HMRC Software Standards to Prevent Electronic Sales Suppression: A Compliance Guide

Introduction

Electronic sales suppression (ESS), commonly known as till fraud, is a growing concern for tax authorities worldwide. In the UK, HM Revenue & Customs (HMRC) has launched a consultation on proposed software standards to combat this practice, which involves manipulating point-of-sale (POS) systems to hide or reduce the apparent value of sales, thereby underreporting income for tax purposes. This guide provides a comprehensive overview of HMRC's proposed standards, the consultation timeline, compliance requirements, and actionable steps businesses can take to prepare.

Whether you are an Electronic Point of Sale (EPOS) developer, a business using POS systems, or a tax compliance professional, understanding these proposals is critical to ensuring POS compliance UK and avoiding severe penalties.

What Is Electronic Sales Suppression (ESS)?

ESS refers to the use of software or hardware to delete, alter, or suppress sales transactions recorded by a POS system. Common techniques include:

• Zapping: Deleting transactions from the sales record after they have been processed.
• Phantomware: Hidden software features that allow manipulation of sales data.
• Transaction laundering: Masking the true nature of sales to evade detection.

These practices enable businesses to underreport income, evade VAT and income tax, and gain an unfair advantage over compliant competitors. HMRC estimates that ESS costs the UK exchequer hundreds of millions of pounds annually.

Why HMRC Is Targeting Till Fraud

HMRC's proposed software standards are part of a broader push to modernize tax administration and ensure fairness. The consultation, launched on 23 June 2026, seeks views from EPOS developers, businesses, and tax compliance organizations. The key objectives are:

• Introduce mandatory software standards for EPOS and mobile POS (MPOS) systems.
• Ensure accurate and tamper-proof sales recording.
• Reduce tax evasion and level the playing field for honest businesses.

These standards align with HMRC's digital tax agenda, which includes Making Tax Digital (MTD) for VAT and Income Tax. By targeting ESS at the source—the POS software—HMRC aims to prevent fraud before it happens.

Proposed HMRC Software Standards

While the consultation is ongoing, HMRC has outlined key areas the standards will cover. Based on similar regimes in other countries (e.g., the EU's Fiscalis project and Canada's GST/HST requirements), the proposed standards likely include:

1. Secure Audit Trails

POS systems must maintain an unalterable, chronological record of all sales transactions. This audit trail should capture:

• Transaction date, time, and amount.
• Itemized sales data and taxes applied.
• Any modifications or voids, with reasons and timestamps.
• User identification for each transaction.

The audit trail must be stored in a secure format (e.g., encrypted, hash-chained) to prevent tampering.

2. Data Integrity and Non-Repudiation

Software must ensure that once a transaction is finalized, it cannot be altered or deleted. This requires:

• Cryptographic signatures or seals on transaction records.
• Write-once, read-many (WORM) storage for audit logs.
• Regular integrity checks to detect unauthorized changes.

3. Certified Software and Developer Obligations

EPOS developers may be required to:

• Obtain certification from an approved body for their software.
• Provide a declaration of conformity that the software meets HMRC standards.
• Implement anti-tampering measures and report any vulnerabilities.

4. Reporting and Data Transmission

Businesses may need to transmit sales data to HMRC in real-time or periodically, similar to the real-time reporting requirements in other countries (e.g., Italy's SDI or Spain's SII). This would enable HMRC to cross-check reported sales against other data sources.

Consultation Timeline and Expected Implementation

HMRC's consultation opened on 23 June 2026 and closes on 18 August 2026. Responses can be submitted via email or post. After the consultation, HMRC will analyze feedback and publish a response, likely in late 2026 or early 2027. The proposed timeline is as follows:

• Consultation period: 23 June 2026 – 18 August 2026.
• Policy development: Late 2026 – early 2027.
• Legislation and secondary legislation: Expected in 2027 or 2028.
• Implementation: Phased rollout, possibly from 2028 onwards, with larger businesses first.

Organizations should verify the latest timeline with HMRC, as dates may shift.

Step-by-Step Compliance Checklist for Businesses

To prepare for the new HMRC software standards, businesses using EPOS or MPOS systems should take the following steps:

Step 1: Assess Your Current POS System

Review your existing POS software and hardware. Determine whether it can support secure audit trails, data integrity, and potential real-time reporting. Contact your EPOS vendor to understand their roadmap for compliance.

Step 2: Engage with Your EPOS Vendor

Ask your vendor about their certification plans. Ensure they are participating in the consultation or monitoring developments. If your vendor is not proactive, consider switching to a certified solution.

Step 3: Implement Internal Controls

Even before the standards are mandatory, adopt best practices:

• Restrict administrative access to POS systems.
• Regularly review audit logs for anomalies.
• Conduct periodic reconciliations between POS data and bank deposits.

Step 4: Train Staff

Educate employees on the importance of accurate sales recording and the consequences of tampering. Implement a whistleblower policy for reporting suspicious activity.

Step 5: Prepare for Real-Time Reporting

If HMRC mandates real-time data transmission, ensure your POS system can integrate with HMRC's digital systems. This may require API connectivity and data standardization.

Step 6: Monitor Regulatory Developments

Stay informed about the consultation outcome and subsequent legislation. Subscribe to HMRC updates or use compliance monitoring tools like AIGovHub's CCM module to track changes.

Penalties for Non-Compliance

HMRC has signaled that penalties for ESS will be severe. Under current law, the penalties for tax evasion can include:

• Financial penalties: Up to 100% of the tax evaded, plus interest.
• Criminal prosecution: Imprisonment for up to 7 years under the Fraud Act or tax evasion offenses.
• Reputation damage: Public naming and shaming by HMRC.

Once the new standards are in force, using non-certified software or failing to maintain proper audit trails could result in additional penalties, including fines for non-compliance with the standards themselves.

Common Pitfalls to Avoid

• Ignoring the consultation: Businesses and developers should submit responses to influence the final standards.
• Waiting until the last minute: Implementing new POS systems takes time. Start planning now.
• Assuming exemption: All businesses using POS systems, including small retailers and hospitality venues, are likely in scope.
• Overlooking mobile POS: MPOS systems used for pop-up shops, markets, or food trucks are also covered.

Frequently Asked Questions

What is electronic sales suppression (ESS)?

ESS, or till fraud, is the manipulation of POS systems to hide or reduce reported sales, thereby evading tax. Common methods include deleting transactions or using hidden software features.

Who is affected by HMRC's proposed standards?

EPOS and MPOS developers, businesses using these systems, and tax compliance organizations. Any business that records sales electronically is potentially affected.

When will the standards come into effect?

The consultation closes on 18 August 2026. Legislation is expected in 2027-2028, with phased implementation likely from 2028 onwards. Organizations should verify current timelines.

What are the penalties for using non-compliant software?

Penalties may include financial fines, criminal prosecution, and reputational damage. Specific penalties for non-compliance with the standards will be defined in future legislation.

How can I prepare my business?

Assess your current POS system, engage with your vendor, implement internal controls, train staff, and monitor regulatory developments. Using compliance monitoring tools can help.

Next Steps: Leverage Technology for Compliance

As HMRC moves toward stricter digital tax enforcement, businesses need robust compliance infrastructure. AIGovHub's Continuous Compliance Monitoring (CCM) module can help you stay ahead. CCM connects directly to your ERP and POS systems, automating controls testing, audit trail verification, and anomaly detection. With real-time dashboards and AI-powered rule engines, CCM ensures your sales data integrity meets HMRC's evolving standards. Learn more about AIGovHub CCM and prepare for the future of tax compliance.

This content is for informational purposes only and does not constitute legal advice.