From 2026, the National e-Invoice System (KSeF) will cease to be an optional solution and become a permanent element of everyday business operations. The changes will be implemented in stages, but they already require companies to be properly prepared – both technically and organizationally. For many entities, this means selecting the right software, granting authorizations, and adapting existing accounting procedures. The following article will guide you step-by-step through the most important steps to safely and efficiently implement KSeF in your company.
The implementation of the National e-Invoice System (KSeF) is being introduced in stages, with different obligations depending on the size of the company.
In the first phase (from February 1, 2026), the largest businesses (with turnover exceeding PLN 200 million) are required to report all sales invoices to the KSeF. At the same time, the way purchase invoices are processed for small and medium-sized businesses is changing – access to them is now possible exclusively through the KSeF.
In the next stage, the system will cover all enterprises, becoming mandatory for both issuing and receiving e-invoices.
We encourage you to fulfill your obligations arising from the upcoming changes to regulations today – for this purpose, we have provided a step-by-step KSeF implementation plan below.
If you encounter any significant problems while registering Ksef and granting authorization to the accounting office, please report the problem to the following email address: sekretariat@biurorachunkowe-krakow.pl, no later than January 16, 2026.
How to prepare your company step by step?
1. SELECTION / VERIFICATION OF THE INVOICING PROGRAM
The company must have an invoicing program integrated with the National e-Invoice System (KSeF), because from 2026 this system will become mandatory for most entrepreneurs in Poland, and traditional paper invoices and PDFs will no longer be the standard in B2B transactions.
If you already use invoicing software, please contact your provider to confirm that it is integrated with KSeF (i.e. allows reporting to KSeF).
If you are not currently using any program integrated with KSeF, please select the program and contact its provider to confirm that it is integrated with KSeF (i.e. allows reporting to KSeF).
WE ENCOURAGE YOU TO SELECT/VERIFY YOUR PROGRAM AS SOON AS POSSIBLE. FROM FEBRUARY 1ST, A PORTION OF YOUR COST INVOICES WILL BE RECEIVED AT KSeF.
2. SUBMITTING THE ZAW-FA – ONLY FOR COMPANIES (does not apply to sole proprietorships)
When submitting a ZAW-FA application, the Company selects ONE SuperAdmin (and only one, regardless of how the Company is represented). The SuperAdmin will grant subsequent permissions to other users.
Please note: If a company has a qualified electronic seal, it does not need to submit the ZAW-FA – after logging in and authenticating, it can grant and revoke authorizations.
ZAW-FA notifications are submitted by taxpayers and entities granting or revoking permission to an individual to use the National e-Invoice System. They are submitted to the head of the tax office with jurisdiction over the company’s registered office.
The form can be submitted:
- on paper – in person at the tax office, or by post,
- electronically – e.g. via ePUAP or as an attachment to a general letter in the e-Tax Office (remembering that only persons authorized to represent the company in the number required for a given entity can sign the notification on behalf of the company).
Below are links to download the ZAW-FA form and an example of how to complete it:
DOWNLOAD AN EXAMPLE OF HOW TO COMPLETE THE FORM
WE ENCOURAGE YOU TO SUBMIT YOUR ZAW-FA AS SOON AS POSSIBLE.
3. ACCOUNT AUTHENTICATION
Using KSeF does not require creating an account, but it is necessary to authenticate in the system.
Authentication is the process of confirming the identity of a given individual or entity attempting to access the KSeF. This ensures that actions performed within the system are not anonymous, and taxpayers (both sellers and buyers) can be assured that invoices are only issued by authorized individuals/entities.
Authentication of entities using KSeF requires the use of one of the following methods:
- trusted signature – ePUAP,
- qualified electronic signature,
- qualified electronic seal,
- KSeF certificate generated after the taxpayer or authorized entity has authenticated itself in a manner,
and verification of the qualifications held.
Additionally, until the end of 2026, a token will be available for authentication in the KSeF system, i.e., a system-generated string of alphanumeric characters (excluding punctuation marks), assigned to a taxpayer or eligible entity and its authorizations. A token can be generated for both an individual and a non-individual entity, such as a company. The KSeF system does not specify a validity period for the token. Once generated, the token remains valid until revoked by the user, but the ability to generate and use tokens will expire at the end of 2026.
The authentication method in KSeF depends on the legal form of the entity.
KSeF Authentication Guide: CLICK HERE
Comprehensive information about KSEF: CLICK HERE
Login to KSeF: CLICK HERE
4. GRANTING POWERS TO THE ACCOUNTING OFFICE
The Certificates and Authorizations Module (MCU) is a key tool in the National e-Invoice System, used for secure access and identity management.
The Certificates and Authorisations Module (MCU) is a key element of the National e-Invoice System, which is used to:
- granting privileges to users of the KSeF system,
- submitting applications for issuing a KSeF certificate and downloading them.
From February 1, 2026, the MCU will become one of the modules of the KSeF Taxpayer Application. Until then, to grant authorization to an accounting office, you must authenticate to the MCU at mcu.mf.gov.pl.
Authentication methods in MCU:
- Trusted Profile – logging in using a Trusted Signature
- Qualified certificate or qualified seal
- Qualified certificate “fingerprint”
Nadając uprawnienia biuru rachunkowemu, należy wziąć pod uwagę zakres współpracy określony w umowie na świadczenie usług księgowych:
- if you issue your invoices yourself, you should give the office permissions only to view your invoices;
- However, if you use an invoicing service, the office must be granted permission to view and issue your invoices.
MCU Guide: CLICK HERE
INSTRUCTIONS FOR GRANTING AUTHORIZATIONS FOR THE ABIX CONSULTING ACCOUNTING OFFICE: CLICK HERE
5. OPTIONALLY GENERATE AN AUTHORIZATION TOKEN OR CERTIFICATE
Integration of the invoicing program with KSeF / integration of the accounting program with KSeF.
1. AUTHORIZATION TOKEN is a special way to log in to KSeF. It is a 40-digit string of characters assigned to a specific entity and scope of permissions – it is a tool used for authentication and authorization in KSeF. Starting December 8, 2025, you can generate tokens necessary for authentication in the KSeF 2.0 system, which will come into effect on February 1, 2026.
You can generate a token for issuing invoices, a separate one for viewing invoices, or a combined token. The token can be integrated with the KSeF system, allowing you to link your invoicing program to KSeF for automatic document reporting.
Unlike a qualified signature, ePUAP profile and electronic seal, a token does not require user participation when sending or downloading invoices.
Token authentication will only be possible until the end of 2026 (after that date it will be necessary to use other authorization methods), but this method is currently fully operational.
The token is generated by logging into the MCU: LINK
2. KSEF CERTIFICATES are a type of electronic identity confirmation of the holder, similar to qualified certificates. They contain personal data of the applicant or entity. Therefore, only that individual can apply for a certificate containing a natural person’s data. Only that individual can download and use it. Certificates issued for entity data, such as a company, are not linked to specific individuals, so the company is responsible for distributing them to specific employees and using them when working at the KSEF.
The certificate is also generated by logging into the MCU: LINK
More information: CLICK HERE
Instructions for generating a token and certificate: CLICK HERE
