This article answers the following questions:

  • How to register and authenticate a company with KSeF?
  • Who is allowed to use various authentication methods?
  • How to generate a token for KSeF purposes?
  • What is needed for successful data verification enabling the use of KSeF?

The National e-Invoice System (KSeF) is a Polish IT system that will become mandatory for taxpayers in 2026. While the system itself does not require the creation of an account for the company to use it, regulations oblige its users to verify their authorisations and perform authentication. So, what are the steps that should be taken to authenticate with the KSeF, what are the data verification methods, and who are they intended for? Here's an outline of the essential information for accountants and entrepreneurs preparing to implement structured invoices.

Authentication in the KSeF system simply confirms the identity of individuals or entities attempting to access the system. Confirming data provides Polish authorities with assurance that invoices are being issued by authorised entities.

The law has provided for the possibility of authenticating with the KSeF using:

Find out how we can support your business

Mobile phone icon with gears

e-Invoicing (KSeF) implementation

Tax Advisory & Consulting Services

Outsourced Accountancy Services

Data verification and access via Trusted Profile

As a reminder, Trusted Signature is a free-of-charge Polish tool that enables its users to confirm identity in electronic systems and sign documents. Anyone with a PESEL number (including any Polish citizen and foreigner who has completed the process of obtaining one) can have such a signature.

Authentication in the KSeF system using a Trusted Profile will be possible via:

Initially, the Ministry of Finance stated that these verification methods would be available to taxpayers from 1 April 2026. However, it is already possible to authenticate with a Trusted Profile when logging in to the KSeF. It is worth noting, however, that this authentication method is intended only for individuals.

 

Authentication in KSeF using a qualified electronic signature

A qualified electronic signature is equivalent to a handwritten signature and is linked to a qualified certificate, which allows for verification of the identity of the natural person using it.

Importantly, the National e-Invoice System accepts authentication both with a signature that has a Tax Identification Number (NIP) or a Personal Identification Number (PESEL) assigned as well as without them (which allows us to assume that foreign qualified signatures will also be accepted in the National e-Invoice System).

  • In the case of qualified electronic signatures with a Tax Identification Number (NIP) or Personal Identification Number (PESEL) used by the taxpayer or a person authorised by the taxpayer, the system does not require any additional actions to be taken for the authentication to be effective.
  • If users hold signatures without a Tax Identification Number (NIP) or a Personal Identification Number (PESEL), they must submit the unique data associated with the qualified electronic signature certificate to the tax office before authenticating with the KSeF. Only after this data is entered by an authorised official into the system, will they be able to authenticate with the KSeF using a qualified electronic signature without a Tax Identification Number (NIP) or a Personal Identification Number (PESEL).

 

Qualified electronic seal – a method of authenticating companies with KSeF

One method for authenticating entities other than natural persons with the KSeF is a qualified electronic seal. It is equivalent to a company's electronic signature and should, as a rule, feature the taxpayer's Tax Identification Number (NIP).

In addition to the above-mentioned authentication methods (which are valid in the MF 2.0 Application), entities using commercial applications will be able to log in using tokens or certificates.

 

Tokens – a temporary method of logging in to KSeF

A token is a string of alphanumeric characters generated by the KSeF and assigned to a given taxpayer or entity. Importantly, the user can generate a token only after authenticating the taxpayer or entity in the system. This method can therefore be used to speed up and facilitate the KSeF login process (instead of authenticating with the KSeF each time, the generated token can be used to log in to commercial applications integrated with the KSeF; however, the Ministry of Finance does not allow logging in to the KSeF Taxpayer Application using a token).

Tokens for logging in to the National e-Invoice System can be generated for all permissions in the system, or just for some of them. If a token is generated for only some permissions, it should be noted that it will not be updated. Therefore, to grant further permissions, a new token for those specific permissions will need to be generated.

Please note that tokens are a temporary solution, as the ability to generate and use them will expire at the end of 2026.

 

KSeF Certificates and the Certificates and Authorisations Module

KSeF certificates are a digital tool that confirms the identity of a person or entity and enables secure and automated use of the e-invoicing system. Similar to tokens, logging in using a certificate will be possible in commercial tools (integrated with the KSeF), but not in the KSeF Taxpayer Application. An additional limitation is that using a KSeF certificate for offline invoicing will only be possible from 1 February 2026.

Not all KSeF certificates will be issued for the same purpose. There are two types of certificates:

  • Type 1 certificate is intended for authentication in the KSeF and confirming one's identity in the system. After authentication, a given person or entity will be able to utilise the KSeF in accordance with their previously granted permissions.
  • Type 2 certificate is essential for offline invoicing. It allows invoices to be coded to confirm the issuer's identity, ensuring continuity of the invoicing process regardless of the invoice issuance method.

To generate a certificate, an entity must submit an application via the Certificates and Authorisations Module, which has been made available by the Ministry of Finance in the KSeF domain. This functionality is available from November 2025 until the end of January 2026. From February 2026, certificate generation will be possible in the KSeF Taxpayer Application.

Once generated, the certificate will be valid for a maximum of two years, after which it will need to be renewed. A taxpayer will be able to obtain a new certificate one month before the previous certificate expires.

 

Authentication and authorisation of relevant persons in the KSeF is an important step in the process of implementing e-invoicing in the company

Authentication with the KSeF system will be available in several ways, giving taxpayers some flexibility and allowing them to tailor their login method to their individual needs. Therefore, it's worth carefully considering which method is most appropriate for your business. When choosing a solution, users should also verify whether submitting a ZAW-FA notification to the tax office will be required prior to authenticating in the system.

In case of any questions or doubts related to the KSeF system – please contact our tax advisors and accounting outsourcing experts.

Authors

Piotr WYRWA
Piotr WYRWA
Tax Director | VC Team Leader
Tax advisory
Poznań
Żaneta CIESIELSKA
Tax Analyst | VC Specialist
Tax advisory
Poznań

Related insights