ERPNext compliance for French Businesses

Hello,

I’m working with a french integrator well known in your community “chdecultot” to choose the ERP to set up in our company and I must make this decision.

I contacted the French administration and Erpnext does not comply with the French anti-fraud law.

He has already started the discussion since 1 year -> here

To be in compliance with the law, you must send a certificate of compliance to users / customers.

My questions:
1- Can you send this certificate?
2- I understand that ERPNext is not specialized on the French market, so do you have enough informations or want to be on the French market so that companies like us do not take the risk of integrating your ERP or is it too complex to maintain an ERP for all countries (French laws in my case) ?

Best regards

2 Likes

@heraz Thanks for starting this topic

I think the foundation can apply for such a certificate and it would be great for an open source solution to be certified so anyone using it can benefit.

If you and @chdecultot are willing to take the lead, we can help you from the foundation side in terms of organization support.

A good start would be to make list of steps we need to follow to get the certificate, so we can start ticking things off.

3 Likes

@rmehta Hello,

1- An organization like LNE can issue the certificate to you. You will find all the information on their website. I called them back and mainly because ERPNext is rolling-release, you have to pay for each major versions to get a new certificate so I do not think this is the right solution but it’s your decision.

2- Your company can send itself the certificate (so for free) only if the sales data logs are not modifiable - see chdecultot topic here

The questions are:

  • Sales logs (at least for France) are they non-modifiable?
  • Do you agree to send a certificate of conformity for ERPNext users/customers? If so, i will send you a certificat template

Can you keep me informed of your decision?
@rmehta I am going to send you a message

Best regards

@heraz, even if we don’t allow changing of logs via the system, if you have database access, you can do it.

The only fool proof way is to send your sales register (anonymised) to a third party periodically. Would you be open to a 3rd party solution? Maybe the foundation can do this for a small fee?

What do you think @chdecultot ?

Hi @rmehta,

I fully agree that sending the sales register to a third party would be the best solution (this has been the chosen solution in Belgium for example). It has been proposed to the french administration but refused and its implementation would not guarantee the compliance of ERPNext unfortunately…

As of today, almost all necessary developments are completed (in v11) for ERPNext to be compliant with the law, including a chained log, which would be very complicated to recreate if anyone wanted to delete any entry in the database.

The main thing missing, as of today, is the formatting and simplification of the export for the yearly archive that is required by the 31st of December 2018 (but we can already export a CSV file from the chained log). I plan to it over the next few weeks.

In my opinion, ERPNext will therefore be compliant in v11 as long as it is hosted by a third party ready to deliver the required certificate (erpnext.com could be such third party).
For self hosted instance, there would be additional developments required, like for example the possibility to export a signature of the version for which you deliver a certificate and its associated setup and then check the integrity of the current version (like done by the Dolibarr project). It would still require a third party to deliver the certificate (the Foundation for example) and the user would of course not be allowed to modify the part of the code guaranteeing the compliance of the software.

If you want to discuss it in more detail, I’ll be happy to schedule a call.

Have a nice week-end!

2 Likes