Sets with qualified certificate

Submitting financial statements to the National Court Register
From 15 March 2018, all companies entered into the National Court Register have to submit their financial statements only in electronic form, signed with a qualified electronic signature or with an ePUAP Trusted Profile.  Statements adopted by a supervisory body should be signed by at least one person authorized to represent a given entity, whose Personal Identification Number (PESEL) is disclosed in the National Court Register (KRS) (under Art. 19e section 1 of the Act on the National Court Register as at 15 March 2018).

Statements should be submitted via the Ministry of Justice system available at www.ekrs.ms.gov.pl/.

All you need to submit a statement is our Szafir set with a qualified certificate. Order the set and choose the option to receive it along with the kit installation. The set we provide is immediately ready for use.

From January 2015, every entity employing more than five employees has to submit PIT-11, CIT-8 and IFT-2 declarations only in electronic form, signed with a qualified electronic signature.

An authorised person should purchase a qualified electronic signature kit, containing a qualified certificate, a cryptographic card and a card reader in order to sign declarations downloaded directly from the e-Deklaracje portal.

If tax returns are sent directly from the taxpayer's financial and accounting systems, we also suggest using Szafir programming tools, which enable easy integration of e-signature functionality into the system. The kit can be picked up at any our branch or at over 700 cooperative bank branches throughout the country. Check, which location is the nearest one, and order a kit using the most convenient pick-up method.

Notifications and reports to the President of the Personal Data Protection Office (PUODO)

The controller or processor, within the meaning of Article 4(7) and (8) of the General EU Data Protection Regulation (GDPR), is obliged to notify PUODO of the appointment, dismissal and change of data concerning the data protection officer. The controller is obliged to report any personal data breach to PUODO. Electronic forms which enable fulfilling these obligations are available at www.uodo.gov.pl. After completing the form, the requesting party, if he or she has a qualified electronic signature, can send it electronically. In order to send notifications and reports to PUODO, KIR certification services can be used.
For this purpose it is necessary to obtain:

• a qualified certificate
• a cryptographic card
• a cryptographic card reader
• software for creating and verifying signatures

An electronic signature created under an application to PUODO with the use of this set has the legal effect of a qualified electronic signature equivalent to a handwritten signature. To obtain a set for creating qualified signatures with the signing application, an agreement for the provision of trust services must be concluded with KIR.

Under the applicable law, large, medium and small enterprises shall submit monthly VAT purchase and sales reports to the tax authorities. The transmitted data must have a standardised layout and format (XML schema), which allows for easy processing. The Standard Audit File (JPK), among other things, makes it possible to eliminate barriers in the transmission of electronic data, shorten the time of activities performed and reduce their burdensomeness, thus to reduce the company's operating costs. Data in the form of Standard Audit File (JPK) submitted to the tax office online or on any data carrier require a qualified electronic signature, which guarantees the security of the files and protects them against any changes. You can read more about Standard Audit Files on the website of the Ministry of Finance.

The National System of e-Invoices (KSeF) enables the issuance and sharing of structured invoices. Its task is to collect all e-invoices issued by entrepreneurs.

Legal basis:  Act of 29 October 2021 on Amendments to the Act on Law on Value Added Tax and Certain Other Acts (Journal of Laws of 2021, item 2076)

Since when?

The National e-Invoicing System (KSeF) enables the issuance and sharing of structured invoices. Its purpose is to collect all e-invoices issued by entrepreneurs.
Legal basis: Act of 29 October 2021 amending the Act on Value Added Tax and certain other acts (Journal of Laws of 2021, item 2076).

• For whom?

The National System of e-Invoices can currently be used by:

• Entrepreneurs registered as active VAT payers,
• Entrepreneurs exempt from VAT,
• Taxpayers classified in Poland for the special EU OSS procedure with a Polish tax identification number (NIP).

How to use it?

The system allows integration with accounting software through the KSeF 2.0 API (mandatory from 1 February 2026). Users are required to confirm their identity and obtain authorization to use the system on behalf of their company. The available authentication methods in KSeF are:

1. Qualified Electronic Signature
The qualified electronic signature certificate must contain the holder’s name and surname, as well as a serial number containing the PESEL number. For certificates without a PESEL number, use will be possible after notifying the relevant head of the tax office. You can choose:

• Qualified Szafir electronic signature certificate stored on a card, or
• Mobile qualified electronic signature certificate (mSzafir), which does not require a card or reader for signing

2. Qualified Electronic Seal
The qualified electronic seal certificate contains the entity name as registered and the NIP number. The seal certificate does not include personal data, and it is up to the entity named in the certificate to indicate authorized persons to use it. Authentication using a qualified seal requires:

• A qualified electronic seal certificate, and
• A qualified device for creating an electronic seal, in which the key pair is stored

You can choose:

A qualified seal set, including a qualified seal certificate valid for 1 or 2 years, a cryptographic card, and optionally a card reader, or a qualified electronic seal certificate and an appropriate HSM cryptographic module. KIR offers HSM modules that act as qualified devices for creating electronic seals, listed on the official register of qualified devices, as well as tools enabling integration. Using an HSM module allows for automated KSeF authentication and ensures high process efficiency.

3. Trusted Profile Signature (Podpis zaufany)
A signature generated using the Trusted Profile can be used in dealings with public entities, including authentication in KSeF.

4. KSeF Certificate
A unique user identifier in KSeF used for authenticating system connections. Available from 1 November 2025, after submitting an application to the e-Tax Office and confirming identity via Trusted Profile or a qualified e-signature/e-seal certificate. This method allows issuing invoices in special modes: offline24, offline (system downtime), and emergency.

5. Token
An alphanumeric string (without punctuation marks) generated by KSeF after the taxpayer or an authorized entity authenticates using one of the methods listed in points 1–3. The token is assigned to the taxpayer or authorized entity along with their permissions.

• mass placement and verification of signatures through:
  • selecting multiple files for streaming signing or verification,
  • defining a time limit or a limit on the number of cryptographic operations – to achieve which it will be possible to use a technical component after entering the PIN code once.
• support for the following e-signature formats allowed by the eIDAS regulation:
  • CAdES (PKCS#7) – the application supports the following variants: CAdES-BES or CAdES-T, and allows for multiple signatures;
  • XAdES – the application supports the following variants: XAdES-BES, XAdES-T, XAdES-C, XAdES-A and allows for multiple signatures, countersignatures and enveloped signatures;
  • PAdES – the application supports the following variants: PAdES-BES, PAdES-T and PAdES-LTV;
  • ASiC-S – the application supports the following variants: ASiC-S-CAdES-BES, ASiC-S-XAdES-BES, ASiC-S-CAdES-T, ASiC-S-XAdES-T.
• handling cryptographic cards issued by all qualified certification centres operating on the Polish market,
• handling qualified certificates issued by both domestic and foreign qualified entities providing certification services,
• ability to encrypt and decrypt files using non-qualified certificates using the DES3 and AES algorithms,
• possibility of time stamping data,
• ability to prepare templates for signing and verifying documents,
• ability to trigger the e-signature creation or verification task from the context menu,
• automatic update of the Szafir application,
• ability to define dedicated configurations for individual users,
• simple way of specifying data to be signed or verified with the ability to sort files by name and extension,
• providing an e-signature in a format compatible with e-Declarations,
• support for TSL lists enabling verification of signatures from EU countries,
• two language versions – Polish and English.