The German Federal Office for Information Security (BSI) will pilot a new TR-03185 “Secure Software Lifecycle” certification from February 2026 that keeps certified software compliant after updates without re-certification by certifying secure development processes, enabling faster releases, less administrative burden, and sustained trust.
BSI Enables Faster Software Updates Without Recertification
Public
Germany
Author: Ištvan Božoki
Category:
Fiscal subject related
Views:
653
Content accuracy validation date:
11.02.2026
Content accuracy validation time:
08:07h
The German Federal Office for Information Security (BSI) is introducing a new procedure that allows certified software to remain compliant after updates without requiring recertification. By certifying software development processes under TR-03185 “Secure Software Lifecycle,” manufacturers can deploy security-relevant updates faster while maintaining product certification.
Instead of recertifying every software version, the new approach focuses on ensuring that development and change processes are consistently secure and quality-assured. Certification under TR-03185 is valid for three years and maintained through annual surveillance audits, eliminating the need for re-certifications, maintenance procedures, and change notifications for updates.
The procedure will launch as a pilot from February 2026 for health apps (TR-03161), with plans to extend it to other technical guidelines. Although optional, TR-03185 certification offers manufacturers faster release cycles, reduced administrative effort, and a strong trust signal demonstrating secure development practices such as Security by Design and DevSecOps.
For more information, BSI will announce information sessions on its website. Questions can be directed to tr03185@bsi.bund.de
Other news from Germany
Germany Confirms Email can be Used for E-Invoices, but PDF Alone is not Enough
Public
Germany
Author: Ivana Picajkić
Germany
Author: Ivana Picajkić
Germany allows e-invoices to be sent by email, but the attached invoice must be in a compliant structured format such as XRechnung or ZUGFeRD with XML, while ordinary PDFs, scans, Word/Excel files, or invoice text in the email body do not qualify as legal e-invoices. Germany allows businesses to send e-invoices by email, but only if the invoice is attached in a legally valid structured format. A s... Read more
Germany Introduces New Withdrawal Button for Online Consumer Contracts
Public
Germany
Author: Ivana Picajkić
Germany
Author: Ivana Picajkić
Germany’s new mandatory withdrawal button will require online B2C businesses to provide consumers with a clear, permanently available electronic way to withdraw from distance contracts from 19 June 2026. Businesses must update websites, apps, platforms, confirmation messages, and internal processes to support clear withdrawal submission, confirmation, and possible partial withdrawal. Germany has f... Read more
Germany Clarifies Rules for Compliant E-Invoices
Public
Germany
Author: Ivana Picajkić
Germany
Author: Ivana Picajkić
Germany clarified that compliant e-invoices and credit notes must be self-contained, with all mandatory VAT information included in the structured electronic file itself. Businesses should review invoice templates and ERP systems to avoid relying only on PDFs, links, or separate documents for required invoice data. Germany’s Ministry of Finance has updated its e-Invoicing FAQs to clarify tha... Read more
New webinar was uploaded: Recorded Webinar: Are You Audit-Ready? Retail Tax Checks in Germany, France & Italy
Author: Ivana Picajkić and Vukasin Santo
Tax audits are increasingly important in European retail due to high transaction volumes and evolving compliance rules. With different fiscal systems in Germany, France, and Italy, understanding audit focus areas is essential. This webinar covers key audit frameworks, differences, and practical compliance insights for retailers. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login
New event was created: Reminder - Join our free webinar: Are You Audit-Ready? Retail Tax Checks in Germany, France & Italy
Public
Author: Ivana Picajkić and Vukašin Santo
Tax audits are becoming an increasingly important part of modern tax systems across Europe, especially in the retail sector where transaction volumes are high and compliance requirements are constantly evolving. With different fiscalization models in place across Germany, France, and Italy, understanding what authorities actually check during tax audits is essential for retailers and software pro... Read more
German Court Clarifies No Right to Final Meeting in VAT Fraud Investigations
Germany
Author: Ivana Picajkič
The German Federal Fiscal Court ruled that taxpayers are not entitled to a final meeting during a VAT audit once tax evasion proceedings are initiated. At that point, the procedure shifts from a standard audit to a criminal tax investigation, where different rules apply and procedural rights are more limited. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login
Germany Updates VAT Registration Certificate Rules (VAT 1 TN)
Germany
Author: Ivana Picajkić
Germany introduced a new standardized VAT registration certificate (VAT 1 TN), replacing previous guidance. The certificate serves only as proof of VAT registration, is valid for up to one year, and can be issued electronically without signature. The update mainly simplifies procedures and supports digitalization and cross-border VAT use. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login