ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

The PEPPOL network explained simply

PEPPOL is not an invoice format. It is a cross-border exchange network made of four logical actors, two registries and a secure transport protocol. This page introduces it without jargon, before diving into technical details elsewhere.

The problem PEPPOL solves

Imagine a supplier in Sweden who wants to invoice a public hospital in Belgium. Without PEPPOL it would have to: discover how that hospital receives invoices (portal? email? proprietary EDI?), open an account with that hospital or its provider, learn its format (local UBL? in-house CIUS?), test, and repeat that work for each of its European public clients. Multiply across 27 member states and several thousand public buyers: onboarding cost becomes prohibitive.

PEPPOL solves this by standardising three axes: discovery (who is the recipient?), format (which XML do we send?), transport (over what channel?). A supplier only registers with one operator — its access point — and can reach any recipient registered on the network without a bilateral agreement.

The 4-corner model

The network's heart is the four-corner model. Rather than discuss it abstractly, let us walk through the sending of an invoice from Swedish supplier Acme AB to Belgian hospital UZB.

The PEPPOL 4-corner model Four parties: the sender hands off to its access point, which carries the document over AS4 to the receiver’s access point, which delivers it. The sender access point queries the SMP/SML registry to find the receiver. SMP / SML registry — C3 address + capabilities lookup AS4 C1 Sender ERP · invoice C2 Sender Access Point signs · routes C3 Receiver Access Point validates · delivers C4 Receiver ERP · accounting One connection → the whole PEPPOL network
In PEPPOL you connect to the network, not to your partner: your access point (C2) finds the receiver’s (C3) through the SMP/SML registry, then carries the document over AS4. One connection opens the whole network.

Corner C1 — business sender

Corner C1 is the sender's business application: Acme AB's ERP that generates the invoice. This corner does not speak PEPPOL directly: it hands the invoice (typically UBL Invoice 2.1) to its access point via a private API (REST, SFTP, queue, etc.). The C1↔C2 interface is local and specific to the contract between Acme and its access point provider.

Corner C2 — sender access point

Corner C2 is Acme's access point — for instance Tickstar or Pagero — a PEPPOL-certified operator. On invoice arrival, C2 does three things: it validates the document against the PEPPOL BIS Billing 3.0 Schematron; it queries the registry to find the recipient; and it pushes the message to the recipient over AS4.

Corner C3 — receiver access point

Corner C3 is UZB hospital's access point — say B2Brouter or Ibanity. It receives Acme C2's AS4 message, verifies the signature, returns an AS4 receipt proving delivery, and passes the document to its final client UZB.

Corner C4 — business recipient

Corner C4 is the recipient's business application: UZB hospital's accounting system. Like C1, C4 does not speak PEPPOL directly: it retrieves the document through a private API provided by its access point.

The pattern to remember: C1 → C2 → C3 → C4. Only the C2→C3 segment uses the standardised PEPPOL protocol; the C1↔C2 and C3↔C4 segments are private and open. This separation is what makes the network scalable: each access point can innovate on its client interface as long as it stays compliant on the PEPPOL side.

SMP and SML registries

For C2 to know where to push Acme's message bound to UZB, it must be able to resolve the recipient identifier. PEPPOL uses two cascading registries.

The SML (Service Metadata Locator) is a centralised DNS registry run by PEPPOL's technical authority. Given a recipient identifier — for example 0088:5790000435906 for UZB (ICD prefix 0088 for GLNs from GS1, followed by the Belgian GLN) — the SML returns the URL of the SMP serving that recipient.

The SMP (Service Metadata Publisher) is a federated registry. Each access point runs its own SMP for its clients. For a given identifier, the SMP publishes its capabilities: "this recipient can receive BIS Billing 3.0 Invoice", "this recipient can receive BIS Order 3.0", and for each capability the AS4 URL of C3 and the certificate to use for encryption.

The SML+SMP pair is inspired by Internet DNS: a centralised resolver to find the zone server, a zone server to publish details. That architecture lets any recipient change access point without changing its identifier.

AS4 eDelivery transport

Once C2 knows where to push the message (C3 URL) and with which certificate, it uses the AS4 protocol — a SOAP binding of OASIS ebMS 3.0. The PEPPOL AS4 profile is strict: mandatory signature, mandatory encryption, receipt in Non-Repudiation mode, One-Way Push communication pattern.

PEPPOL AS4 is part of the eDelivery building block of the Connecting Europe Facility (CEF), a shared European technical framework. The practical consequence: a country's public authority can rely on the open-source Domibus implementation to deploy its own access point without starting from scratch.

Security via X.509 certificates

Everything rests on a cryptographic chain of trust. Each access point holds a PEPPOL X.509 certificate, signed by the PEPPOL Authority CA. That CA is itself attested by OpenPeppol AISBL. Without a valid certificate, an access point can neither push nor receive.

For a new access point to join the network, it must: 1) pass annual PEPPOL certification (technical audit, conformance tests); 2) register with a national PEPPOL Authority (Digdir in Norway, AGID in Italy, AIFE in France, etc.); 3) obtain its certificate. The process is paid and follows an annual calendar. That is what sets PEPPOL apart from an open protocol like HTTP: network access is gated by an authority.

Further reading