Legal document retention periods in the EU: which document, how long, which law
Retention requirements in the EU are layered: EU-level directives set minimum floors, and member states add country-specific requirements on top. The result is a patchwork that is genuinely complex to navigate, especially for organizations operating across multiple countries.
This article is a practical reference. It covers the most common document types and the five largest EU economies by document volume: Germany, France, the Netherlands, Belgium, and Poland. For sector-specific requirements (healthcare, financial services, public procurement) and smaller jurisdictions, treat this as a starting point, not a complete picture.
How retention periods are calculated
Before looking at specific periods, two terms need to be clear:
Retention period start date: this is almost never the document date. For invoices, the period typically starts at the end of the fiscal year in which the invoice was issued. For contracts, it often starts at the end of the contract term, not the signing date. For employment records, it starts at the end of employment. Using the document date as the start date will cause you to delete documents too early.
Retention period vs. limitation period: the legal limitation period (within which a dispute can be brought) is separate from the archival retention period. In Germany, the general limitation period under BGB is three years; the retention period under GoBD is six to ten years. You must retain documents longer than the limitation period to have evidence available if a late dispute arises.
Invoices and VAT records
| Country | Retention period | Start date | Governing law |
|---|---|---|---|
| Germany | 10 years | End of fiscal year | GoBD, §147 AO |
| France | 10 years (accounting), 6 years (fiscal) | End of fiscal year | L123-22 Code de commerce |
| Netherlands | 7 years | End of fiscal year | Art. 52 AWR |
| Belgium | 7 years (VAT), 10 years (commercial) | End of fiscal year | Art. 60 WBTW |
| Poland | 5 years | End of fiscal year | Art. 86 §1 Ordynacja podatkowa |
For cross-border transactions, the more conservative retention period applies. A Belgian company invoicing a German buyer should retain records for 10 years to satisfy German requirements if a dispute arises in Germany.
For electronic invoices specifically, the format must also be preserved: the original electronic format is the legally relevant version, not a printout. Storing a PDF/A-3 with embedded XML satisfies format requirements in all five jurisdictions listed above.
Contracts
| Document type | Typical period | Notes |
|---|---|---|
| Commercial contracts | 10 years from contract end | Most EU member states |
| Employment contracts | 10 years from end of employment | Germany; varies by country |
| Real estate contracts | 30 years (Germany), 20 years (France) | Property law |
| Consumer contracts | 2-5 years | Varies, consumer protection law |
| Insurance policies | 10 years from policy end | EIOPA guidance |
Contract retention is governed by civil law, not tax law, and therefore differs more between countries. The limitation period for contractual claims is typically two to five years in most EU member states, but the practical retention period should cover the possibility of latent defects or delayed discovery.
Accounting and financial records
| Document type | Germany | France | Netherlands | Belgium |
|---|---|---|---|---|
| Annual accounts | 10 years | 10 years | 7 years | 7 years |
| Bank statements | 10 years | 10 years | 7 years | 7 years |
| Payment records | 10 years | 10 years | 7 years | 7 years |
| Business correspondence with financial relevance | 6 years | 10 years | 7 years | 7 years |
Germany’s GoBD distinguishes between accounting records (10 years) and business correspondence (6 years). The distinction is not always obvious: an email that initiates a payment may qualify as business correspondence with financial relevance.
Employment and HR records
| Document type | Typical period | Start date | Notes |
|---|---|---|---|
| Employment contracts | 5-10 years after end of employment | End of employment | Varies by country |
| Payroll records | 10 years | End of fiscal year | Germany, France; 7 years Netherlands |
| Performance reviews | Duration of employment + 2 years | End of employment | GDPR data minimization applies |
| Recruitment records (unsuccessful candidates) | 6 months (GDPR guidance) | Application date | GDPR Article 5(1)(e) |
| Disciplinary records | Duration of employment only | End of employment | GDPR requires deletion after relevance ends |
HR records present the strongest tension between GDPR’s data minimization principle and employment law retention obligations. The GDPR permits retention where a legal obligation requires it (Article 17(3)(b)), but the retention must not be broader than the obligation. Retaining full HR files indefinitely to avoid the complexity of selective deletion is not compliant.
Healthcare (EU-wide guidance)
Healthcare document retention is sector-regulated at the national level with wide variation:
| Country | Medical record retention |
|---|---|
| Germany | 10 years minimum (§10 MBO-Ä), up to 30 years for specific types |
| France | 20 years from last treatment |
| Netherlands | 20 years |
| Belgium | 30 years from last treatment |
For medical devices, clinical trial records, and pharmaceutical manufacturing, EU-level regulation (EU MDR 2017/745, GCP) sets minimum retention periods of 15 to 25 years depending on the category.
Public procurement
EU Directive 2014/24/EU requires that contracting authorities retain tender documentation for at least three years from the award decision. Many member states extend this to 10 years. The documentation required includes: the procurement notice, technical specifications, received tenders, evaluation records, and the signed contract.
For projects funded by EU structural funds, the retention requirement extends to the project closure plus three years (for projects below €1M) or plus five years (above €1M). These documents are subject to audit by the European Anti-Fraud Office and must be produced in original format.
GDPR interaction
GDPR creates a retention ceiling, not just a floor. Personal data must not be kept longer than necessary for the purpose for which it was collected. This interacts with retention obligations as follows:
- If a legal retention obligation requires keeping an invoice for 10 years, and that invoice contains personal data, you may retain it for 10 years. The legal obligation overrides the GDPR right to erasure (Article 17(3)(b)).
- When the retention period expires, deletion is not optional. GDPR requires deletion once the retention purpose is fulfilled.
- Retention categories should be documented: for each document type, record the legal basis for retention, the applicable period, and the deletion procedure. This documentation is itself subject to retention (typically the duration of the organizational structure that created it).
Organizations with documents in multiple jurisdictions should apply the longest applicable retention period to any document that could be subject to multiple jurisdictions, while documenting which law requires what.
Automating retention with document metadata
Implementing retention correctly requires tagging each document at creation time with:
- The document type (which determines the applicable retention rule)
- The jurisdiction (which country’s law applies)
- The retention start date (which is often not the document creation date)
- The calculated expiry date (start date plus retention period)
Without this metadata, retention review is a manual process that is both error-prone and resource-intensive.
SealDoc records retention metadata at document creation time and applies it to the archive configuration. Retention periods are configurable by document type and jurisdiction. When a document’s retention period expires, SealDoc flags it for deletion review rather than deleting automatically, ensuring that a human confirms deletion for document types where the retention calculation is ambiguous. WORM locks are released at the end of the retention period, and the deletion event is recorded in the audit trail.
For organizations that need to audit their current document archives for retention compliance, SealDoc’s classification API can categorize existing documents and assign retention metadata retroactively.