Why most businesses' scanned documents have zero legal standing?

You scanned your invoices. You saved them to a folder. Maybe you even shredded the originals to clear out the filing cabinet. You feel organized. Modern. Compliant.

You're probably not.

Since January 2013, Income Tax Directives have defined exactly what a legally valid scan looks like. The requirements are specific, technical, and strict. The gap between what most businesses do and what the law actually demands is enormous. The consequences of getting it wrong can be severe.

A scan is not a document. It's a photograph.

When you put an invoice on a flatbed scanner or feed it through a desktop unit, the output is an image file. A picture of a document. It carries no verification, no authentication, no proof that what you scanned matches what you received. In legal terms, that file is worth about as much as a photocopy. If the original is gone, you're holding nothing.

The 2013 amendment to the Income Tax Directives (Management of Books of Accounts) changed the rules for how businesses can store external documentation digitally. External documentation means the paper that arrives from outside your organization: invoices, tax invoices, receipts, shipping documents, credit memos, purchase orders. The amendment created a legal pathway to scan these, archive them digitally, and eventually destroy the originals. But the pathway has six specific requirements, and skipping any one of them can invalidate the entire process.

The six requirements

The document must already be recorded in your accounting system before scanning. You can't scan first and book later.

The scan must produce a readable result identical to the source. Blurry scans, cut-off edges, illegible text from poor resolution, all of these fail this standard.

The scanned file must carry the label "scanned document" (in Hebrew: מסמך סרוק). This isn't optional metadata. It's a regulatory requirement.

The scanned file must be signed with a certified electronic signature. Not a regular e-signature. Not typing your name. Not a DocuSign click-to-sign. A certified electronic signature, issued by one of only two providers licensed by the Ministry of Justice: Comsign or PersonalID. This is where most businesses fall off the map. The signature uses asymmetric encryption with public and private key pairs. It's tied to a specific individual and detects any post-signing alterations to the file.

A second authorized person, someone different from the first signer, must independently verify that the scanned file matches the original document. Then that second person must apply their own certified electronic signature. Two people. Two signatures. Two separate certificates. (Some implementations allow one of the signatures to be applied automatically, but the requirement for two distinct authorized parties remains.)

This is the requirement that virtually nobody knows about. It's not buried in footnotes. It's right there in the directives. But ask any business owner whether their scanning process includes dual certified signatures, and you'll get a blank stare.

The signed, verified scan must be stored in a compliant digital archive. Not a folder on your desktop. Not a shared drive. A system that supports searching by document name, type, date, and the business registration number of the invoice issuer. A system that can export records in formats the tax authority can read. A system with regular backups and safeguards during technology migrations.

What happens when you don't comply?

This isn't a theoretical risk. The penalty structure spans both the VAT Law and the Income Tax Ordinance, and the tax authority uses it.

If your accounting records are found to deviate materially from the bookkeeping requirements, the tax assessor can disqualify your books entirely. The Hebrew term is פסילת ספרים, and it's the nuclear option.

When your books are disqualified, several things happen at once.

You face a fine of up to 1% of the total price of transactions under VAT Law Section 95(a). For a business doing 5 million NIS a year, that's 50,000 NIS. Separately, the Income Tax Ordinance adds a surtax under Section 191b, and in serious cases criminal liability under Section 216.

The tax authority issues a "best judgment assessment," estimating your income based on their own calculations, largely disconnected from what you reported. You lose the right to claim depreciation, interest deductions, bad debt write-offs, and loss carryforwards. The burden of proof flips: you must prove their estimate is unreasonable.

Connect this to scanning. If a business scanned its documents without certified signatures, dual verification, or a compliant archive, those scans may not be accepted as valid records. If the originals were already destroyed, the business has no valid records at all. That's the trigger for disqualification.

The e-invoicing factor

This problem is getting more urgent. Mandatory B2B electronic invoicing launched in May 2024 for invoices above 25,000 NIS. The threshold keeps dropping: 20,000 NIS in January 2025, 10,000 NIS in January 2026, and 5,000 NIS by June 2026. Every invoice now requires an allocation number from the tax authority through the SHAAM platform. Without it, the receiving business cannot deduct input VAT.

But not every supplier is digital yet. Businesses still receive physical invoices, receipts, shipping documents. Those paper documents still need to be stored for seven years, or scanned in compliance with the directives. The digital world is moving forward. The paper world hasn't disappeared. The gap between the two is where the legal exposure sits.

Regular scan vs. compliant scan

The digital signature piece

The certified electronic signature is the backbone of compliant scanning. It's also the single biggest barrier for businesses trying to do this on their own.

Only two companies are authorized to issue these certificates: Comsign and PersonalID. Both are licensed by the Ministry of Justice under the Electronic Signature Law of 2001. The certificates are personal, tied to an individual through identity verification, and require a smart card, hardware token, or cloud-based authentication.

The law recognizes three tiers of electronic signatures. Simple (typing your name), secure (unique to holder, detects alterations), and certified (highest tier, meets all statutory requirements). Only the certified level satisfies the scanning directives.

A DocuSign or HelloSign workflow doesn't cut it. Neither does a scanned image of a handwritten signature. The directive requires a certified electronic signature from a licensed certificate authority. Period.

A quick self-audit

Ask yourself these questions:

Do your scans carry certified electronic signatures from Comsign or PersonalID? Does a second person verify each scan and apply a second signature? Can your archive search by document type, date, and vendor registration number? Can you export records for a tax audit? Do you run regular backups?

If the answer to any of these is no, your scanned documents may have no legal standing. If you've already destroyed the originals, the clock is ticking.

The directives have been in effect since 2013. The tax authority has had over a decade to build enforcement capacity. With e-invoicing pushing every business toward digital records, scrutiny on document management is only going to increase.

The two-signature rule isn't new. It isn't obscure. It's just been ignored. That's starting to change.

Sources

[1] Amendment to Income Tax Regulations (Management of Books of Accounts) (No. 2), 5733-1973. Published in Reshumot (official gazette), December 31, 2012. Effective January 1, 2013. Full text available on Nevo Legal Database: https://www.nevo.co.il/law_html/law01/255_179.htm

[2] Israel Tax Authority, Circular 9/2013. Guidance on computerized scanning of external documentation under the amended bookkeeping regulations.

[3] Comsign, "Tax Regulations for Document Scanning and Digital Archiving." https://www.comsign.co.il/tax-regulations-digital-archiving/

[4] Goldpro CPA Firm, "Changes to Bookkeeping Regulations: Document Scanning & Digital Archives." https://www.goldpro.co.il/

[5] VAT Law, Section 95(a). Fine of up to 1% of the total price of transactions for material deviations from bookkeeping requirements.

[6] Income Tax Ordinance, Section 191b. Surtax provisions following bookkeeping disqualification. Section 216, criminal liability for tax offenses.

[7] Income Tax Ordinance, Section 130(b). Tax assessor authority to disqualify books when deviations are material to income determination. Section 145(b), failure to record required receipts.

[8] Electronic Signature Law 5761-2001 (Israel). Establishes licensing framework for certificate authorities and defines three tiers of electronic signatures: simple, secure, and certified. Government background document: https://www.gov.il/BlobFolder/generalpage/electronic_signature_about/he/Electronic%20signature%20background%20document.pdf

[9] DocuSign, "Electronic Signature Legality in Israel." Overview of the three signature tiers under the law. https://www.docusign.com/products/electronic-signature/legality/israel

[10] Comsign and PersonalID, the two certificate authorities licensed by the Ministry of Justice to issue certified electronic signatures under the Electronic Signature Law 2001. See also: Documents.co.il, "What Is a Digital Signature?" https://documents.co.il/digital-signature/

[11] Hanibaal, "What Is a Digital Signature?" Step-by-step compliant scanning workflow including dual-signature requirement. https://www.hanibaal-en.com/what-is-a-digital-signature/

[12] KPMG, "Israel: Expansion of Mandatory E-Invoicing Model." https://kpmg.com/us/en/taxnewsflash/news/2025/12/tnf-israel-expansion-of-mandatory-e-invoicing-model.html

[13] Avalara, "Israel Invoice Allocation Number Mandate," 2024. https://www.avalara.com/blog/en/europe/2024/04/israel-invoice-allocation-number-mandate.html (Note: reflects original schedule; accelerated timeline announced December 2025)