Every business scans documents. Tax invoices, supplier receipts, delivery certificates. The scanner runs, the PDF gets filed in a folder, and the paper goes in the shredder. Clean desk, clean conscience.

Except it's not clean. Not legally.

If you're scanning business documents and destroying the originals without following a very specific set of rules, your scans have zero legal standing. In the eyes of the Tax Authority, those documents don't exist. And when audit season comes around, "I scanned everything" won't save you.

The law most businesses don't know about

In January 2013, Amendment No. 2 to the Income Tax Bookkeeping Regulations came into effect. It laid out, for the first time, the exact conditions under which a business can scan external documents and legally destroy the paper originals.

External documents means anything you receive from the outside: invoices, tax invoices, receipts, delivery certificates, credit memos, purchase orders from suppliers. Internal records are a different category.

The amendment added two technical appendices to the regulations. Appendix 6 covers the scanning process itself. Appendix 7 covers digital archive requirements. Both must be followed. Doing one without the other gets you nowhere.

Tax Authority Circular 9/2013 provided additional guidance on implementation. Most accountants are aware it exists. Most of their clients have never heard of it.

What compliant scanning actually looks like

This is where the gap between what businesses do and what the law requires becomes uncomfortable.

A compliant scan is not "put the page on a flatbed and press the button." The regulations demand a specific chain of actions, each one documented and signed. Skip any step and the entire scan loses its legal validity.

The scan must produce a readable digital copy identical to the original. Fair enough. Most scanners handle this. But it's step one of six.

Every scanned file must be marked "scanned document." This designation needs to appear conspicuously in the digital file. Not buried in a folder name. Not implied. Marked explicitly.

A certified digital signature must be applied by the taxpayer or an authorized representative. Not just any electronic signature. A certified electronic signature, issued by one of only two approved Certification Authorities in the country: Comsign or PersonalID. These are the only providers authorized under the Electronic Signature Law of 2001 to issue signatures with full legal weight for tax purposes.

A second person must independently verify that each scan matches its original, and apply their own certified digital signature. This is the step that catches most businesses off guard. One person scans. A different person checks. Both sign digitally. Every document. Individually.

The signed files must be stored in a digital archive that meets Appendix 7 standards. That means search functionality across multiple parameters (document type, date, vendor ID). Export capabilities. Automatic registration with unique identifiers. Metadata tagging. Non-deletable event logs tracking every action taken on every file. Backup and recovery systems.

A folder on a shared drive does not qualify. A box of USB sticks in a drawer does not qualify. Even a well-organized cloud storage setup does not qualify unless it has all the features above.

Only after all of this can you destroy the paper originals. And even then, there are additional conditions: the annual tax return for that year must already be filed (Section 131), Form 856 (withholding tax report) must be submitted, and the taxpayer must have no fraud convictions or pending book disqualification proceedings.

The seven-year exposure

Here's the part that should keep you up at night.

Israeli tax law requires businesses to retain records for seven years from the end of the tax year, or six years from the filing date, whichever comes later. Supporting documents like contracts and internal memos have a separate three-year minimum.

If you destroyed originals without following the full compliant scanning process, you're exposed for that entire retention period. An audit in year six can reach back to documents you shredded in year one. If those scans don't hold up legally, every document from that year is effectively missing.

Missing documents during a tax audit is not a paperwork issue. It's a trigger for something much worse.

Book disqualification: the penalty nobody talks about

When the Tax Authority determines that your bookkeeping doesn't meet the regulations, they initiate a process called book disqualification. The Hebrew term is "psilat sfarim," and it's the nightmare scenario for any business owner.

The process starts with a written notification of deficiencies. You get a chance to respond. If that fails, you have 30 days to appeal to the Books Disqualification Committee, a three-member panel that includes accountants and a legal chair.

If your books are disqualified, the consequences cascade.

Your income tax rate on taxable income jumps to 31% as a starting point. On top of that, there's a surtax: 10% in the first year after disqualification, 20% in the second. You lose the ability to carry forward losses from previous years. Depreciation deductions disappear. Tax credits no longer apply.

The assessor can also shift to "best judgment" assessment, which means they estimate what you owe based on their own calculations, not yours. You lose control of your own numbers.

Monthly fines kick in at 1% of transaction volume, with a floor of 359 NIS per month. For a business processing millions in invoices annually, that 1% adds up fast.

VAT gets hit too. Input VAT that you've already claimed can be denied or clawed back. Money you thought was settled, reopened.

And in serious cases, there's criminal liability. The offense carries up to one year of imprisonment, a financial fine, or both.

All of this from scanning documents incorrectly.

Who's at risk

Every business that receives external documents from suppliers and vendors. That's essentially everyone with a tax file.

But some sectors carry more risk than others. Accounting firms managing stacks of client documentation. Law offices with years of case files. Medical practices with patient records that intersect with billing. Construction companies with mountains of subcontractor invoices. Import/export businesses with customs and shipping documentation.

Any business sitting on a large physical archive and thinking about going digital should be asking one question before anything else: does my scanning process meet the legal requirements?

If the answer is "I don't know," the answer is almost certainly no.

The e-invoicing connection

Starting in 2024 and expanding through 2026, mandatory electronic invoicing is rolling out across the economy. By June 2026, the threshold drops to transactions of 5,000 NIS and above. The entire invoicing infrastructure is going digital whether businesses are ready or not.

Companies that haven't set up compliant document scanning are now falling behind on two fronts: they can't legally digitize their existing archives, and they're not equipped for the incoming wave of mandatory electronic documentation.

These aren't separate problems. They're the same problem. And the businesses that solve it now will spend far less than those who scramble after receiving an audit notice.

What to do next

Start with your accountant. Ask them specifically: does our document scanning process comply with Amendment No. 2 to the Bookkeeping Regulations? Do we have certified digital signatures? Is our archive system compliant with Appendix 7?

If they give you a clear, confident yes with documentation to back it up, you're in good shape. Most won't.

The regulations have been in effect since 2013. Over a decade. The tools exist. The framework is clear. The only thing missing, for most businesses, is the awareness that scanning a document and doing it legally are two completely different things.

Sources

[1] Income Tax (Management of Accounting Records) Regulations, Amendment No. 2, effective January 1, 2013. Published in Official Gazette, December 31, 2012.

[2] Income Tax Circular 9/2013, Israel Tax Authority, June 5, 2013. Implementation guidelines for document scanning regulations.

[3] Goldpro CPA, "Document Scanning Regulations and Digital Archive Requirements." https://goldpro.co.il

[4] Mekler CPA, "Record Retention Periods Under Israeli Tax Law." https://mekler.co.il

[5] PwC Israel, Tax Alert 27/2013, "Amendment No. 2 to Bookkeeping Regulations."

[6] PAYPER, "Tax Regulations for Document Scanning" (Hebrew). https://payper.co.il

[7] Comsign, "Certified Electronic Signatures for Tax-Compliant Scanning." https://comsign.co.il

[8] Electronic Signature Law, 5761-2001. Certification Authorities: Comsign and PersonalID (the only two providers authorized by the Ministry of Justice).

[9] Efraty CPA, "Book Disqualification Penalties Under the Income Tax Ordinance" — Section 121(b)(2), Section 191, Section 145, Section 33. https://efraty.com

[10] Income Tax Ordinance, Section 216(5) — criminal liability for failure to maintain accounting records: up to one year imprisonment, financial fine, or both.

[11] Income Tax Ordinance, Section 146(b)(2) — Books Disqualification Committee composition and 30-day appeal period.

[12] DDD Invoices, "Israel E-Invoicing Timeline 2024–2026." https://dddinvoices.com

[13] EDICOM / Sovos / ClearTax / VATupdate — e-invoicing threshold schedule: 25,000 NIS (May 2024), 20,000 NIS (Jan 2025), 10,000 NIS (Jan 2026), 5,000 NIS (June 2026).