Cash register software: why Auguria advocates for self-certification

Do we really need to go through a certification body to prove that a cash register software is compliant with the law, or can we leave this responsibility to those who design and deploy the solutions: publishers and integrators?

At Auguria, our answer is clear: we advocate for aframed and responsible self-certificationrather than an additional layer of bureaucracy. The goal is not to relax the fight against fraud, but rather to make itsmarter, while preserving innovation, open source, and the competitiveness of SMEs.

1. A legal framework that has evolved significantly

Since 2018, professionals subject to VAT who use a cash register software or system must resort to a so-called “secure” solution, guaranteeing in particular:

• the immutability of data,
• its security,
• its preservation,
• and its archiving.

Initially, there were two ways to prove this compliance:

• either through acertification(NF525, LNE, etc.),
• or through aindividual attestationfrom the publisher or integrator.

This mixed model allowed room for large certified publishersandmore flexible solutions, particularly open source, that committed through self-attestation.

2. The drift towards mandatory certification

With the 2025 finance law, the trajectory changes: the possibility of self-attestation is gradually being removed, in favor of amandatory certification by an accredited body.

In practice, this means saying:

• "You are only compliant if a private third party affixes their official stamp on you";
• publishers and integrators can no longer assume alone and directly the responsibility for compliance.

This evolution has been strongly criticized for several reasons:

• burdensome procedures,
• significant recurring costs,
• risk of turning compliance intoregulatory tollto the benefit of a small number of organizations,
• disproportionate impact on free software and small structures.

3. The welcome return of self-attestation

In response to these criticisms, Parliament has begun to shift the trajectory.

As part of the 2026 finance bill, the National Assembly and the Senate have worked toreintroduce self-attestation, particularly to:

• preserve SMEs,
• avoid a rent situation for a few certifiers,
• maintain a balance between fighting fraud and economic reality.

At the time this article is written, the exact text may still evolve, but the trend is clear:

Restore the role of a regulated self-certification, rather than relying entirely on a single form of mandatory certification.

4. Odoo in this context

Odoo is a complete ERP, with a Point of Sale (POS) module and French localization.

In practice:

• in Odoo Enterprise, the publisher (Odoo SA) can issue a certificate of compliance under the anti-fraud VAT law;
• In Odoo Community (free version), it is the integrators who historically take over, practicing self-certification for their clients.

Specifically, this is based on:

• technical mechanisms: logging of entries, locking, closures, archiving,
• procedures: rights management, cash register closures, internal control,
• a contractual commitment: the service provider signs and assumes responsibility.

In other words, Odoo naturally fits into a model where the publisher and integrators take on compliance, rather than transferring everything to a third-party certifier.

5. Dolibarr, Pastèque & other open-source solutions

The issue is not limited to the Odoo ecosystem.

Free solutions such as:

• Dolibarr(with TakePOS),
• Pastèque, a suite of free cash register software,

were designed from the start to:

• offer serious technical mechanisms (traceability, locking of entries, history of corrections),
• allow the publisher or integrator to provide acertificate of complianceto the end customer.

The widespread mandatory certification has put these projects under pressure:

• difficult-to-absorb costs,
• risks of stifling innovation,
• fragilization of the free offering for small merchants.

Hence the importance of the ongoing rebalancing: if self-certification remains possible, these solutions can continue to exist and evolve.

6. What serious self-certification entails

Being in favor of self-certification does not mean 'letting anything happen'.

Serious self-certification is at a minimum:

• acompliant technical foundation :
  immutability, security, preservation, and archiving actually implemented in the software;
• aclear documentation :
  affected versions, covered modules, functional scope;
• robustoperational proceduresat the client:
  cash register closures, rights management, variance control, archiving;
• awritten commitmentfrom the publisher or the integrator:
  signed certificate, clearly enforceable, that holds them accountable.

The administration retains its role:

• to control,
• to request supporting documents,
• to sanction in case of fraud or deceit.

The difference is that we hold accountablethose who actrather than adding another layer of intermediaries.

7. Auguria's position

As aconsulting and Odoo integration company, Auguria advocates the following principles:

• Yes to the fight against VAT fraud.
  It is a matter of fairness between companies and funding public services.
• Yes to understandable and stable rules.
  Immutability, security, traceability: very good, as long as it is clear technically and legally.
• No to a single mandatory certification.
  It adds significant fixed costs, does not guarantee the absence of fraud on its own, and penalizes open solutions and innovative players.

We believe thatregulated self-certificationis:

• a lever tohold accountablepublishers and integrators,
• a means topreserve innovation and diversity(Odoo Enterprise, Odoo Community, Dolibarr, Pastèque, etc.),
• a better balance betweenlegal securityandeconomic realityof SMEs.

In our Odoo projects (POS, retail, e-commerce, multi-stores…), we continue to:

• design integrated cash register architectures (cash register, sales, inventory, accounting, e-commerce),
• configure and document the mechanisms necessary for compliance,
• support our clients in theproduction of a compliance certificatesuitable for their situation.

8. What should companies ask their service provider?

For a manager or IT manager, the right question is not just:

"Is your software NF525 certified?"

It is much more useful to ask questions like:

• How do you guaranteethe immutabilityof cash data?
• Whattracesare kept in case of correction or cancellation of a ticket?
• How are theclosures of cash registers, journals, and periods organized? ?
• What are thecontrolsin place to detect discrepancies or anomalies?
• Whosigns thecompliance certificate, and on what exact scope (version, modules, uses)?
• What happens if the administration contests a point: what is the position of the publisher or integrator?

On Odoo, this means looking at the entire system:

• the configuration of the POS and accounting,
• cash management and internal management practices,
• and the support provided by the integrator, who must be able to explain and take responsibility for their choices.

Conclusion

Between compliance turned into a certification business and wild self-certification, there is a responsible path:

• clear rules,
• well-designed software,
• integrators who take responsibility,
• and an administration that controls with discernment.

This is the model we advocate at Auguria, around Odoo and alongside open solutions.

Less bureaucracy, more responsibility: for us, it’s simply common sense for entrepreneurs.