Understanding Rule Classifications
KSeF Guard ships 128 active validation rules organized into six classification categories. Each classification determines the rule's default severity, whether it can be disabled, and how results appear in reports.
Validated against the official KSeF test environment
We submitted 256 test invoices to the official KSeF test API
(api-test.ksef.mf.gov.pl).
Results: 21 rules confirmed enforced by KSeF,
107 rules go beyond what KSeF checks,
and 0 false negatives in conformance v9 — we catch everything KSeF catches, plus more.
Rules confirmed by KSeF are marked with a Gov Enforced badge throughout the application.
Government-mandated rules
Derived directly from the VAT Act (ustawa o podatku od towarów i usług), Art. 106e, and Ministry of Finance regulations. These represent regulatory requirements for FA(3) invoices under Polish tax law.
Our conformance testing revealed that 16 GOV_MANDATED rules are explicitly marked as KSeF-enforced at submission time. 50 GOV_MANDATED rules are explicitly Guard-only — legally binding requirements that KSeF does not validate at the API level. 5 critical GOV_MANDATED rules are non-disableable but not annotated in the ksef_enforced field.
- Severity: error (always)
- Disableable: 28 rules cannot be disabled (21 KSeF-confirmed + 7 critical). 50 configurable GOV_MANDATED rules can be disabled via configuration.
Examples
KSEF-BUS-074Gov Enforced — P_19=1 without providing exemption basis (P_19A/B/C)KSEF-BUS-044— Line net value must equal quantity × adjusted unit priceKSEF-BUS-130— Simplified invoice (UPR) must not exceed the statutory amount limit
Best-practice recommendations
Recommended validations drawn from the official MF information brochure, common accounting standards, and patterns observed in production invoices. While not strictly illegal to violate, these rules catch issues that frequently lead to rejection or manual correction.
- Severity: error by default (configurable)
- Disableable: yes
Examples
KSEF-BUS-072— Tax rate must be consistent with the net-amount bucket (simplified invoices exempt)KSEF-BUS-195— Margin line should not contain net amount or VAT fields
Smart anomaly detection
Intelligent rules that flag suspicious but not necessarily illegal patterns. These catch human errors, data-entry anomalies, and timing inconsistencies that often indicate a mistake rather than intentional input.
- Severity: warning
- Disableable: yes
Examples
KSEF-BUS-193— Payment date earlier than the issue dateKSEF-BUS-197— Invoice issued on a weekendKSEF-BUS-198— Invoice created during night hours
Data integrity and security
Security-focused rules that detect injection attempts, control characters, and other data-integrity issues that could indicate tampering or malformed input. These protect against XML-level attack vectors embedded within invoice text fields.
- Severity: error
- Disableable: partial (3 locked: BUS-163, BUS-201, BUS-202. 3 disableable: BUS-190, BUS-191, BUS-192)
Examples
KSEF-BUS-163— Control characters in invoice text fieldsKSEF-BUS-190— HTML tags in invoice text fieldsKSEF-BUS-191— SQL injection pattern detectedKSEF-BUS-192— Script injection pattern detected
Cross-invoice batch validation
Rules that only activate when validating multiple invoices at once. They detect inconsistencies across a batch — duplicate numbers, seller mismatches, chronological regressions, and advance/settlement mismatches.
- Severity: error
- Disableable: yes
Examples
KSEF-BUS-300— Duplicate invoice number (P_2) within the batchKSEF-BUS-301— Different seller NIP across invoices in the batchKSEF-BUS-303— Advance and settlement invoice amount inconsistency
Inferred logic rules
Rules derived from logical inference about correction invoice semantics. Not explicitly stated in regulations, but mathematically implied by the correction workflow.
- Severity: error
- Disableable: yes
Examples
KSEF-BUS-210— Decrease correction: corrected total higher than originalKSEF-BUS-211— Increase correction: corrected total lower than original
KSeF enforcement vs. regulatory compliance
An important distinction revealed by our conformance testing: KSeF accepting an invoice does not mean it is legally compliant. The KSeF platform is primarily an XSD schema validator — 96% of its rejections are XML structure errors. It performs only a handful of semantic checks (date validation, NIP permissions).
This means 55 legal-requirement rules in KSeF Guard enforce requirements from the VAT Act that KSeF itself does not check. In conformance v9, KSeF accepted invoices violating these rules; they may still be flagged during tax audits by the National Revenue Administration (KAS).
In conformance v9, KSeF rejected invoices violating these rules. 21 KSeF-enforced rules total: 16 GOV_MANDATED, 3 INFERRED, 1 BEST_PRACTICE, 1 SECURITY. All are non-disableable.
KSeF accepts these invoices, but the rules catch regulatory, best-practice, or security issues. Most can be individually disabled; 7 guard-only rules remain locked: 5 critical GOV_MANDATED and 2 SECURITY rules.
Severity levels
Every triggered rule carries one of two severity levels:
The invoice violates a validation rule. Rules marked Gov Enforced will also be rejected by the KSeF platform. Displayed as a red FAIL badge. The overall validation result is FAIL.
The invoice is technically valid but has suspicious or suboptimal patterns. Displayed as a yellow WARN badge. The overall validation result remains PASS.
Configuration
GOV_MANDATED rules confirmed by KSeF (marked with the Gov Enforced badge) and 3 core SECURITY rules cannot be disabled — these represent verified platform requirements and security protections. GOV_MANDATED rules not enforced by KSeF can be disabled via configuration, along with BEST_PRACTICE, HEURISTIC, INFERRED, and some BATCH_CHECK rules.
Built-in presets
| Preset | Behavior |
|---|---|
| Essential | Only GOV_MANDATED rules active. Best-practice and heuristic rules disabled. |
| Recommended | Default. All rules active at their configured severity. |
| Maximum | Warnings are elevated to errors. Any triggered rule causes FAIL. |
Per-rule configuration
Individual rules can be toggled via a .ksef-guard.yml config file
or CLI flags:
# CLI: disable a specific rule ksef-guard validate --disable-rule KSEF-BUS-193 invoice.xml
# CLI: use a preset ksef-guard validate --preset maximum ./invoices/
# .ksef-guard.yml
rules:
KSEF-BUS-193:
enabled: false
KSEF-BUS-197:
severity: error # promote to error Summary
| Classification | Count | Severity | Disableable |
|---|---|---|---|
| GOV_MANDATED | 78 | error | Partial (28 locked: No, 50 configurable: Yes) |
| BEST_PRACTICE | 23 | error (configurable) | Yes |
| HEURISTIC | 11 | warning | Yes |
| SECURITY | 6 | error | Partial (3 locked, 3 disableable) |
| BATCH_CHECK | 1 | error | Partial |
| INFERRED | 10 | error | Yes |