2026-01-26 06:05
publication
2026-01-26 06:05
The Ministry of Finance uses solutions offered by a private entity that will have access to data from invoices issued using KSeF – writes in the Monday edition of “Dziennik Gazeta Prawna”.
The closer to February 1, the date of entry into force of the National e-Invoice System, the more concerns about data security. The alarm was recently raised by a user of a popular website. He pointed out that the Ministry of Finance uses solutions offered by a private entity, which will have access to data from invoices issued using KSeF. This is an American company Imperva (specializing in cybersecurity), which belongs to the French company Thales – we read in “DGP”
According to the Internet user, unauthorized persons will be able to check who issues invoices to whom and for what amounts. They will also be able to read who in a given company is entitled to KSeF and to what extent. “This is not true,” replies the Ministry of Finance. “No security systems, including WAF Cloud (Web Application Firewall) solutions, have access to the content of invoices because they can only see encrypted data and do not have the keys to decrypt them. Only we have the keys. Only the KSeF system has the ability to decrypt the invoice through the encryption methods used by the Ministry of Finance using a unique key,” the newspaper quotes the Ministry of Finance.
However, experts have reservations about the encryption method. “It does not prevent hacker attacks and potential leaks,” says Adrian Lapierre, managing director at ITTrust. He gives an example of breaking the Enigma cipher. In the case of KSeF, the risk mechanism is the same, says the expert quoted by the daily. (PAP)
jszt/ jm/
