BENGALURU: The addition of new rules and revisions by the Goods and Services Tax (GST) Council is affecting technology implementation and reducing the time available for software testing and security compliance according to three GST Suvidha Providers (GSPs) who spoke with ET on condition of anonymity.In a review meeting last Friday in Gurugram, some GSPs urged the GSTN - a private company set up to provide IT infrastructure and services to state and central governments, taxpayers and other stakeholders for GST implementation - to defer the date by which business taxpayers have to file invoices by at least a month from August to September, so as to allow GSPs to carry out testing and security compliance based on revised rules. "The time is dangerously short," one service provider told ET. The GSPs are private companies - 34 in all - that GSTN has selected to work with it and help businesses of all sizes comply with GST.These companies are concerned about the revised dates to release APIs (application programming interface) or the code that allows the software program of the service provider to communicate with GSTN. Prakash Kumar, chief executive of GSTN, said the APIs will be released in a staggered manner based on priority of requirements."For instance, specifications of 15 APIs for invoice upload and GSTR-1 have been released in the first lot on 8 June as they are required from July 1. Based on these, GSPs will update their codes and when we release live APIs later, they can test the integration. Similarly , next lot will be on GSTR-2, as these will be required in August after 10. With this mechanism, we hope majority of them will be ready in time." Kumar said.A senior official in the GSTN said the backbone required for uploading invoices would be functional from July 1. Taxpayers would need to file their returns and pay tax for the month of July only by August 10, the official said adding that the system would be ready for that. "Systems would be up and running," the person said.The GSTN is set to release all the APIs for GSTR (GST Returns) 1 - which will have electronic details of outward supplies of goods or services - on June 29. For GSTR 2, which is to capture the details of inward supplies of goods or services, the API release date has been pushed to 20 July. The worry is GSTR 3 (com putation of monthly return), the release of which has been pushed from 12 June to 15 August. This gives GSPs only about four days to test their product. To redress this, GSTN is recommending that taxpayers use the GSTN portal directly as an alternative."In case few GSPs are not ready , their customers can use the (GSTN's) offline tool to upload invoices," Kumar said. "Taxpayers having small number of business to business invoices, like retailers and small traders, can do the data entry on (GSTN) portal itself and they will also not require the services of GSPs," he said.At the meeting last week, the GSTN directed the service providers to carry out ISO audit compliance for 'infrastructure' ­ cloud or captive or owned ­ and 'application'. "Security Audit can be done by internal team initially but it is recommended that it should be audited by audit agencies specified in the contract in due course of time,“ the GSTN said in a presentation made to GSPs. ET reviewed the slide-deck. All this also means a security audit (ISO 270001) of the GSPs' application will be possible based on the GSTN activity only after three months. In effect, GSPs have to do self-certification until then.A service provider that ET spoke with said the firm's "concern is with application security". The infrastructure certification is possible and in GSPs' control, "but when I talk about the application, it can't be certified until it is ready and unless all APIs are made available to us."