Is your business based in Switzerland and are you already using CiRRUS? Then you’re all set! If you run a business in the EU and without CiRRUS, you have probably asked yourself already what you are going to do with your outdated POS.
The tax authorities aim to prevent VAT losses
You customers pay statutory VAT on purchases and services into your POS. Easy for the tax authorities and you. You are also not obliged to purchase electronic POS. You can therefore also put all of your takings into an unsecured cash register such as a hat box, cigar box, or money bag.
But even the most diligent person can make mistakes if the conditions are difficult. Things could get bewildering, for example, if you customers buy coffee from you: you properly input coffee beans, powder and pads with a reduced VAT rate. If you brew the coffee, you record the full VAT. But if you hand the brewed drink to your customer, you have to record the reduced VAT rate again. Confused? Fortunately, Latte Macchiato is subject to the reduced rate at all times, no matter where and when it is being enjoyed. But only if its milk content is at least 75%, otherwise the full VAT rate kicks in again. It’s not surprising that the tax authorities want to monitor your business activities and check if you get everything right and as specified. If you wish to hang on to your unsecured cash register or your favorite steam-powered cash box, you shouldn’t be surprised if the tax authorities regard you with suspicion or, at worst, estimate your takings. The EU loses EUR 170 billion each year in VAT income, which corresponds to approximately 25% of its budget income. It’s therefore not surprising that ordinances have been put into place that aim to make it more difficult to delete income in order to evade taxes.
Soon to be obligatory: manipulation-proof POS
Soon you will have to record all transactions relevant to VAT in a manipulation-proof manner and store them for 10 years: complete, accurate, on time and individually numbered. If a tax inspector visits, you must provide this data on a data carrier of your choice within a reasonable period.
You will find it practically impossible to comply with these demands from the tax authorities even if you have just a low transaction volume. In the future, you will no longer be permitted to compile your individual entries in one daily or monthly cash report. In other words, you will have to list each individual entry with its applicable VAT rate in a clear and traceable manner. Fish is another difficult subject for the tax authorities, by the way: in oil, there is no deduction, pressed into a tin there is, but if it’s smoked VAT applies in full.
You may be able to just about manage such itemized cash reports with your electronic POS or standard table calculation programs and a bit of aptitude. However, after your next New Year’s Eve party, another super-tough ordinance will be coming into effect: from that point onward, it becomes compulsory to use “manipulation-proof POS” in your business at all times as soon as you “record reportable transactions or other events with the help of an electronic recording system”. Your unsecured cash register doesn’t need this because it’s not electronic. You will still be permitted to provide all of your individually signed sales slips from the past ten years that you have collected in boxes. But cash registers that are already powered by electricity must be fitted with a certified technical security system (TSS) in the future. This device must have a security module, storage medium, and digital interface, and it must be possible to certify it.
Please therefore think long and hard if you wish to generate your future cash reports using a calculation program or electric cash registers. Because in the future, you will carry the burden of proof that the reports submitted by you could not have been subsequently changed by anyone! Nice and easy for the tax authorities. They are now even allowed to turn up unannounced at your business during your ordinary business hours for a cash register review. Your auditor is authorized to take a direct look into your cash register and also examine that way your cash register data is transferred, including your digital interfaces. He or she may also request that you reprint any sales slips randomly selected by them right there and then.
Looking toward the future with CiRRUS
Even six months before the effective date of this ordinance on the use of manipulation-proof electronic POS, nobody really knows how it is to be implemented in practice. With CiRRUS, however, we are already helping you today to meet these complex requirements with consistently easy standards – securely and targeted and always one step ahead.
What better way to archive your data in a protected and manipulation-proof environment than with CiRRUS in computer centers designed with multiple redundancies? What better place to protect your data against random access than in the access-protected high-security tracts of mirrored computer centers located several hundred miles away from each other that are being reconciled in real time through dedicated lines? And if this is not enough to form a solid basis for a technical security facility, how would a certified TSS have to be designed in practice?
Our CiRRUS services in the Microsoft Cloud are designed with business in mind from the start: any unauthorized network transmission is recognized immediately and blocked. We monitor for complete network security for the protected communication between your infrastructure and CiRRUS online services. Together with Microsoft, we are committed to implementing an all-in-one security approach: in addition to intelligent Microsoft security systems and tools, we also benefit from security experts who monitor the global data processes, recognize potential security issues, and provide information about new cyber attacks. We benefit from the Digital Crimes Unit (DCU) where engineers and lawyers work directly with investigators around the world to arrest data manipulators as quickly as possible. The DCU records, stores, and analyzes more than 600 million security risks per day to create a secure digital environment.
For us, security and data protection were and are two unseparable topics: we are already ensuring that your POS data is stored in the Microsoft Cloud in a confidential, non-modifiable, and manipulation-proof manner and that it is permanently protected.
Admittedly, even we don’t know yet every little detail that the tax authorities are still going to formulate and aim at you before the end of the year. It hasn’t even been clarified yet what the terms “reportable transactions” or “other events” mean in terms of tax law. It also hasn’t been specified yet what exactly a “cash register” is with regard to the technical security system (TSS). Do the cash registers at reception and in the restaurant of a rural inn now constitute one or several POS? Are therefore one or several TSS required? How is it possible at all to create a reliable digital interface between all of the electronic devices?
Last but not least, a handy tip regarding this issue: if you purchased your cash register after November 25, 2010 and prior to January 1, 2020, and if your cash register’s construction does not meet the tax authorities’ requirements, you are permitted to continue using it until December 31, 2022 if your cash register partner has confirmed this exception on time and in the correct format. You also must keep proof that your cash register manufacturer has started to implement the use of a new, compliant POS that complies with the POS Security Ordinance (Kassensicherungsverordnung) with you.
A rather complicated ordinance – wouldn’t this be the perfect time to switch to CiRRUS?