GoBD-compliant workflow, provided the architecture addresses GoBD's core principles. The key is understanding which steps in the extraction process implicate which GoBD requirements.

Three specific GoBD principles intersect directly with AI extraction:

Nachvollziehbarkeit (Traceability)

For an extracted data point to be traceable, you must be able to map it back to its source location in the original document. This means the extraction tool must preserve a link between each output field and the corresponding region on the original document. Custom Column Extraction — where you define the fields you want (invoice number, date, total, supplier name) and the AI locates each value by semantic understanding — supports traceability by design: the output is structured, each column has a defined purpose, and the source document is retained in the archive. The extracted data supplements the original document; it does not replace it.

Unveränderbarkeit (Immutability)

The original document must remain unchanged after ingestion. A tool that processes documents transiently — the AI reads the document, returns extracted data, and triggers deletion of the original from the processing pipeline — naturally satisfies this requirement. The original file goes directly into the revision-proof archive (immutable storage with checksums and timestamps), while the extraction process operates on a transient copy that is discarded after processing. This separation prevents the extraction process itself from altering the archived record.

Verfahrensdokumentation for Extraction Tools

If you use an AI extraction tool as part of your document processing chain, that tool must be documented in your Verfahrensdokumentation. Specifically, your documentation should describe: what the tool does (field extraction, data validation), how it integrates with your archiving system, where data is processed (server location, cloud provider), what happens to the data after extraction (deletion timeline), and how extraction accuracy is verified and corrected. The extraction tool itself becomes part of the documented procedure — it is not a black box that exists outside your compliance framework.

Note that extraction tools are subject to GDPR requirements when they process documents containing personal data (employee names on payslips, contact details on invoices). For a detailed walkthrough of Article 4(2), Article 28, and Article 17 obligations, see the GDPR compliance guide for AI document extraction. The two regulations — GoBD (record-keeping integrity) and GDPR (personal data protection) — operate in parallel, and a compliant workflow must satisfy both.

Practical GoBD Compliance Checklist

Use this checklist to verify that your document digitization workflow meets GoBD requirements. Each item maps to a specific section of the BMF letter or legal provision.

Frequently Asked Questions

Can I use my smartphone to scan receipts for GoBD compliance?

Yes. The 2019 GoBD revision explicitly permits mobile scanning (paragraph 130). A smartphone photo of a receipt satisfies the image quality requirement provided the document is fully visible, the text is readable, and the photo is taken in colour at the phone's native resolution. The photo must then enter the same revision-proof archiving workflow as a scanner-produced file — storing it in the camera roll is not sufficient.

How does the BEG IV 2025 change affect my existing documents?

The retention period reduction from 10 to 8 years for accounting vouchers applies only to documents whose retention period begins after December 31, 2024. An invoice dated March 2023 is still subject to the 10-year period — it cannot be destroyed in 2031 simply because the new rule exists. The 8-year period applies to documents whose retention period starts on or after January 1, 2025 (i.e., documents received or created in 2025 onward).

Is AI-powered data extraction GoBD-compliant?

AI extraction is GoBD-compliant when the tool is designed to work within the framework. The key requirements are: the original document must be preserved unchanged in the archive (Unveränderbarkeit), the extracted data must be traceable back to its source in the document (Nachvollziehbarkeit), and the extraction process itself must be documented in your Verfahrensdokumentation. Tools that process documents transiently — reading them and returning data without retaining the originals in the processing pipeline — align naturally with these principles. The tool also needs a documented data retention policy, and if it processes personal data, a GDPR-compliant Data Processing Agreement.

Which businesses must comply with GoBD?

Any business in Germany that maintains books or records — including freelancers, sole proprietors, tradespeople, and corporations — must comply. The GoBD applies regardless of legal form, business size, or revenue. Even a simple Einnahmen-Überschuss-Rechnung (EÜR) falls under the GoBD's scope. The documentation burden scales with complexity — a solo freelancer's Verfahrensdokumentation can be a few pages, while a GmbH with multiple departments needs a more detailed document — but the underlying obligations apply equally.

Can I use cloud-based accounting software and stay GoBD-compliant?

Yes. Since the 2019 GoBD revision, cloud-based systems (SaaS) are explicitly treated as equivalent to on-premise installations (paragraph 1.11). Your cloud provider's data processing agreement, server location, and security certifications must be documented in your Verfahrensdokumentation. If the servers are outside Germany, verify that §146(2a) AO requirements for data access are satisfied, including the ability for German tax authorities to access the data during an audit.

What happens if my digital bookkeeping is found to be non-compliant?

The tax auditor may deem the bookkeeping as not ordnungsgemäß (proper). Under §158 AO, this shifts the evidentiary weight against the taxpayer. The Finanzamt may perform a Hinzuschätzung (addition of undeclared income based on estimated figures) or, in cases of serious deficiencies, a Vollschätzung (full estimation of tax bases). These can result in substantial additional tax assessments plus interest under §233a AO. For this reason, investing in a compliant setup before an audit is far less costly than defending a non-compliant one during one.