GoBD-Compliant Archiving: Requirements and Implementation

Written by Korbinian Hermann | 14.7.2026

A tax auditor is sitting in the conference room and asks for the accounting records from 2017. The data is available, neatly backed up on a backup tape. Nevertheless, the accounting records are rejected. The reason is not that data is missing, but rather how it was stored.

This is the crucial point that many companies overlook: The GoBD regulations not only specify how long tax-relevant data must be retained, but also the quality of that data. And it is precisely these quality requirements that most existing backup solutions fail to meet. A backup is a copy for emergencies. An archive is audit-proof evidence. These are two different things.

Anyone familiar with production lines and tax audits in practice sees this pattern time and again. In plant projects, the difference is rarely noticed during the backup process itself, but only when proof is needed: during an audit, a dispute with a supplier, or the decommissioning of a legacy system. That’s when it becomes clear whether the data was merely stored or actually archived in compliance with GoBD.

GoBD-compliant archiving is based on five core technical requirements: immutability, machine-readability, completeness, accessibility, and procedural documentation. This article explains what each of these requirements specifically means, where backup solutions fall short, and how the requirements can be implemented technically and correctly.

KEY POINTS AT A GLANCE
  • The GoBD (Principles for the Proper Maintenance and Retention of Books in Electronic Form, BMF Letter 2019) defines not the duration but the quality of retention through five core requirements.
  • A backup does not meet the GoBD requirements: It can be overwritten, cannot be analyzed without the source system, and does not provide procedural documentation. This makes it a compliance gap.
  • Immutability means technically guaranteed, not merely promised at the organizational level: Archived data must not be altered retroactively by anyone, not even by administrators.

  • Machine-readability means that an auditor can analyze the data without the company’s specialized software and without the legacy system—which has often long since been decommissioned. This is only possible with an open archive format.

  • Procedural documentation is itself part of the GoBD requirement: If documentation of the archiving procedure is missing, it jeopardizes the entire archiving process, even if all data is present.

  • Audit-compliant archiving with CHRONOS—part of CSP’s Manufacturing OS platform—technically implements all five GoBD requirements: open archive format, protected retention periods, and included process documentation. 

IN SHORT
  • GoBD-compliant means: unalterable, complete, machine-readable, immediately accessible, and with a documented procedure. All five points apply simultaneously; they are not optional.

  • The most common oversight is confusing a backup with an archive. A backup protects against data loss, while an archive preserves evidence—only the latter is relevant to GoBD.

  • The most dangerous hidden gap is a decommissioned legacy system: If data is stored in the proprietary format of a discontinued system, it is no longer machine-readable, even though it still technically exists.

  • An open, vendor-neutral archive format is the only reliable protection against the loss of data usability over decades.

  • → This white paper explains why a backup does not meet GoBD requirements and what audit-proof archiving must accomplish

CONTENTS OF THIS ARTICLE

  1. What GoBD-compliant archiving means
  2. The Five Core GoBD Requirements in Detail
  3. Why a backup does not meet GoBD requirements
  4. Five Steps to GoBD-Compliant Archiving
  5. GoBD-Compliant Archiving in Practice: CHRONOS
  6. Frequently Asked Questions About GoBD-Compliant Archiving

What GoBD-compliant archiving means

The term “GoBD-compliant archiving” is often understood as synonymous with “long-term storage.” That is the crux of the problem. The GoBD strictly separates the issue of retention periods from the issue of quality.

The retention period stipulates that tax-related documents must generally be retained for ten years. The GoBD additionally specifies the condition in which they must be preserved. Archiving is only GoBD-compliant if it meets five requirements simultaneously: immutability, machine-readability, completeness, accessibility, and a documented procedure description.

In practice, this means an inconvenient truth: A company can possess every single document from the last ten years and still violate the GoBD if these documents are modifiable, incompletely indexed, or readable only with a discontinued system. A tax auditor who does not receive data from 2016 in a machine-readable format within a reasonable period of time may reject the accounting records as improper. The consequence is the right to make an estimate under Section 162 of the German Fiscal Code (AO), which always works to the company’s disadvantage.

PRACTICAL EXAMPLE

According to industry-standard studies, in a typical manufacturing company, over 80% of the data in databases is inactive. It is rarely modified and does not require high-availability access. It is precisely these inactive data sets—which are subject to retention requirements—that are at the heart of the GoBD issue, as they are overlooked in day-to-day operations and quietly become obsolete in proprietary formats.

 

The Five Core GoBD Requirements in Detail

The following overview outlines the five core requirements of the GoBD, what they mean from a technical perspective, and where compliance most often falls short in practice. Primary keyword context: Archiving is considered GoBD-compliant only if all five requirements are met.

GoBD Requirement

What it means from a technical perspective

Typical shortfall in practice

Immutability

Once archived, data cannot be subsequently modified or deleted by anyone, not even by administrators. Technically secured, not organizationally guaranteed.

Data is stored on writable drives or in databases with UPDATE permissions. A policy does not replace a technical lock.

Machine-readability

The auditor can search through and export the data in a structured manner without the company’s specialized software and without the source system.

Data is stored in the proprietary format of a decommissioned legacy system. Without this system, the data is effectively unanalyzable.

Completeness

Archiving is comprehensive. There is no selective omission of individual entries, time periods, or metadata.

Only certain document types or fiscal years are archived. Structural information necessary for understanding is missing.

Availability

Requested data is made available to the auditor promptly and in a usable format, without the need for time-consuming reconstruction.

Data must first be restored from backup tapes, and a legacy system must be reactivated. This takes days instead of hours.

Procedural Documentation

The archiving process itself is documented in a traceable manner: what is archived, when, how, and in what format.

There is no written documentation of the procedure. Consequently, compliance cannot be verified even if the archiving process is technically sound.

The most important point regarding this table: The requirements are cumulative. Meeting four out of five is not sufficient. An immutable, complete archiving process without procedural documentation is just as vulnerable as a properly documented archiving process on a writable drive.

Immutability: technical, not organizational

The most common misinterpretation concerns immutability. Many companies document a policy prohibiting the modification of archived data and thereby consider the requirement to be met. However, the GoBD requires that immutability be ensured by the system itself. If an administrator is technically capable of modifying an archived data record, the requirement is not met, regardless of whether there is a policy prohibiting it.

Machine-readability: the silent killer

Machine-readability is the requirement that slips through the cracks most inconspicuously. As long as the source system is running, nothing is noticed. Only when a legacy system is shut down—for example, because a new generation of ERP has been introduced—does it become apparent that the data is trapped in that system’s proprietary format. An open archive format decouples the data from the system and is therefore the only reliable safeguard over retention periods of ten years or more.

MASTER DATA CHECKLIST: GoBD Self-Test

☐ Is it impossible for anyone in our system—not even an administrator—to retroactively modify archived data?

☐ Can accounting data from 2016 be machine-readable today without having to start up the legacy system?

☐ Do we archive data completely, including the metadata and structural information necessary for understanding it?

☐ Could an auditor receive requested data in a machine-readable format within 24 hours?

☐ Is there current, written procedural documentation that would withstand a GoBD audit?

Why a backup does not comply with GoBD

Confusing backups with archives is by far the most common GoBD compliance gap in manufacturing companies. Both terms sound similar, but they address different issues and are fundamentally different in technical structure.

Criterion

Backup

GoBD-compliant archive

Purpose

Recovery after data loss

Audit-proof documentation over the years

Immutability

Is regularly overwritten (rotation)

Technically protected against modification

Evaluability

Readable only with the source system

Open format, system-independent

Retention Logic

Short cycles (days to weeks)

Retention periods of 10 years or more

Procedural Documentation

Not planned

An integral part

GoBD compliance

Not met

Met if all five requirements are fulfilled

A backup is a snapshot that is overwritten in the next cycle. It is precisely this ability to overwrite that contradicts the principle of immutability. And because a backup saves the data in the format of the respective source system, it cannot be analyzed without that system. Thus, a simple backup structurally lacks two of the five core requirements, regardless of how reliably it operates.

“A backup protects you from technical failures. An archive protects you from the auditor’s questions. Anyone who confuses the two will only realize the difference when it’s too late.”

— Korbinian Hermann, CEO, CSP Intelligence GmbH

PRACTICAL EXAMPLE: Automotive

In the automotive supply chain, safety-related production records are often subject to retention periods of up to 15 years, driven by IATF 16949 and customer requirements. Over such a period, at least one complete system generation is typically replaced. A backup tied to the respective source system can hardly bridge this gap technically. Only an open archive format keeps the data analyzable across system changes.

 

Five Steps to GoBD-Compliant Archiving

The path from simple data backup to GoBD-compliant archiving can be broken down into five clear steps. The order is intentional: Without classification in the first step, the subsequent steps will be ineffective.

Step 1: Classify Data Categories

First, determine which data is subject to retention requirements and what retention periods apply. In a manufacturing company, this applies not only to accounting data but also to production-related records. In practice, experience shows that well over half of the data in the database falls into the category of “inactive but subject to retention requirements.”

Step 2: Specify an open archive format

The data is transferred from the source system to an open, long-term-stable format. Vendor independence is crucial: The format must remain readable even if the original system has long since been decommissioned or the original vendor is no longer on the market.

Step 3: Technically Ensure Immutability

The archived data is transferred to an audit-proof storage system and technically protected against modification. An additional integrity check after the transfer ensures that the archive files have arrived at the destination system complete and unaltered.

Step 4: Control Retention Periods and Access

The applicable retention period is specified for each data category. Access is controlled and logged via roles and permissions. An important practical note: Deletion after the retention period has expired should be carried out in a deliberate and controlled manner, not unattended in the background. In a properly configured solution, a deletion process is initiated and documented in a targeted manner, rather than running automatically and unnoticed.

Step 5: Create and Maintain Procedural Documentation

Finally, the entire process is documented in writing: which data is archived, at what intervals, in what format, and with what security measures. This procedural documentation is itself part of the GoBD requirement and must be kept up to date. A good archiving solution provides the foundation for this, rather than leaving it entirely up to the company.

WHEN GoBD-COMPLIANT ARCHIVING WORKS

  • The data categories are classified, and each category is assigned a retention period.

  • The archiving format is open and vendor-neutral, not tied to a single system.

  • Immutability is technically enforced, not merely stated in a policy.
  • Access is role-based and logged; deletion processes are controlled.
  • Up-to-date procedural documentation is available and is updated whenever changes are made.

 

GoBD-Compliant Archiving in Practice: CHRONOS

Manually and consistently meeting these five requirements is prone to errors. Data categories are misclassified, formats become obsolete, and process documentation falls behind the times. This is exactly where CHRONOS comes in—the archiving solution within CSP’s Manufacturing OS platform.

CHRONOS identifies inactive data based on rules, converts it into an open, long-term-secure format, and transfers it to a storage system in an audit-proof manner. This streamlines and speeds up the production databases, while the transferred information remains accessible for analysis for decades. Even entire legacy systems can be decommissioned via Application Retirement without the data losing its GoBD compliance.

PRACTICAL TIP: CHRONOS – The Five GoBD Requirements Technically Addressed

  • Open archive format: Data is stored in a system-independent format and remains machine-readable, even without the original system. This meets the requirement for machine-readability.

  • Audit-proof storage with integrity checks: After transfer, CHRONOS checks the archive files on the storage system for correctness, completeness, and immutability.
  • Controlled retention: Retention periods are defined and monitored. Deletion upon expiration is initiated specifically from the administration interface and is not performed automatically without supervision.
  • Role- and Permission-Based Control: A dedicated authorization system controls and logs access to archived data and protects against unauthorized access.
  • Application Retirement: Legacy systems can be completely decommissioned, while their data remains GoBD-compliant and searchable.
  • Vendor Independence: Thanks to the open format, data remains readable even if the system landscape changes.

Accurate Classification: CHRONOS is a specialized archiving and offsite storage solution. It does not replace tax advice regarding the assignment of retention periods, nor does it assume responsibility for the content of procedural documentation. It provides the technical foundation and the necessary evidence; the task of professional classification remains the responsibility of the company.

More about the solution

 

 

Frequently Asked Questions 

What exactly does GoBD-compliant archiving mean?

GoBD-compliant archiving means that tax-relevant data is not only retained for a sufficiently long period but also maintained at the required quality. The GoBD requires five characteristics simultaneously: immutability, machine-readability, completeness, accessibility, and a documented procedure description. Only when all five requirements are met is an archiving system considered GoBD-compliant. Simply storing the data is not sufficient.

Does a backup meet the GoBD requirements?

No. A backup is intended for recovery after data loss and is overwritten in short cycles, which contradicts the required immutability. Furthermore, a backup saves the data in the source system’s format and cannot be analyzed without that system, meaning it lacks machine-readability. A backup and a GoBD-compliant archive address different issues. GoBD compliance requires audit-proof archiving in an open format.

What does machine-readability mean under GoBD?

Machine-readability means that a tax auditor can search, filter, and export the archived data in a structured manner without the company’s specialized software and without the source system—which has often long since been decommissioned. This can only be reliably achieved with an open, vendor-neutral archive format. If data is stored exclusively in the proprietary format of a discontinued system, it is no longer machine-readable, even if it still technically exists.

What is procedural documentation, and why is it mandatory?

Procedural documentation provides a clear and traceable description of how a company archives its data: which data is retained, when, in what format, and with what security measures. The GoBD explicitly require this documentation as a separate obligation. If it is missing, the compliance of the archiving process cannot be verified, even if all data is technically correct. It must be kept up to date and updated whenever the procedure changes.

How do I technically ensure data immutability?

Immutability must be enforced by the system itself, not merely by a policy. This means that archived data must be stored on audit-proof storage systems where subsequent changes are technically impossible, even for administrators. An integrity check after transfer confirms that the archive files are complete and unaltered. A purely organizational rule prohibiting changes does not meet this requirement.

Can paper documents be destroyed after they have been scanned?

In many cases, yes, but not for all types of documents. The GoBD and the German Tax Code permit replacement digitization for most accounting records, provided that the scanning procedure is documented and the digital copy is archived in an audit-proof manner. Exceptions include, among others, opening balance sheets, annual financial statements, and notarized documents, which must be retained in their original form. Without a documented scanning procedure, the scan does not replace the original.

Does the GoBD also apply to production data in manufacturing?

The GoBD applies directly to tax-relevant data. Production-related accounting records fall under this category and are generally subject to a ten-year retention period. In addition, industry-specific requirements and standards such as IATF 16949 for safety-related production records impose their own, often longer, retention obligations. Even though these requirements do not stem directly from the GoBD, the same quality principles apply to them in practice: they must be unalterable, complete, and capable of being evaluated over the long term.