Na dobre i na KSeF 1

czas czytania:

11–16 minutes

Breaking KSeF – A Blog Series Recap

Throughout February, we presented a series of posts on our LinkedIn profile titled Breaking KSeF (Na dobre i na KSeF). Over 8 episodes, we covered the most critical KSeF-related topics—from logging in and cybersecurity to global trends. We’ve explored everything regarding the mandatory use of the KSeF platform. Now, we’ve gathered all the episodes into one place to ensure the most essential KSeF insights are always at your fingertips.

The series episodes

If you prefer to listen, this text is available in audio. Click PLAY and enjoy.

Logging into KSeF (Episode 1)

To use KSeF (National e-Invoice System), whether as an individual or a business entity, you must go through authentication and authorization. Here are the available access methods (both free and paid) and how they differ:

  • Trusted Profile (Profil Zaufany): A free method for individuals, including entrepreneurs and employees with granted permissions.
  • Qualified Electronic Signature: Available for individuals and company representatives who have purchased one (a paid method for individuals).
  • Qualified Electronic Seal: A paid option for companies, allowing actions on behalf of a non-human entity (it is not assigned to a specific person).
  • KSeF Token: A unique string of characters generated after logging into the Taxpayer App; used to authorize third-party software (e.g., V-Desk or accounting programs) via API. These will be phased out by the end of 2026.
  • KSeF Certificate: Identifies entities using an electronic key. Available since November 2025, these will eventually replace tokens.

To sum up, as an individual, you have two equally valid ways to log in. Companies must use an electronic seal assigned to their Tax ID (NIP). If a company lacks a seal, it must submit a ZAW-FA form to designate a person for the initial login. For corporations, obtaining a qualified electronic seal is the most efficient choice. If a company uses KSeF through an integrator, a token or certificate is required. To authorize an employee, you must submit their details via the ZAW-FA form.

Access and Permissions (Episode 2)

Logging in is like entering a building: first, you must be recognized at the door (authentication), and then confirm you have the right to be there (authorization). But getting inside is just the start. To perform actions like issuing, downloading, or viewing invoices, you need the right “keys”—permissions.

Sole Proprietorships (JDG): Upon logging in, the owner automatically receives a full set of keys and can perform all actions without restrictions.

Companies: Permissions are granted to a designated person, the KSeF System Administrator. They manage access and can delegate keys to employees or accounting firms via the ZAW-FA form or an electronic seal.

Since February 1st, permissions are managed through the Taxpayer App or integrated commercial applications.

Types of Permissions in KSeF:

  • Invoice Read (View-only rights.)
  • Invoice Wrtie (Rights to create and send invoices)
  • Credentials Manage (Full administrative access to grant or revoke rights)
  • Can Delagate (Primarily for accounting firms to delegate access to their staff.

Administrator is the one responsible for conducting a regular check up of the granted keys and and take them if no longer needed.

Certificates and Tokens (Episode 3)

Previously, we discussed how to authenticate in KSeF, i.e. obtain a type of pass allowing you to navigate the system. One of the authentication methods is certificates and tokens. They are convenient and recommended when you want to automate your work with KSeF. KSeF certificates and tokens are authentication measures used when communicating with the KSeF API. They are used in situations where company systems, such as V-Desk, automatically send invoices, retrieve document statuses or make queries to the system. The KSeF system will require two types of certificates:

Certificate 1

Authentication – a cryptographic authentication method for the secure integration of accounting and ERP systems with the KSeF API. It enables automatic signing and sending of invoices on behalf of the entity.

Certificate 2

Offline – intended for issuing invoices in modes where the invoice is not immediately sent to the system. It is required to mark the invoice in order to confirm the identity of the issuer. Used in special modes such as system failure or unavailability.

What is the difference between them?

  • A Type 1 authentication certificate allows you to log in and work in the system. It authenticates a company that uses commercial applications, such as V-Desk KSeF, to communicate with KSeF.
  • A type 2 offline certificate allows you to generate verification codes for issuing invoices in the event of system unavailability. It is necessary if you plan to issue invoices offline.

From 1 February 2026, certificates can be generated in the KSeF 2.0 Taxpayer Application, as well as in some integrated commercial programmes. The certificate is valid for no longer than 2 years from the date of issue or from the start date indicated by the taxpayer.

During the optional period, KSeF launched tokens as one of the authentication methods. A token is a set of characters generated after the authentication of a person with assigned permissions. Like a certificate, it is used for secure communication between systems and the KSeF API. Importantly, tokens do not replace certificates, but allow authorisation to perform actions in the system resulting from the assigned permissions.

They differ from certificates in that, from a functional point of view, they contain permissions assigned to the user. A certificate, on the other hand, remains the same even if the permissions change. This solution will remain in place until 31 December 2026. From 1 February 2026, KSeF certificates and tokens will function in parallel. Ultimately, from 1 January 2027, only KSeF certificates will remain from these two solutions.ndard.

QR Codes (Episode 4)

The KSeF system was designed as an online solution. However, situations in which the availability of the system may be limited have been anticipated. In such cases, the possibility of issuing invoices offline has been allowed. When an invoice cannot be submitted to KSeF or the parties have agreed on a different method of delivery, the document will be marked with special verification codes.

A similar situation occurs when an invoice is issued and submitted to KSeF in real time, but the recipient receives it through a channel other than the system (e.g. in print or PDF form). In all such scenarios, QR verification codes are used. The KSeF system uses two types of QR codes generated for the purpose of verifying invoice data. Types of QR codes in KSeF:

  • Code 1 (for online and offline invoices)
  • Code 1 is placed on both online invoices (next to the KSeF number) and offline invoices (without a KSeF number). It allows for the verification of invoice data, gives access to a preview of the invoice in KSeF, and does not require the use of a certificate. It is a code used to confirm the correctness of the data.
  • Code 2 (only for offline invoices)
  • Code 2 is placed only on invoices issued offline. Its purpose is to confirm the identity of the issuer. It requires the use of an offline KSeF certificate, allows verification of the seller’s authenticity, is marked with the word ‘Certificate’ and contains: the issuer’s tax identification number, certificate number and cryptographic signature of the certificate. Code 2 is used to confirm the authenticity of the invoice and its issuer.

Codes are generated when the invoice is sent to the recipient through a channel other than KSeF. This may be the case at petrol stations or brick-and-mortar stores, when the seller issues a ‘transaction confirmation’ document before entering the invoice into KSeF. Another case where, in addition to a structured invoice, a paper version is also required, is online invoices with a printed code 1.

What will KSeF change? (Episode 5)

The largest entities have already started operating in the digital invoice reality, and soon, from 1 April, most entrepreneurs will join them. So let’s take a look at the new virtual reality with KSeF. What will change for the better, and what will remain the same?

  • Corrections and cancellation of invoices
  • KSeF does not allow practices such as backdating, replacing and cancelling invoices that have already been entered into the system. If it is necessary to cancel an invoice, it will be necessary to issue a corrective invoice, which will reset the original invoice to zero. This means that the invoicing process will require greater attention.
  • Invoice attachments
  • As with invoices, the format of attachments will also change. KSeF will only support attachments in xml format, and other documents will have to be entered into circulation through a separate channel.
  • Faster tax refunds
  • Businesses will benefit from faster tax refunds. The waiting time for a refund will be reduced from 60 to 40 days.
  • Archiving
  • No more cavernous filing cabinets and electronic archives. The obligation to archive invoices will be transferred from the entrepreneur to the KSeF system. Invoices will be available in it for 10 years.
  • Fewer but more effective and targeted controls
  • Thanks to KSeF, the response time to irregularities will be immediate and less burdensome for officials. The National Revenue Administration (KAS) will be able to detect suspicious transactions almost in real time.
  • Change in the business context of invoices
  • Invoices will be entered into the system without information about the broader context of business cooperation. The burden of acceptance and verification will continue to rest with the recipient, who must ensure the proper circulation of invoices within the company.

When is it not necessary to issue invoices in KSeF? In a regulation dated 7 December 2025, the Minister of Finance specified three cases in which invoices do not have to be issued in KSeF:

  • toll motorway journeys documented by a receipt with a tax identification number (NIP) recognised as an invoice,
  • journeys documented by tickets as invoices,
  • VAT-exempt financial and insurance services documented by simplified invoices.

KSeF Cybersecurity (Episode 6)

KSeF is a revolution aimed at tightening up the system and counteracting VAT fraud, among other things. It creates a new situation in the relationship between taxpayers and the tax authorities, as the latter now have access to complete data from B2B invoices 24 hours a day. What is the level of taxpayer security after the introduction of KSeF? Can taxpayers count on greater protection against fraud? Unfortunately, the new system does not guarantee greater security against fraud, and in fact, vigilance should be increased as the methods used by fraudsters today are evolving into cyber threats. How, then, should one protect oneself against fraud in KSeF?

  • Verification before payment
  • It is still up to the taxpayer to verify the content before finally settling such a payment. KSeF does not help to catch irregularities such as an invoice with an incorrectly issued tax identification number or bank account. Such invoices will still be sent to the taxpayer because KSeF only verifies them from a technical point of view. The recipient remains responsible for verification, as before, using a white list.
  • Phishing and quishing
  • As recipients, we may receive emails with unwanted links, as well as invoices with fake QR codes. Invoices may contain codes that contain malware or links to unwanted websites. Caution is the best defence. Never click on suspicious links or emails sent from unknown addresses. All invoices should be checked and received in your KSeF account. It is also necessary to be able to verify codes before clicking.
  • Tokens
  • Do not share your token key, which is like a key to all the locks in your home. It is good practice to save and store it in application safes.
  • Reporting abuse
  • Abuse reporting is a mechanism for reporting cases where fraud is suspected. It is always a good idea to use the fraud reporting function available in KSeF 2.0 in situations where we have reasonable doubts about the authenticity of an invoice issued to us. This will lead to a faster response and detection of fraud attempts, such as VAT fraud, empty invoices and carousel transactions.

Sanctions (Episode 7)

Will a hesitant entrepreneur who postpones the implementation of KSeF in their company face sanctions from the tax authorities? Can we expect penalties for errors in complying with the new requirements? Yes, sanctions have been provided for, but their application has ultimately been suspended until the end of 2026. Entrepreneurs can therefore still count on lenient treatment this year if they fail to comply with the requirements. However, 2027 will bring severe enforcement of sanctions for errors and non-compliance with KSeF.

What will happen to an entrepreneur who makes a mistake or is unable to connect their company to the e-invoice system? The following financial penalties are provided for in accordance with Article 106(1) of the VAT Act:

  • up to 100% of the tax amount shown on an invoice issued outside the KSeF
  • up to 18.7% of the total amount due on an invoice issued outside KSeF, if no tax is shown on the invoice (exemptions).

What can a taxpayer be penalised for?

  • if the invoice is not issued via KSeF;
  • if the invoice does not comply with the imposed xml structure in online modes;
  • if the deadlines for sending an invoice issued offline to KSeF are not met.

KSeF has also enforced changes in the use of markings in the JPK_VAT file, but their absence will be penalised from 1 January 2027. The postponement of penalties is a gesture on the part of the legislator, allowing time to familiarise oneself with the system, the new regulations and their smooth implementation.

E-invoicing Globally (Episode 8)

The trend towards widespread use of e-invoices will ultimately cover all European Union countries. The key driver behind this development is the VAT in the Digital Age (ViDA) initiative, which aims to popularise the e-invoicing standard by 2030. Many countries in Europe are eager to join this initiative, including Poland with its KSeF, thus joining the forefront alongside such pioneers as Italy and Romania.

Interestingly, the EU does not impose a single system. The only thing that matters is the data format, so that it can be easily read by machines. The choice of technology, the method of implementation and the organisation of the system depends on the country concerned. Therefore, despite the common goal of streamlining settlements and tightening up tax systems, technical solutions vary from country to country. Three models of e-invoicing systems are used in Europe:

  • Centralised model
  • All invoices pass through a single state platform, which enables real-time monitoring of flows. Before the document reaches the contractor, it is verified and marked in the system.
  • Examples:
  • – Poland (KSeF)
  • – Italy (Sistema di Interscambio)
  • – Romania (RO e-Factura)
  • Hybrid model
  • The central platform receives data from certified intermediaries. The state sets standards and supervises data flow, but does not require the exclusive use of the government platform.
  • Examples:
  • – France (Portail Public de Facturation)
  • – Spain (Sistema Veri’factu)
  • Decentralised model
  • The most liberal approach. Companies exchange documents directly with each other in a unified format (EN 16931) and only then report the data to the tax authorities.
  • Countries using this model:
  • – Germany
  • – Belgium
  • – Netherlands
  • – Czech Republic
  • – Austria

In many countries it is observed now that they are not postponing the duty of compliance for the moment when the obligation come into force. They are already preparing for digitisation and greater transparency in VAT payment. The trend is clear. Paper is becoming a thing of the past, and e-invoices are becoming commonplace in Europe.

Subscribe to our newsletter