PEPPOL access point: what it is and when you need one
PEPPOL is a European network for exchanging e-invoices, not just a format. An access point is your entry into it. A plain-language explanation of the 4-corner model, PEPPOL BIS Billing 3.0, and when PEPPOL will actually affect you.
PEPPOL comes up more and more in e-invoicing discussions. And so does the confusion around it — what exactly PEPPOL is, what it is not, and why someone is telling you that you need an access point.
Let me untangle it. What PEPPOL is as a network, what an access point is and why you cannot enter the network without one, what PEPPOL BIS Billing 3.0 and EN 16931 are, and when any of this will actually affect you.
What PEPPOL is
PEPPOL is not an invoice format. It is a network — a way to securely deliver structured documents (invoices, credit notes, purchase orders) between sender and recipient, regardless of borders.
It is governed by OpenPeppol, headquartered in Brussels. Companies, ERP systems, and public institutions connect to the network. The idea is simple: connect once, reach everyone else who is in the network. Instead of wiring up a separate integration for every trading partner, you have one point of presence.
Technically, transmission runs on the AS4 protocol — secure, encrypted, with delivery acknowledgement. Routing is handled by central registries: SML (Service Metadata Locator) and SMP (Service Metadata Publisher). Via SMP you look up which access point a recipient uses to receive documents, and that is where the invoice is delivered.
4-corner model: why four parties are involved
PEPPOL runs on what is called the four-corner model. It is worth understanding, because it explains why you need an access point at all.
- Corner 1 — sender (your company, your ERP)
- Corner 2 — sender's access point (a certified operator you send through)
- Corner 3 — receiver's access point (a certified operator on the other side)
- Corner 4 — receiver (the company or institution you are invoicing)
The sender does not communicate directly with the receiver. The document goes from your system to your access point, which hands it to the receiver's access point, which delivers it to the receiver. Both access points are certified by OpenPeppol and bear responsibility for the security and integrity of the transmission.
The consequence: you cannot enter the PEPPOL network without a certified access point. You cannot build your own overnight — certification takes time and requires meeting OpenPeppol's technical and security requirements. In practice you either find an access point provider as a service (SaaS), or you integrate via their API.
PEPPOL BIS Billing 3.0 and EN 16931
PEPPOL transports documents. But in what format?
The recommended format for an invoice is PEPPOL BIS Billing 3.0 (Business Interoperability Specification). It is a specification that defines what an invoice must contain, what the XML structure looks like, and which business rules apply.
An important property of BIS Billing 3.0: it is a CIUS (Core Invoice Usage Specification) of the European standard EN 16931. A valid invoice in PEPPOL BIS Billing 3.0 is also conformant with EN 16931. That equivalence holds.
EN 16931 is the European standard that defines the semantic data model of an invoice — what an invoice must semantically contain, independent of any specific format or transmission protocol. It is the foundation that ViDA (see below) is pushing the entire EU toward.
Technically, BIS Billing 3.0 is built on UBL 2.1 (Universal Business Language) — the same base that the Czech ISDOC format uses, although ISDOC as a Czech national dialect is not automatically conformant with EN 16931.
When PEPPOL will affect you
PEPPOL is not a hypothetical future. There are several concrete situations where you will encounter it.
B2G invoicing in the Czech Republic
For B2G (invoicing government and public institutions) in the Czech Republic, either ISDOC or PEPPOL BIS Billing 3.0 is accepted. If your ERP or accounting system supports PEPPOL, you are covered for the future too — PEPPOL reaches further than Czech B2G.
Belgium from 2026
Belgium mandated PEPPOL for domestic B2B invoicing from 1 January 2026, with a three-month tolerance period without penalties until 31 March 2026. If you invoice Belgian companies, you need a PEPPOL access point.
Cross-border B2B in the EU from 2030
ViDA — "VAT in the Digital Age" — is an EU package that amends the VAT Directive. Under the current text, from 1 July 2030 e-invoicing according to EN 16931 will be mandatory for cross-border B2B within the EU. PEPPOL is the likely transmission layer for this period, although ViDA does not mandate it as the only transmission protocol.
From 1 January 2035, existing national systems (Italy's SdI, Poland's KSeF, France's system) must align with the ViDA model and EN 16931.
Trading partners who require PEPPOL
Large corporates, Scandinavian companies, and Benelux firms treat PEPPOL as standard. If you want to invoice electronically without paper or PDF by email, PEPPOL is the most common choice on their side.
What a durable PEPPOL integration looks like
Connecting via a PEPPOL access point is not just "sending XML into the network". For it to work reliably in production, you need several pillars.
Idempotent submission. Every document must have a deterministic identifier. When a transmission is retried — due to retry logic, a restart, or a race condition — the system recognises the duplicate and does not create a second invoice at the receiver's end. Without idempotence, every retry is a risk.
Delivery acknowledgement. The AS4 protocol returns an acknowledgement at the transport level — you know the receiver's access point accepted the document. That is not the same as confirmation that the receiver processed the invoice, but it is the first verifiable checkpoint.
Audit log. Every state transition — sent, acknowledged, error, retry — should generate a structured record. When a dispute or audit comes, you need traceability, not just "we think it went through".
Alerting on failure. Transient errors and infrastructure outages happen. You need to know about a failure before it becomes a customer problem or a tax dispute.
This is the same principle as with KSeF integration — a fire-and-forget connection looks functional until the first thing fails silently. The PEPPOL network is more reliable than a government clearinghouse, but the responsibility for traceability on your side remains yours.
How we integrate PEPPOL
We connect PEPPOL access points as part of e-invoicing integrations — whether for B2G, cross-border B2B, or preparing for ViDA 2030. We build on certified access point providers rather than running our own infrastructure. We approach the integration with the same focus on idempotence, auditing, and alerting as we do with KSeF.
If you are working on a PEPPOL connection to your ERP or invoicing system, get in touch — we will walk through what actually applies to you.
FAQ
Do I need to build my own access point?
No. Getting your own access point certified is time-consuming and technically demanding — OpenPeppol sets strict requirements on security and availability. The standard approach in practice is to find a certified access point provider as a service and connect to it via API. You get access to the network without having to run your own infrastructure.
Is PEPPOL the same thing as ISDOC?
No. ISDOC is a Czech invoice format — it describes how an invoice looks in XML. PEPPOL is a network for delivering it — how it gets to the recipient. They also have different semantics: ISDOC is a Czech national dialect of UBL and is not automatically conformant with EN 16931, whereas PEPPOL BIS Billing 3.0 is a CIUS of EN 16931 — a valid invoice in BIS Billing 3.0 satisfies EN 16931.
When is PEPPOL mandatory for a Czech company?
For B2G (invoicing public institutions), PEPPOL BIS Billing 3.0 is an accepted format already — alongside ISDOC. For B2B the situation is different: in the Czech Republic there is no B2B mandate today, PEPPOL is not required. Pressure will come from ViDA — cross-border B2B mandate from 2030, national systems must align by 2035. Belgian companies have required PEPPOL for B2B since 2026. If you invoice cross-border or into countries with a PEPPOL mandate, you need an access point now.