GoBD Compliance for Email Archiving#

This documentation applies to Piler enterprise edition 2.1.0+

Revision #1

Publication date: 2026-JAN-05

Legal notice

This documentation describes how piler enterprise supports compliance with the German GoBD requirements from a technical and organizational perspective.

It does not constitute legal advice and does not replace the organization's obligation to assess its own legal requirements, risks, and compliance measures.

Organizations remain solely responsible for:

determining which emails are tax-relevant or commercially relevant,

configuring appropriate retention periods,

ensuring proper access controls and audit trails,

maintaining overall compliance with German tax and commercial law.

piler enterprise provides technical means to support, but not substitute, regulatory and legal decision-making.

What is GoBD?#

GoBD (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff) is a German administrative regulation issued by the Federal Ministry of Finance.

It defines requirements for:

Electronic bookkeeping and record-keeping
Retention of tax-relevant documents in electronic form
Data access rights for tax authorities during audits

GoBD applies to all businesses subject to German tax law, regardless of size. Non-compliance can result in:

Rejection of bookkeeping by tax authorities
Estimated tax assessments
Fines and penalties
Increased audit scrutiny

Legal basis#

The GoBD requirements are derived from several German laws:

Law	Requirement
§ 147 AO (Abgabenordnung)	Retention of tax-relevant documents
§ 257 HGB (Handelsgesetzbuch)	Retention of commercial correspondence
§ 14b UStG	Retention of invoices for VAT purposes
GoBD (BMF-Schreiben)	Technical implementation requirements

Retention periods#

Document type	Retention period
Tax-relevant documents (invoices, contracts, financial records)	10 years
Commercial correspondence (offers, order confirmations, general business letters)	6 years

The retention period begins at the end of the calendar year in which the document was created or received.

Which emails must be archived?#

Under GoBD, the following email types require archiving:

Tax-relevant emails (10 years)#

Invoices (incoming and outgoing)
Invoice corrections and credit notes
Contracts with financial implications
Payment confirmations and reminders
Tax declarations and correspondence with tax authorities
Financial statements and accounting documents

Commercially relevant emails (6 years)#

Offers and quotations
Order confirmations
Delivery notes and shipping confirmations
General business correspondence
Customer and supplier communications with commercial significance

Emails that do NOT require archiving#

Private correspondence (if permitted by company policy)
Spam and advertising
Newsletters without business relevance
Internal informal communications without commercial significance

GoBD requirements and Piler compliance#

The following table maps GoBD requirements to Piler enterprise capabilities:

GoBD requirement	Description	Piler enterprise support
Unveränderbarkeit (Immutability)	Documents must not be modifiable after archiving	✓ Emails encrypted at rest with AES-256; stored in original format; SHA-256 hash verification on retrieval
Vollständigkeit (Completeness)	All relevant documents must be captured	✓ Automatic capture via SMTP journaling; no manual intervention required
Ordnung (Organization)	Documents must be systematically organized and retrievable	✓ Full-text search; metadata indexing; folder/category organization
Zeitgerechtheit (Timeliness)	Documents must be archived promptly	✓ Real-time archiving as emails are received
Nachvollziehbarkeit (Traceability)	All changes must be logged and traceable	✓ Comprehensive audit logs; access tracking; SIEM integration
Maschinelle Auswertbarkeit (Machine readability)	Data must be searchable and exportable	✓ Full-text search; metadata export; eDiscovery capabilities
Aufbewahrungsfristen (Retention periods)	Configurable retention per document type	✓ Flexible retention policies per mailbox, domain, or category
Datenzugriff (Data access)	Tax authorities must be able to access data during audits	✓ Export in standard formats; auditor role with controlled access

Technical implementation#

1. Immutability (Unveränderbarkeit)#

GoBD requires that archived documents cannot be modified, deleted, or replaced without leaving a trace.

How Piler ensures immutability:

Emails are stored in their original format (EML) immediately upon receipt
All stored emails are encrypted at rest using AES-256
A SHA-256 hash is calculated and stored for each message
Hash verification occurs on retrieval to detect any tampering
Audit logs record all access and administrative actions
Optional: Store on WORM-compatible storage (S3 Object Lock) for enhanced protection
Optional: TSA timestamps provide cryptographically verifiable proof of archival time

Configuration recommendation:

For maximum GoBD compliance, enable:

TSA_ENABLED=true
TSA_URL=https://freetsa.org/tsr

This provides independent timestamp verification for archived emails.

2. Completeness (Vollständigkeit)#

All tax-relevant and commercially relevant emails must be captured completely.

How Piler ensures completeness:

Journal transport rule on mail server captures all emails
SMTP-based archiving captures emails in real-time
Sender and recipient metadata preserved
Attachments archived with parent email
Headers preserved in full
No email content is modified during archiving

Recommended mail server configuration:

Configure your mail server to send a journal copy of all emails to the Piler SMTP daemon. This ensures complete capture without relying on client-side forwarding.

3. Organization and retrievability (Ordnung)#

Archived documents must be systematically organized and efficiently retrievable.

How Piler supports organization:

Full-text search across email bodies, subjects, and attachments
Metadata search by sender, recipient, date range, size
Category/folder system for manual classification
Attachment type filtering (PDF, Office documents, etc.)
Saved searches for recurring queries
Tag system for custom classification

Search capabilities for tax audits:

Search type	Capability
Date range	Find all emails within a specific period
Sender/recipient	Find all correspondence with a specific party
Keyword	Full-text search across content and attachments
Attachment type	Find all invoices (PDF), contracts (DOCX), etc.
Combined queries	Complex searches combining multiple criteria

4. Traceability (Nachvollziehbarkeit)#

All processing and access to archived documents must be logged.

Piler audit logging includes:

Authentication events: Login attempts (successful and failed), logout, session management
Access events: Which user viewed which email, when, from which IP address
Search events: What searches were performed and by whom
Export events: What data was exported and by whom
Administrative events: Configuration changes, user management, policy changes
Deletion events: If permitted, what was deleted and by whom (with approval workflow)

Audit log protection:

Audit logs are stored separately from email content
Logs can be forwarded to external SIEM systems (Splunk, Sumo Logic, Syslog)
External log storage prevents tampering by local administrators

5. Machine readability (Maschinelle Auswertbarkeit)#

Tax authorities may request data in machine-readable formats during audits.

Piler export capabilities:

Format	Use case
EML	Original email format; standard and portable
MBOX	Multiple emails in single file; Unix standard
PDF	Printed representation with metadata
CSV	Metadata export for spreadsheet analysis
PST	Microsoft Outlook format (via third-party conversion)

GDPdU/GoBD data access:

For tax audits, Piler supports:

Z1 access: Direct system access for auditors (via auditor role)
Z2 access: Indirect access through reports and exports
Z3 access: Data carrier provision (export to external media)

The auditor role in Piler provides controlled read-only access to archived emails without modification capabilities.

6. Retention period management#

GoBD requires retention of 6 or 10 years depending on document type.

Piler retention features:

Retention policies configurable per domain, mailbox, or category
Automated purging after retention period expires
Legal hold prevents deletion even after retention period
Retention reports show what will be deleted and when

Recommended configuration:

# Default retention for commercial correspondence
RETENTION_DAYS_DEFAULT=2192  # 6 years

# Extended retention for invoices/financial documents
# Configure per category or mailbox as needed

Important: Ensure invoices and tax-relevant documents are categorized for 10-year retention, while general correspondence uses 6-year retention.

2025 GoBD amendment: E-invoicing requirements#

As of January 2025, Germany mandates e-invoicing for B2B transactions. The July 2025 GoBD amendment clarifies archiving requirements:

Key requirements#

Requirement	Description	Piler support
Original format retention	E-invoices must be stored in the format received	✓ Emails stored in original EML format with attachments
XML preservation	For structured invoices (ZUGFeRD, XRechnung), XML component is legally binding	✓ Attachments preserved in original format
No format conversion required	If PDF can be generated from XML, separate PDF storage not required	✓ Original attachments always preserved
Hybrid format handling	ZUGFeRD invoices contain both PDF and embedded XML	✓ Full attachment preservation

Piler automatically complies with e-invoicing requirements because:

All email attachments are stored in their original format
No conversion or modification occurs during archiving
XML, PDF, and hybrid formats are all preserved as received

Procedural documentation (Verfahrensdokumentation)#

GoBD requires organizations to maintain procedural documentation describing their archiving system. This documentation must cover:

Required elements#

System description
Software used (Piler enterprise)
Hardware infrastructure
Storage locations and backup procedures
Process description
How emails are captured (journal transport rules)
How emails are classified (automatic vs. manual)
How retention periods are applied
How access is controlled
Internal control system (IKS)
Access control procedures
Audit log monitoring
Regular compliance reviews
Incident response procedures
User documentation
Training materials
Operating procedures
Responsibility assignments

Piler can support your procedural documentation by providing:

System configuration exports
Audit log reports
User and role configuration reports
Retention policy documentation

Deployment recommendations for GoBD compliance#

Minimum requirements#

Enable comprehensive archiving
Configure journal transport rule on mail server
Ensure all incoming and outgoing emails are captured
Configure retention policies
10 years for invoices and financial documents
6 years for general commercial correspondence
Enable audit logging
All access must be logged
Forward logs to external SIEM for tamper protection
Restrict deletion capabilities
Only authorized roles (e.g., auditor, compliance officer) should be able to delete
Deletion should require approval workflow
Regular backups
Follow 3-2-1 backup rule
Test restore procedures regularly

Enhanced compliance#

For organizations requiring highest assurance:

Enable TSA timestamps
Cryptographic proof of archival time
Independent third-party verification
Use WORM storage
S3 Object Lock or equivalent
Physical immutability at storage level
External audit log storage
SIEM integration (Splunk, Sumo Logic)
Prevents local administrator tampering
Annual compliance audits
Review configuration against GoBD requirements
Update procedural documentation

Auditor access for tax inspections#

During tax audits, authorities may request access to archived emails. Piler supports this through the auditor role:

Auditor role capabilities#

Capability	Description
Search all emails	Full access to archived content within defined scope
View emails	Read email content and attachments
Export emails	Download emails in standard formats
View audit logs	Review access history
No modification	Cannot delete, modify, or alter archived content

Creating auditor access for tax inspection#

Create a user account with auditor role
Define scope (date range, domains, mailboxes)
Provide credentials to tax authority representative
Monitor access via audit logs
Disable account after audit completion

All auditor access is fully logged for accountability.

Summary: GoBD compliance checklist#

Requirement	Implementation	Status
Immutability	AES-256 encryption, SHA-256 hashes, audit logs	✓ Built-in
Completeness	Journal transport rule, SMTP archiving	✓ Configuration required
Organization	Full-text search, metadata indexing, categories	✓ Built-in
Timeliness	Real-time archiving	✓ Built-in
Traceability	Comprehensive audit logging, SIEM integration	✓ Built-in
Machine readability	EML, MBOX, CSV, PDF export	✓ Built-in
Retention periods	Configurable retention policies, automated purging	✓ Configuration required
Data access	Auditor role, controlled exports	✓ Built-in
Procedural documentation	Customer responsibility, Piler provides supporting data	○ Customer task

Legend: ✓ = Supported, ○ = Customer responsibility

GDPR Compliance - EU data protection requirements
Compliance Overview - General compliance capabilities
SIEM Integration - Audit log forwarding
Retention Policies - Configuration options
eDiscovery - Export and legal hold features

References#

GoBD (BMF-Schreiben vom 28.11.2019) - Official GoBD document
§ 147 AO - Tax code retention requirements
§ 257 HGB - Commercial code retention requirements
GoBD 2025 Amendment - E-invoicing clarifications