The German Federal Office for Information Security (BSI) will pilot a new TR-03185 “Secure Software Lifecycle” certification from February 2026 that keeps certified software compliant after updates without re-certification by certifying secure development processes, enabling faster releases, less administrative burden, and sustained trust.
BSI Enables Faster Software Updates Without Recertification
Public
Germany
Author: Ištvan Božoki
Category:
Fiscal subject related
Views:
42
Content accuracy validation date:
11.02.2026
Content accuracy validation time:
08:07h
The German Federal Office for Information Security (BSI) is introducing a new procedure that allows certified software to remain compliant after updates without requiring recertification. By certifying software development processes under TR-03185 “Secure Software Lifecycle,” manufacturers can deploy security-relevant updates faster while maintaining product certification.
Instead of recertifying every software version, the new approach focuses on ensuring that development and change processes are consistently secure and quality-assured. Certification under TR-03185 is valid for three years and maintained through annual surveillance audits, eliminating the need for re-certifications, maintenance procedures, and change notifications for updates.
The procedure will launch as a pilot from February 2026 for health apps (TR-03161), with plans to extend it to other technical guidelines. Although optional, TR-03185 certification offers manufacturers faster release cycles, reduced administrative effort, and a strong trust signal demonstrating secure development practices such as Security by Design and DevSecOps.
For more information, BSI will announce information sessions on its website. Questions can be directed to tr03185@bsi.bund.de
Other news from Germany
Germany: Deutsche Fiskal Announces FCC 4.4.0 Release and System Updates for February 2026
Germany
Author: Ivana Picajkić
Deutsche Fiskal announced a February 2026 rollout of FCC version 4.4.0, mandatory system upgrades, and related technical changes, including new TSE selection options (initially test-only) and required authentication adjustments for customers upgrading from older FCC versions. All FCC DC installations will be upgraded during February 2026, February invoices will be temporarily issued from a fiskaly email address, and customers must ensure payments are made to the updated Commerzbank account. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login
New document was uploaded: S4FiscalBackoffice Patch
Author: Dejan Šijačić
S4F backoffice patch is intended for users who have already installed S4F backoffice and are intended to update existing installations to latest version. To do so apply only patches that are marked with version number that is newer than your currently installed instance of backoffice. Please make sure to install all available patches sequentially (without skipping). This package contains instruction, release notes, changelog and software packages required for deployment of this software component. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login
Germany Publishes New VAT Return and Prepayment Forms for 2026
Germany
Author: Ivana Picajkić
Germany has published new legally binding VAT return and advance-payment forms for 2026, released on 29 December 2025 and mandatory for all VAT filings via ELSTER. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login
Germany Publishes Its Electronic Business Address (GEBA)
Public
Germany
Author: Ivana Picajkić
Germany
Author: Ivana Picajkić
Germany has introduced the German Electronic Business Address (GEBA), published on 18 December 2025 by XStandards Einkauf, as a standardized electronic identifier to accurately route e-documents—especially e-invoices—within networks like Peppol. While GEBA is voluntary, it enhances interoperability, clarity of sender/receiver identification, and readiness for future digital tax and reporting frame... Read more
Germany: Businesses Must Prepare for E-Invoicing Earlier Than Expected
Public
Germany
Author: Ivana Picajkić
Germany
Author: Ivana Picajkić
Although mandatory B2B e-invoicing in Germany will only apply from 2027, businesses have been allowed to use e-invoices voluntarily since January 2025 and adoption is accelerating as 2026 approaches. As more suppliers switch early, companies operating in Germany already need to be technically ready to receive structured e-invoices to avoid compliance and operational disruptions. Although mandatory... Read more
Germany: Court Confirms Tax Authorities Can Request Tax-Relevant Emails During Audits
Germany
Author: Ivana Picajkić
German tax authorities are increasingly requesting tax-relevant emails during audits, and a 2025 Federal Fiscal Court ruling confirmed that such emails must be retained and disclosed when they contain relevant commercial or tax information. Read more
Subscribe to get access to the latest news, documents, webinars and educations.
Already subscriber? Login