Peppol Interoperability Framework

Peppol Interoperability Framework

For buyers and suppliers to successfully exchange electronic business documents across the Peppol Network, a set of rules and specifications must be consistently applied by Peppol Authorities and Peppol-certified Service Providers.

These rules and specifications are provided through the Peppol Interoperability Framework, which provides both governance and architecture frameworks that incorporate legal agreements, policies, requirements and specifications. Together, they support business process interoperability for the exchange of business documents between buyers and suppliers across sectors and borders.

The Peppol Interoperability Framework has been developed by OpenPeppol in conjunction with Peppol Authorities and Service Providers from around the world.

As the legal entity that owns Peppol, OpenPeppol has authority over the central components of the Peppol Network, including the Service Metadata Locator, the Public Key Infrastructure, and the Peppol Interoperability Framework. This authority is facilitated by OpenPeppol through the Statutes, Internal Regulations and Organisational Framework.

Governance Framework

Formal legal agreements ensure that organisations involved in the Peppol Network act together in a trusted environment:
  • Peppol Authority Agreement
  • Peppol Service Provider Agreement

The roles and responsibilities of each actor operating in the Peppol Network are fully described in these agreements, providing an open and transparent community. These arrangements ensure that the technical specifications and business-level rules are consistently applied throughout the network.


The legal agreements are supported by the Internal Regulations for Use of the Peppol Network which includes policies for:

  • Change Management
  • Entity Identification
  • Data Usage and Reporting
  • Service Provider Accreditation
  • Information Security
  • Peppol Authority Specific Requirements
  • Extended Use of the Peppol Network
  • Compliance

Peppol Authority Agreement

The Peppol Authority Agreement defines the general principles of cooperation between OpenPeppol (the Peppol Coordinating Authority) and each Peppol Authority.

OpenPeppol, as the Peppol Coordinating Authority, may delegate authority over the implementation and use of the Peppol Network to a Peppol Authority within a defined geographical jurisdiction. Peppol Authorities are typically, but not exclusively, government institutions that want to drive the electronic exchange of business messages in pursuit of economic efficiency in a business-friendly environment.

Peppol Authorities may define specific additional requirements, applicable within their jurisdiction. These additional requirements are incorporated into the relevant Peppol Authority Agreement after formal approval by the Managing Committee.

Peppol Service Provider Agreement

The Peppol Service Provider Agreement defines the general principles of cooperation between a Peppol Authority and the Service Providers within its jurisdiction.

Peppol Authorities ensure that Peppol Service Providers operate in accordance with the Peppol Service Provider Agreement, which incorporates the Peppol Interoperability Framework and all its elements.

Peppol Service Providers may only provide Peppol services once they have:

  • signed a Peppol Service Provider Agreement with a Peppol Authority, and
  • successfully completed Peppol Conformance Testing.

Given that Service Providers may operate in multiple geographical jurisdictions, they sign their Service Provider Agreement with the Peppol Authority in the jurisdiction in which they are domiciled. Where there is no Peppol Authority in the jurisdiction where they are domiciled, Service Providers sign the Service Provider Agreement directly with OpenPeppol acting as the Peppol Coordinating Authority.

Architectural framework

This framework provides a set of technical specifications for Peppol business documents, together with processes and specifications for the Peppol Network.

These specifications enable Peppol-certified Service Providers to provide the necessary semantic and technical interoperability on behalf of Peppol End Users. These specifications include:

  • the Peppol Business Interoperability Specifications (Peppol BIS)
  • Peppol Authority-governed specifications (where approved)
  • Packaging and Security specifications
  • Messaging specifications
  • Capability Lookup and Addressing specifications

Peppol Business Interoperability Specifications (Peppol BIS)

The Peppol BIS standardises electronic documents for validation and secure exchange between Service Providers through the Peppol Network, supporting buyers and sellers around the world.

Peppol BIS implements specifications based on the Universal Business Language (UBL) ISO/IEC 19845 standards. Various message types are available for common Pre-Award and Post-Award eProcurement processes, supported by specifications for addressing, packaging and security, together with a comprehensive set of tools and guidance.

Conceptual model

Peppol enables buyers and suppliers to exchange business documents and processes by using the Peppol Network.

The Peppol Network is created by hundreds of Peppol-certified Service Providers around the world, together with a single centralised addressing component, that connect together in compliance with the Peppol Interoperability Framework. They securely distribute message content between buyers and suppliers, based on our open, four-corner model.

The Peppol four-corner model:

Providing interoperability utilising Peppol BIS and the Peppol Network for the addressing and secure exchange of business documents, Peppol provides a ready-to-use, scalable, both domestic and cross border, four-corner model, utilising a market of private sector service providers that are connected to sending and receiving organisations.

Addressing and Capability Lookup Services

Key to this four-corner model is a central address registry providing dynamic discovery of participants (SML), supported by centralised or distributed local capability look-up services (SMP).

C2 connects to the SML to look up the address of the SMP used by C3, and then connects to the SMP used by C3 to look up the capabilities of the receiver.

Each sender only has to connect to one service provider to reach every receiver, and each receiver has to connect to only one service provider to reach every sender – connect ONCE, reach ALL.

The Peppol 4-corner model that describes how the Peppol network works.

Technical model

Four core elements enable the four-corner model to function:

  • Access Points
  • Addressing and Capability Lookup
  • Service Metadata Locator
  • Public Key Infrastructure

Access Points (APs) are Peppol-certified Service Providers that connect to each other through an addressing and capability lookup process, enabling trading partners (buyers and suppliers) to send and receive messages through the Peppol Network. Sending Access Points are required to validate outgoing messages before sending, ensuring compliance with the Peppol Business Interoperability Specifications (Peppol BIS). A set of validation tools is provided within the Peppol BIS.

Peppol-certified Service Providers provide Addressing and Capability Lookup, that enable trading partners (buyers and suppliers) to electronically publish their receiving capabilities and supported message types to the network. This is similar to an electronic address book or business registry.

ACL services may be provided by Peppol-certified Service Providers, either separately or together with AP services. Peppol Authorities can choose whether to have a decentralised approach within their jurisdiction for the provision of ACL services, utilising multiple service providers, or to have a centralised approach with a single ACL service provider.

The Service Metadata Locator (SML) defines which SMP an AP needs to connect with to discover the addressing details of any trading partner in the Peppol Network. This approach is similar to how the internet is able to find websites based on their domain names. The Peppol SML is a single centralised service provided by OpenPeppol.

A Public Key Infrastructure (PKI) is utilised by the Peppol Network to establish and maintain a trusted network, providing security and integrity for all messages exchanged over the Peppol Network.

When Peppol-certified Service Providers sign the Peppol Service Provider Agreement, they are provided with a digital Peppol PKI Certificate, which contains information for validating all communications on the Peppol Network. The certificate is valid as long as the Peppol Service Provider Agreement is valid but can be revoked if Service Providers are in breach of the Service Provider Agreement, ensuring that only known and trusted Service Providers are able to operate within the Peppol Network.

Find out more

Click the Peppol Interoperability Framework tab to learn more about the governance and architecture components of the Peppol Network.

The components of the Peppol Interoperability Framework include legal agreements, policies, specifications and more.