Peppol IDs – What are they and how can I create one?
Two of the main benefits of the Peppol network are security and efficiency. In the context of e-invoicing, as that is what Peppol is most commonly used for, these advantages are clear from the outset. By way of comparison, sending PDF invoices and other documentation through email is not only more costly to process, but it is also open to invoice fraud, instances of which have only increased since the start of Covid-19.
If your public sector organizations or private company has turned to Peppol, you may have read that you need a Peppol ID to get started. In addition to the four-corner model that the Peppol network is built on, the use of Peppol IDs is what makes transacting partners easy to find, with participant information verified and transparent for others to see.
We hope to demystify all the information surrounding Peppol IDs, which is why in this blog post we will be examining:
- what Peppol IDs are.
- how they can be used when looking for transacting partners and sending documents.
- how they can be obtained or created for the benefit of your organization or clients.
What is Peppol?
Peppol is a set of standards and technical specifications ensuring the secure and rapid transfer of electronic documents globally. Peppol’s components ensure interoperability of e-invoices and other e-procurement documents, facilitating easier global trade and full compliance with the regulatory requirements and taxation laws of transacting parties’ respective countries.
What is a Peppol ID?
Peppol IDs, or Peppol Participant Identifiers, work alongside document identifiers and process identifiers to establish who is sending and receiving a Peppol document, what type of document it is (e.g e-invoice, e-catalogue), and what process is being used for the transaction. They are unique numbers that make identifying a transacting partner on the network easy.
Peppol Participant ID — more information
For document receivers, their Peppol participant ID along with the name of their organization and country where they are based is published in their region’s Peppol directory. This information is linked to the global Peppol directory, which is managed by OpenPeppol. Here is an example of the initial information that is returned when you search for an organization in the directory.
The Peppol ID format consists of three parts:
1) BusDox Participant Identifier prefix;
2) the country code;
3) the GLN (Global Location Number) of the organization.
In full, the Peppol ID from the example we used above, the Swedish Tax Authority, looks like this:
Peppol IDs verify the legitimacy of the organization you are transacting with, helping to combat the increasing instances of invoice fraud referred to earlier.
Using your Peppol ID
The first number in the Peppol Participant Identifier is the BUSDOX Participant Identifier. BUSDOX (Business Document Exchange Network) specifications are used to send and receive messages on the Peppol network.
When sending a Peppol invoice, for example, you need to identify both the receiver and the Access Point they use. While a company’s Peppol ID can be easily found in the Peppol directory, the company’s Access Point provider needs to be found by searching your SMP (Service Metadata Publisher). The SMP is often compared to an address book, as it has all the information needed to send a document through Peppol, which are:
- Participant credentials
- Access Point the recipient uses
- Document receiving capabilities
Pertaining to the last point, you may not be sure if your transacting partner has the ability to receive the document type you wish to send. Luckily, you can verify this information quickly and easily by calling Galaxy Gateway’s Participant Lookup API from within your internal workflow. With our API, you have the ability to look up multiple participants, and get the response in your preferred format, JSON or XML.
How do I get a Peppol ID?
Peppol IDs are created by Peppol Access Point providers; that is, if you own or operate an Access Point, you can distribute IDs.
For small- or medium-sized businesses, operating an Access Point is often not feasible or economical. If you need to transact over the Peppol network, you can use SAP, Xero, or other accounting software that already offers Peppol integration, and they will distribute your Peppol ID so you can start sending and receiving documents rightaway.
If you are a large company with your own accounting system, you will need to become an Access Point operator in order to integrate Peppol into your ERP. While this may seem potentially difficult and/or costly, consider the benefit of Peppol as a connect once, reach all network. If you have contracts with different public and private sector organizations throughout the world (or even domestically), you most likely have disparate integrations set up to safely and efficiently transact with your clients. This usually involves going through various VAN operators or service providers. With Peppol, one connection is all this is needed to send and receive electronic business documents to and from any other participant on the network.
If you are a service provider or ERP vendor who is thinking about providing Peppol access and Peppol IDs to your clients, you will similarly need to operate an Access Point in order to integrate Peppol into your system.
At this point, there are two options when it comes to getting an Access Point, which we will explore below.
Operating a Peppol Access Point – Self Accreditation vs. Partnership with a Peppol Infrastructure Provider
If you find that you need to become Access Point accredited, there are two options available for consideration;
- undertaking the accreditation process yourself
- working with a Peppol infrastructure provider
As outlined above, once you have been accredited, you have complete access to every participant on the Peppol network, regardless of their location. You never need to deal with roaming fees, and you can be confident that all your document transactions will be secure, with automation meaning they are processed faster and cost your business less.
If you decide to get accredited yourself, you are typically required to follow the steps outlined below. This being said, the Peppol Authority for your jurisdiction may have some different or extra requirements.
1. OpenPeppol membership
OpenPeppol is the global governing body, setting the standards and technical specifications for the network. Membership and a subscription fee are required to allow the organization to undertake its duties effectively as Peppol usage expands.
2. Peppol Transport Infrastructure Agreement (TIA)
The Transport Infrastructure Agreement lays out the roles and responsibilities for you as a participant in relation to those of the Peppol Authority (or OpenPeppol in the absence of a local authority). To be a signatory is to understand Peppol Transport Infrastructure and its application.
3. Due diligence checks
As a prospective Peppol Access Point operator, there will be checks conducted to make sure that your business is legitimate, solvent, and that senior staff complies with all applicable laws. Making the documentation available and waiting for the check to be conducted can take a few weeks.
4. Technical and security competency testing
Interoperability testing and Peppol acceptance testing is the next important part, which requires you to have infrastructure that meets the technical and security standards of Peppol, as well as that of Peppol BIS Billing 3.0 electronic business documentation. Demonstrating competency can depend on the Peppol Authority you are working with; as an example, ISO27001 Information Security Management Certification (or a corresponding certification) is mandated by the Australian and Dutch authorities at present.
5. Public Key Infrastructure (PKI) Certificate Request
Lastly, you must request your Production PKI Certificate, with is proof that you are a trusted network participant.
6. Maintenance and Support
As an ongoing exercise, running an Access Point means hosting, maintenance, client support, and navigating the frequent changes in requirements that are mandated by OpenPeppol and/or your Peppol Authority.
Conclusions – Setting up a fully accredited and certified Access Point usually takes a couple of months, and this is only if you have the right resources and a competent IT team that can guide you.
Please take note, even if you are accredited, there is still no guarantee that you will have a scalable, user-friendly system that will attract and retain customers.
Partnering with a Peppol infrastructure provider
As you can see, the self-accreditation process isn’t so simple, which is why organizations from both the public and private sectors often choose to work with a Peppol infrastructure provider. Through this partnership, you can use the provider’s Access Point as your own, fast-tracking almost all aspects of the accreditation process and not having to worry about development, maintenance, or hosting. Similar to a SaaS solution, you can simply connect and start transacting or distributing Peppol IDs to your staff and clients, with accreditation taking on average just a couple of days!
Give More to Your Organization and Clients with Tickstar
The largest Peppol infrastructure provider in the world, we have the core features and add-ons to make gaining Access Point accreditation and creating Peppol IDs easy. Whether you are a company that just won a procurement contract and needs quick setup and integration, or an ERP vendor looking to provide Peppol access to your current and future clients, we have shared access or a white-label option, where your business will be listed on the global Peppol directory. With experience since 2012 working with public sector organizations and private companies globally, we undertake all the heavy lifting while providing the best possible service and exceptional support.
Check out our calculator to get an idea of how much it costs to transact on the Peppol network with Tickstar’s Galaxy Gateway, or contact our friendly and experienced team to ask us about the best options for your operations.