ISCA compliance: what your POS software must meet in France in 2026

Since January 1, 2018, every VAT-registered merchant in France must use POS software that meets strict criteria for immutability, security, conservation, and archiving — known as ISCA. This obligation stems from France's anti-VAT fraud law and applies to all shops, restaurants, salons, and service providers recording payments.

During a tax audit, non-compliance can result in a fine of 7,500 euros per non-compliant software. Beyond the fine, the credibility of your entire accounting is called into question. Tax authorities may then dig deeper and review multiple fiscal years.

In practical terms, your POS must guarantee that sales data cannot be altered or deleted after validation. Every transaction must be fully traceable from start to finish.

Immutability: once a sale is recorded, it cannot be modified or erased. Any correction requires a complementary entry (credit note, discount) that leaves a complete audit trail. This is the core pillar that prevents fraud.

Security: data is protected through cryptographic mechanisms. Each transaction is chained to the previous one via a hash, making any tampering detectable. If someone tries to alter a past sale, the chain breaks and the anomaly becomes visible.

Conservation: all POS data must be kept for at least 6 years in France. This includes receipts, cancellations, payment methods, and daily closing reports. A good POS automates this retention without manual intervention.

Archiving: data must be exportable in a format readable by tax authorities. The required format is typically the FEC (Fichier des Ecritures Comptables) or a standardized CSV export. digabloPos generates these exports in one click from the dashboard.

There are two ways to prove your software's compliance: an editor's attestation or the NF525 certification issued by an accredited body (LNE in France). Both are accepted by tax authorities.

The attestation is a sworn declaration from the software publisher. It commits their liability and must detail how the software meets each ISCA criterion. This is the most common approach for SaaS platforms and independent publishers.

NF525 certification involves a full audit by a third party. It offers a higher level of assurance but comes with significant cost and lead time. For merchants, the editor's attestation is sufficient — and that is exactly what digabloPos provides to all users, downloadable directly from account settings.

With digabloPos, ISCA compliance is built in by default. There is nothing to configure. Every sale is automatically chained, timestamped, and digitally signed. Data is stored in the cloud with redundant backups.

The daily Z report is generated automatically with all regulatory totals: revenue by VAT rate, breakdown by payment method, ticket count, cancellations, and discounts. This report is an essential accounting document in case of an audit.

Finally, FEC export is available in one click for any time period. You can send your data to your accountant or directly to tax authorities in the expected format. No more juggling between tools or keeping a paper ledger on the side.