Why KSeF Guard Catches More Than KSeF
We submitted 256 test invoices to the official KSeF test environment. The results prove that KSeF acceptance does not equal legal compliance — and that being stricter than the government platform is a feature, not a bug.
The conformance test
We built a conformance test harness that authenticates with the official KSeF test API
(api-test.ksef.mf.gov.pl/v2),
submits real FA(3) XML invoices, and compares KSeF's verdict with ours. Each invoice
was encrypted, signed with XAdES, and submitted through the full API workflow —
identical to how production invoices are processed.
256 test fixtures were submitted: PASS fixtures (invoices we consider valid) and FAIL fixtures (invoices that violate specific business rules). The question was simple: does KSeF agree with our verdict?
The results
148
Match
98
KSeF accepts, we reject
Includes 4 from deactivated rules (94 active FAIL fixtures).
0
False negatives
10
Test env limits
148 matches — KSeF and KSeF Guard agreed on the verdict. 122 valid invoices were accepted, and 26 invalid invoices were rejected by both.
95 additional catches (KSeF accepted 98 of our FAIL fixtures, including 4 for now-deactivated rules) — KSeF accepted these invoices, but they trigger rules KSeF does not check at submission. Combined with 12 rules verified offline, KSeF Guard flags 107 rules beyond KSeF — 55 legal requirements, 52 best-practice and security.
0 false negatives in conformance v9 — every invoice that KSeF rejected, KSeF Guard also rejected. We miss nothing that the government platform catches.
What KSeF actually checks
The data reveals that KSeF is primarily an XSD schema validator. Of the 26 rejections KSeF issued:
- ~96% were XSD errors (error code 450) — missing elements, wrong data types, invalid structure
- 3 semantic checks — future invoice dates, XML processing instructions, and NIP authorization permissions
KSeF does not check:
- VAT arithmetic (net × rate = VAT amount)
- Line total consistency (sum of lines = invoice total)
- Cross-field dependencies (e.g., exempt rate requires legal basis annotation)
- Special invoice type rules (margin, advance, correction, simplified)
- Data integrity (HTML/SQL injection, control characters)
The 107 breakdown
KSeF Guard enforces 128 active validation rules. In conformance v9, we verified that 107 of these rules catch issues that the KSeF API does not check (21 rules are confirmed KSeF-enforced at submission). Of the 107: 55 are legal requirements (GOV_MANDATED, derived from Art. 106e and related regulations) and 52 are best-practice, security, and heuristic rules that improve data quality and reduce audit risk.
- 95 rules verified by API test — exercised with dedicated FAIL fixtures submitted to the official KSeF test API. KSeF accepted all 98 such invoices despite the rule violations (4 from deactivated rules). Of the 107 beyond-KSeF rules, 55 are GOV_MANDATED legal requirements and 52 are best-practice and security.
- 12 rules not testable via single-file API — verified through static analysis, unit tests, and batch testing. These include:
| Rule ID | Category | Description |
|---|---|---|
| BUS-302 | BATCH | Invoice date regression in sequential number series |
| BUS-303 | BATCH | Advance and settlement invoice amount inconsistency |
| BUS-050 | GOV | Exemption flag requires exactly one legal basis |
| BUS-120 | GOV | Missing Seller NIP (Podmiot1) |
| BUS-121 | GOV | Missing Buyer identifier (Podmiot2) |
| BUS-126 | GOV | Missing Buyer data (Podmiot2) |
| BUS-136 | GOV | TypKorekty must be in range 1-3 |
| BUS-032 | BP | Mutual exclusivity of single delivery date and period |
| BUS-124 | INF | Invalid NIP format or checksum |
| BUS-127 | INF | Invalid boolean field format |
| BUS-163 | SEC | Control characters in invoice text fields |
| BUS-189 | BP | Empty invoice footer section (Stopka) |
GOV = GOV_MANDATED, BP = BEST_PRACTICE, INF = INFERRED, SEC = SECURITY, BATCH = cross-invoice rule requiring multi-file context.
In conformance v9 (API 2.3.0, 2026-05-25), KSeF Guard validated 107 rules beyond KSeF API: 95 API-verified active rules plus 12 non-API verified rules, of which 55 are legal requirements. Full machine-readable data is available in the conformance report (PDF).
Why being stricter matters
KSeF acceptance is not a compliance certificate. The regulations require invoices to satisfy requirements from Art. 106e of the VAT Act. KSeF is a transmission platform — it primarily validates schema structure and selected semantic checks — it does not cover the full substantive compliance surface.
Tax auditors from the National Revenue Administration (KAS) work from the regulations, not from KSeF's API behavior. An invoice that KSeF accepted but that violates Art. 106e can still be flagged during an audit.
KSeF Guard catches 55 of these legal issues — plus 52 best-practice and security checks — before submission, while the invoice is still on your machine and can be corrected at zero cost.
You're in control
If you disagree with a specific rule, you can disable it. GOV_MANDATED rules that
KSeF does not enforce are now individually disableable via
.ksef-guard.yml
or the --disable-rule CLI flag.
All KSeF-enforced rules (marked with the Gov Enforced badge)
cannot be disabled — those would cause actual submission rejection.
The default configuration is strict: all rules are active at their default severity. This gives maximum protection out of the box. You can relax specific rules as needed based on your business requirements.
Catch the 107 issues KSeF silently accepts. KSeF Guard validates locally, instantly, with full legal traceability.