E-Invoice Retention Periods: A Global Compliance Guide

Tax authorities don't accept "we stored it somewhere" as a defense. When an auditor requests an invoice from seven years ago, you need the original digital file, intact, machine-readable, and verifiable. Not a scanned PDF of a printout, not a converted copy, and not a file your system can no longer open. E-invoice retention is a precision discipline, and the margin for error is zero.

Consider what that means in practice. A mid-sized logistics company faces a VAT audit covering the previous seven years. The finance team can produce PDFs that are clean, readable, and neatly organized. But the tax authority wants the original XML files, with cryptographic signatures intact, in the format they were received. The PDFs are renderings. They don't count. The result is a reconstructed tax assessment, a six-figure penalty, and personal liability exposure for the CFO. This is not a hypothetical. It is the standard consequence of confusing storage with legally compliant e-invoice retention.

This guide maps the e-invoice retention periods that apply country by country, then explains the technical baseline every jurisdiction shares. Retention duration is where most compliance projects start, so that is where we start too.

Before the country detail, here is the practical picture. Most major jurisdictions cluster around a 10-year retention period, with a handful of shorter outliers and one striking exception that catches whole industries off guard.

The sections below add the calculation quirks and statutory sources behind each number, because the difference between "10 years" and "10 years from the end of the calendar year" is exactly the kind of detail an audit turns on.

Electronic invoicing has crossed the threshold from competitive advantage to legal obligation. Across the European Union, the E-Invoicing Directive 2014/55/EU established structured digital invoicing as the baseline for public procurement. Since then, individual member states have accelerated far beyond that floor, extending mandatory e-invoicing to B2B transactions and tightening the technical requirements for how those invoices must be stored.

Most organizations misread the requirement here. Retention is not synonymous with storage. Storing an invoice means keeping a copy. Retaining an invoice, legally, means preserving it in its original digital format, with its integrity intact, machine-readable, and retrievable on demand. A PDF rendering of an XML invoice is not the original. A ZIP archive on a shared drive with no access log is not compliant archiving. The three pillars of original format, proven integrity, and a tamper-evident audit trail underpin every retention period in the table above, and they are covered in depth in our guide to e-invoice archiving requirements.

The financial stakes are concrete. VAT fraud costs European economies an estimated €50 billion annually, and tax authorities have responded by making record-keeping requirements more rigorous, not less. Companies that cannot produce original, verifiable invoices during an audit face reconstructed tax assessments, penalties, and, in some jurisdictions, criminal liability for executives.

The foundational principle across every major jurisdiction is consistent. Invoices must remain in the format in which they were received or issued, stay machine-readable for the full retention period, and be protected against undetected alteration. Everything else, including duration, indexation, and access controls, builds on that foundation.

The DACH region sets some of Europe's most demanding retention periods for electronic records. Each country has its own legal framework, but the underlying philosophy is shared: the burden of proof lies with the taxpayer, and that proof must be technically unassailable.

Germany's retention period for invoices is 10 years, calculated from the end of the calendar year in which the document was created. The rules live in the GoBD principles (Grundsätze zur ordnungsmäßigen Führung und Aufbewahrung von Büchern).

GoBD goes well beyond duration. It also dictates original-format preservation, provable immutability, machine-readability, and an internal control system (IKS) documenting how invoices are captured, indexed, stored, and retrieved. Those obligations are extensive enough to warrant their own treatment, so we cover them in our guide to GoBD-compliant archiving for e-invoices. For retention planning, the headline is simple: 10 years, original format, provably unchanged. Provably. Not probably.

Switzerland's Geschäftsbücherverordnung (GeBüV) mandates a 10-year retention period for business records, including invoices. The Swiss framework places particular emphasis on the authenticity and integrity of electronic records throughout their full lifecycle.

A critical differentiator in Switzerland is KRM certification. The Kompetenzzentrum Records Management certifies archiving systems that meet GeBüV requirements. Operating a KRM-certified system gives you a defensible position in a tax audit, because the system's compliance has been independently verified rather than self-declared. That distinction matters when an auditor is deciding whether to accept your records or reconstruct your tax position from scratch.

Austria operates on a standard 7-year retention period for invoices under the Federal Fiscal Code (Bundesabgabenordnung). Invoices connected to immovable property transactions must be retained for 22 years. This exception catches many businesses off guard, particularly in construction, property management, and facility services. Twenty-two years is not a typo.

France presents a retention-period nuance that creates genuine practical confusion. The French Commercial Code sets a 10-year retention requirement for commercial documents, while the tax administration's requirement for VAT records runs to 6 years. In practice, the prudent approach, and the one most auditors expect, is to apply the 10-year commercial standard uniformly.

France is also mid-transition toward mandatory B2B e-invoicing through the Portail Public de Facturation (PPF), with phased rollout underway. As this mandate tightens, the technical requirements for archiving become more prescriptive, not less.

Italy's retention period is 10 years, but the method of digital preservation is governed by a distinct legal concept: Conservazione Sostitutiva (substitute conservation). Under this framework, electronic documents carry full legal equivalence to paper originals, provided the preservation process meets the technical standards set by AgID (Agenzia per l'Italia Digitale). In short, Italy does not merely set a duration; it mandates a certified conservation method, which is worth scoping early. Every invoice issued in Italy must also pass through the state-run Sistema di Interscambio (SDI) and be archived accordingly.

Poland calculates its 5-year retention period from the end of the tax year in which the tax obligation arose. That is a subtle but important distinction from the calendar-year calculations used elsewhere, and it can shift the real expiry date by months. The Polish Ministry of Finance is implementing KSeF (Krajowy System e-Faktur), a centralized national e-invoicing platform that will make structured invoice exchange mandatory.

The common thread across France, Italy, and Poland is the requirement to preserve not just the invoice data, but the digital signature or cryptographic proof that validates its authenticity for the entire retention duration. A signature that expires after three years does not satisfy a 10-year retention requirement.

Following its departure from the EU, the UK maintains its own VAT record-keeping framework. HMRC requires businesses to retain VAT records for 6 years, with some categories, such as records related to capital goods, requiring longer periods.

The UK's Making Tax Digital (MTD) initiative has changed the technical baseline. MTD mandates digital record-keeping and digital submission of VAT returns, which means retention infrastructure must be digital by design rather than retrofitted from paper-based processes. MTD for Income Tax Self Assessment extends these requirements further, pushing sole traders and landlords onto digital records.

The United States applies a general 7-year rule for tax records under IRS guidelines, though specific industries and document types carry different requirements. Singapore's Inland Revenue Authority of Singapore requires a 5-year retention period for GST records under its GST record-keeping rules.

Both jurisdictions share a common expectation. Records must be retrievable in a structured, machine-readable format, not merely stored. The discipline is the same even where the duration differs.

Multinational corporations operating across multiple jurisdictions increasingly adopt a single global retention policy, typically 10 years, rather than maintaining jurisdiction-specific archives. The rationale is straightforward. The cost of managing differentiated retention periods across 20+ countries exceeds the storage cost of applying the most conservative standard uniformly. A 10-year global policy satisfies every major jurisdiction's minimum requirement without requiring country-by-country tracking.

Choosing the right system architecture to support that policy is a separate question, one that touches on whether a DMS, ECM, or dedicated archive best fits your operational model. That distinction is worth understanding before committing to infrastructure.

Retention duration gets most of the attention. Storage location gets almost none, until an audit reveals the problem. Several EU member states impose explicit data residency requirements for tax records. Germany's GoBD, for instance, requires that electronic records stored outside Germany remain accessible to German tax authorities at all times. There can be no dependency on a foreign government's cooperation or a vendor's continued operation.

This creates a direct tension with cloud-first archiving strategies. Storing invoice archives on a hyperscaler's multi-region infrastructure is not inherently non-compliant, but it requires explicit contractual guarantees about data location, access rights, and what happens if the vendor exits a region or becomes subject to a foreign jurisdiction's data access laws (such as the US CLOUD Act). A 10-year retention period will outlast most vendor contracts. Archiving infrastructure that locks invoice data into a proprietary format or a single cloud provider creates real risk. If the vendor exits the market or changes pricing dramatically, migrating a decade of sealed invoice records becomes a compliance crisis.

Picture a German subsidiary of a US-headquartered group, archiving invoices on infrastructure managed by the US parent. A German tax authority requests records. The parent's legal team flags potential CLOUD Act implications, and the subsidiary cannot produce the records independently while the audit clock runs. The fix is architectural: each local entity must retain independent retrieval capability, regardless of the parent organization's infrastructure decisions. Understanding how ERP-integrated archiving handles these sovereignty requirements is essential for any multinational operating under German, French, or Italian tax law.

Knowing the retention period by country is half the job. The other half is making the archive survive that period in a state an auditor will accept. Three technical requirements recur in every framework above, and each has a canonical home if you want the full detail.

Keep the original format, not a PDF. When you receive a ZUGFeRD or XRechnung file and convert it to PDF for human readability, the machine-readable XML is the legally relevant document, so retain the original XML rather than only its rendering. Why a plain PDF no longer counts as a structured e-invoice is a question in its own right, which we answer in is a PDF a valid invoice in 2026.

Prove integrity cryptographically. Across the full retention span, integrity must be provable independently of the system holding the document, not asserted by a database flag. A cryptographic seal anchored outside the storage system is what turns "trust us" into "verify it yourself," and the distinction between genuinely tamper-proof and merely secure storage is covered in tamper-proof versus secure storage. Peer-reviewed research on blockchain timestamping demonstrates the integrity guarantees this approach provides over the multi-decade timeframes invoice retention demands.

Keep a tamper-evident audit trail for the whole period. Access, exports, and failed retrieval attempts must be logged in a record that cannot be retroactively altered, since guidelines for digital records auditing treat the access log as carrying as much legal weight as the document itself. The audit-trail pillar is detailed in our e-invoice archiving requirements guide.

"Prompt availability" is a legal standard, not a vague aspiration. German tax authorities, under GoBD, expect archived records to be producible within a reasonable timeframe. In practice, that means days, not weeks. Systems that require manual retrieval, tape restoration, or vendor engagement to reach archived records do not meet this standard. As invoice volumes grow with mandatory e-invoicing, retrieval performance has to scale across the entire retention period.

Indexation is where many companies quietly fail. Every archived invoice must be findable by the metadata an auditor will use: invoice number, issue date, supplier VAT ID, buyer VAT ID, amount, and currency. An archive of ten million invoices with no structured indexation is functionally inaccessible. Effective strategies extract and index this metadata at the point of ingestion, not as a retrospective exercise. Systems that embed archiving natively into ERP workflows capture that metadata in context, where it is most accurate and complete.

E-invoice retention is not a storage problem. It is a data-integrity problem, a process-integrity problem, and an infrastructure-sovereignty problem, all with consequences measured in years and penalties.

The retention periods vary by jurisdiction: 10 years in Germany, Switzerland, France, and Italy; 7 years in Austria for standard invoices, and 22 for real estate; 6 years in the UK; 5 years in Poland and Singapore. The technical requirements, by contrast, are converging on original-format preservation, cryptographic proof of integrity, tamper-evident audit trails, and indexed searchability across the full retention span. Storage location now belongs on that list too.

Organizations that treat these requirements as checkboxes will fail audits. Those that build retention into their infrastructure will be positioned to satisfy any tax authority, in any jurisdiction, at any point in a 10-year window.

If you build software that handles invoices, explore how OriginVault's white-label compliant archiving layer can make audit-grade e-invoice retention a native feature of your platform, without building the compliance infrastructure yourself.