ERP Data Archiving and Retention: Legal Obligations, Timelines and Technical Strategy for IT Leaders

A ten-year-old ERP accumulates millions of journal entries, purchase orders, invoices and HR files. This mass is not just a performance problem — it creates direct legal liability for the organisation. Retaining too little exposes the business to tax audits and penalties. Retaining too long violates data protection law. Between these two extremes sits a precise regulatory framework, well-defined technical archiving tiers, and dedicated ERP tooling. This guide maps legal obligations to practical solutions so you can build a solid ERP archiving and retention policy.

Why ERP Archiving Is a Critical Priority in 2026

The Explosion of Transactional Data Volumes

Modern ERPs no longer just store accounting entries. They centralise e-commerce flows, industrial IoT data, dematerialised attachments (PDF invoices, scanned delivery notes, electronically signed contracts) and audit logs. For a mid-sized industrial company, ERP data volume doubles every three to five years. On SAP S/4HANA, that growth directly inflates the cost of the HANA database, which is billed per terabyte.

The problem is not purely technical. Every record stored in an ERP is potentially subject to a regulatory framework: tax, accounting, employment law or data protection. Without an archiving policy, the organisation accumulates invisible legal liability.

The Regulatory Triangle: Accounting, Tax and Data Protection

Three regulatory frameworks govern data retention in an ERP — and they sometimes conflict:

• Accounting and tax law sets minimum retention periods. Requirements vary by jurisdiction, but most countries mandate between six and ten years for financial records. In the UK, HMRC requires six years for most tax records (HMRC, Record-keeping). In Germany, the GoBD framework mandates ten years for accounting books.

• GDPR (and its UK equivalent, the UK GDPR) imposes the principle of data minimisation: personal data must not be retained beyond what is necessary for the purpose of processing. A prospect database from eight years ago no longer has a lawful basis in an active ERP.

• Sector-specific regulations add further layers: pharmaceutical traceability (fifteen years minimum in many jurisdictions), banking records (five years after end of customer relationship), healthcare data (up to twenty years in certain cases).

The CIO and CFO must arbitrate between these requirements, document by document. That is precisely the role of a formalised archiving policy.

Legal Retention Periods by Data Type and Country

United Kingdom: HMRC, Companies Act and UK GDPR

The UK framework sets the following minimum retention periods:

• Accounting records (limited companies): six years from the end of the financial year (Companies Act 2006, s.388).
• Tax records (self-employed / sole traders): five years after the 31 January submission deadline for the relevant tax year.
• VAT records: six years (HMRC VAT record-keeping).
• Employment records / payroll: three years after the end of the tax year to which they relate (PAYE regulations).
• Commercial contracts: six years from the date the contract ends (Limitation Act 1980).

HMRC can impose a penalty of up to £3,000 per failure to keep adequate records (simplybusiness.co.uk).

Germany: GoBD and Retention Obligations

The German framework is governed by the GoBD (principles for proper management and retention of books, records and documents in electronic form), updated in 2025 to integrate electronic invoicing rules (fiskaly, GoBD 2026):

• Accounting books, inventories, balance sheets, management reports: ten years (§ 147 AO, § 257 HGB).
• Invoices and supporting documents: eight years from 1 January 2025 (reduced from ten years by the Bürokratieentlastungsgesetz IV) (Aufbewahrungsfristen 2026, getmika.de).
• Business correspondence: six years.

Critical point: GoBD requires that electronic documents be retained in their original format, unaltered. A PDF invoice printed and re-scanned does not satisfy this requirement. The ERP must guarantee the integrity of the document exactly as it was received or issued.

Belgium and Switzerland: Specifics

Belgium: the standard retention period is ten years for accounting and tax documents (extended from seven to ten years by a recent reform). For VAT-eligible real estate, this extends to fifteen years due to the VAT revision mechanism (Accountable.eu).

Switzerland: article 958f of the Code of Obligations requires ten years’ retention for accounting books and supporting documents. The Olico Ordinance (Geschäftsbücherverordnung), revised on 1 January 2025, specifies the conditions for digital archiving (BePaid.ch).

France: PCG, Tax Code and FEC

The French framework distinguishes several retention periods by document type:

• Tax documents: six years from the last transaction (Book of Tax Procedures, article L102 B). This includes invoices, VAT returns, tax packs and the Fichier des Écritures Comptables (FEC) — a standardised electronic accounting file required for tax audits.
• Accounting books: ten years from the close of the financial year (Commercial Code, article L123-22).
• Supporting documents (purchase orders, delivery notes, bank statements): ten years.
• Commercial contracts: five years (standard civil prescription).

The FEC deserves special attention: in a computerised tax audit, the tax authority can demand it in a normalised format. An ERP unable to regenerate a FEC for an archived period exposes the company to a €5,000 fine per financial year.

Retention Period Summary by Document Type

Document type	France	Germany	Belgium	Switzerland	United Kingdom
Accounting books	10 years	10 years	10 years	10 years	6 years
Invoices (issued/received)	6 yrs (tax) / 10 yrs (commercial)	8 years	10 years	10 years	6 years
Journal entries	10 years	10 years	10 years	10 years	6 years
Commercial contracts	5 years	6 years	10 years	10 years	6 years
Payroll records	5 years	10 years	10 years	10 years	3 years (PAYE)
VAT documents	6 years	8 years	10–15 years	10 years	6 years

The Three Archiving Tiers in an ERP Landscape

Tier 1: Application Archiving (Within the ERP)

The first tier retains data inside the ERP itself, but in read-only mode. This is the standard approach for closed accounting periods: entries remain accessible for consultation and reporting, but cannot be modified. Most ERPs handle this natively through period-end closing.

Advantage: immediate access for business users, no disruption to analytical queries. Limitation: data stays in the production database, adding pressure on performance and storage costs — particularly significant on SAP HANA or Oracle Exadata, where costs scale with database size.

Tier 2: Intermediate Archiving (Nearline Storage)

The second tier moves data out of the production database into lower-cost storage, while maintaining transparent access from the ERP. This is the domain of nearline storage.

On SAP, this is the role of SAP ILM (Information Lifecycle Management) and Data Aging: ageing data is moved to nearline storage (typically file-based or object storage tiers) while remaining accessible through standard transactions. According to SAP documentation, this approach significantly reduces the HANA database footprint on mature S/4HANA instances (SAP Community, Data Management).

On public cloud (AWS, Azure, GCP), nearline storage is implemented via infrequent-access storage tiers (S3 Infrequent Access, Azure Cool Blob, GCS Nearline) with storage costs 40–60% lower than standard tiers.

Tier 3: Legal Archiving (Digital Vault)

The third tier guarantees the legal evidentiary value of archived documents. In France, the NF Z42-013 standard (incorporated into the international standard ISO 14641) defines the requirements for a compliant Electronic Archiving System (EAS): integrity, authenticity, traceability, durability and reversibility (AFNOR). Across the EU, the eIDAS 2.0 regulation (EU Regulation 2024/1183), which entered into force on 20 May 2024, introduces the qualified electronic archiving service. A document archived by a qualified eIDAS provider in one Member State is legally recognised across all other Member States (European Commission, eIDAS trust services).

This is a significant change for multi-country groups: a single qualified digital vault can cover the entire European perimeter.

Preferred formats for legal archiving:

• PDF/A-3: long-term archiving format, capable of embedding attachments (e.g. Factur-X invoices).
• XML SAF-T: standardised format for tax data exchange, now mandatory in a growing number of European countries (see our SAF-T and fiscal compliance guide).
• ZUGFeRD / Factur-X: hybrid format (human-readable PDF + structured XML) for electronic invoices.

Archiving Solutions by ERP Vendor

SAP: Information Lifecycle Management (ILM) and Data Aging

SAP offers the most integrated archiving approach on the market via two complementary mechanisms:

• Data Aging: automatically moves ageing transactional data to partitioned nearline storage, while maintaining access through standard transactions (SE16, CDS views). Partitioning is by fiscal year.
• SAP ILM: manages the complete data lifecycle, from blocking personal data (GDPR compliance) to deletion after legal retention expiry. The ILM Advisor automatically identifies the most voluminous tables and maps them to available archiving objects (SAP Community).

The prerequisite is a Data Volume Management (DVM) project upstream of any S/4HANA migration. Archiving before migrating reduces the conversion volume, cuts downtime, and lowers the target HANA database cost.

Oracle: Cloud Archiving and Partitioning

Oracle Fusion Cloud ERP relies on automatic partitioning of historical data and export to Object Storage. Financial modules allow retention rules to be defined by document type (invoices, journals, reports) with automated purging after expiry.

For Oracle E-Business Suite (EBS) on-premise customers, archiving typically relies on third-party solutions such as PBBS Archive or OpenText Archive Server, connected via certified adapters.

Microsoft Dynamics 365 and Odoo: Third-Party Modules and Export Strategies

Microsoft Dynamics 365 Finance provides retention capabilities through Data Management policies: define retention rules by entity, archive to Azure Data Lake, automated purging. For legal archiving, integration with Azure Blob Storage (immutable tier) or a third-party EAS is recommended.

Odoo does not offer a native archiving module. The strategy relies on:

• Periodic export of closed data (CSV, XML) to external storage.
• Community modules for purging and anonymisation (GDPR compliance).
• A third-party EAS (e.g. Arkhineo, DocuSign Archive) for legal archiving.

Cross-Platform Solutions: OpenText, PBS Software, Kofax

For multi-ERP environments or groups with heterogeneous IT landscapes:

• OpenText Extended ECM: native SAP integration, connectors for Oracle and Dynamics. Full document lifecycle management with ISO 14641-certified digital vault.
• PBS Software: SAP archiving specialist, offering nearline storage with transparent access from standard SAP transactions.
• Kofax (Tungsten Automation): automated capture, classification and archiving of incoming documents, with ERP-integrated validation workflows.

Building Your ERP Archiving Policy: An Actionable Template

Six Questions to Ask Before You Start

1. What types of data does the ERP contain? Map business objects (invoices, orders, journal entries, employee records, contracts) and their volumes.

2. Which jurisdictions apply? A UK-German group must comply simultaneously with HMRC requirements and GoBD. The retention period applied must be the longer of the two.

3. Which data contains personal information? Cross-reference the GDPR data map (Records of Processing Activities) with the ERP data inventory.

4. What is the current storage cost? Measure the cost per terabyte of the production ERP database (SAP HANA: typically between £13,000 and £22,000 per TB per year in licensing) versus the cost of nearline or cold cloud storage (£85–£430 per TB per year).

5. Are there sector-specific obligations? Pharma, banking, insurance, defence: each sector adds constraints that modify the retention matrix.

6. Who owns the archiving policy? The CIO drives technical implementation, but the CFO and DPO must validate retention periods and purge processes. Without a business sponsor, the policy remains an IT document without teeth.

Data / Retention / Format / Owner Matrix

Here is a model matrix to adapt to your context:

Data category	Min. retention	Archiving format	Tier	Business owner	Purge frequency
Journal entries	10 years	Native ERP + PDF/A	Tier 2 (nearline) after 3 years	CFO	Annual
Customer/supplier invoices	10 years	PDF/A-3 + XML Factur-X	Tier 3 (legal vault)	CFO	Annual
Standardised tax file (FEC/SAF-T)	6–10 years (varies by country)	Normalised XML	Tier 3 (legal vault)	CFO	Post audit
Purchase orders / delivery notes	10 years	Native ERP	Tier 2 (nearline) after 2 years	Supply chain director	Annual
HR / payroll data	3–10 years (varies by country)	PDF/A	Tier 2 then Tier 3	CHRO	Annual
Prospect data (CRM)	3 years max (GDPR)	N/A (purge)	Tier 1 then deletion	Sales director	Quarterly
Access logs / audit trail	1 year (standard) / 5 years (regulated sectors)	JSON / CSV	Tier 2 (cold storage)	CIO / CISO	Annual

GDPR and the Right to Erasure: The Special Case of Archived Data

GDPR grants data subjects a right to erasure (Article 17). But this right is not absolute: it does not apply when processing is necessary to comply with a legal obligation. In practice, a company cannot delete former customer data present on archived invoices, because accounting law requires them to be retained for ten years.

However, GDPR requires that data retained for legal compliance purposes must be:

• Isolated: stored in a space separate from the production database, with restricted access rights.
• Limited: only data strictly necessary to fulfil the legal obligation is retained. Associated marketing data (preferences, browsing history, lead scores) must be purged.
• Documented: the Records of Processing Activities must record the purpose “legal obligation” and the planned retention period.

This is where the archiving tiers become essential. Data moves from Tier 1 (active ERP) to Tier 2 (nearline, restricted access) and then to Tier 3 (legal vault, access controlled to audit/legal purposes only). At retention expiry, purging is automated and traceable.

The risk of premature deletion is real: in a tax audit, a missing supporting document can trigger an assessment with penalties of up to 40% for deliberate non-compliance. Conversely, personal data retained beyond what is necessary exposes the organisation to regulatory fines of up to 4% of global annual turnover. The archiving policy is the tool that lets you navigate between these two risks.

To explore the GDPR dimension in your ERP, see our complete ERP and GDPR compliance guide. If you are preparing a migration and need to decide what data to retain versus purge, our 7-step ERP data migration methodology covers the pre-migration cleansing process in detail. For European fiscal compliance requirements, our SAF-T and ERP guide covers the standardised exchange formats now required by a growing number of tax authorities.