Peppol Interoperability Framework
For buyers and suppliers to successfully exchange electronic business documents across the eDelivery network, a set of rules and specifications must be consistently applied by Peppol Authorities and Peppol-certified Service Providers.
These rules and specifications are provided through the Peppol Interoperability Framework, which provides both governance and architecture components, supported by formal Change Management procedures. These components are manifested in the form of ‘artefacts’, which are the published legal and technical documents against which the Peppol eDelivery Network functions. All artefacts are published in the Library and can be downloaded.
As the legal entity that owns Peppol, OpenPeppol has authority over all the central components of the Peppol eDelivery network, including the Service Metadata Locator, the Public Key Infrastructure, and the Peppol Interoperability Framework. This authority is facilitated by OpenPeppol through the Organisational Framework, Statutes and Internal Regulations, which can be found in the Library.
Governance components
Two formal, legal agreements ensure that organisations involved in the Peppol eDelivery network act together in a trusted environment
- Peppol Authority Agreement;
- Peppol Service Provider Agreement.
The roles and responsibilities of each actor operating in the Peppol eDelivery Network are fully described in these agreements, providing an open and transparent community. These arrangements ensure that the technical specifications and business-level rules are consistently applied throughout the network.
The legal agreements are supported by:
- Compliance and Arbitration Policy;
- Data Management and Reporting Policy.
Copies of the governance agreements and policies can be downloaded from the Library.
Peppol Authority Agreement
OpenPeppol, as the Peppol Coordinating Authority, may delegate authority over the implementation and use of the eDelivery network to a Peppol Authority within a defined geographical domain. Peppol Authorities are typically, but not exclusively, government institutions that want to drive the electronic exchange of business messages in pursuit of economic efficiency in a business-friendly environment.
The Peppol Authority Agreement defines the general principles of cooperation between OpenPeppol (the Peppol Coordinating Authority) and each Peppol Authority.
Peppol Service Provider Agreement
Peppol Service Providers may only provide Peppol services once they have:
- signed a Peppol Service Provider Agreement with a Peppol Authority, and
- successfully completed Acceptance Testing.
Given that Service Providers may operate in multiple geographical domains, they may sign their Service Provider Agreement with any Peppol Authority including, under special circumstances, the Peppol Coordinating Authority.
The Peppol Authority ensures that Peppol Service Providers operate in accordance with the Peppol Service Provider Agreement, together with the Governance and Architecture components.
Compliance Policy
The Peppol Compliance Policy provides a set of guiding principles and rules that apply to all actors in the OpenPeppol community, clarifying:
- the degree of freedom given to Peppol Authorities when defining local requirements in Annex 5 of their Peppol Authority Agreement;
- operational aspects, such as: sending documents without validation; using test certificates in production; mandatory BIS compliance, etc.
- methods of cooperation between Peppol Authorities to resolve problems related to Service Providers.
The Compliance Policy is focused on the contractual responsibilities of Peppol Authorities and Service Providers, ensuring interoperability across the Peppol eDelivery network.
Data and Reporting Policy
In development . . .Architecture components
These are a set of technical policies, specifications and requirements that underpin the Peppol eDelivery Network to provide End Users with the organisational, semantic and technical interoperability, comprising:
- technical policies and specifications:
- Peppol Authority-specific requirements;
- service level requirements;
- trust and security requirements.
Technical policies and specifications
Peppol has developed the Business Interoperability Specifications (Peppol BIS), which standardises electronic documents for validation and exchange between Service Providers through the secure eDelivery network, supporting buyers and sellers around the world.
Peppol BIS implements specifications based on the Universal Business Language (UBL) ISO/IEC 19845 standards. Various message types are available for common Pre-Award and Post-Award eProcurement processes, supported by specifications for addressing, packaging and security, together with tools and guidance.
Peppol Authority-specific requirements
Under the Peppol Authority Agreement, Peppol Authorities may define specific additional requirements, applicable within their jurisdiction. These additional requirements will be incorporated into the relevant Peppol Authority Agreement after formal approval by the Peppol Coordinating Authority.
Trust and Security requirements
In development . . .Change management procedures
The Governance and Architecture components of the Peppol Interoperability Framework are subject to a defined change management process, and the publication of any new versions of any of the components will be announced in advance, together with a defined migration plan and timetable. Similarly, the introduction of any new components will follow the defined change management process.
Document library
Copies of all published artefacts relating to the Peppol Organisational Framework and the Peppol Interoperability Framework can be found in the Library and freely downloaded.
Conceptual model
Peppol enables buyers and suppliers to exchange business documents and processes by using the Peppol eDelivery network to connect their differing systems.
The eDelivery network is created by connected Peppol-certified Service Providers that conform to the Peppol Interoperability Framework to distribute secure message content across a secure network, based on our open, four-corner model:
Each sender only has to connect to one service provider to reach every receiver, and each receiver has to connect to only one service provider to reach every sender – connect ONCE, reach ALL.
Technical model
Four core elements enable the four-corner model to function:
- Access Points
- Service Metadata Publishers
- Service Metadata Locator
- Public Key Infrastructure
Access Points are Peppol-certified Service Providers that connect to each other through an automated dynamic discovery process, enabling trading partners to send and receive messages through the eDelivery network. Sending Access Points are required to validate outgoing messages, thereby ensuring compliance with the Peppol Business Interoperability Specifications (Peppol BIS).
Service Metadata Publishers (SMPs) are Peppol-certified Service Providers that enable trading partners (such as buyers and suppliers) to electronically publish their receiving capabilities and supported message types in the network. This is similar to an electronic address book or business registry. Often, AP and SMP services are provided together by Peppol-certified Service Providers, but an SMP may also be provided as an independent service.
The Service Metadata Locator (SML) defines which SMP an AP needs to connect with to discover the delivery details of any sender or receiver connected to the eDelivery network. This approach is similar to how the internet is able to find websites based on their domain names. The Peppol SML is a core service provided by OpenPeppol.
A Public Key Infrastructure (PKI) is utilised by the Peppol eDelivery network to establish and maintain a trusted network, providing security and integrity of all messages exchanged.
When Peppol-certified Service Providers sign the Peppol Service Provider Agreement, they are provided with a digital Peppol PKI Certificate, which contains information for validating all communications on the Peppol eDelivery network. The certificate is valid as long as the eDelivery Agreement is valid but can be revoked if Service Providers are in breach of the Service Provider Agreement, ensuring that only known and trusted Service Providers are able to operate on the eDelivery network.
Find out more
Click the Interoperability Framework tab to learn more about the governance and architecture components of the Peppol eDelivery Network.
The components of the Peppol Interoperability Framework include legal agreements, policies, specifications and more.