As your Compliance-as-a-Service partner, we would like to inform you about an important issue in Austria: the certification for the ACOS-ID 2.1 chip will not be extended.
The BMF has been informed that the French certification body will not extend the certification for the ACOS-ID 2.1 chip due to a security vulnerability ("EUCLeak"), which means that the cards will no longer meet the legal requirements for cash registers from 7 June 2025. These cards were distributed by A-Trust GmbH.
The EUCLeak security vulnerability refers to a recently discovered vulnerability in a cryptographic process used in certain smart cards within the EU.
A-Trust GmbH is a leading Austrian trust service provider specialising in chip card solutions, secure digital identities and electronic signatures. The company issues signature cards for both official and business applications and guarantees the highest security standards.
In order to continue to meet the legal requirements for cash registers, a card exchange is required before 7 June 2025. From this date, these cards may no longer be used within the RKSV.
Cards of the type CardOS 5.3 are expected to remain valid until the end of 2027.
EFR compatibility ACOS-ID 4.1:
We are constantly developing our EFR versions. As soon as the new ACOS-ID 4.1 card generation is available to us, we will inform you about the support provided by our middleware.
Please inform and support your taxable end customers accordingly.
If you would like to learn more about the RKSV, please visit our page. We have compiled all further information for you there.
.jpg)
