Skip to content

Understanding Rule Classifications

KSeF Guard ships 128 active validation rules organized into six classification categories. Each classification determines the rule's default severity, whether it can be disabled, and how results appear in reports.

Understanding Rule Classifications

Validated against the official KSeF test environment

We submitted 256 test invoices to the official KSeF test API (api-test.ksef.mf.gov.pl). Results: 21 rules confirmed enforced by KSeF, 107 rules go beyond what KSeF checks, and 0 false negatives in conformance v9 — we catch everything KSeF catches, plus more.

Rules confirmed by KSeF are marked with a Gov Enforced badge throughout the application.

GOV_MANDATED 71 rules

Government-mandated rules

Derived directly from the VAT Act (ustawa o podatku od towarów i usług), Art. 106e, and Ministry of Finance regulations. These represent regulatory requirements for FA(3) invoices under Polish tax law.

Our conformance testing revealed that 16 GOV_MANDATED rules are explicitly marked as KSeF-enforced at submission time. 50 GOV_MANDATED rules are explicitly Guard-only — legally binding requirements that KSeF does not validate at the API level. 5 critical GOV_MANDATED rules are non-disableable but not annotated in the ksef_enforced field.

  • Severity: error (always)
  • Disableable: 28 rules cannot be disabled (21 KSeF-confirmed + 7 critical). 50 configurable GOV_MANDATED rules can be disabled via configuration.

Examples

  • KSEF-BUS-074 Gov Enforced — P_19=1 without providing exemption basis (P_19A/B/C)
  • KSEF-BUS-044 — Line net value must equal quantity × adjusted unit price
  • KSEF-BUS-130 — Simplified invoice (UPR) must not exceed the statutory amount limit
BEST_PRACTICE 25 rules

Best-practice recommendations

Recommended validations drawn from the official MF information brochure, common accounting standards, and patterns observed in production invoices. While not strictly illegal to violate, these rules catch issues that frequently lead to rejection or manual correction.

  • Severity: error by default (configurable)
  • Disableable: yes

Examples

  • KSEF-BUS-072 — Tax rate must be consistent with the net-amount bucket (simplified invoices exempt)
  • KSEF-BUS-195 — Margin line should not contain net amount or VAT fields
HEURISTIC 12 rules

Smart anomaly detection

Intelligent rules that flag suspicious but not necessarily illegal patterns. These catch human errors, data-entry anomalies, and timing inconsistencies that often indicate a mistake rather than intentional input.

  • Severity: warning
  • Disableable: yes

Examples

SECURITY 6 rules

Data integrity and security

Security-focused rules that detect injection attempts, control characters, and other data-integrity issues that could indicate tampering or malformed input. These protect against XML-level attack vectors embedded within invoice text fields.

  • Severity: error
  • Disableable: partial (3 locked: BUS-163, BUS-201, BUS-202. 3 disableable: BUS-190, BUS-191, BUS-192)

Examples

BATCH_CHECK 1 rule

Cross-invoice batch validation

Rules that only activate when validating multiple invoices at once. They detect inconsistencies across a batch — duplicate numbers, seller mismatches, chronological regressions, and advance/settlement mismatches.

  • Severity: error
  • Disableable: yes

Examples

  • KSEF-BUS-300 — Duplicate invoice number (P_2) within the batch
  • KSEF-BUS-301 — Different seller NIP across invoices in the batch
  • KSEF-BUS-303 — Advance and settlement invoice amount inconsistency
INFERRED 13 rules

Inferred logic rules

Rules derived from logical inference about correction invoice semantics. Not explicitly stated in regulations, but mathematically implied by the correction workflow.

  • Severity: error
  • Disableable: yes

Examples

  • KSEF-BUS-210 — Decrease correction: corrected total higher than original
  • KSEF-BUS-211 — Increase correction: corrected total lower than original

KSeF enforcement vs. regulatory compliance

An important distinction revealed by our conformance testing: KSeF accepting an invoice does not mean it is legally compliant. The KSeF platform is primarily an XSD schema validator — 96% of its rejections are XML structure errors. It performs only a handful of semantic checks (date validation, NIP permissions).

This means 55 legal-requirement rules in KSeF Guard enforce requirements from the VAT Act that KSeF itself does not check. In conformance v9, KSeF accepted invoices violating these rules; they may still be flagged during tax audits by the National Revenue Administration (KAS).

Gov KSeF Enforced 21 active rules

In conformance v9, KSeF rejected invoices violating these rules. 21 KSeF-enforced rules total: 16 GOV_MANDATED, 3 INFERRED, 1 BEST_PRACTICE, 1 SECURITY. All are non-disableable.

Guard-only 107 rules

KSeF accepts these invoices, but the rules catch regulatory, best-practice, or security issues. Most can be individually disabled; 7 guard-only rules remain locked: 5 critical GOV_MANDATED and 2 SECURITY rules.

Severity levels

Every triggered rule carries one of two severity levels:

Error

The invoice violates a validation rule. Rules marked Gov Enforced will also be rejected by the KSeF platform. Displayed as a red FAIL badge. The overall validation result is FAIL.

Warning

The invoice is technically valid but has suspicious or suboptimal patterns. Displayed as a yellow WARN badge. The overall validation result remains PASS.

Configuration

GOV_MANDATED rules confirmed by KSeF (marked with the Gov Enforced badge) and 3 core SECURITY rules cannot be disabled — these represent verified platform requirements and security protections. GOV_MANDATED rules not enforced by KSeF can be disabled via configuration, along with BEST_PRACTICE, HEURISTIC, INFERRED, and some BATCH_CHECK rules.

Built-in presets

Preset Behavior
Essential Only GOV_MANDATED rules active. Best-practice and heuristic rules disabled.
Recommended Default. All rules active at their configured severity.
Maximum Warnings are elevated to errors. Any triggered rule causes FAIL.

Per-rule configuration

Individual rules can be toggled via a .ksef-guard.yml config file or CLI flags:

# CLI: disable a specific rule
ksef-guard validate --disable-rule KSEF-BUS-193 invoice.xml
# CLI: use a preset
ksef-guard validate --preset maximum ./invoices/
# .ksef-guard.yml
rules:
  KSEF-BUS-193:
    enabled: false
  KSEF-BUS-197:
    severity: error   # promote to error

Summary

Classification Count Severity Disableable
GOV_MANDATED 78 error Partial (28 locked: No, 50 configurable: Yes)
BEST_PRACTICE 23 error (configurable) Yes
HEURISTIC 11 warning Yes
SECURITY 6 error Partial (3 locked, 3 disableable)
BATCH_CHECK 1 error Partial
INFERRED 10 error Yes