fiskaly SIGN FR

Introduction

fiskaly SIGN FR is a cloud-based fiscalization solution for the French market, designed to help POS providers comply with Article 286 of the French General Tax Code (Code Général des Impôts, CGI). The service addresses the mandatory conditions of inalterability, security, conservation, and archiving of cash register data through signing, journaling, and archiving functionalities. SIGN FR is fully integrated with the fiskaly SAFE service for archiving and is compatible with the optional fiskaly Certification Support France (CONSULTING) service. The solution is accessed via a RESTful API and managed through the fiskaly HUB.

Service Description

fiskaly SIGN FR, together with SAFE and the optional CONSULTING service, provides a comprehensive framework for French fiscalization compliance. Key aspects include:

Signing: Cryptographic signing of all data required by French legislation (Article 286 CGI), with chaining of signatures for authenticity and traceability.
Journaling: Continuous, chronological signing of transactions and fiscal data, exposing any attempts to delete, alter, or back-date data.
Archiving (via SAFE): Secure long-term storage of fiscal data with 7-year retention support, full data export functionality for auditing and compliance, stored in certified Google Cloud data centers in Germany.
Consulting (optional): In the case of a certification with a third-party agency, initial certification documentation, certification and audit support, including presence during in-person audits with InfoCert or LNE, and ongoing compliance assistance.

The service is available in both LIVE and TEST environments, with free testing for developers. However, data retention on TEST is not guaranteed for longer than 1 year — only LIVE is intended for production use.

📘Note

fiskaly’s scope of services does not include: integration into recording systems; development of individual solutions or adaptations; training services; provision of internal documentation (except public integration instructions and API descriptions via workspace.fiskaly.com); data transfer services between the API and the END CUSTOMER’s IT systems; storage of data beyond the three (3) month period; support and assistance services not expressly specified in the contract; or other products of fiskaly.

Functionalities

SIGN FR Core

Secure data signing: Fiscal data is signed with cryptographic mechanisms to ensure inalterability, security, and conservation, achieved through mechanisms for data authenticity and integrity.
API-driven data provision: Fiscal data is provided via the API by the Customer. The Customer sets up Organizations, Subjects, Taxpayer, Location, and Systems to perform Records, as described in the API documentation and integration instructions.
Chronological journaling: The signing mechanism links each record cryptographically to the preceding one, preventing deletion or alteration. All data forming the basis for calculating the hash algorithm/condensate and the electronic signature — for invoices, receipts, proofs of payment, duplicates, and grand totals — is included.
Grand totals and closings: Calculation and management of grand totals, daily closings, monthly closings, annual closings, and cumulative sums in accordance with French fiscal requirements.
Signature format: The signature is encoded as Base64URL.
Audit-ready data: fiskaly SIGN FR provides tamper-proof cloud logs, making data audit-ready. All user actions — such as file uploads, access, views, and exports — are logged and cryptographically hashed for full transparency and auditability.

SAFE Core (integrated)

Compliant archiving: SAFE supports the compliant archival of electronic accounting records. Data is archived in certified Google Cloud data centers in Germany, stored in an open format. The following data categories are archived:
- Transaction data (requirement n°3).
- Corrective data (requirement n°4).
- Test/school mode data (requirement n°5).
- Cumulative and summary data (requirement n°7).
- Traceability data for printing/reprinting of receipts (requirement n°9).
- Traceability data for data purging, archiving, and restoration operations (requirement n°15).
- Traceability data for POS data transmission to the centralization system (requirement n°18).
Traceability: SAFE provides traceability and allows the user to export fixed and time-stamped cash data.
Access: The Customer can, at any date, access or generate archives for any past period of less than 7 years via HUB or API.
Consistency: The data contained in the archive is consistent with the original data in the cash register system, as sent by the Customer.
Reliability: SAFE provides a reliable mechanism to ensure and verify data integrity, even after the Customer has stopped using the cash register system.
Security: SAFE utilizes an audit mechanism that writes an audit log for every operation in the system. There is an independent audit trail for each organizational unit. The audit logs are chained together using a cryptographic hash.
Data export: Supports full data export for auditing and compliance. Customers can search and retrieve data directly from the HUB or via API.

CONSULTING Core (optional)

Documentation: The service includes certification documentation for fiskaly-related parts, comprising: (1) General design file, (2) Functional specifications file, (3) Technical architecture file, (4) Organizational file, (5) Maintenance file, (6) Operating file, and (7) User file.
Certification and audit support: The service includes recurring support on API integration combined with advising on the Customer’s documentation work, proof-reading of the English version of the Customer’s documentation (documentary admissibility review phase, prior to initial assessment audit), fiskaly’s presence during the initial in-person audit with InfoCert or LNE, and assistance for continuous compliance with future fiscal regulation updates (certification is valid yearly).

System Requirements

A valid contractual relationship with fiskaly.
An internet connection for integration and operation.
Integration of the SIGN FR API into the Customer’s POS system, per fiskaly documentation and integration guides.
A compatible POS system capable of providing all necessary data for signing, journaling, and archiving.
Customer-specific API credentials or an authorized user at the fiskaly HUB.

Maintenance and Support

fiskaly is committed to maintaining and updating SIGN FR and SAFE. fiskaly undertakes to maintain and update the Service with a view to supporting its security, availability, and ongoing alignment with applicable CGI requirements; however, the Customer remains responsible for implementing required updates, migrations, and integration changes on its side. The service is versioned according to semantic versioning; significant changes resulting in new major releases will be documented. Maintenance activities may result in the temporary outage of the service. As far as possible, these activities shall be announced at least two (2) weeks in advance; emergency maintenance activities may deviate from this. fiskaly provides assistance to customers via the fiskaly support portal (support.fiskaly.com).

Testing

fiskaly provides a TEST environment for both SIGN FR and SAFE. The TEST environment is fully functional with the same properties as the LIVE system. New versions are available in the TEST environment before LIVE release. Free testing is available for developers. fiskaly is not responsible if real data is provided in the TEST environment.

Service Limitations

SIGN FR and SAFE do not provide any semantic validation of the data; completeness and correctness are the sole responsibility of the Customer.
Changes in applicable laws and regulations may result in significant changes to the service at any time, reflected in major releases.
fiskaly aims to limit major releases to at most one per year, but time-critical regulatory changes may require more frequent updates.
The Customer is responsible for all POS-level obligations under French CGI (see Customer Obligations).

Customer Obligations

The comprehensive nature of SIGN FR and SAFE relies on its interplay with Customer responsibilities to ensure compliance with French CGI requirements. The following obligations apply.

General POS-level compliance obligations (Customer’s responsibility)

The Customer is responsible for integrating the API into its POS system, staying updated with new major releases, and ensuring that each relevant business transaction is transmitted in a timely and continuous manner. However, the Customer must ensure that they only use versions for which they have been certified. fiskaly may already be providing new versions of the API that the customer is not (yet) permitted to use due to a lack of certification updates. The Customer is also responsible for ensuring that the information on receipts is consistent with the recorded cash data. The following requirements fall within the responsibility of the Customer or the Customer’s POS system:

General obligation: Any VAT-taxable person supplying goods/services to private customers and recording payments with a cash register system must use a system satisfying the conditions of inalterability, securitization, conservation, and archiving of data for tax control. This applies to all software with cash functionality, including internally developed software.
Documentation (n°1, 2): The POS system must be documented in terms of design, operation, maintenance, and use, with regulatory documents in French. Additional technical documentation may be in French or English.
Data recording (n°3): The POS system must record all cash data related to transactions and settlements — including document header data (unique identifier, document number, type, date/time, references to other documents), issuer data (name, address, SIRET/SIREN, NAF/APE, VAT number, legal form), customer data (professional/individual distinction, identification numbers, delivery address), line item details (product code, description, quantity, unit price excl./incl. VAT, discounts, VAT rate), and payment information (payment method, amount, foreign currency). All cash data must be stored as elementary data in hard, non-volatile memory.
Corrections (n°4): Corrections must be made via “plus” and “minus” transactions — not by direct modification of original cash data. All correction operations must be recorded and their inalterability guaranteed.
Test/school mode (n°5): Data generated in test or school mode must be recorded and secured like actual cash data but explicitly identified as such. The manager’s identifier and all operations within this mode are part of cash data. Vouchers issued must be marked “dummy” or “simulation,” and the mode must be visible on the system’s display.
Securing supporting documents (n°9): The POS must distinguish receipts issued before/after payment, mark reprinted receipts as “duplicate,” ensure secure traceability of printouts and reprints (physical and electronic), ensure consistency of receipt information with recorded cash data, display “offline” mode on exports for centralizing systems, and display the applicable certification mention (LNE or Infocert) on tickets.
Purging (n°13, 14): If the POS has a purge function, an archive of all purged data must be generated and retained beforehand. Cumulative/summary data and transaction tracking data must never be purged.
Traceability of operations (n°15): The POS must ensure secure traceability of archiving, purging, and restoration operations (timestamp and POS identifier), traceability of printouts and reprints (with reprints marked “duplicate”), and traceability of POS data transmission to a centralizing system — including completeness during disconnections or offline modes.
Data retention (n°16, 17): Cumulative/summary data and traceability data must be kept within the system itself. Other cash data may be stored in the system or archive. The system must protect against physical storage failure or warn the user of their responsibility to retain data for 7 years. Archives must guarantee integrity and availability for 7 years.
Centralizing system (n°18): If data storage is centralized, the POS must provide a reliable data transfer mechanism ensuring completeness even with disconnections. Offline mode use must be limited, specified, documented, and notified to the user.
Tax administration access (n°19): The POS must provide tax authorities access to all recorded cash data and an automated means to verify its integrity. A French user manual detailing data access and integrity verification tools must be provided.
Fiscal scope and versioning (n°20, 21): The editor must clearly define and exhaustively list the fiscal perimeter (source code files, libraries, modules impacting compliance). The POS must be identified by major and minor version numbers, easily accessible from the user interface. Modifications affecting compliance must increment the major version number. The publisher must provide the footprint of each major release.

Customer obligations specific to SIGN FR

Responsible for activation, deactivation, and configuration of the service.
Must provide all relevant fiscal data, according to the law, via the API in the format and schema specified by fiskaly.
Must implement and send all technical cash register events (JET events), which apply to them, according to the law, and which cannot be controlled by fiskaly.
Must ensure proper API integration and timely, continuous transmission of each relevant business transaction.
Must provide all necessary data during a fiscal audit based on French regulations.
If using offline mode: Must ensure that, when implementing and using offline mode, you comply with legal requirements and fiskaly’s guidelines.

Customer obligations specific to SAFE

Responsible for activation, deactivation, and configuration of the service.
Must individually define the storage period for archived artifacts.
Must provide all relevant fiscal data, according to the law, via the API in the format and schema specified by fiskaly.
Must provide cumulative and summary data to be archived if the cash register system is changed.
Must ensure each archive covers no more than one year or one fiscal year.
Must ensure that archived data is consistent with the original data in the cash register system and provides a reliable, medium-independent mechanism to verify its integrity — even after the Customer has stopped using the system.
Must provide all necessary data during a fiscal audit based on French regulations.
Retrieval and verification: Exports generated by the Customer must be retrieved, retained, and submitted to the competent tax authorities if required.

Customer obligations specific to CONSULTING

Must provide fiskaly with all technical, operational, and organizational information reasonably required for the consulting engagement, in a complete, accurate, and timely manner.
Must ensure the accuracy and completeness of all information, documentation, and data supplied to fiskaly, and promptly notify fiskaly of any changes to systems, processes, or organizational structures relevant to certification or audit requirements.
Must grant fiskaly and its authorized consultants reasonable access to personnel, documentation, and systems, and make responsible employees available for meetings, interviews, and follow-up clarifications.
Must implement fiskaly’s recommended corrective or preventive actions in a timely manner to achieve or maintain certification and compliance, and adhere to fiskaly’s instructions related to certification preparation and audit support.
Must maintain and preserve records of all documents relevant to the certification or audit process — including fiskaly’s consulting outputs and implementation evidence — for the legally prescribed retention period.
Allocated consulting hours and days are to be used solely for initial certification and subsequent annual audit support; unused hours/days expire at the end of the calendar year without compensation.
Consulting days must be requested and scheduled with fiskaly at least four (4) weeks in advance. Use for purposes other than certification or audit support requires fiskaly’s prior written approval.

Version: v.1 | Last updated: 2026/03/24

Was this page helpful?