What Is Peppol?

Peppol is a set of standards and technical specifications ensuring the secure and rapid transfer of electronic documents globally. Peppol’s components ensure interoperability of eInvoices and other e-procurement documents, facilitating easier global trade and full compliance with the regulatory requirements and taxation laws of transacting parties’ respective countries.

The Peppol network in context

Peppol began as a project funded by the European Union, where public procurement accounts for over 14% of the bloc’s GDP. Until recently, this public procurement has been hindered by the use of different standards in different regions, creating isolated islands which are not able to easily communicate electronically between each other.

Peppol allows different procurement processes to become compatible, by offering interoperability on both the transport of messages between Access Points, and at the business document level by conforming to Business Interoperability Specifications (BIS).

See more on Peppol Access Points and Business Interoperability Specifications below.

To summarize, Peppol is not an e-procurement platform in itself, but facilitates the e-procurement process through the development and maintenance of business documents supporting a range of business processes. These specifications make sure the documents sent domestically or across borders are standardized and meet the requirements of different legal jurisdictions.

Peppol is fast-growing in popularity for no other reason that it is trusted, dependable, and brings clear benefits from the very beginning for those who use it. While Peppol can be used to send e-orders, e-advance shipping notes, e-catalogues, message level responses and more, we will be looking at the benefits of Peppol through the prism of eInvoicing for two reasons; firstly, it is the most popular document transacted through Peppol, and secondly, Peppol is central to entire governments’ eInvoicing strategies.

Drastic cost reduction related to automation

The high cost of processing for the majority of businesses that still use paper- or PDF-based invoicing comes down to multiple factors, including:

• Printing
• Manual handling by both the sender and receiver
• Review and approval processes
• Data entry
• Fixing errors that inevitably arise from manual data entry
• Archiving and storage

In addition to this, there is the price of under-utilizing workers who could be adding greater value to your operations. Research conducted in Europe, Australia and New Zealand come up with similar figures:

≈ €19.80 for paper invoice processing

≈ €18.24 for PDF invoice processing (through email)

≈ €5.90 for eInvoice processing

As you can see, with an approximate difference of €15 between the processing of paper invoices and eInvoices, businesses exchanging many documents have the ability to make substantial savings.

The Peppol network means invoices are guaranteed to reach their recipient and, as a structured data file, do not need to be entered manually into a business’s accounting system. As we’ve seen above, this is part of the reason why eInvoicing through Peppol results in lower costs, but then there is also the fact that employees don’t have to waste their time chasing up missing or incomplete data. Payments can be reconciled quicker, leading to greater cash flow, which can be a lifeline for SMEs struggling in the current financial climate.

Australia’s 5-day payment guarantee

As mentioned above, Peppol is being heavily encouraged by governments as part of their eInvoicing strategy. As an inducement, the Australian government committed to a 5-day payment deadline for contracts up to AUD$1 million where both government agency and supplier are transacting over the Peppol network. New Zealand, who also has their own Peppol Authority, followed suit, with a 10-day payment window offered.

Lower risk of fraud

The technical and operational standard that Peppol demands means that there is much lower risk of invoice fraud. A 2019 UK Finance report revealed that in the year of reporting, business-related invoice fraud totaled £92.7 million. What’s more, many businesses don’t fully realize the scale of the threat, with hackers quite easily being able to infiltrate a supplier’s email and change the details of invoices sent to the purchaser.

The registration process, authentication through business numbers, and listing on the OpenPeppol directory means that businesses are verified, and the secure architecture makes the network much safer than when exchanging paper- or email-based invoices.

Easier facilitation of global trade

Rather than have to set up different integrations to trade with partners in other countries, Peppol is a “connect once, reach all” network. The adoption of varied electronic procurement systems is no longer required, as you can reach any public sector organization or private company through the one framework, irrespective of your company’s location, size, or which Peppol Access Point you are using.

Easy ERP integration

For vendors providing an ERP solution, they can easily connect to the network, allowing all the businesses that use their solution to access Peppol without having to purchase any new software. This works by using a Peppol infrastructure provider’s API, connecting it to your existing software without having to worry about things like hosting or obtaining additional certifications.

For businesses that use SAP, an SAP Peppol Access Point is already integrated and ready-to-use!

Environmentally friendly

eInvoicing through Peppol means no more printing, and a reduction in resources, with no demands on physical storage space. So, in addition to all the benefits mentioned above, electronic data sharing is good for the environment as well.

By partnering with a fully-accredited Peppol infrastructure provider, you have the ability to transact and provide Peppol-related services in any region without restriction.

Access Point as a Service
With this option, you can run your own Access Point as if you went through the accreditation process, while getting everything you need from your provider. It takes only days to set up, and you will be able to connect your software to the Peppol network, optimizing your operations and/or offering Access Point services to businesses globally!

White-label Access Point
Similar to the Access Point as a Service, with a white-label Access Point, your partnership with a Peppol infrastructure provider means you can take advantage of accreditation, development and hosting. However, as a key point of difference, you won’t be using the PKI certificate of your service provider; you will get your own certificate through membership of OpenPeppol. This means you will be listed as a certified Access Point provider and appear in the global Peppol directory. With the white-label Access Point, you will be easily found by any public sector organization or private company in the world!

By working with a Peppol infrastructure provider you can focus on growing your customer base without worrying about any of the regulatory or technical hurdles that come with operating Peppol infrastructure.

Quick Access
If you have just won an e-procurement contract with a public sector organization that uses Peppol, you will need to connect quickly, which is only impossible through connection with a Peppol provider.

Connect Once, Reach All – If you are a large multinational with clients across the world, you no longer need to set up individual integrations. You can use your provider’s certifications and infrastructure to reach clients without even worrying about hosting.Cost-effective
Operating your own Access Point offers greater savings in the long run due to lower transaction costs.

Future-proofed ERP – Peppol distinguishes your ERP from competitors in what is an increasingly crowded market. As the market for the network grows, a Peppol Access Point provider’s API can get your ERP connected to the network without any hassles, with maintenance and troubleshooting handled by the infrastructure provider.

The smooth and secure delivery of electronic business documents is due to the specifications mapped out in the Peppol interoperability framework. Based on the European Interoperability Framework, there are two components; governance and architecture.

1. Governance – This involves the different agreements and policies detailing compliance, data and reporting that tie together:

• OpenPeppol (the overarching governing authority for Peppol);
• Peppol Authorities (regional bodies that are in charge of setting local regulations and overseeing accreditation);
• Peppol service providers (accredited companies that provide Peppol services to their business clients).

2. Architecture – This includes technical policies and specifications required to provide public and private sector organizations with the interoperability needed to interact on the network.

Within this framework are the following three pillars:

• The network itself (four-corner model) – This provides market enablement for interoperable e-procurement solutions (more information in the section: Four-corner model)
• The document specifications – The Peppol Business Interoperability Specifications ‘BIS’ based on the UBL (Universal Business Language) XML (more information in the section: What are Peppol ‘BIS’ Specifications);
• The legal framework that defines the network governance – This is the Peppol Transport Infrastructure Agreements (TIA), which are required when gaining Access Point accreditation.

Access Points are the communication nodes in the network. Once a participant is connected with an Access Point, they can exchange documents with everyone else on the network.

All Access Points in the Peppol network sign agreements with their regional Peppol Authority (or directly with OpenPeppol if a regional authority doesn’t exist).

What is a Peppol participant ID?

One element that makes Peppol a more secure framework through which to conduct invoicing is that each member is identified by their Peppol participant ID. As stated above, a participant ID on Peppol is created by a Peppol Access Point, and you can not send or receive electronic documents on the network without it. The Peppol ID of a document receiver is published, along with the company name and country where the company is based, in their region’s Peppol directory, which is linked to the global Peppol directory.

The Peppol ID format consists of three parts:

• BusDox Participant Identifier prefix;
• the country code;
• the GLN (Global Location Number) of the organization.

In full, a Peppol ID looks like this:

Peppol IDs verify the legitimacy of the organization you are transacting with, helping to combat eInvoice fraud, which as we saw above, is far too common.

Accredited Access Points for Product Owners, Service Providers and ERP Vendors

For small and medium-sized businesses, connecting to the Peppol network is often as easy as connecting through your accounting system that offers Peppol capabilities. There is no need to worry about undergoing the accreditation process, the ERP provider will handle all the hosting, maintenance and distribution of Peppol IDs.

For large businesses that use their own ERP system, VAN operators & service providers, or ERP vendors themselves that want to offer Peppol functionality, connecting to Peppol is a different story.

To integrate Peppol into some software requires operating an Access Point yourself. This is a worthwhile investment, especially if you have lots of clients who want to access Peppol from your solution, but the Access Point accreditation process is time-consuming and can present challenges. This is where accredited Peppol Access Point providers come in.

Regardless of the Peppol Access Point you use, you can reach all participants registered on the Peppol network due to the Four-corner model. In the Four-corner model, participants select their Access Point independently of each other.

The Two-corner model is a direct link established between two participants, while the Three-corner model is a closed network where one service provider handles all transactions for all participants.

The Four-corner model unites different service providers, meaning it doesn’t matter which provider a participant chooses to partner with. They will still have access to any participant registered in the Peppol network. Furthermore, the Four-corner model makes it easier for end participants to switch to another service provider as needed.

All organizations that receive e-documents via Peppol publish their electronic receiving addresses and supported document types. An SMP, like an address book, contains a business’ address (URL) and receiving capabilities. An SMP can be bundled with an Access Point or provided as an independent service.

SML is a centralized component that stores the location of all SMPs for each participant (receiver) within the Peppol Network. When sending electronic documents to a business on the network, the SML returns the address to the SMP that contains all necessary details for a correct transfer.

Peppol BIS (Business Interoperability Specifications) make up one of the core pillars of the Peppol network. BIS 3.0, the version currently used, forms the basis for documentation that can be standardized and transacted across borders. A business cannot be validated by Peppol unless it uses the components stipulated by the BIS.

While the specifications are Euro-centric, other countries that use Peppol are able to modify the BIS to fit their own regulations. As an example, IMDA, the Singapore Peppol Authority, has created an extension to Peppol BIS Billing 3.0. This modification takes into account the country’s tax regime (GST as opposed to VAT) and payment methods.

As mentioned above, on completion of the EU funded project, Peppol has gone from strength-to-strength, expanding beyond the pan-European e-procurement network originally envisaged. The convenience and security with which the network allows the cross-border transfer of electronic business documents has caused strong uptake in the ASEAN region, with Singapore, Australia and New Zealand establishing Peppol Authorities.

This demonstrable global growth in Peppol membership, combined with over 130 million transactions occurring in the year 2019-2020, means that companies that provide Peppol services are seeing an increasing demand for their services.

According to recent figures there are:

• 302 certified Access Points across 31 countries (a 73% increase on the year 2017-2018).
• 130 million+ transactions between certified Access Points.
• Almost 2.3 million organizations and businesses around the world registered as receivers in the Peppol network.

As a European Commission initiative, Peppol is most widely used and governed by European countries, but international connectivity is growing. Having a Peppol Authority located in your country is an indicator that greater adoption is taking place. There are 15 Peppol Authorities who set and manage local requirements, as as well as managing participants within their country. They are based in the following countries:

Sweden Norway Netherlands Denmark Iceland Belgium Italy Ireland Greece Poland Germany UK Singapore New Zealand Australia

these authorities must report to OpenPeppol, the non-profit international association that took up the responsibility for the development and maintenance of Peppol specifications in 2012, following the successful completion of the initial stages of what was originally a European Commission funded project.

The names of the particular government ministries in the above countries that act as Peppol Authorities can be found on the OpenPeppol website.

In addition to these Authorities, there are OpenPeppol members in 39 countries, (including South Africa, the USA and Japan).

Peppol was conceived as a way for businesses to conveniently and safely do cross-border business with the public sector. All the way back in 2012, Norway, a leading eInvoicing country, had already registered all public sector organizations in the Peppol network. Private companies that supplied these public entities then joined as well, and since the end of 2019, a majority of Norweigan businesses have been using Peppol for B2B invoicing.

A huge 84% of invoices sent within Norway are eInvoices — in order to provide a comparison, a recent consultation process in Australia, itself a country with a Peppol Authority, found that only 11% of businesses had adopted eInvoicing as part of their business processes. However, with the new law that all government agencies have the ability to accept eInvoices through Peppol by 1 July, 2022, this is likely to change.

While Norway is a great example of an advanced eInvoicing location, other countries in Scandinavia, such as Sweden and Denmark, have also been taking advantage of eInvoicing through their own national regulations and systems since the early 2000’s. Slowly the various national systems and specifications that these countries developed have merged or been replaced with the specifications mapped out by OpenPeppol. As a supplier conducting B2G and B2B transactions throughout the EU, Peppol provides one Access Point to connect to any organization, without having to understand or navigate through each trading partner’s domestic systems and regulations.

Despite being adopted by the European Parliament and Council in April 2014, 2014/55/EU has only recently come into effect, detailing a standard for envoicing that public sector organizations in member states must follow. This standard, EN16931, was published in June 2017, detailing the semantic data model of an eInvoice’s core elements, and a list of applicable syntaxes, among other things.

Member states need to ensure that public contracting authorities and entities (such as those in defense, security, water, energy or transport) are able to receive and process eInvoices in accordance with the European Standard (central public contracting authorities and entities from 18 April, 2019, and all other public entities from 18 April, 2020).

eInvoices sent by any business or government entity must comply with the European Standard.

Member states should approach the Directive through the lens of their own laws, making sure that any local regulations don’t contradict any of the Directive’s requirements.

Rather than a restrictive or inconvenient diktat mandated by the European central body, public and private organizations of all sizes are finding that Peppol provides greater security, a reduction in costs, and fewer manual processing errors.

If you have ever looked up how to connect to Peppol, you will know that Access Points are key, acting as a bridge to the network and possessing the ability to create Peppol IDs for participants to begin interacting on Peppol. Before jumping into the world of Access Points, we’ll quickly explain the importance of Peppol IDs.

Operating an Access Point Yourself

Generally speaking, gaining Access Point accreditation involves the following steps:

1. OpenPeppol membership

Getting membership with Peppol’s governing body is a must, and involves an annual subscription fee to help fund the organization’s operations.

2. Signing the Peppol Transport Infrastructure Agreement (TIA)

The TIA sets out the minimum requirements that are required to be consistently applied as part of the Peppol edelivery network. The TIA is a shared acknowledgement of the roles and responsibilities shared by the Peppol Authority and Access Point provider. This requires a thorough understanding of all the principles of Peppol Transport Infrastructure and its application.

3. Due diligence checks

While it is the job of the Peppol Authority to check your business is legitimate, solvent and law-abiding, the provision of business documents and process of running this due diligence adds time to the overall process of Access Point accreditation, which can impact the timeframe your business is working towards.

4. Demonstrated technical and security competency

Interoperability and Peppol acceptance testing requires adherence to technical and security standards, along with the standards of the Peppol BIS Billing 3.0 electronic business documentation. Depending on the Peppol Authority, there can be further requirements, such as the Australian requirement for self-assessment or independent audit against the ISO27001 Information Security Management Certification. This is not a requirement mandated by most other Peppol authorities at present.

5. Request of Public Key Infrastructure (PKI) Certificate

The final accreditation step involves the Production PKI Certificate request, which upon receival, proves you are a trusted network participant.

What Else is There to Know?

This process of self-accreditation takes The process of self-accreditation can take months, and only when you have proved you have sufficient resources and competency can you begin to transact and/or provide clients access to the Peppol network. However, the story does not end there.

6. Development/Implementation, Operations, Maintenance and Support

Once you go through the development stages of setting up a Peppol Access Point, there will still be ongoing maintenance tasks, and the need to provide support to employees or clients, while keeping up to date with any changes in requirements or new certifications requested by your Peppol Authority or OpenPeppol.

As a special aside to ERP vendors, simply meeting the technical specifications of an Access Point does not automatically mean you will have a service that meets the needs of a diverse and expanding list of clients. Hosting, scalability, and the provision of a user-friendly interface are some other elements that need to be carefully considered, otherwise there is a risk your clients will go with another vendor that offers better and more value-adding features.

Tickstar provides best-of-breed cloud based eDelivery infrastructure services, serving governments and businesses all over the world. 

Tickstar offers a fast, simple way to connect to eDelivery networks and seamlessly exchange business documents.

• World class knowledge and support
• Secure and reliable eDelivery infrastructure 
• Fast onboarding and guaranteed compliance 
• Highly scalable and flexible

Peppol Access Point

As a certified Peppol service provider since 2012, Tickstar can rapidly set up an Access Point on the Peppol network. 

• Exchange documents with all network participants 
• Hosting, testing, maintenance and support 
• Guaranteed compliance with Peppol standards
• White label option with simplified accreditation

Peppol SMP

The Tickstar Service Metadata Publisher is a registry that stores the metadata for a document recipient on the Peppol network. 

• Full functionality for service providers, companies and government organizations. 
• API for seamless integration 
• Web dashboard with a user friendly interface