Big affair with fiscal cash registers in Austria

In January 2026, about 200 members of the financial police suddenly entered 50 Austrian restaurants with the intention of determining whether these establishments use illegitimate software for issuing fiscal invoices. The financial inspection confirmed the suspicion and determined that a developer sold the illegal software, leading authorities to arrest the developer immediately.

During the investigation, the authorities found that there were over 50 catering facilities using this software; at the point of writing this article, they have discovered more than 150. The illegal software used in those establishments enabled fraud by deleting invoices or concealing part of the sales as tips, thereby reducing VAT obligations.

As per the profil.at news agency, the developer has been released from pre-trial detention and is now visiting users of his software to update the application, something he had not followed before. The assumption is that “updating” the application will remove the illegal part of the code.

Still, we can measure the damage caused by this fraud in millions of euros. The consequences go beyond financial harm, undermining customer trust in Austria’s fiscalization process. The key question is how a system designed to ensure compliance can instead be exploited for fraud.

History of fiscalization in Austria – Cash Register Security Ordinance (RKSV)

Fiscalization in Austria, called “Cash Register Security Ordinance” (RKSV), started back in 2017. The core fiscalization requirements include:

• the obligation to issue a fiscal invoice for each transaction,
• the use of a mandatory digital signature on each invoice, generated by a security module integrated into every POS system, and
• the retention of invoice copies for possible review and inspection by the Tax Authority.

As a mandatory component, the security module uses state‑of‑the‑art cryptographic methods and therefore ensures a high level of security.

In Austria, fiscal devices must keep invoices confidential at the taxpayer’s request. As a result, POS systems store invoices locally and provide them to the Tax Authority for audit purposes only at the point of sale.

This means that an inspector must come personally to the business location where the taxpayer issued the invoices and download the data from the invoicing system’s memory to an external device. Due to a limited number of inspectors and a large number of taxpayers, regular audits happen rarely, if ever.

A powerful analytical tool powered by data

Transferring data from the POS system to the Tax Authority’s server offers multiple advantages and does not conflict with data security requirements. The Tax Authority ensures this through the use of secure encryption methods, applied both at the moment the system issues the invoice and when the Tax Authority receives the data, usually in real time.

This data is immediately available to tax inspectors, together with advanced analyses and validation checks. When combined with artificial intelligence, these capabilities turn the system into a powerful analytical tool. At the same time, this approach encourages taxpayers to be more disciplined, as they are never certain when or how the Tax Authority supervises them, or whether a tax inspection is on its way. Such close involvement of the Tax Authority in the process of issuing invoices is highly effective and helps prevent cases like the one described in this article.