ISO/DIS 22382

ISO/TC 292

Secretariat: SIS

Date: 2025-11-10

Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for the content, security, issuance and examination of tax stamps

DIS stage

Warning for WD’s and CD’s

This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard.

Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation.

© ISO 2025

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.

ISO copyright office

CP 401 • Ch. de Blandonnet 8

CH-1214 Vernier, Geneva

Phone: + 41 22 749 01 11

E-mail: copyright@iso.org

Website: www.iso.org

Published in Switzerland

Contents

Foreword

Introduction

Scope

Normative references

Terms and definitions

Functions of a tax stamp

Overview

Core function — Revenue collection

Traceability, product distribution and market monitoring

Additional Functions

Process overview

Procurement process

Identify and consult stakeholders

Needs and Risk Assessments

The formal request for supply

Selection of suppliers

Rights

Evaluation of proposals

Physical tax stamp construction

Overview

Characteristics of a material tax stamp

Tamper evidence

Printing

Analogue printing

Digital printing

Direct marking

Unique identifiers (UID)

Serialization of tax stamps

UID formats

Protecting the UID

Tax stamp supply and distribution security

Production security

Distribution security

Issuance

Application of tax stamps

Activation of tax stamps

Procedures for unused or damaged material tax stamps

Procedure for invalid direct marks

Recording and reconciliation

Delivery of tax stamps

Examination of tax stamps

Levels of examination

Means of authentication

Smartphones

Forensic analysis

Monitoring and assessment

General

Fit-for-purpose testing

Quality control and compliance

(informative) Request for Proposal

(informative) Tax stamps: design, position and construction factors

(informative) Material tax stamps substrates

(informative) Comparison of material tax stamps and direct marking

(informative) Material tax stamp authentication features

(informative) Direct-marked tax stamp authentication features

(informative) Rating of Security Features

(informative) Examples of printing techniques

(informative) Authentication tools and usage

Bibliography

Foreword

ISO (the International Organization for Standardization) is a worldwide federation of national standards bodies (ISO member bodies). The work of preparing International Standards is normally carried out through ISO technical committees. Each member body interested in a subject for which a technical committee has been established has the right to be represented on that committee. International organizations, governmental and non-governmental, in liaison with ISO, also take part in the work. ISO collaborates closely with the International Electrotechnical Commission (IEC) on all matters of electrotechnical standardization.

The procedures used to develop this document and those intended for its further maintenance are described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the different types of ISO document should be noted. This document was drafted in accordance with the editorial rules of the ISO/IEC Directives, Part 2 (see www.iso.org/directives).

ISO draws attention to the possibility that the implementation of this document may involve the use of (a) patent(s). ISO takes no position concerning the evidence, validity or applicability of any claimed patent rights in respect thereof. As of the date of publication of this document, ISO [had/had not] received notice of (a) patent(s) which may be required to implement this document. However, implementers are cautioned that this may not represent the latest information, which may be obtained from the patent database available at www.iso.org/patents.ISO shall not be held responsible for identifying any or all such patent rights.

Any trade name used in this document is information given for the convenience of users and does not constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and expressions related to conformity assessment, as well as information about ISO's adherence to the World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT), see www.iso.org/iso/foreword.html.

This document was prepared by Technical Committee TC 292 Security and resilience.

This second edition cancels and replaces the edition ISO 22382:2018, which has been technically revised.

The main changes are as follows:

• its terminology mirrors ISO 22300, with only terms specific to tax stamps included in the Terms and definitions;
• relevant standards published since the first edition have been added as references;
• the clause order has been adjusted to make it more logical and helpful for revenue authorities;
• there are updates and minor amendments throughout the standard, but the clauses on digital printing [8.2] and Direct marking [8.3] are particularly expanded and updated;
• there is a new Annex G on the Rating of Security Features.

Any feedback or questions on this document should be directed to the user’s national standards body. A complete listing of these bodies can be found at www.iso.org/members.html.

Introduction

The purpose of this document is to assist tax authorities to improve the collection of appropriate taxes by implementing new, or updating existing, tax stamp programmes. This document provides guidance for tax stamp procurement, construction, security, issuance, traceability and examination, including the role of smartphones.

This guidance standard covers taxes levied on goods at the point of manufacture, importation, or sale. These include consumer goods, fuels and some industrial equipment or components. Tax stamps continue to be the most effective means to collect such taxes.

The first issue of this standard (2018) covered tax levied primarily on tobacco products and alcoholic beverages, but in recent years the number and type of products that are taxed and stamped has expanded to include other fast-moving consumer goods (FMCG), such as soft drinks, sugar, entertainment software and more, as well as non-consumer items including fuel oils, agrichemicals, and cement. This revision of the standard seeks to address the issues associated with tax stamps’ expanded role.

As the range of directly-taxed goods expands, it becomes especially important that tax stamp programmes match best practice. The supply of taxable goods attracts criminal activity aimed at avoiding the tax, which can lead to substandard products that may be dangerous to consumer health, directly or indirectly, or otherwise unsafe. Modern tax stamps are an effective deterrent to this criminal activity, so the best practice recommendations in this standard will help protect against such criminal activity.

Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for the content, security, issuance and examination of tax stamps

This document gives guidelines for the content, security, issuance, traceability and examination of physical tax stamps and marks used to indicate that the required taxes identified with an item have been paid, and to signify that the item is legitimately on the intended market.

Specifically, this document gives guidance on:

• the functions of a tax stamp;
• identifying and consulting with stakeholders;
• the procurement process and selection of suppliers;
• the design and construction of tax stamps;
• the overt and covert security features that provide protection of the tax stamp;
• the finishing and application processes for the tax stamp;
• security of the tax stamp supply chain;
• serialization and unique identifier (UID) codes for tax stamps;
• traceability;
• examination of tax stamps;
• monitoring and assessing tax stamp performance.

This document is applicable only to tax stamps that are apparent to the human senses of sight (with the aid of a revealing tool if necessary) or touch, which are applied to an item or its packaging, This may be as an affixed label or seal, as a design supplied in a print-ready electronic file, or as a set of printed or blazed characters, all of which need to be capable of being authenticated.

The term “authentication” in this document refers only to the authentication of the tax stamp, not to the product on which the tax stamp is affixed.

This document does not apply to systems or procedures that an issuing authority has in place to control and monitor its revenue collection, except by reference to them where they have an impact on the design or specification of tax stamps.

The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.

ISO 22300, Security and resilience — Vocabulary

ISO 22376, Security and resilience — Authenticity, integrity and trust for products and documents — Specification and usage of visible digital seal (VDS) data format for authentication, verification and acquisition of data carried by a document or object

ISO 22385, Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines to establish a framework for trust and interoperability

ISO 22388:2023, Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for securing physical documents

For the purposes of this document, the terms and definitions given in ISO 22300 and the following apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp

activation

stage in production or use of a tax stamp (3.18) when it becomes live (activated) as a record of the applicable taxes (3.4) becoming due

Note 1 to entry: Activation of the unique identifier (3.22), if used, can be separate from activation of the tax stamp.

adhesive

chemical mixture that bonds two materials together

Note 1 to entry: “Adhesive” can also be referred to as “glue”.

Note 2 to entry: It can be enabled by heat, pressure or chemistry.

alteration

intentional attempt to change an authentic item or the data contained within or on an item by chemical, abrasive or other techniques

Note 1 to entry: In this document, an “item” is a tax stamp (3.18).

applicable tax

specific tax on products as defined within national, state, provincial or local law

authentication

process of verifying that an item or its attributes are genuine with a specified or understood level of assurance

Note 1 to entry: In this document, an “item” is a tax stamp (3.18).

Note 2 to entry: The phrase “specified or understood level of assurance” acknowledges that it is impossible to achieve absolute certainty in authenticating any item. The degree of certainty varies with the type of authentication solutions used, the training and motivation of the examiner and the equipment available to them. For example, the level of authentication assurance achieved is very different between a consumer authenticating an item and a forensic laboratory authenticating the same item.

counterfeit

document or material good which purports to be something it is not in an attempt to be accepted as the genuine item

counterfeit

act of creating a counterfeit item

digital printing

process of transferring a computer-generated image or data to a substrate using a digital printer

Note 1 to entry: digital printers range from desktop home printers to sophisticated, versatile and large installations made by only a few companies. The latter are referenced in this standard.

direct marking

applying a tax stamp (3.18) directly onto the product or its container or packaging through the use of laser marking or printing with inks or other markers

Note 1 to entry: Direct marked tax stamps are generated at the point of application, thus not requiring a substrate (3.14)

fluorescence

temporarily converting human-invisible ink or other component of a tax stamp to become visible to humans by illuminating it with light which is also not visible to humans, usually ultra-violet (UV) which stimulates the ink etc to radiate at a wavelength visible to human vision only when it is thus illuminated.

forgery

altered document, typically to change the value referenced on the document or the identity it refers to.

illicit product

taxable product available on the market to avoid the payment of all or part of the applicable taxes (3.4)

Note 1 to entry: As part of the risk assessment, tax authorities (3.16) should refer to legislation and regulations in their jurisdictions to ascertain what qualifies as an illicit product.

Note 2 to entry: Illicit products could include illegally manufactured counterfeit, adulterated, re-filled, smuggled or illegal re-imported products.

simulation

an imitation of a legitimate item to enable the result to be accepted as legitimate

substrate

material that a tax stamp (3.18) is made of when it is produced away from the site of thetax stamp applier (3.19)

tamper evident

ability to reveal that an item has been compromised through an attempt or attempts to tamper with it, which is often achieved through the use of a frangible substrate; i.e. one that breaks up if it is tampered with

Note 1 to entry: In this document, an “item” refers to atax stamp (3.18).

Note 2 to entry: Such attempts may be, for example, attempts to alter the item or remove it from one item to place on another.

tax authority

government (national, provincial, state or local) agency that has responsibility for the collection of applicable taxes (3.4) and for the specification and design of tax stamps (3.18)

Note 1 to entry: The tax authority might be an independent agency or part of customs, the ministry of finance or other government authority.

taxable product

product on which tax is due at the point of production, importation, or first domestic sale, according to local legislation

tax stamp

visible stamp, label or mark placed on goods to show that the applicable tax has been paid

Note 1 to entry: It can be in the form of a label, closure seal, indicia or mark applied to the product, the package or container of the taxable item.

Note 2 to entry: Tax stamps are a tool within a government’s system for the collection and protection of applicable taxes (3.4)

Note 3 to entry: Substrate (3.14) -based tax stamps are also referred to as “tax seals” and “tax banderols” (sometimes spelled “banderoles”).

tax stamp applier

entity that applies a tax stamp (3.18) to a taxable product

Note 1 to entry: The application can be done by direct marking (3.9) or by applying a substrate (3.14)-based tax stamp.

Note 2 to entry: A tax stamp applier is usually a manufacturer, packager, repackager or importer of a taxable product or products, or a tax stamp supplier, which is also responsible for reporting the application of the tax stamp to the tax authority (3.16), with information about the product it is affixed to if and when required by the tax authority.

tax stamp stakeholder

entity with a stake in the implementation, enforcement and use of a tax stamp (3.18) system

traceability

the use of coded unique identifiers to enable the tax authority (or another authorised entity) to recreate events generated as a taxable product moves through its supply chain.

Note 1 to entry: ISO 9000 [1] defines traceability as the ability to trace the history, application or location of an object Also see Track & Trace inISO 22300

unique identifier

UID

sequence of numbers or letters and numbers (alphanumeric) or other code that represents or links to a single and specific set of attributes that are related to an object or class of objects during its life within a particular domain and scope of an object identification system

Note 1 to entry: ISO 22300 defines “object” and “identification”.

A critical step in introducing or upgrading a tax stamp is to decide on its function or functions. Primarily this is to collect, and confirm the collection of, the applicable tax or taxes, but the tax authority should consider other functions for its stamps, perhaps after consulting other stakeholders to find out whether they would value using the stamp in some way.

NOTE This section is placed here for the benefit of tax authorities, but the finalisation of tax stamp functions should be delayed until after consultation with stakeholders. See 6.1.

Possible functions that the tax authority should consider are described below in 4.2 to 4.4.

The function of tax collection breaks down into a number of elements, which include:

• creating or confirming the tax liability, which may be at the tax stamp’s point of issue or its application to the taxable product;
• being a receipt for the payment of applicable taxes;
• validating the tax-paid status of goods in the supply chain;
• identifying non- or reduced tax-paid goods in the supply chain;
• enabling the revenue authority to monitor, or (where necessary) control, the production or importation of taxable goods by controlling the number of tax stamps issued to the organization that applies them and – where necessary – monitoring the production site and the application of the stamp to detect any illicit production.

A function that many tax authorities find useful is to allow for the tracking and tracing of the stamps, and therefore the item that the stamp is on, through the supply chain; this is also known as traceability.

There are two discrete aspects to the use of tax stamp traceability:

1. By applying traceability elements when a material stamp is produced, every stamp can be tracked through the distribution chain from the point of production to its application to a taxable product;
2. Once a stamp is applied to a taxable product, whether as a material stamp or by direct marking (see 8.3), a traceable feature allows the tax authority (or other entity that is receiving the traceability data) to monitor the good from production or importation (i.e. strictly speaking, when the tax stamp is applied) through the supply chain to the retailer and end customer.

Traceability allows the tax authority to find when, where and by which entity the tax stamp was applied to the product, and then to monitor that product’s progress through the supply chain to its final consumer or user. This is done by interrogating the UID or code (see Clause 9) at any stage in the supply chain, thus allowing the tax authority to use information about the product’s origin and the route by which it reached the point where it is being examined to identify suspicious or criminal activity in the supply chain. If the tax authority decides to use traceability on its tax stamps, then it should consider the requirements to do so. These requirements may include:

• the UID to be applied to the tax stamp (see Clause 9) or an alternative method of identifying and tracking each item;
• monitoring stations or monitoring staff at points in the supply chain to capture and record information about the location of the product and the tax stamp on it;
• the secure storage and handling of the data that is captured from this monitoring;
• the analysis of data and sharing it with law enforcement agencies, manufacturers or distributors and other relevant stakeholders.

Figure 1 provides an example of how traceability might function to monitor tax stamps in the supply chain.

Figure 1 — Tax stamp data generation and application process to record and reconcile each stamp

Tax authorities should consider opportunities for interaction with other fiscal domains (outlined in ISO 22381 [2]) and other stakeholders, as appropriate. Theyshould also consider establishing the trustworthiness of the supply in conformance with ISO/DIS 22373 [3].

The tax authority should consider the other functions a tax stamp can serve that are not directly related to the tax collection and tax enforcement function, in consultation with other stakeholders, particularly other government agencies.

Other functions might include:

• monitoring the market for each product category by recording actionable data on legal participants, stamps or markings, and associated supply chain events, providing authorities with a new axis of information to compare against revenue or other sources.;
• consumer reassurance through the use of a secure tamper-evident substrate-based tax stamp (see 7.3), which cannot be removed from the taxable product without being destroyed, making it more probable that an item bearing a tax stamp is legitimate;
• to encourage consumer engagement, by incentivising consumers to examine the tax stamp on a product, for example with a smartphone app;
• tax stamps can facilitate legislative compliance where local, national or supra-national legislation or other regulations require tracking and tracing for certain products.

It is, however, acknowledged that, even though the traceability feature of a tax stamp brings accountability regarding its use by a manufacturer or importer, there is also a risk that an item affixed with a tax stamp could be illicit, as the result of criminal activity. Authorities should therefore be cautious in adopting or communicating the consumer reassurance function of tax stamps when the tax stamp serves other functions that are not directly related to the tax collection and tax enforcement function. This serves to avoid any potential liabilities should a citizen be harmed by a product bearing a tax stamp.

The tax authority should regularly review its tax collection processes to assess how efficient and effective they are, particularly in minimising tax avoidance or evasion. If in doing so, it concludes that using tax stamps – or upgrading an extant tax stamp – would help to improve its collection of taxes, then it should follow the process shown here to decide on the functions (as in previous section), specification, design, supply, issuance, application and inspection of its stamps.

It should then regularly review the tax stamp programmes, including stamp security, legislation and enforcement, to identify any weaknesses in the tax stamp itself or in the procedures for production, issuance, activation, application and examination. The tax authority should have a standby tax stamp design that can quickly be put into production in the event that this review or enforcement activity reveals fraudulent production or use of the tax stamps in use.

NOTE Issuing a new tax stamp design is the quickest way to make fraudulent tax stamps obsolete.

Figure 2 summarizes the process recommended in this document.

Figure 2 — Tax stamp procurement and review process

This section sets out best practice for how a revenue authority should approach the procurement of tax stamps.

The first step in considering a tax stamp programme is to identify and consult the stakeholders involved. Relevant tax stamp stakeholders will vary across jurisdictions and may include the following.

• Manufacturers of taxable goods that produce and package finished goods subject to taxation. Depending on local circumstances and tax systems, manufacturers could order, receive and apply tax stamps to finished goods. A manufacturer can also act as the local distributor.
• The trademark holder that owns the trademark in the taxable goods. This is often the same entity as the manufacturer but not always.
• Importers of taxable goods that import part- or wholly-finished goods subject to taxation and that are responsible for the payment of applicable taxes and fees. The importer may order, receive and apply tax stamps to finished goods.
• Distributors or wholesalers of taxable goods that bring the taxable products from a warehouse or port to the local market.
• Retailers of taxable goods responsible for procuring the taxable goods through the legal supply chain to sell to a consumer and that are required to verify the presence of the tax stamp.
• Tax stamp providers, which can be one or more organizations that provide tax stamps and examination tools to the tax authority, law enforcement agencies and other authorities as determined by the tax stamp authority to enable efficient tax collection and protect against fraud.

NOTE A tax stamp provider can also supply or specify application and other equipment for handling the tax stamps. It could provide only the physical tax stamp or whole systems, which can include IT systems, serialization, activation, direct marking and coding systems. The tax stamp provider can also be required to provide training, support, maintenance and help desk services over the duration of the contract and covering both the stamps supply and all the equipment and components required to operate the tax stamp solution.

• Law enforcement agencies that provide regulatory and criminal enforcement of the applicable laws. These agencies may include customs, revenue police, national police, defence forces, coastguards, border-control, security services, prosecution services, financial auditing authority, health officials and others.
• Consumers who are the end-user of a taxable product, consulted by the tax authorities through representative consumer groups and not as individuals when seeking input from the public.

The focus of the consultation will vary according to the type of stakeholder, which primarily divide into public sector/government; those commercially involved with taxable products, and tax stamp suppliers. Their interests should be taken into account when considering their responses.

When the tax authority is considering whether to launch a tax stamp programme, it should carry out a needs assessment and a risk assessment.

A needs assessment should establish the need for a tax stamp programme, assessing whether it will improve tax collected by making it more difficult to avoid or evade the applicable tax. It should consider whether a tax stamp is allowed under existing legislation, regulations and decrees, or whether new ones are required to implement and protect a comprehensive tax stamp system. It should also cover stakeholder interoperability, inspection and interdiction procedures, criminal investigations and prosecutions;

A risk and threat assessment includes a comprehensive analysis of past, present and potential future tax evasion risks;

The risk assessment should include organized crime and corruption threats specific to tax stamps or tax stamp systems.

The needs and risk assessments should involve other agencies or entities that are or will be involved in the tax stamp programme, which might include law enforcement agencies, health departments and other agencies concerned with taxation.

The results of these two assessments should influence the decisions regarding the tax stamp programme, especially in the design and specification of the stamps (see Clause 7).

NOTE More information on conducting a risk assessment can be found in ISO 31000 [4], IEC 31010 [5]and ISO 22380 [6].

The technical solution needed to implement a tax stamp programme encompasses tax stamps, software and equipment that are typically not available within a tax authority. For this reason, tax authorities resort in most cases to specialised external vendors.

The procurement process is a sequence of steps that starts after the tax authority has decided to go ahead with a new or upgraded tax stamp programme. This sequence comprises:

1. Issuing a request for information (RFI);
2. Making a shortlist of preferred, qualified suppliers from those that respond to the RFI;
3. Issuing a request for proposal (RFP) to the suppliers on that shortlist;
4. Evaluating the proposals submitted in response to the RFP;
5. Issuing a contract to the selected supplier or suppliers.

These are described in more detail below.

Where more than one organization is involved in the supply of tax stamps or the management of the tax stamp programme, all participants and their role should be clearly shown in the response documents. should be clear about who is involved.

The tax authority should ensure that the procurement process is open, transparent and provides for a tax stamp system that meets sustainability objectives. There is more guidance on this process in the United Nation’s Procurement Practitioner’s Handbook. Relevant standards and guidance documents are also shown in the Bibliography..

The Request for Information is a helpful first step in alerting possible suppliers. It:

• serves as an early alert to potential suppliers;
• is an information-gathering exercise to identify the suppliers which can actually meet the requirements and filter out those that claim they can meet the requirements but are unlikely to do so.

The responses to the RFI should provide information on the capabilities of the potential supplier, to:

• help the tax authority to refine its requirements or specification as necessary if it becomes apparent that it is too ambitious when considered against supplier capabilities;
• allows potential suppliers to show whether they will work alone or as part of a consortium, and which other organisations would be involved in the consortium or as sub-contractors and their roles.

It may not always be necessary to issue an RFI. e.g. when a tax authority is already running such a programme, and is already familiar and keeps itself updated with different technologies and suppliers.

A tax stamp request for proposal (RFP) is a request or invitation to tender that clearly explains the tax authority’s goals, which is drawn up after the tax authority has considered the responses to its RFI.

The tax authority should set out its goals for its tax stamp programme and consider whether to:

• give categorical specifications for the tax stamp programme and the systems it requires to meet those goals;
• or
• invite tendering organizations to propose alternative solutions which they believe will best meet the tax authority’s overarching goals;

or

• establish a set of qualities, characteristics, and experience desired in a relationship with a supplier organization, with these qualities becoming the basis for the procurement.

Whichever option is chosen, the specifications drawn up by the tax authority should include information about the format in which a material tax stamp is to be delivered to the stamp appliers, noting that different appliers or different taxable products may require different formats. These include stamp size, substrate material and adhesive, while delivery formats might include reels one stamp wide, rolls (many stamps wide), cut and bundled stamps, as well as how they are to be boxed or palletised. The authority should also consider whether the stamps will be delivered direct to the applier or to a secure storage facility, and if so what their pre-application shelf-life should be.

When the tax authority sets out the goals and requirements, it should give tendering organizations leeway in proposing optimum solutions that might be different to those the authority has specified. The RFP should state the responsibilities in implementation, performance, decommissioning or replacing an offered solution.

The tax authority should include reference in the RFP to the key tax stamp programme stakeholders so that suppliers are aware of the total environment for the use of the tax stamp.

The RFP should require separation between bidders’ technical and financial proposals, whether paper or electronic, to be opened according to a transparent and specified process that guarantees confidentiality.

The closing date for submission of proposals should allow time for translation of the tender and of proposals, and for production of samples, shipping and proof of concept mock-ups.

NOTE Guidance on the content of an RFP is provided in Annex A

Before finalizing and issuing the RFP, the tax authority should consider characteristics that it wants in its tax stamp supplier/s, such as size, history, experience, reputation, customer list, security practices and other factors; other government entities that use secure documents can give helpful input regarding these characteristics. It should also consider whether to specify that bidders be certified as complying with, or otherwise meet, the requirements of international and national standards covering the secure production, transportation and destruction of security materials, such as substrates, foils and finished printed documents and their associated data and data management systems, as it assesses the security of potential suppliers.

The tax authority shall evaluate the technical proposal and the financial proposal together and not one after the other, to avoid a selection exclusively based on the cheaper solution”.

Before making the final decision, the tax authority may require to visit an existing operation of the tenderer, in order to assess the credibility of the proposal.

The tax authority should also ensure that possible suppliers are independent of the industry or sector of items to be taxed.

The holder of the copyright in the tax stamp designs has control of how that design is used and by whom. In most countries (including those that follow the Berne Conventions on copyright), the creator of a design owns its copyright as soon as it is created (an individual employee’s copyright is in most cases automatically transferred to the employing organisation). The tax authority should therefore specify the arrangements it will want regarding the ownership or assignment of rights in the tax stamp design and artwork when drawing up the RFP and drafting the supply contract

The tax authority should consider the following options:

• the tax authority is assigned the copyright in the artwork and the final tax stamp design;
• the creator (the supplying printer or sub-contractor) retains the copyright, but undertakes to produce items using that design only on instruction from the tax authority or its authorised agent.

The supply contract should:

• specify the ownership of the copyright, the production rights and any limitations required on the rights owner or producer;
• confirm that the supplier has the right to use any copyrights, design rights, patents or other rights that apply to components from third party suppliers;
• stipulate the rights of and limitations on the supplier to use any designs, logos or other images such as the logo or shield of the tax authority supplied to it by the tax authority.

While waiting for proposals the tax authority should establish the evaluation process for the proposals submitted. This should ensure that all proposals are treated equally and fairly, with no bias or favour to any one proposal or supplier. An evaluation group should be set up, which as well as people from the tax authority itself could usefully include representatives from law enforcement agencies (i.e. people who inspect tax stamps in the field). To ensure equal opportunity, all proposal submitters should be notified of the method of assessment.

In assessing the proposals, the evaluation group should:

• ensure that suppliers of tax stamps, component suppliers and support systems or services suppliers and any other sub-contractors meet the security requirements identified in the security risk assessment;
• seek confirmation that any tendering organization is certified as conforming to these standards, or otherwise is approved as a secure supplier by established issuers of secure documents, such as the national central bank or postal service.

NOTE Relevant standards are listed in the Bibliography.

A key decision for the tax authority is whether its tax stamp or stamps will be an affixed label or seal, a design supplied in a print-ready electronic file, or as a set of printed or blazed characters – referred to as direct marking. This section covers the first of these, see 8.3 for guidance on direct marking. Print-ready electronic files are not recommended as they are a soft target for illicit alteration, duplication, or diversion.

With reference to tax stamps as a label or seal, their physical characteristics need to be carefully considered, with reference to the required levels of security identified in the risk assessment to protect the stamps against counterfeiting, alteration, theft or removal.

The following physical elements should be taken into account:

• size and position on the taxed item;
• the substrate, i.e. paper, polymer or composite – see Annex C;
• inks and printing methods;
• adhesives;
• authentication or security features;
• laminate;
• UID (Unique IDentifier, see Clause 9).

NOTE This is not a comprehensive list covering all use cases.

The tax authority should specify the size and position of tax stamps on the taxable item’s packaging after consultation with the manufacturer or importer of taxable product, recognising that different packaging may require different types of tax stamp. See Annex C for details.

There are two aspects to the protection of tax stamps:

1. The construction of the stamp and the use of features to make the stamp difficult to copy, replicate, alter or remove, with the level of protection determined by the risk assessment;
2. Authentication of the stamp in the field, to ascertain with a high degree of certainty that it is genuine or not and that it has not been tampered with in any way.

There is interdependence between these aspects, particularly regarding the choice of security features to be examined for authentication, where the expertise of, and equipment available to, the intended inspectors will determine the balance between overt and covert elements in the security features, a balance which should also correlate to the conclusions of the risk assessment. See Clause 12.

The tax authority should achieve the best protection for a tax stamp by using a combination of specific and layered security features (overt and covert) depending on the configuration and the control to be performed (e.g. by consumers or authorities) during the life cycle of the product.

Information about the above components is in Annex E and Annex G, while ISO 22388:2023 gives detailed information about securing physical documents, including detailed guidance on security rating criteria of the security features and technologies that might be used on a security document, including tax stamps. Referring to the principles of ISO 22388:2023's security rating, a simplified example of 22388’s security rating is given in Annex G.

The tax authority should ensure that:

• tax stamps are affixed to the taxable product using adhesives and substrates that make it very difficult to alter, replace or reuse, them;
• tax stamps offer appropriate tamper-evident properties, where they have an additional role as closure seals that do not allow opening, retrieval of product or refilling of the container without noticeably damaging the tax stamp;
• tamper evidence properties are aligned with the results of the risk assessment undertaken as recommended in 6.2.

The tax authority should recognize that tamper evidence is a function of the combination of:

• the material and surface properties of the product or packaging to which the tax stamp is applied and the adhesion of the tax stamp or of the direct print to this;
• the cohesion of the printing ink or inks;
• the cohesion of the tax stamp substrate or of any lamination if this is its construction.

The tax authority should evaluate tamper evidence in terms of:

• the obviousness of change in the tax stamp’s structure on alteration, tampering, tearing or opening, both when intended and unintended;
• the possibility of tax stamps being reused or harvested from used packaging;
• the amount of technology input, capital investment, criminal effort and the expected return on this fraud.

Different printing processes and inks give different effects and differing levels of security. The tax authority should take input from stakeholders regarding the printing processes to specify in the RFP, then work closely with its supplier on the final selection of printing processes and the choice of inks and coatings used in the printing of tax stamps that will affect the level of security.

The tax authority should specify the security level of equipment and technologies based on its risk assessment of potential threats from tax evasion, counterfeiting or transfer of the tax stamp and other relevant data. It should choose specialized printing equipment and technologies that are designed for the production of security documents by adding barriers against counterfeiting, including technological, capital and accessibility barriers.

Tax authorities should consider the following best-practice techniques that raise the barrier to counterfeiting and other forms of fraud and ensure that at least some of these techniques are incorporated in their tax stamp design:

• the use of graphical security designs on the tax stamp;
• complexity in the design and processes required to print the tax stamp;
• a combination of printing tools and methods, especially in the small space usually available on a tax stamp;
• the registration of different parts of a design within tight tolerances, including graphic and security features;
• the use of specialist techniques and expertise that are difficult for criminals to source.

The tax authority should either specify the methods and materials to be used or state the required level of security and request tendering organizations to state how they will achieve this, taking into account who will be examining the tax stamps, as some printed security features can be detected by human senses, while others require the use of special tools that are not readily available to the public. The tax authority should also ensure that the security features it adopts are customised to deter misuse, including deception by replication or imitation.

Appropriate analogue printing methods for tax stamps include intaglio, offset, screen and flexographic.

NOTE 1 More information on appropriate printing techniques is given in Annex H.

NOTE 2 Guidance on the examination processes is given in 12.

Digital printing is used on many tax stamps to print the alphanumeric serial number or UID (see Clause 9) and the encoded version of it, regardless of the printing method/s used to print most of the stamp.

Digital printing can also be used to print all of the stamp, utilising specialised digital security printing equipment, associated software and consumables. The systems allow more than the UID to be varied on each stamp, allowing each stamp to be individualised, or perhaps a batch of stamps to be produced with, for example, the name of the entity to which they will be issued.

See 9.1 for guidance on serialzation.

Direct marking is the application of the tax stamp information directly onto the taxable item or its packaging, using digital printing or other techniques, such as blazing or ablating. The tax authority should require the use of security methods, including inks and other consumables, that incorporate overt and covert components. Direct marking can create overt and covert marks, for example, through the use of security inks, encoded fingerprint techniques, protected encoded UIDs, or laser-marking optical effects. It can also produce a tax mark that is much smaller than a substrate-based stamp, given that a tax mark may consist of a data matrix (DM) code, either alone or with minimal additional information, and the recommended minimum size for a DM module is 2.54 mm square.

Direct marking takes place on the production or packaging line of the manufacturer of taxable product, using a digital print system, blazing or ablating, linked to the UID generation system.

The tax authority should ensure that direct marking systems are secured from hacking, tampering or any form of intrusion, and this security should be the responsibility of an entity that is independent of the goods producer or importer.

At an early stage in its consideration of the specification for its tax stamps, the tax authority should consider whether or not to use direct marking for all or some of its tax stamps.

A comparison of material tax stamps and direct marked tax stamps is given in Annex D.

A unique identifier (UID) enables the tax authority to monitor each tax stamp from issuance through tax accounting, application to taxable product, and then through the product supply chain. Therefore the tax authority should require that each tax stamp has a unique identifier (UID), which in best practice will contain a randomised and encrypted serial number, to enable checks on the payment of the required tax. It also needs to ensure that this UID is generated securely and that, once printed onto the stamp, the UID generation system verifies that it is not duplicated. The tax authority, supported by appropriate legislation, should determine where and how in the process the UID will be generated and printed, in accordance with the requirement in the RFP. This could be on the stamp production line, either as stamps are produced for stock or against an order from an applier, or as the stamp is issued at the point of application.

Serialization may be sequential or random, but whichever is used it is essential that each IUD is unique.

In all cases, the tax authority should ensure that all tax stamps are accounted for. Systems that generate and add the UID during production or packaging of the taxable product require different controls to systems where the UID is generated and added as tax stamps are shipped for application or at a centralized storage and issuance site.

The tax authority should decide at an early stage of the specification of its tax stamps:

• what the UID will be used for, e.g.:
• Monitoring revenue collection;
• Tracking the tax stamp up to and including negating it;
• Monitoring and (if required) controlling production/import of taxable product;
• Tracking the taxable product as a way to monitor trade.
• what data is held in the UID and what data is held in the database linked with the UID, such as information about:
• the stamp itself, e.g. location and date of production and by whom (if there is more than one supplier);
• who it is issued to and which taxable product it is for;
• the amount of tax to be paid;
• how it is generated;
• whether and how it is randomized (i.e. it is not sequential and makes guessing harder);
• whether and how it is encrypted, e.g. in a data matrix code;
• whether to incorporate a code in the form of a proprietary or standardised UID sealed using electronically signed encoded data sets (ESEDS), in conformance with ISO 22385 and ISO 22376, (also referred to as Electronically Signed Data Construct [ESDC]) to be interpreted by a corresponding trusted entry point (TEP);
• how it is integrated with the tax stamp.

The decision will reflect input from stakeholders after consultation in accordance with clause 6.1.

The tax authority will also need to decide on the form of the UID and how it is to be read – human senses (in which case it may take the form of a number or alphanumeric string), or reading instrument (in which case it may take the form of a barcode (e.g. data matrix or QR code), or RFID tag.

So that the encoded UID cannot be duplicated or otherwise interfered with, the tax authority should consider whether there is a risk of the UID being reproduced fraudulently, and how to mitigate that risk, taking guidance from stakeholders and the system supplier as to how to achieve this. There are several approaches, including:

• methods that degrade the code if it is copied, so that it cannot be read;
• the use of copy-sensitive codes so the code is recognised as a clone by the code reader (e.g. by integrating a marker or tracer with the ink used to print the UID on the stamp);
• a watermark within the code that prints if it is copied and printed, revealing that it is a copy;
• methods that give an alert if the UID is duplicated;
• Adding a forensic mark detectable only in a laboratory using appropriate, dedicated equipment.

The tax authority should ensure that its suppliers and sub-contractors (e.g. hologram producers, substrate manufacturer, UID generator software supplier etc) are authorized security providers. A security printer is one that:

• uses equipment and components designed to produce secured documents;
• manages its operation to keep the documents and data secure;
• has secure premises with controlled access;
• has staff security procedures, including vetting and monitoring;
• has control and audit of production quantities, waste management and secure shipping.

To ensure that suppliers are a security producer, tax authorities may:

• inspect the supplier’s premises to ensure that they operate securely;
• select printers who are recognized as security printers and as an authorized supplier to, for example, a central bank;
• verify that the supplier is certified as conforming to an appropriate national standard, such as the ^[7]ANSI-NASPO International Security Management Standard, or an international standard, such as ISO 14298 [8].

For the production of material tax stamps, the tax authority may conduct an inspection of a certified security printing organization or other supplier to ensure that sub-contractors or component suppliers operate adequate security procedures.

Material tax stamps are vulnerable to theft during distribution from the producer, so the tax authority should ensure that:

• the shipping method used by the producer is secure, i.e. using a recognised secure means of transport;
• if the tax stamps are to be stored before issuance, this storage facility is secure, with appropriate premises and staff security measures;
• tax stamps are received into a secure area at each facility on the distribution chain (i.e. warehouse, issuer or applier) and the receipt of the stamps is checked and recorded;
• and if there is onward dispatch (e.g. from a storage facility to the applier) this is with a secure shipping method and the despatch is checked and recorded.

The tax authority should control and monitor the way that tax stamps are issued to the legitimate tax stamp applier, which may be a producer, a packager, an importer or re-packager. The tax authority may control the movement of tax stamps through the use of a UID (see Clause 9) or use control and audit procedures as practised by recognised security printers.

The tax authority should ensure that tax stamps are provided only to legitimate tax stamp appliers:

• in accordance with contracted production quantities;
• where applicable, only after an approval of the issuance from the government-issuing authority;
• based on procedures that provide adequate security to deter, prevent, detect and mitigate the unauthorised production, storage, release, diversion or theft of tax stamps, and that provide a system to detect any such action in a timely manner;
• with auditing and control procedures that allow for periodic audits of the issuer’s processes, to ensure compliance with the authorized production and issuance requirements.

The tax authority should ensure that personnel responsible for authorising tax stamp issuance and activation:

• are trained in security practices and auditing procedures;
• are subject to identity verification and security background checks;
• have appropriate security clearances.

In establishing its tax stamp program, the tax authority should specify:

• that there is a one-to-one relationship of a tax stamp to a taxable product, i.e. that there is exactly one stamp on each product instance (and every product instance has a stamp) and every stamp is used or otherwise accounted for (see 10.6);
• the surface the tax stamp will be applied to and the method of adhesion, e.g. self-adhesive, wet glue, dry glue or direct-marked in a permanent and unalterable way, as well as the method of application in a manner that seals a package, remains on the package after opening, and cannot be easily removed;
• the entity responsible for affixing or direct marking tax stamps on the products; the responsibility for applying tax stamps onto products should be specified by the revenue authority;
• the process to be used for applying tax stamps, including procurement, operations and maintenance of automatic tax stamp application or direct marking equipment;
• that no product can be omitted from the application of a stamp or direct mark;
• that, if the application method is direct marking, the mark should be tested for readability immediately following being marked and the system needs to ensure that any one UID cannot be applied more than once.

In establishing its tax collection system, and in specifying the controls required in the tax stamp supply chain, the tax authority should specify at which stage in the process the tax stamp is activated (see activation). Typical activation points are:

• when a material tax stamp is produced, if this is done on receiving an order from a tax stamp applier;
• if material tax stamps are stored before shipping to a tax stamp applier when an order is received from an applier;
• when a material tax stamp is affixed to a taxable product or when the tax stamp is direct-marked onto the product’s container by a tax stamp applier; this may include a link between the UID and the relevant production and product details;
• when tax-stamped product is shipped to its first economic operator in the distribution chain.

The activation and association of the tax stamp UID and the product should be captured during production by equipment installed on the production lines by a provider independent of the controlled industry. Such activation method enables the tax authority to increase control and compliance of the products before they enter the market.

A tax authority should:

• record the activation of each tax stamp that becomes liable for taxation, whether that data is captured directly by the authority or captured and supplied to it by the stamp activator;
• tie the activation to the UID of the tax stamp (see 10.4) or to the generation and printing of the UID when this is done simultaneously at the point of activation;
• consider whether to impose a time limit on the activation of applied tax stamps or UIDs, i.e. how long a stamp is allowed to be stored and not yet activated.

NOTE It is becoming usual for the stamp to be activated as it is applied to the product or its packaging, whether as a material stamp or directly marked. In this situation the UID and activation information (date, time, location etc – see 9.2) are likely to be captured by a camera on the production or packaging line within a very short distance or time of the point of application.

The tax authority should require that any material tax stamps that have been issued but that are damaged or otherwise not used be reclaimed or returned. If tax has been paid against the issuance of those tax stamps, it should require that it is credited to the taxpayer.

The tax authority should put in place a process to ensure that:

• unused tax stamps are either returned to the issuing authority or securely destroyed;
• unused tax stamps are de-activated and no longer serve as a tax invoice or receipt;
• the UID (if a UID system is in use) of any unused tax stamps is recorded as not in use to ensure that it is not re-issued and no tax can be expected to be received against it;
• returned, destroyed or unused tax stamps are properly audited and accounted for;
• any tax paid on the issuance of the unused tax stamps is refunded or credited to the taxpayer’s account.

If material tax stamps are to be destroyed and not returned, the tax authority should:

• specify which organization is responsible for their destruction;
• ensure that destruction is genuinely secure so that no tax stamp can be reconstructed.

The tax authority may set expectations or requirements for the amount of wasted tax stamps allowed in the application process and be alerted to excess wastage that may indicate possible fraud issues or inefficient application processes to be investigated.

The tax authority should ensure that, in the case of direct marking, a camera will capture all readable UIDs for activation. Any that cannot be read or which are otherwise invalid, will be ejected from the production or packaging line for product destruction or for reapplication of the UID.

The tax authority should ensure that critical points of the process are recorded and reconciled, so that the status of each stamp can be ascertained in case there is a need to do so. This includes recording any that are not used through damage, wastage or other loss event, so solution providers should be asked to offer methods to do this.

The tax authority should consult with the producers and appliers of its stamps regarding the shipping and application formats, covering:

• how the tax stamps are supplied to the tax stamp applier, e.g. in reels, cut tax stamps, continuous rolls, sheets, bundled, boxed;
• the quantity per reel, batch, stack, etc.;
• how the tax stamps are to be packed and shipped;
• the delivery mechanism, whether at the tax authority, at the stamp supplier’s office, or directly at the producers’ premises
• the probable storage environment and whether this will affect the application performance of the tax stamps (primarily humidity and temperature).

NOTE These points apply to pre-produced tax stamps, but some authorities create and distribute tax-paid indicia in the form of a pre-press file, for which different issues arise, primarily around the security of the digital file.

A tax authority should consider:

The design of their tax stamps to ensure that they will be easily recognizable;

how and by whom tax stamps will be examined to ensure that they are legitimate;

the level of motivation, knowledge, training, and equipment of each type of examiner, which may be consumers, law enforcement officers or forensic laboratory technicians.

The levels of examination for tax stamps therefore include:

Level 1: rapid inspection by human senses using easily identifiable overt features;

Level 2: examination of covert features by trained inspectors using a tool or device; a feature may be revealed to human senses using a generic tool (e.g. UV lamp or loupe), sometimes referred to as a semi-covert feature, or may require a proprietary tool to detect items that are not able to be revealed to human senses, such as taggants;

Level 3: authentication of coded covert security features or the encoded UID using a dedicated tool or app (which may also enable tracking and tracing of the tax stamp);

Level 4: forensic examination.

NOTE There are three aspects to authenticating tax stamps: the security features used for authentication, the means to examine them (human senses, tools) and digital analysis. Tools can be standalone, can reveal features to the human senses, can process information from the material features or can connect to a data store or processor to process information.

The tax authority should identify authentication tools that enable the examiner to inspect the authentication features appropriate to their inspection level and display the result to the examiner. Authentication tools may be available off-the-shelf or be proprietary. Factors to consider include:

• the security and reliability of the tool;
• portability;
• for electronic tools, the requirement for power: battery or mains;;
• immediacy of the authentication result;
• the requirement for a network connection and the consequence should it not be available;
• the environmental conditions of the examination;
• to whom the tool(s) will be issued (for example, the tax authority examiners or customs officers)
• the training required to use the tool;
• the cost of using the tool.

The tax authority and other organizations may establish tax stamp examination regimes that include the use of smartphone apps.

Smartphones may be able to:

• examine and validate the authentication feature without recourse to a network connection, using the camera, data storage and processing capacity of the phone;
• Examine and validate the authentication feature by connecting to a data centre over the network, or enhance the offline validation by doing so;
• register and decode the UID or other features on a tax stamp, then access a database via the phone network to check if the UID is valid, associated to the right product and found in the expected location.

The tax authority should:

• consider smartphone apps able to support both online and offline authentication;
• consider whether it wishes or expects the public to examine tax stamps before selecting the authentication feature or smartphone app combination, recognising that this will be influenced by the authority’s intent to gather and analyse data from the process;
• define requirements appropriate for consumer or professional examination.

Smartphone applications can be an important examination tool for trained examiners, but the tax authority should be aware, when selecting authentication and smartphone readability, of the vulnerabilities of network systems and the value, therefore, of using apps that can authenticate without a network connection.

It can be advantageous for the tax authority to ask the public to examine tax stamps using a smartphone app, as this allows the authority to gather and reconcile data about the purchase and consumption of taxable products and presence of products bearing fake stamps or not carrying any stamp. The authority can establish a data store to which the app connects, so information, such as the location of the sale and other data, can be captured for analysis. The tax authority may wish to consider ways to encourage the public to use these apps to examine tax stamps and to offer a reduction or refund of the tax for using the app.

More information is given about the appropriate tools and examination level in Annex I.

Forensic analysis demonstrates whether an item is genuine or not by analysing its composition at the molecular level and comparing it with the composition of a known authentic item. It is normally carried out in a specialist laboratory by technicians trained in handling evidential material, so this provides court-admissible evidence in the event of a prosecution.

Tax authorities should consider which elements of their tax stamps are suitable for forensic analysis, which might be any or all of the substrate, the inks and the authentication features. The authority should ensure that there is a record of the analysis of those elements on genuine stamps for comparison with suspect tax stamps.

Tax authorities should consider whether their suppliers offer the required competence in testing and calibration laboratories that qualify them for forensic analysis.

The tax authority should establish appropriate monitoring and assessment of its tax stamps, tax stamp programme and supply procedures. These should allow it to assess the effectiveness of the tax stamp programme and find ways to overcome identified weaknesses.

NOTE This will establish the importance of monitoring the performance of the tax stamps in an iterative process that enables a constant improvement in that performance.

The tax authority should:

• include fit-for-purpose or adversarial testing in its tax stamp procurement and monitoring programmes;
• have the testing done by a government agency in the jurisdiction with the appropriate competencies or by an independent private entity certified as independent of any vendor in the tax stamp process and independent of any stakeholder, manufacturer or importer;
• consider the organization’s suggestions on methods criminals might use to attack tax stamps, such as printing the tax stamp and replicating the security features, interfering with or penetrating the IT systems of the tax authority and other possible fraud methods;
• carry out fit-for-purpose testing before the tax stamp is released into the system to ensure there are no obvious vulnerabilities.

NOTE Adversarial testing is a measure of the resistance to fraudulent attack of all authentication and information technology (IT) elements used on, or in a tax stamp. This testing could require assistance from one or more government stakeholders. Adversarial testing provides the tax stamp issuing authority and those who rely on them with assurance or verification prior to issuance so that the authentication and IT element solutions built into the tax stamp are able to resist all forms of fraudulent attack in accordance with the specified expectations.

All testing should be carried out in accordance with a specification of resistance and test expectations reviewed, and should be approved by the tax stamp issuing authority. It should include an assessment of the degree with which information on materials, technologies and devices used in each authentication or IT element (solution) are available to potential attackers.

The testing regime should look at:

• the difficulty of counterfeiting the whole tax stamp;
• the difficulty of altering a tax stamp, in particular the UID;
• the difficulty of removing a tax stamp to put it on an illicit product, taking into account the material of each specific product or package material the stamp is to be applied to;
• the ease of identifying a counterfeit, altered or fraudulently placed tax stamp;
• any conditions that could affect examination of the tax stamps.

The tax authority should develop a procedure for use when testing finds that tax stamps do not meet requirements or are not adequately resistant to copying.

The tax authority or other procuring agencies should:

• periodically examine tax stamps from various points in the supply chain to ensure that they comply with the requirements set out in the contract;
• establish contractually acceptable tolerances in consultation with the tax stamp provider considering the unavoidable variations in materials and components;
• consider procedures for, and encourage, stakeholder reporting of suspicious tax stamps through information campaigns on how to identify a genuine tax stamp.

1. 
   (informative)
   
   Request for Proposal

There is guidance from the UN and many national governments on how to draw up a public sector request for proposal (RFP.) See the Bibliography for specific documents.

All tenders should incorporate the anti-bribery provisions found in ISO 37001 [9], including:

• establish, implement, maintain and improve an anti-bribery compliance programme or management system;
• measures and controls that represent global anti-corruption good practice.

In Preventing Corruption in Public Procurement, the OECD identified integrity risks related to the pre-tendering, tendering and post-award phases of the procurement processes that are useful in guiding public and private sectors through many of the integrity risks associated with public procurement (see ).

All tenders should include integrity risk mitigation elements. Bidding vendors should be certified to ISO 37001 [9], and confirm (in writing) that neither they, nor any partner or vendor part of the offering, have been, within the past five years or are currently under any fraud or corruption investigation for the scope of service considered.

For further information, see Bibliography references ISO 37001 [9], ^[10], ^[11], ^[12] and ^[13].

In order for suppliers to submit realistic proposals, the RFP should include:

• yearly volumes by size and location of application sites;
• production monitoring to ensure compliance with those volume specifications;
• types and/or categories of products to which tax stamps are to be applied;
• physical forms of tax stamps;
• requirements for secure distribution;
• physical and digital properties in application;
• IT systems: secure data management and storage, security, disaster recovery, integration and reporting;
• the possibility to visit an existing government customer of the tenderer.

On a process level, the RFP should include, but not necessarily be limited to, aspects of:

• tax stamps and print;
• UID and data management;
• issuance processes;
• application processes;
• control and examination processes;
• outputs of the system
• Support, maintenance, servicing including help desk, for the duration of the tax stamps solution supply..

The life span of the project should be specified, including:

• timing of the implementation phase;
• guaranteed minimum duration of working with a solution and supplier(s) selected, and optional continuation periods;
• phase-out timing.

In suggesting a minimum duration, a balance is desirable between the supplier’s return on investment in the project for best price/value ratio and openness to innovation for new generation suppliers.

It is recommended to include in the RFP clauses that cover risk factors, such as raw material and labour price changes, natural catastrophes, political changes and other types of risk. Also, it is recommended to carefully assess the financial capacity and the relevant experience of the supplier, to minimize the risk of deployment, operation and customer support failure, for example by requiring the right to audit the supplier.

1. 
   (informative)
   
   Tax stamps: design, position and construction factors

In this annex and the following annexes, material and technology innovations and developments since the standard was published should be considered while reading or referencing the annexes.

Examples of design and construction factors are given in Figure B.1 and Figure B.2.

Figure B.1 — Physical tax stamp design and construction factors and interdependence

Figure B.2 — Direct-marked tax stamp design factors and interdependence

1. 
   (informative)
   
   Material tax stamps substrates
   1. Factors in deciding on the substrate

Factors to consider in selecting the appropriate substrate for a material tax stamp include:

• what it will be affixed to (paper or board, metal, glass, plastic or a combination – e.g. as a seal over the metal cap on a glass bottle);
• the required durability;
• the type of attack it may be subject to;
• recyclability, lifecycle and environmental aspects.

Table C1 is a guide to the appropriate type of tax stamp to use on typical packaging or containers.

Table C.1 — Guide to tax stamp materials and Attachment method

^[1] A taggant or molecular marker in a bulk liquid is not a tax stamp as defined in 3.17 (i.e. it is not a visible stamp, label or mark), so it is included here for information.

In some jurisdictions there may be other product categories that carry tax stamps, so the tax stamp format will have to be specified with regard to the material and finish of the product (if the stamp goes directly on the item) or its packaging, using the above table as a guide.

• 1. Paper substrates

Paper is the traditional material for tax stamps. Most paper is made from wood pulp, but security papers are often made from a rag pulp, or a mixture of wood and rag pulp, which makes them more durable. Therefore, rag paper is used largely for banknotes. Paper can incorporate one or more security features, including, but not limited to, security threads, fibres, micro-cuts, watermarks and reactive indicators.

One important characteristic of paper that serves as a security feature is that printed inks penetrate the top surface, making it more difficult to remove or alter the design on the tax stamp.

• 1. Synthetic substrates
     1. Synthetic papers

Synthetic papers are mainly made from thermoplastic which is engineered to resemble paper in their surface characteristics, so that they are suitable for printing on but are typically more tear-resistant and generally more durable than paper made from pulp or rag. Synthetic papers are mainly proprietary products sold under a brand name.

Synthetic paper can be engineered with a micro-porous matrix that locks in inks and toner, rendering printed information highly resistant to scrapes, scuffs and other damage, which can also be embedded with application- or customer-specific security features.

• • 1. Polymer substrates and films

Polymer substrates and films are transparent or opaque polymer materials treated to have a printable surface, or as a hologram carrier, which are more tear-resistant and more durable than paper. Filmic materials are also used for, but not limited to, shrink caps, wrappers and labels with colour changing tamper-evident effects. hologram.

• • 1. Laminates

Security substrate manufacturers have developed laminated materials that sandwich a polymer layer between paper layers, to give the durability and tear-resistance of polymer with the printability of paper.

1. 
   (informative)
   
   Comparison of material tax stamps and direct marking

Note that material or technology developments can alter the contents of this annex at any time. Table D.1 gives a comparison of tax stamps. Authentication features mentioned here are described in Annex E.

Table D.1 — Comparison of substrate-based and direct marked tax stamps

1. 
   (informative)
   
   Material tax stamp authentication features
   1. General

This annex gives detailed information on the authentication features that can be included in material tax stamps. Tax authorities should note that this is a field of rapid development and innovation, so it is probable that new features or technologies will be available within the lifetime of this document.

• 1. Underlying principles

The underlying principles in creating a secure document, such as tax stamps, are:

• Security is achieved through the use of both overt and covert features, or elements within those features, combined with digital features;
• Each supplementary feature used on a tax stamp adds a barrier for criminals to overcome, particularly if those features are complementary and properly layered into the overall design and security concept;
• Such features should be custom-designed for the tax authority issuing the stamps, and they must be supplied only to the entities specified by the tax authority;
• These features should also be suitable for forensic examination, i.e. that their composition or construction can be analysed in a forensic laboratory;
• Security and authentication feature suppliers must operate in secure conditions and use secure shipping processes.

In addition, the sustainability and lifecycle implications of all security features should be considered.

• 1. Overt authentication features
     1. General

There are several categories of overt features that can be used on tax stamps. These mainly require visual examination, but some use the sense of touch. The broad categories include:

• Those that are printed as part of the graphic design;
• inks specifically formulated to produce some of these printed features;
• holograms, or similar diffractive optically variable image devices (DOVIDs), which may form the tax stamp’s substrate or otherwise be added in the form of a foil patch or stripe;
• lenticular laminates.

NOTE The presence of a visible UID is also an overt feature, but its main characteristic is to point to information in a database (see Clause 11).

• • 1. Graphic features

In this context, graphic authentication features are those that are produced through the use of inks and printing processes. include those given in Table E.1.

Table E.1 — Graphic authentication features & benefits

• • 1. DOVIDs
       1. General

DOVIDs refers to diffractive optical features usually produced on a polymer film substrate which are added to a tax stamp as a patch or stripe – usually the latter, which is more suitable for the limited area available. Some tax stamps, however, use holograms as the base material on which the stamp content is printed.

The different types of DOVID, including some proprietary and trademarked types, are generally (albeit inaccurately) referred to as holograms, so this section should be read as referring to all types of DOVID.

• • • 1. Holograms

The following types of hologram can be used as an authentication feature on tax stamps.

• Surface relief holograms, produced on a thin thermoplastic film, such as polyester, often with a metal coating to give a mirror-like effect. This is the most familiar type of hologram used for authentication, with its rainbow-like colours.
• Photopolymer holograms, produced in an emulsion on a thin film, giving images having a more obvious three-dimensionality in one or more colours.

Holograms can incorporate numerous overt effects intended for verification by naked eye, which include:

• three-dimensionality, showing depth and parallax in the image;
• dynamic effects, where the image or parts of the image change or move as the hologram is tilted or rotated;
• colour effects, where colours change or alternate between positive and negative as the hologram is tilted or rotated, or where there is an absence of colour to give white or achromatic image areas;
• guilloches (see E.3.1) as a fine-line pattern in the hologram.

See also Clause E.6 below on covert features that can be incorporated into holograms.

The tax authority should require the hologram manufacturer to register their holograms in the Security Image Register of the International Optical Technologies Association, or a similar register of security holograms, to prevent inadvertent reproduction of the hologram.

• • 1. Other optical methods

There are other methods of making optically variable thin films (i.e. not diffractive) that can be used on tax stamps (although to date they have not been as much used as holograms). Examples are:

• liquid crystals, which exhibit a changing flat image;
• refractive coatings, which appear as an iridescent effect;
• lenticular laminates carrying images that seem to float above or below the substrate.
  1. Covert authentication features
     1. General

There are a wide variety of covert authentication features suitable for tax stamps. They can be:

• incorporated into the printed graphics;
• in or added to the substrate
• applied as an independent feature on the tax stamp
• incorporated into an overt feature, such as a hologram.

The tax authority should select the covert feature most appropriate to its examination environment and then ensure that examiners are trained and equipped as necessary.

• 1. Graphic features

There are several types of inks, toners and dyes that can be used to print covert elements, including inks that react to light of specified wavelengths, other electromagnetic stimuli or temperature, and inks that change appearance when viewed through the required filter (such as a credit-card size, or smaller, lightweight plastic lens).

Specialist inks used for security documents include those given in Table E.2.

Table E.2 — Security inks used for security documents

Covert graphic features are parts of the tax stamp requiring a small tool or instrument to detect. Some are proprietary and require a proprietary reader or decoder, others are generic. Covert graphic features include those given in Table E.3.

Table E.3 — Covert graphic features

Encrypted codes and UIDs can be printed with covert security inks to restrict authentication to law enforcement inspectors. Such covert codes can act as a key to allow such inspections to retrieve tracking and tracing data.

• 1. Holograms and other DOVIDs

As well as showing an overt image or design, DOVIDs can incorporate covert elements, which can include those given in Table E.4.

Holograms can also carry a UID or other variable elements as a visible surface image or an optically encoded pattern.

Table E.4 — Covert elements in holograms

• 1. Taggants

Taggants are microscopic particles that are only detectable by the appropriate device. Some taggants give a simple yes/no response (yes means the taggant is present, no means it is absent), others can be configured in such a large number of variations that they can be made specific to a particular item, such as a tax stamp for a product from an individual producer. In this case the reader device will show the details of the item that this taggant should be a component of.

Most taggants are proprietary and therefore require a proprietary tool. They include organic and inorganic compounds that can be added to the substrate, inks, hologram or coating.

• 1. Unique material pattern

Unique material pattern capture (also called “fingerprinting” because of its conceptual similarity to human fingerprinting) is the process of capturing an image of the microscopic structure or other data of a defined area of the tax stamp. This image or data will be unique, not repeated anywhere else on that surface (or the surface of any other tax stamp) because of the randomness of the structure.

Technologies that utilise unique physical characteristics, such as Physical Unclonable Functions (PUFs), can be evaluated, benchmarked, and compared using the methodology defined in ISO 22387 [14] , which provides a standardized framework for assessing the performance and robustness for the application of artefact metrics.

• 1. Copy-sensitive codes

A copy-sensitive code is a printed, engraved, holographic or other code in the form of a matrix of dots or other elements containing data, which is originated as a digital image. It is anticipated that, to produce a copy, a counterfeiter would scan and re-print, or re-engrave a scanned version of the code, as it is extremely unlikely that they could re-originate the original matrix. Because of encryption of the original and stochastic physical imperfections in the copy, it would be detected using a tool that measures the loss of information within the copied symbol.

Technologies that utilise unique physical characteristics, such as Physical Unclonable Functions (PUFs), can be evaluated, benchmarked, and compared using the methodology defined in ISO 22387 [14], which provides a standardized framework for assessing the performance and robustness for the application of artefact metrics.

1. 
   (informative)
   
   Direct-marked tax stamp authentication features
   1. Overview

Table D.1 should be referred to for help in selecting whether a direct marked tax stamp is suitable for the item in question, and Table E.1 should be referred to for guidance on the suitability of the consumer item type for the use of direct marked tax stamps. The Underlying Principles set out in Annex E also apply.

Taking those matters into account, it is important to recognise that the covert security features in a direct-marked stamp are of much greater significance than any overt features, because its intrinsic nature makes it unlikely that any overt authentication features can be used, although some of the overt graphic features shown in Table E.1 may be used.

• 1. Covert authentication features

The graphic features shown in Table E.1 may be used, and if the mark is to be an ink feature then one or more of the security inks shown in Table E.2. should be used.

If the stamp is applied using laser marking, then micro-text can be used, as well as secured data matrix codes.

1. 
   (informative)
   
   Rating of Security Features
   1. Overview

There are two key functions of a security feature:

• To prevent, or at least deter, counterfeiting by making it difficult to produce an accurate copy of the item;
• To make it possible to detect fakes in the field by facilitating the authentication of genuine items, and thus the detection of illicit items, i.e. if it is not genuine it is illicit.

The second is necessary because – no matter how strong an item’s security – criminals will persevere and find a way to create passable items, i.e. an item that is not a 100% accurate copy but is good enough to pass inspection by a lay person.

The efficacy of any security or authentication feature therefore depends on:

• The conditions of its supply; i.e. whether its supply is restricted to legitimate security document or similar producers, or it is available on the open market;
• Whether or not it is visible (overt) or not (covert), and if covert, whether it can be detected by someone who is intent on making an illicit item;
• The level of integration into the item it is protecting, i.e. that it cannot be removed;
• The difficulty of copying it, reverse engineering it, re-originating or re-creating it or otherwise finding a way to make and place something similar on the item to be protected;
• The ease of identifying such a copy or replica in the field, whether by a lay person or a trained examiner;
• Which in turn depends on the training, motivation and equipment of the examiner.

In these circumstances, the security level of any feature is determined by the conditions of its use, which includes its production, distribution, application and examination. It is therefore inappropriate to allocate an absolute quantitative rating to any one security feature. Instead, it becomes the responsibility of the designer and issuer to assess the protection given by the mix of security features on their issued item. In other words, the tax authority should make its own assessment based on the circumstances of its tax stamp programme.

• 1. Security assessment

ISO 22388:2023 includes an annex which gives a comprehensive algorithmic assessment of many security features, which a tax authority may choose refer to. However, a simpler and more specific approach to assessing the security value of each feature is to draw up a matrix of potential features and potential threats, as identified in the risk assessment, entering a mark in each cell according to whether the feature protects against that threat. The following page shows such a matrix for the security features most used on tax stamps, but this should be taken as a guide only. The tax authority should do its own assessment specific to its circumstances, and may choose to use a scale of protection instead of a simple yes/no mark (in which case it would be advisable to refer to ISO 22388:2023).

Table G.1 — Example matrix of the resistance of security features

1. 
   (informative)
   
   Examples of printing techniques

It is helpful for tax authorities, when specifying their tax stamps, to understand the different printing technologies and options that are available before consulting suppliers. Table H.1 gives a summary of the main printing processes used for tax stamps.

Table H.1 — Examples of printing techniques

1. 
   (informative)
   
   Authentication tools and usage

The selection of the authentication tools depends on the type of inspection, context and the type of authentication elements.

Authentication tools appropriate for the authentication features on the tax stamps to be examined should be issued to the relevant inspectors, taking into consideration the following constraints: usage rights, availability, reliability, security, data transmission (see Table I.1). Inspectors should be trained to acquire specialized knowledge for appropriate usage and reliable authentication results, depending on the authentication tools.

Table I.1 — Appropriate examination tools by type of examiner

Bibliography

[1] ISO 9000, Quality management systems — Fundamentals and vocabulary

[2] ISO 22381, Security and resilience — Authenticity, integrity and trust for products and documents — Guidelines for establishing interoperability among object identification systems to deter counterfeiting and illicit trade

[3] ISO/DIS 22373, Security and resilience — Authenticity, integrity and trust for products and documents — Framework for establishing trustworthy supply and value chains

[4] ISO 31000, Risk management — Guidelines

[5] IEC 31010, Risk management — Risk assessment techniques

[6] ISO 22380, Security and resilience — Authenticity, integrity and trust for products and documents — General principles for product fraud risk and countermeasures

[7] ANSI SMS 02-2024 International Security Management standard

[8] ISO 14298, Graphic technology — Management of security printing processes

[9] ISO 37001, Anti-bribery management systems — Requirements with guidance for use

[10] United Nations Commission on International Trade Law (UNCITRAL). Glossary of procurement-related terms used in the 2011 UNCITRAL Model Law on Public Procurement (the “Model Law”). UNCITRAL, 2011. Available at: http://www.uncitral .org/pdf/english/texts/procurem/ml-procurement-2011/Glossary-e.pdf

[11] World Trade Organization (WTO). Revised Agreement on Government Procurement. WTO, 1996. Available at: https://www.wto.org/english/docs_e/legal_e/rev-gpr-94_01_e.htm#_ftnref1

[12] UNCITRAL. UNCITRAL Model Law on Public Procurement, 2011. Available at: http://www .uncitral.org/uncitral/en/uncitral_texts/procurement_infrastructure/2011Model.html

[13] European Commission (EU). Report from the Commission to the Council and the European Parliament: EU Anti-Corruption Report. EU, 2014. Available at: https://ec.europa.eu/home-affairs/sites/homeaffairs/files/e-library/documents/policies/organized-crime-and-human-trafficking/corruption/docs/acr_2014_en.pdf

[14] ISO 22387, Security and resilience — Authenticity, integrity and trust for products and documents — Validation procedures for the application of artefact metrics