Características del mercado laboral danés

If business processes are outsources to the cloud this can have relevance in the context of tax- ation. For example, if usingIaaSthen the cloud may be considered a permanent establishment which is then relevant for the taxation of corporate customers.1 Another important aspect in the context of taxation is the inspection by competent supervisory authorities. Particularly in the case of electronic accounting, the high degree of regulation in Germany is higher than in other countries where often no regulations exists [102, part 6 recital 78]. Therefore, German tax law is a good example to investigate those requirements that can apply to outsourcing of tax data(i.e., data relevant for taxation) to the cloud.

In Germany, keeping accounts (according to §238HGB) is generally regulated by theAO. In the case of electronic accounting (which is regularly the case when outsourcing tax data to the cloud), the German regulation,Grundsätze zur ordnungsmäßigen Führung und Aufbe- wahrung von Büchern, Aufzeichnungen und Unterlagen in elektronischer Form sowie zum Datenzugriff (GoBD)2 [33], provides additional and more specific requirements on electronic

1_{Generally, it can be assumed that this is only the case for private clouds and depends case-by-case [102, part 6} recital 26 seqq.]. On the other hand, for cloud provider leasing and buying server is regularly relevant [102, idid.]. 2_{Applicable since 1st Jan. 2015; replacingGrundsätze zum Datenzugriff und zur Prüfbarkeit digitaler Unterlagen}

accounting. In general, electronic accounting is admissible but requires integrity of archived data [102, part 6 recital 77]. In particular, immutability during transmissions has to be ensured [102, part 6 recital 90]. Further, documentation and internal controlling is required as well as changing of existing entries must not possible [102, part 6 recital 77]. An particular interest- ing observation is that beside accounts1also correspondence via email is considered tax data [102, part 6 recital 84]. This implies that tax regulations not only apply to cloud resources directly connected to accounting (e.g., virtual machines hosting accounting software and tax data achieves) but also to other cloud resources like email servers and archives. This obliges the corporate customer to verify if tax regulations apply to data outsourced to the cloud and clearly specify how the cloud provider has to process them. Otherwise, the corporate customer may violate German tax law if the cloud provider, for example, transfers data to third countries. Generally, tax data have to be stored inland but a storage outside is possible according to §146 para. 2 cl. 1AOand §14b para. 2UStGbut the competent revenue authority has to be informed on location of data processing and involved cloud providers and hardware providers [102, part 6 recital 87] (see also Section3.5.3).

TheGoBDalso addresses external audits and inspections by competent revenue authority which have access privileges according to §147 para. 6AO(recital 158GoBD). In this context, access has to be provided to all IT systems containing tax data in general including documen- tation of the IT systems and an overview of all data stored within (recital 159GoBD). If tax data are outsourced to the cloud also IT systems of the cloud may be included in audits and inspections. This can lead to multiple problems, for example, if the prosecution demands phys- ical access to cloud resources [102, part 7 recital 10 seqq.]. Particular issues are the location of cloud resources in foreign countries and storage of tax data with data of other corporate cus- tomers on the same hardware resource. Section3.5.2generally investigates confiscation and distraint in the cloud. More detailed information on how the cloud provider has to deal with such cases can be found there. Even the usual case of an inspection by the competent revenue authority bear complex issues. An example is the direct access (Z1)2 where data have to be accessed via the original IT system (i.e., the cloud infrastructure and the associated remote system) only but remote enquiry is inadmissible (recital 165,GoBD). Remote enquiry is a ba- sic concept of cloud computing. Therefore, the requirements of direct access are technically unaccomplishable for clouds. A possible solution might be to migrated the cloud resources to a hardware resource which is physical accessible by the competent revenue authority. In this case, the access may be direct but possibly lacks of a remote software which is required to read out and visualise the data. Consequently, how to deal best (and without causing any legal or technical issues) with direct access in clouds remains legally and technically unanswered. An alternative for inspecting cloud resources might be indirect access (Z2) (recital 166GoBD). In this case, the corporate customer (or commissioned third party) analyses the tax data as instructed by the competent revenue authority and provides read-only access on the analysed data. Also possible is the data medium provision (Z3) (recital 167GoBD). Here, all tax data

1_{A comprehensive overview of documents relevant for record retention is provided byHilbert[102, part 6 recital} 81 seqq.].

2_{GoBDdistinguishes by three types of access: direct access (Z1), indirect access (Z2), and data medium provision} (Z3) (recital 165–167GoBD).

are provided on a data medium differently from hardware resources used in the cloud, and particularly, no access to the IT system is necessary.1

In conclusion, outsourcing of tax data to the cloud is generally admissible but requires the authorisation of the competent revenue authority. The corporate customer has to ensure that the cloud provider processes tax data in compliance with applicable requirements. These requirements particularly cover providing information on the location of the data-processing system and of the cloud provider (plus any subcontractors involved), ensuring the integrity of archived data, and providing unhampered, timely and automated access to tax data for external audits and inspections by competent revenue authorities.