The 10 GoBD principles with practical implementation tips
The GoBD define ten principles that every business must follow for electronic bookkeeping and archiving. What sounds abstract has concrete consequences in practice: during a tax audit, the tax authority systematically checks whether these principles have been implemented.
This checklist explains each of the ten principles, shows the practical implementation, and identifies common mistakes businesses should avoid. It concludes with a summary on preparing for tax audits.
What each principle means in practice and how to implement it
What does this mean? Every business transaction must be fully traceable from its origin through posting to archiving. A knowledgeable third party must be able to understand the entire process within a reasonable time.
Practical implementation: Use a consistent numbering system for invoices and receipts. Ensure that every posting can be linked to a document (document principle). Document the entire process from capture to archiving.
Common mistake: Invoices are created without sequential numbers, or receipts are assigned retroactively without documentation.
What does this mean? The tax authority must be able to audit the bookkeeping and archiving at any time. This includes both access to the data and the ability to evaluate it electronically.
Practical implementation: Provide electronic access to the archive system during tax audits (Z1 access: read-only, Z2 access: machine evaluation, Z3 access: data carrier transfer). Ensure export functions for GDPdU/GoBD-compliant data carriers are available.
Common mistake: The archive system offers no export function, or the auditor is not granted access to the system.
What does this mean? All documents subject to retention requirements must be captured and archived without gaps. No business transactions may be missing, and no documents may be deleted.
Practical implementation: Implement automated import mechanisms (hot folders, email import) and define clear processes for manual capture. Conduct regular completeness checks.
Common mistake: Emails with tax-relevant attachments are not archived, or individual invoices slip through the process.
What does this mean? Business transactions must be represented truthfully and factually correctly. The archived documents must correspond to the actual events.
Practical implementation: Implement plausibility checks during data capture. Use the four-eyes principle for critical postings. Ensure that archiving stores the original document unchanged.
Common mistake: Documents are edited before archiving (e.g., notes added) without preserving the original separately.
What does this mean? Business transactions must be captured and posted promptly. The GoBD require "timely" recording, which generally means "within ten days". Cash transactions must be recorded daily.
Practical implementation: Define binding deadlines for document capture. Use automated import processes (hot folders, email archiving) to minimise delays. Document why a delayed capture was justified.
Common mistake: Invoices pile up on desks for weeks before being captured. Or: documents are retroactively archived for the entire year at year-end.
What does this mean? Bookkeeping and archiving must be systematically and clearly structured. A knowledgeable third party must be able to navigate the system within a reasonable time.
Practical implementation: Use a consistent folder structure and indexing in the archive system. Define uniform naming conventions for document types. Use metadata and categorisation for systematic filing.
Common mistake: Documents are filed without a consistent structure in a single folder, or indexing is inconsistent.
What does this mean? Once archived, documents and postings must not be subsequently altered or deleted. Corrections are only permissible through new postings (reversal + new posting) that keep the original content identifiable.
Practical implementation: Use an archive system that protects documents against changes after storage, using hash values, write protection, and versioning. Ensure that even administrators cannot delete documents.
Common mistake: Documents are stored on a file server where any user with write permissions can modify or delete files.
What does this mean? Archived data must be machine-searchable, filterable, and evaluable. The tax authority must be able to perform its own evaluations during a tax audit.
Practical implementation: Perform OCR text recognition on all documents. Provide structured export options (CSV, XML, IDEA). Ensure that metadata such as date, amount, and business partner are captured electronically.
Common mistake: Scanned documents are archived as pure image files without OCR. Or: the system offers no export function for the auditor.
What does this mean? Archived data must be protected against loss. This includes regular backups, protection against physical damage (fire, water), and protection against cyber attacks.
Practical implementation: Implement a 3-2-1 backup strategy: 3 copies of the data, on 2 different media types, with 1 at an off-site location. Regularly test the recoverability of backups. Document backup procedures.
Common mistake: Backups are created but never tested for recoverability. Or: all data copies are located at the same physical site.
What does this mean? Every business must create written documentation describing the entire IT-supported bookkeeping and archive system. The procedural documentation must be detailed enough for a knowledgeable third party to understand the system.
Practical implementation: The procedural documentation comprises four components:
Common mistake: The procedural documentation does not exist, is outdated, or does not describe the system actually in use. Many businesses underestimate this point, yet it is often the first thing checked during tax audits.
Practical tip: Start with a simple procedural documentation and expand it gradually. An incomplete document is better than none at all. Update the documentation with every system change or process modification.
What the auditor expects and how to prepare
A tax audit is not a surprise visit — it is usually announced. Nevertheless, businesses should be permanently prepared, because GoBD compliance is not a one-time measure but an ongoing process.
The auditor will typically check the following points:
Businesses that systematically implement all ten GoBD principles have nothing to fear during a tax audit. On the contrary: professional, traceable archiving significantly shortens the audit duration and avoids costly objections.
Docuflair Archive fulfils all 10 GoBD principles: immutable archiving in PDF/A format, OCR full-text search, complete audit trail, and export for tax audits. Fully on-premises.
Answers to the most important questions about GoBD-compliant archiving
The 10 GoBD principles are: 1. Traceability, 2. Verifiability, 3. Completeness, 4. Accuracy, 5. Timely recording, 6. Orderliness, 7. Immutability, 8. Machine readability, 9. Data backup, 10. Procedural documentation.
In case of a GoBD violation, the tax authority can reject the regularity of the bookkeeping. This leads to the authority making its own estimates of the tax base — often significantly to the detriment of the business. Additionally, fines and criminal consequences may apply in cases of intent.
Yes. Every business that uses electronic bookkeeping or archiving needs procedural documentation. It describes the IT system used, work instructions, internal controls, and technical-organisational measures. Without it, the bookkeeping is formally not GoBD-compliant.