CRA Electronic Record-Keeping Requirements: Complete Guide

The Canada Revenue Agency accepts electronic records under Information Circular IC05-1, but only when those records are readable, stored in an accessible format, and properly backed up. For businesses scanning paper documents, the originals cannot be destroyed until the scanned versions meet Canadian General Standards Board (CGSB) imaging standards. And regardless of format, all business records must be retained for a minimum of six years from the end of the last tax year to which they relate.

These are not optional best practices. The CRA actively enforces its electronic record-keeping requirements, and the consequences of non-compliance surface during audits: denied deductions, reassessments of tax liability, and financial penalties. According to the CRA's 2024-25 Departmental Results Report, the Canada Revenue Agency completed 84,356 audit and compliance cases in 2024-25 with a fiscal impact of $18.1 billion. That level of enforcement activity makes compliant record keeping a practical necessity, not a theoretical concern.

This guide walks through the full CRA record keeping requirements for businesses operating with digital documents. It begins with the legal foundation established by IC05-1, then addresses the distinct requirements the CRA applies to born-digital records versus scanned paper documents. From there, it covers the CGSB imaging standards that govern how paper records must be digitized, the specific retention periods that apply to different document types, and the Form T137 process for requesting early destruction of records before the standard retention period expires. The final section translates these regulatory requirements into practical implementation steps for building a compliant digital system.

Official CRA guidance on electronic records is scattered across multiple information circulars, interpretation bulletins, and web pages. This guide consolidates that framework into a single resource, starting with the legal authority that makes electronic record-keeping possible in the first place.

The CRA's Legal Framework for Electronic Records

The obligation to maintain business records in Canada is not optional guidance or a best practice recommendation. It is a statutory requirement rooted in two foundational pieces of legislation: Section 230 of the Income Tax Act and the Excise Tax Act. Together, these statutes require every person carrying on business in Canada to keep records and books of account in a form that enables the Canada Revenue Agency to verify tax obligations. The records must be sufficient to determine the taxes payable, the credits and deductions claimed, and any other amounts relevant to a taxpayer's filing.

To address the practical question of how businesses can meet these obligations using digital systems, the CRA issued Information Circular IC05-1, titled Electronic Record Keeping. This circular is the CRA's official guidance document for maintaining electronic records and for imaging (scanning) paper documents into digital formats. IC05-1 does not replace the statutory requirements. Rather, it clarifies how the CRA interprets those requirements in the context of modern electronic systems, giving businesses a concrete framework to follow when transitioning away from paper-based record keeping.

IC05-1 imposes three core requirements on any electronic record-keeping system:

Readability and accessibility - Records must be readable and accessible to CRA officers upon request. This means the system must be capable of producing legible records in a format that auditors can review, whether on screen or in printed form.
Retrievable and examinable format - Records must be stored in a format that permits retrieval and examination. A business cannot store records in a proprietary or encrypted format that prevents CRA officers from accessing the data without specialized tools or passwords that are unavailable.
Adequate backup procedures - The system must include backup procedures sufficient to protect against data loss. The CRA expects businesses to maintain copies of electronic records in a manner that guards against hardware failure, software corruption, and other risks that could render records unrecoverable.

Beyond IC05-1, businesses should be familiar with CRA publication RC4409 (Keeping Records). RC4409 serves as the practical companion guide to the legislative requirements, summarizing in plain language what records a business must keep, in what form, and for how long. While IC05-1 addresses the technical and procedural standards for electronic systems specifically, RC4409 provides a broader overview of record-keeping obligations that applies regardless of whether records are maintained on paper or digitally.

These requirements extend to all business records, not just invoices. The CRA expects businesses to retain receipts, bank statements, contracts, payroll records, general ledger entries, and any other documents that support entries in a tax return. For businesses registered for GST/HST, the requirements also cover records related to input tax credits and taxable supplies. For specific guidance on what information Canadian invoices must contain to satisfy GST/HST purposes, see the detailed breakdown of Canadian GST/HST invoice compliance requirements. Businesses operating in Quebec must also account for Quebec's Bill 96 bilingual invoice requirements, which mandate that all invoices include French.

One of the most consequential distinctions IC05-1 makes is the difference between records that are born digital and records that are created by scanning paper originals. The compliance requirements for each category differ significantly, particularly around whether original paper documents can be destroyed after digitization. Understanding this distinction is essential before implementing any paperless record-keeping strategy.

Born-Digital vs Scanned Records: What the CRA Requires

Understanding which of your records are "born-digital" and which are "scanned" is fundamental to CRA compliance, because each category carries different obligations.

Born-digital records are documents that were created and have always existed in electronic form. They were never paper. Common examples include:

E-invoices received via email
Electronic bank statements downloaded from online banking portals
Online payment confirmations from processors or gateways
Exports from accounting software (journal entries, trial balances, ledger reports)

The CRA accepts born-digital records without any special imaging requirements. As long as these records meet the general standards outlined in Information Circular IC05-1, meaning they remain readable, accessible on request, and properly backed up, you simply need to maintain them in a retrievable electronic format for the full retention period. No additional conversion or certification steps apply.

Scanned records are paper documents that have been converted to digital format through scanning or photographing. Think supplier invoices that arrived by mail, printed receipts from in-person purchases, mailed account statements, and signed contracts or agreements.

The question Canadian business owners ask most often: Can I scan my receipts and throw away the paper originals? The answer is yes. The CRA accepts scanned copies of paper documents, and you are permitted to destroy the originals after scanning. But this permission is conditional. Your scanned images must meet the Canadian General Standards Board (CGSB) imaging standards, and your imaging process must be formally documented.

A "documented imaging process" means your business maintains a written procedure covering:

How documents are scanned: equipment used, resolution settings, file format
What quality checks are performed: verification that scanned images are legible and complete
How digital images are stored: folder structure, naming conventions, storage media
How the imaging system is maintained: regular checks, software updates, backup verification

Without this documentation, the CRA may not accept your scanned records as valid substitutes for the paper originals, even if the image quality itself is adequate.

Businesses operating across borders should note that other jurisdictions maintain their own digital record-keeping frameworks with different requirements. The United States, for instance, has distinct IRS electronic invoice storage rules that differ from the CRA's approach in several key areas. Within Canada, importers must also retain Canada customs invoice and CI1 form documentation as part of their CBSA compliance obligations, and these records are subject to the same CRA retention and digitization standards covered in this guide.

The most critical compliance step for scanned records is meeting the CGSB imaging standards, which define exactly what "acceptable" means in technical terms.

CGSB Imaging Standards for Scanning Paper Documents

Before you can shred a single paper invoice, the scanned replacement must meet standards set by the Canadian General Standards Board (CGSB). The CRA references these imaging standards directly in Information Circular IC05-1, and they form the technical backbone of any compliant digital record-keeping process. If your scanned documents fall short of CGSB requirements, the CRA can treat them as inadequate, leaving you without valid records and potentially without the deductions or credits those documents support.

What the CGSB Standards Require

The CGSB imaging standards establish three foundational requirements for scanned business documents:

Complete and accurate representation. Every scanned image must capture the full content of the original paper document, including handwritten notes, stamps, signatures, and any markings. Nothing can be cut off, obscured, or lost during the scanning process.
Legibility and usability. If a CRA auditor cannot read the figures on a scanned receipt or verify the terms on a contract, the image fails this standard regardless of how carefully it was scanned. The digital version must be functional for the same purpose as the original.
Quality control verification. Without defined procedures to confirm that each scanned image meets the first two requirements, your imaging system fails the CGSB standard. Quality control is a structural requirement, not a recommended add-on.

Resolution and File Format Considerations

The CGSB standards do not prescribe a single mandatory resolution value, but the practical threshold is straightforward: all text, numbers, and markings on the original must be clearly readable in the digital version. For most business documents, scanning at 300 DPI or higher in colour produces results that meet this bar comfortably. Lower resolutions may work for clean printed documents but tend to fail with handwritten notes, faded receipts, or documents with fine print.

For file formats, PDF and TIFF are the most widely accepted choices for CRA digital record keeping. Both formats support long-term accessibility, which matters because your scanned records must remain readable and usable for the entire retention period, often six years or longer. Proprietary formats that require specialized software to open carry risk: if that software becomes unavailable during the retention window, your records become effectively inaccessible.

Choose a format that is non-proprietary or widely supported, and confirm that your storage system preserves image quality without applying lossy compression that degrades readability over time.

Documenting Your Imaging Process

Meeting the technical scanning requirements is only part of the CGSB framework. The standards also require you to document your entire imaging workflow. This documentation must cover:

Hardware and software used for scanning (scanner model, software name and version)
Scanning settings applied (resolution, colour mode, file format)
Quality control steps performed after each scan
Storage locations where digital images are kept (local servers, cloud platforms, or both)
Backup procedures that protect against data loss
Access controls that restrict who can view, modify, or delete scanned records

This process documentation is itself a record that must be retained. If the CRA requests evidence that your digital records meet CRA acceptable standards, your documented procedures are what demonstrate compliance. Without them, even perfectly scanned images lack the procedural foundation the CRA expects.

The Verification Step Before Destroying Originals

This is the step that many businesses rush past or skip entirely, and it is the one that creates the most risk. After scanning a paper document, someone (or a validated automated process) must confirm that the scanned image is a complete and accurate representation of the original. This means comparing the digital version against the paper source to verify that nothing is missing, illegible, or corrupted.

Only after this verification step is completed can you destroy the original paper document. Destroying originals before verification, or without any verification process at all, means you may be left with digital records that do not meet the CGSB standard, and no paper originals to fall back on.

For businesses processing high volumes of documents, building this verification into a repeatable workflow is worth the upfront effort. Batch scanning followed by spot-check verification of a representative sample is one common approach, though higher-risk documents (contracts, large invoices, tax filings) may warrant individual review.

International Context

Canada is not the only jurisdiction with specific digitization standards. Germany's GoBD digital record-keeping framework sets its own detailed requirements for scanning and storing business records electronically. In the Asia-Pacific region, Hong Kong's 7-year record retention rule under Section 51C imposes its own digital compliance obligations that businesses operating across both jurisdictions should understand.

CRA Record Retention Periods by Document Type

The most common question Canadian businesses ask about record keeping is straightforward: how long do I have to keep these documents? The general rule under the Income Tax Act Section 230 is that most business records must be retained for a minimum of six years from the end of the last tax year to which they relate. This covers invoices, receipts, bank statements, cancelled cheques, general ledgers, and the majority of day-to-day financial documentation.

But the six-year rule is not as uniform as it first appears. The critical detail that catches many businesses off guard is the starting point of that six-year clock. It does not always begin at the same moment for every document type.

Retention Period Reference Matrix

Document Type	Retention Period	Starting Point
General business records (invoices, receipts, expense records, bank statements, cancelled cheques, general ledgers)	6 years	End of the tax year to which they relate
Payroll records (T4s, ROEs, pay stubs, benefit records)	6 years	End of the tax year to which they relate
GST/HST records (returns, input tax credit documentation, collection records)	6 years	End of the tax year to which they relate
Corporate records (articles of incorporation, share registries, board minutes, shareholder agreements)	6 years	Date of dissolution of the corporation
Property and capital asset records (purchase agreements, capital cost allowance schedules, improvement receipts)	6 years	Date of disposition of the asset
Records for carry-forward amounts (non-capital losses, capital losses, unused credits)	6 years	End of the year the amount is fully applied or expires

Why the Starting Point Matters

For most routine documents, the calculation is straightforward: if a receipt relates to your 2025 tax year, you keep it until the end of 2031. Where businesses run into trouble is with the categories that follow different rules.

Corporate records must be retained for six years after the corporation is dissolved, not after the tax year. A company incorporated in 2010 that dissolves in 2030 must keep its articles of incorporation, share registries, and board minutes until 2036, regardless of when those documents were originally created.

Property and capital asset records follow a similar pattern tied to disposition rather than acquisition. If your business purchased commercial equipment in 2018 and sold it in 2028, the purchase records, capital cost allowance schedules, and related documentation must be kept until 2034. Discarding these records after six years from the purchase date would leave you without supporting documentation if the CRA questions the capital gain or loss calculation.

Carry-forward amounts such as non-capital losses or investment tax credits present another timing challenge. If your business incurred a non-capital loss in 2024 and carried portions of it forward over multiple years until fully applied in 2029, all supporting records must be retained until the end of 2035.

Active Audits and Disputes Override Standard Timelines

One rule supersedes all the timelines above: if the CRA has requested your records, initiated an audit, or issued a reassessment that is under dispute, you must retain all related records until the matter is fully resolved and all appeal periods have expired. This applies even if the standard six-year period has already passed. Destroying records that are subject to an active audit or objection can result in penalties and adverse assumptions by the CRA.

For a broader perspective on how Canada's retention requirements compare with other jurisdictions, you may find it useful to review invoice retention periods by country, which covers the regulatory requirements across multiple regions.

When Records Need to Go Early

In certain circumstances, businesses face practical pressures to destroy records before the mandatory retention period expires. Office relocations, storage limitations, or transitions between record-keeping systems can all make holding every document for the full period impractical. The CRA has established a formal process for requesting early destruction.

Requesting Early Record Destruction with Form T137

Destroying business records before the mandatory retention period expires is a compliance violation under the Income Tax Act. There are no exceptions to this rule without prior written authorization from the Canada Revenue Agency. However, the CRA does provide a formal process for requesting permission to destroy records ahead of schedule through Form T137 (Request for Destruction of Records).

When Form T137 Applies

Form T137 exists for situations where retaining records for the full required period creates a genuine operational burden. Common scenarios include:

Office relocations where transporting large volumes of archived documents is impractical or cost-prohibitive
Business mergers or amalgamations that consolidate entities and create redundant record sets
Storage space constraints that make it physically or financially difficult to maintain aging records
Transitions between record-keeping systems where legacy formats are being phased out
Accumulated historical records spanning many years that have limited ongoing relevance but technically fall within the retention window

The form is not intended for routine record management. It addresses specific circumstances where early destruction serves a legitimate business need.

How to Submit the Request

Form T137 must be submitted to the Tax Services Office responsible for the business's tax filings. The request should include:

A detailed description of which records the business wants to destroy
The tax years or time periods those records cover
The reason early destruction is being requested
Confirmation of the record types involved (invoices, receipts, ledgers, payroll records, etc.)

Providing thorough detail upfront reduces the likelihood of follow-up requests from the CRA and helps move the review along faster.

What Happens After Submission

The CRA reviews each Form T137 request on a case-by-case basis. Before granting approval, the Agency typically requires that the business's tax affairs are fully up to date. This means:

All required tax returns have been filed
There are no outstanding balances or amounts owing
There are no active disputes, objections, or appeals related to the periods covered by the records

In some cases, the CRA may decide to audit or review the records before authorizing their destruction. This is particularly likely when the request covers periods that have not previously been examined, or when the dollar amounts involved are significant.

The Critical Rule: Wait for Written Authorization

Businesses must not destroy any records until they receive written authorization from the CRA confirming approval of the Form T137 request. This point cannot be overstated. Destroying records after submitting the form but before receiving approval is treated identically to unauthorized destruction. The fact that a request is pending provides no legal protection.

Written authorization from the CRA will specify exactly which records and time periods are approved for destruction. Any records not explicitly covered by the approval must continue to be retained.

Planning Ahead

The CRA's review process for Form T137 can take several weeks to several months, depending on the complexity of the request and whether the Agency decides to examine the records before granting permission. Businesses planning early destruction should submit the form well in advance of their target destruction date.

For example, if a business is planning an office move in six months and wants to reduce its physical archive beforehand, submitting Form T137 at least three to four months before the move date provides a reasonable buffer for CRA processing time and any potential pre-destruction review.

Maintaining a clear record of the submission date, the CRA office that received the form, and any reference numbers assigned to the request is good practice in case follow-up is needed.

Once you have written authorization in hand, follow the approved scope exactly. Destroying records outside the approved categories or time periods is treated as unauthorized destruction, regardless of the existing Form T137 approval.

Building a CRA-Compliant Digital Record-Keeping System

Understanding the CRA's electronic record-keeping rules is only half the equation. The practical challenge is building a system that satisfies every requirement covered in this guide: the accessibility and backup standards from Information Circular IC05-1, the Canadian General Standards Board imaging standards for scanned documents, and the correct retention periods for each document type. What follows is a concrete framework for getting there.

CRA Compliance Checklist

Use this as a baseline audit of your current system or as a blueprint for a new one:

All electronic records are stored in a format that CRA officers can read and access on request (common, non-proprietary file formats with the ability to produce records without delays during an examination).
A documented backup procedure protects against data loss, with backups stored separately from primary records. "Separately" means a different physical location or an isolated cloud environment, not a second folder on the same hard drive.
Born-digital records are maintained in their original electronic format. E-invoices, electronic bank statements, and digital receipts should never be printed and re-scanned as your official copy. The electronic original is the legally authoritative version.
Paper documents are scanned according to CGSB imaging standards, with quality verification completed before originals are destroyed.
A written imaging procedure documents the scanning process, hardware and software used, and quality control steps in enough detail that a CRA auditor can understand exactly how your organization converts paper to digital.
Retention periods are tracked by document type, with the correct clock-start date applied: end of tax year for general records, dissolution for corporate records, disposition for property records.
Records subject to ongoing audits, objections, or disputes are flagged and excluded from any scheduled destruction, regardless of whether their standard retention period has technically expired.
Form T137 is submitted and written CRA authorization is received before any early destruction occurs. Verbal approval does not count.

Practical Implementation Notes

Organize by tax year, then by document type. CRA auditors request records by tax year and document category, so your folder structure should mirror how they work. A hierarchy like 2025 > Invoices / Receipts / Payroll / Bank Statements allows you to locate any record within minutes rather than hours. If you are transitioning a paper backlog to digital, start with the most recent tax years first. Those are the most likely to be audited, so digitizing them provides the most immediate compliance value.

Treat backups as a regulatory requirement, not just IT best practice. IC05-1 explicitly requires adequate backup procedures. Store backups in a geographically separate location or use a cloud service with data residency that meets your business requirements. Test your restoration process at least once a year. A backup you have never restored is a backup you cannot confirm works.

Maintain a scanning log. Each time you digitize a batch of paper documents, record when the batch was scanned, who performed the quality verification, and which documents were included. This log serves double duty: it demonstrates your documented imaging process during a CRA examination, and it provides an audit trail if questions arise about when specific originals were destroyed.

Review procedures annually. Review your record-keeping and imaging procedures at least once per year, especially after switching accounting software, changing document management systems, or onboarding new staff. Verify that records from the earliest years of your retention window are still readable in current systems. A six-year-old TIFF file saved on a deprecated storage platform is not a compliant record if no one can open it.

The Bottom Line

The CRA's electronic record-keeping framework is designed to give Canadian businesses the flexibility to go fully paperless, provided they follow the documented requirements. With the right procedures in place, digital record keeping is more reliable, more searchable, and more space-efficient than paper-based systems. The key is meeting the specific standards laid out in IC05-1 and the CGSB imaging guidelines rather than assuming that storing files digitally is automatically compliant. Businesses that treat CRA digital record-keeping requirements as a structured process, not an afterthought, will find that compliance becomes a routine part of operations rather than a scramble at audit time.