Authentication in the National e-Invoice System (KSeF)

Starting from February 2026, the National e-Invoice System (KSeF) will become mandatory for most businesses in Poland. To use the system, both entrepreneurs and their authorized representatives must first authenticate themselves — a process that confirms the user’s identity.

What Is Authentication in KSeF?

Authentication verifies that the person accessing the system is who they claim to be. This is different from authorization, which defines what a user is allowed to do within the system.

Methods of Authentication

Users can authenticate via:

• qualified electronic signature,

• qualified electronic seal,

• trusted ePUAP profile,

• trusted signature,

• KSeF certificate,

• token.

While the first methods are already familiar, KSeF certificates and tokens are new and deserve attention.

KSeF Certificates

Certificates will be required in special invoicing modes:

• offline,

• offline24,

• emergency mode.

They will allow invoices to be marked with a QR code confirming the issuer’s identity.Applications for certificates can be submitted from November 1, 2025, via the KSeF Taxpayer App or integrated commercial software.Certificates will be valid for up to 2 years and usable from February 1, 2026.

KSeF Tokens

Tokens are 40-character alphanumeric codes generated by KSeF. They enable secure system access and are especially useful for accounting offices handling multiple clients.The first token can only be generated after initial authentication (e.g. via ePUAP).Tokens will remain valid until revoked and will operate until December 31, 2026, after which they’ll be replaced by certificates.

Summary

Authentication in KSeF is an essential step for secure and compliant invoicing.Starting November 2025, entrepreneurs should apply for their certificates to ensure smooth operation when KSeF becomes mandatory in February 2026.