In 2026, fiscal regulation for point-of-sale software underwent major shifts across Europe. In France, the 2026 Finance Act restored self-certification for software publishers, reversing the mandatory third-party certification imposed in 2025. In the United Kingdom, Making Tax Digital continues its rollout with new obligation thresholds. In Belgium, B2B electronic invoicing via PEPPOL became mandatory from 1 January 2026. For repair shops, understanding these rules is essential: non-compliance can cost up to €7,500 in fines per software.
This guide covers the evolution of French ISCA requirements, UK obligations under Making Tax Digital, and Belgium's PEPPOL e-invoicing mandate.
France: what changed with the 2026 Finance Act
The return of self-certification (Article 125)
The 2025 Finance Act had removed the ability for POS software publishers to self-certify their solution's compliance. Only certification from an accredited body (Infocert/AFNOR for the NF525 standard, or LNE) was accepted. This requirement was particularly burdensome for small publishers and open-source solutions, for whom the cost and complexity of the certification process was disproportionate.
Article 125 of the 2026 Finance Act, adopted on 2 February 2026, restores the self-certification system. Publishers can once again produce an individual attestation conforming to a template set by the tax administration, certifying that their software meets the requirements of Article 286, 3° bis of the French General Tax Code (CGI).
What this means for your shop
Your POS software does not need NF525 certification from a third-party body. It is sufficient for the publisher to provide a compliance attestation according to the official template. However, the 4 technical requirements (inalterability, security, conservation, archiving) remain fully in force.
Recent timeline
- 2018: obligation to use secure POS software for all VAT-liable businesses (Article 286, 3° bis CGI). Compliance proven by NF525/LNE certification or individual publisher attestation.
- January 2025: the 2025 Finance Act removes self-certification. Only accredited third-party certification is valid.
- September 2025: certification deadline extended to 31 August 2026.
- February 2026: the 2026 Finance Act (Article 125) restores self-certification. Publishers can once again attest to compliance themselves.
The 4 mandatory technical requirements
Regardless of the proof method (certification or self-attestation), your POS software must satisfy four conditions defined by Article 286, 3° bis of the CGI. These requirements aim to prevent any post-hoc manipulation of accounting data and ensure a reliable audit trail.
1. Inalterability
The software must record all payment-related data without the possibility of modification or deletion. Each transaction is frozen upon recording. Technically, this is achieved through cryptographic hash chaining: each record contains a hash that depends on the previous record. If any data is modified, the chain breaks and the fraud is detectable.
In practice, chaining works as follows:
- The first invoice is hashed using SHA-256 from its data (number, date, net/VAT/gross amounts).
- The next invoice includes the previous invoice's hash in its own data before being hashed. This way, each invoice is irreversibly linked to the previous one.
- The same principle applies to payments, daily closures, and fiscal seals.
- During an audit, the tax authority can recalculate the entire chain and verify that no modifications have occurred.
2. Security
Original data, any modifications, and data used to produce supporting documents must be protected. This requires digital signatures on fiscal documents (typically RSA-2048 or RSA-SHA256) and secure management of signing keys with rotation capability.
3. Conservation
The software must enable calculation and recording of cumulative and summary data during daily, monthly, and annual closures. Each closure produces a period total (cumulative grand total since deployment) and a perpetual total that cannot be reset to zero.
4. Archiving
Recorded data must be archived at least annually. Archiving freezes the data and provides certainty about its integrity. Archives must be kept for 6 years (tax limitation period) and be producible upon audit.
Penalties for non-compliance
Article 1770 duodecies of the CGI provides for a fine of €7,500 per non-compliant software detected during an audit. The fine is waived if the attestation or certificate is provided within 30 days of the audit. If not regularised within 60 days, the fine is doubled.
United Kingdom: Making Tax Digital in 2026
In the UK, POS software fiscal compliance follows a different framework. HMRC's Making Tax Digital (MTD) programme mandates the use of recognised software for digital record-keeping and VAT returns.
MTD for VAT
Since 2022, all VAT-registered businesses must use MTD-compatible software to submit VAT returns to HMRC. Digital records must be kept securely and a complete audit trail must be maintained.
MTD for Income Tax (April 2026)
From 6 April 2026, self-employed individuals and landlords with total gross income exceeding £50,000 must use HMRC-recognised software to:
- Keep digital records of all business income and expenses
- Submit quarterly updates to HMRC
- Provide a final annual declaration by 31 January
The threshold drops to £30,000 from April 2027.
UK technical requirements
The UK does not mandate cryptographic hash chaining like France. Requirements focus on:
- Digital Records: digital preservation of all transaction records
- VAT Submissions: compatibility with HMRC's MTD declaration system
- Audit Trail: complete audit trail allowing every transaction to be traced
Belgium: mandatory PEPPOL e-invoicing in 2026
What changed on 1 January 2026
Since 1 January 2026, all VAT-registered businesses in Belgium must issue and receive structured electronic invoices for B2B transactions. Invoices must use the UBL EN 16931 format (European standard) and be transmitted via the PEPPOL network.
What this means for your Belgian repair shop
If you invoice businesses (B2B), you must send structured electronic invoices via PEPPOL. Invoices to individuals (B2C) are not affected. A tolerance period covers Q1 2026 for businesses not yet technically ready.
No “blackbox” for repair shops
The certified cash register system (SCE / “blackbox”) is an obligation specific to the Horeca sector (restaurants, cafés, caterers) with meal revenue exceeding €25,000. Repair shops are not subject to this requirement.
PEPPOL technical requirements
- UBL EN 16931 format: European structured e-invoicing standard
- PEPPOL network: invoices are transmitted through a certified PEPPOL access point
- BCE identification: each Belgian company is identified by its BCE number (Banque-Carrefour des Entreprises) in
0208:BE + 10 digitsformat - Belgian VAT: applicable rates of 21%, 12%, 6% and 0%
Penalties
Non-compliance with e-invoicing obligations carries escalating fines: €1,500, then €3,000, then €5,000 for repeat offences. The FPS Finance has announced near real-time e-Reporting planned for 2028 (ViDA initiative).
How RepairMind handles fiscal compliance
RepairMind integrates a comprehensive fiscal module, designed from the ground up to meet French, British and Belgian requirements. This is not a plugin added as an afterthought: compliance is built into the software's architecture.
Native SHA-256 cryptographic hash chaining
Every invoice, every payment, and every daily closure is automatically chained using SHA-256. Each record's hash includes the previous record's hash, forming an unbreakable chain. This chain covers:
- Invoice chain: number, date, net/VAT/gross amounts, previous hash
- Payment chain: amount, method, reference, previous hash
- Daily closures: cumulative totals, counters, previous hash
- Fiscal seals: period, signature, integrity
RSA-SHA256 digital signatures
Fiscal documents are digitally signed with RSA-2048. Signing keys are securely managed with rotation capability (RotateKeys). The public key is accessible for verification by the tax authority.
Automatic compliance attestation generation
RepairMind automatically generates a compliance attestation PDF conforming to Article 286, 3° bis of the CGI. This attestation details:
- The publisher's identity (RepairMind Ltd)
- Compliance with all 4 conditions (inalterability, security, conservation, archiving)
- The chaining algorithm used (SHA-256)
- The signature algorithm (RSA-SHA256)
- The tenant's fiscal statistics (invoice count, closures, seals)
Built-in chain integrity verification
The fiscal module includes integrated verification functions:
- VerifyInvoiceChain: recalculates and verifies the complete invoice chain
- VerifyPaymentChain: recalculates and verifies the payment chain
- VerifyBackup: verifies the integrity of fiscal archives
These verifications are accessible via the built-in MCP server: an AI agent can audit your fiscal compliance in natural language.
Multi-region: France, United Kingdom and Belgium
RepairMind automatically detects the tenant's fiscal region and adapts requirements accordingly:
- France (FR): full ISCA compliance (Art. 286, 3° bis CGI) with SHA-256 chaining, RSA signing, daily closures, fiscal seals, and PDF attestation
- United Kingdom (UK): Making Tax Digital with digital records, audit trail, and MTD declaration compatibility
- Belgium (BE): B2B electronic invoicing via PEPPOL (UBL EN 16931 format), BCE identification and PEPPOL network integration
Isolated data per tenant
Each RepairMind workshop has its own isolated database. Fiscal data (hash chains, signatures, closures, seals) is strictly partitioned between workshops.
Ensure fiscal compliance from day one
RepairMind integrates French ISCA compliance (SHA-256 chaining, RSA signatures, auto-generated attestation), UK Making Tax Digital, and Belgian PEPPOL e-invoicing. Three regions, one software.
Request a demo