Email archiving

In 2022, there is a wealth of different communication media designed to make everyday life easier and to enrich it. At the top of the list is social media. Nevertheless, email is still the medium of first choice when it comes to business communication in companies. But as with any communication medium used for business purposes, there are also legal requirements for emails. This applies in particular to their archiving. This article explains what email archiving is all about, what needs to be considered and how email archiving works.

What is email archiving?

Email archiving describes a process in which a company’s electronic correspondence that has been created via email is archived or stored in an archive system. Email archiving covers a specific area of digital or electronic archiving. It is therefore a sub-discipline of archiving.

The purpose of email archiving is to store internal data for personal use and to comply with legally mandatory retention requirements and deadlines. In addition, emails have now largely replaced traditional correspondence by letter and fax, which is why they often represent the only record of business communication. It is therefore important and necessary to document and archive this correspondence. If the legal requirements for email archiving are not followed or the retention requirement is not met, it may constitute a violation of recording and bookkeeping obligations. This in turn can result in tax penalties and legal consequences and may even be punishable by imprisonment.

Brief definition: archiving

Archiving is the permanent and immutable storage of documents and data in a controlled and systematic manner.

Which emails need to be archived and what are the legal requirements?

The answer to the question of which emails must be retained by law is: it depends. The rules for email archiving are based on the principles for the proper management and storage of books, records and documents in electronic form and for data access (GoBD), which in turn are based on the German Commercial Code (HGB) and the German Fiscal Code (AO). In addition to these laws, other laws may apply depending on the industry and legal form of the company, such as the Value Added Tax Act (UstG) or the Stock Corporation Act (AktG). However, there is no specific law that explicitly applies to email archiving.

Requirements according to the tax code (AO)

The prerequisite for the archiving obligation of emails is the classification of an email as a business or commercial letter. However, whether an email corresponds to a commercial letter depends in turn on its content and purpose. According to the AO, all emails that have tax relevance must be archived. This is the case for documents with the following content:

Annual financial statements, trading books, management reports, inventories, the opening balance sheet and the work instructions and other organisational documents required for their understanding
Received commercial or business letters
Reproductions of the sent commercial or business letters
Accounting documents
Other documents, insofar as they are relevant for taxation

Requirements according to the German Commercial Code (HGB)

The HGB on the other hand classifies all emails (including attachments) as commercial letters that can be understood as a company’s business correspondence. For example, emails with the following content are considered to be business-related:

Emails regarding business transactions and their conclusions, including contracts, order confirmations, invoices, delivery notes and payment receipts
Emails regarding cancelled or prepared business transactions, including order changes, letters of complaint and contact with (potential) customers by the sales department

In summary, this means that all emails with tax or business relevance are subject to the retention requirement and must be archived. This applies to both incoming and outgoing emails. On the other hand, this also means that all emails without any tax or business relevance do not have to be archived. These include newsletters, unsuccessful offers, brochures, advertising flyers and spam emails.

Please note: not all emails in a company may be archived. Emails that are subject to the General Data Protection Regulation (GDPR) require the express consent of the respective employee and may not be stored in the archive system, without further ado.

Definition of a ‘commercial letter’

A business letter (commercial letter) is any correspondence that relates to the preparation, execution or cancellation of a business or commercial transaction. However, the term ‘business letter’ refers not only to letters in the conventional sense, i.e. documents sent by post, but also to electronic messages: emails, faxes, telegrams, etc. Correspondence that does not lead to the conclusion of a business transaction is not a commercial/business letter.

Source: IHK 2022

Superhero carries an envelope into the clouds.

How long do you have to archive emails?

As described above, the purpose and content of the emails are what determine whether archiving them is legally compliant. The retention period for emails also depends on this. In general, the German Commercial Code (HGB) defines in § 257 that all emails that are considered commercial letters must be archived for six years. However, this period can also be extended to 10 years if the emails contain documents such as annual financial statements, opening balance sheets or accounting records.

Since separating emails based on their content or purpose and their retention period involves a not inconsiderable amount of additional work, many companies archive all their relevant emails for ten years from the outset. The start date for the retention period is always the end of the calendar year in which the corresponding email was sent or received.

How does email archiving work?

Printing out emails, filing them and putting the folder in the filing cabinet is no longer an adequate solution. When it comes to archiving emails, it is important that it complies with legal requirements and is GoBD-compliant. This means that the documents must be stored in their original format, i.e. emails in electronic form. However, there is no prescribed ‘location’ where the emails must be stored for audit-proof archiving of emails. Accordingly, this can be both the local company server and a cloud-based platform. Nevertheless, there are strict standards for audit-proof archiving. Accordingly, all relevant records must be…

complete,
proper,
correct,
timely,
immutable,
traceable,
and verifiable.

Applied to email archiving, this means that:

Each email is archived in an unalterable form and can be retrieved in exactly the same state.
No email may be lost during transfer to the archive or in the archive itself.
Each email in the archive must be retrievable in a timely manner.
No email is deleted before the retention period has expired.
All actions and changes in the archive must be meticulously logged so that the original state can be restored.
No information may be lost during an archive system migration.

To ensure secure email archiving and thus be able to meet the requirements of the GoBD, many companies rely on external providers and solutions. Microsoft 365 provides an email service in the cloud with Exchange Online. Here, Microsoft 365 offers the advantage that email archiving is directly integrated into the solution. Depending on the compliance requirements, Microsoft 365 offers various email archiving scenarios. It is recommended to involve a specialised Microsoft partner in such a project.

*Legal information

The information contained in this article is for informational purposes only. They do not constitute legal advice. In particular, it cannot replace individual legal advice that takes into account the specifics of each case. Where we report on cases, in particular court decisions, their outcome should not be taken as necessarily indicating a similar outcome in other cases.

We endeavour to select the information provided in this article with care and to update or supplement it as necessary. However, we cannot guarantee that the information in this article is up-to-date, complete or accurate. This applies in particular to changes in legislation or case law.