Message IconCustomer SupportUser IconContact SalesLock IconLogin
The Arratech logo
Message IconCustomer SupportUser IconContact SalesLock IconLogin
Get StartedGet Demo

Peppol Service Metadata Publisher Updates

Arrows Image
Compliance
Hans Christian B PedersenHans Christian B Pedersen
Hans BergHans Berg
Robin Anderson BoströmRobin Anderson Boström

Must do’s before the deadline

OpenPeppol, the organisation governing the Peppol network, the most widely used and e-invoicing network in the world, is rolling out two major changes that will make the network more secure:

  1. Mandatory HTTPS for all Service Metadata Publishers (SMPs).
  2. Migration from CNAME to NAPTR records for Service Metadata Locator (SML) lookups.

These updates from OpenPeppol are improvements that every business running a Peppol Access Point and SMP needs to understand and prepare for.


👉 Want to skip the migration headache? Talk to Arratech today and we’ll keep you compliant from day one.

GET A DEMO

Peppol network changes to service metadata infrastructure

Here is what you need to know

HTTPS for SMPs

From February 1, 2026, every Peppol SMP must run exclusively on HTTPS with TLS certificates from an approved CA (certificate authority).

  • Moving to HTTPS in Peppol encrypts Corner 2 SMP lookup responses
    SMP servers must use TLS from an approved Certificate Authority to operate on port 443.
  • Please note that the SMP PKI certificate issued by OpenPeppol cannot be used for this purpose as it is used solely for the interaction with the SML and for SMP lookup responses.
  • Mandatory from Feb 1, 2026
  • Migration possible from Nov 1, 2025

This change enhances security between C2 Access Point clients and SMPs when retrieving participant metadata

Migrating to HTTPS increases the integrity and security for for participant metadata retrieval, making the Peppol network more secure.

NAPTR Records Replace CNAME Lookups

The way Corner 2 Access Points discover participants are also changing. CNAME records in the SML are being deprecated in favor of NAPTR (U-NAPTR), a more advanced and resilient method that reduces the number of SML records which is desired as the network has grown rapidly over the last few years to approximately 2 million registered receivers.

Quick summary of NAPTR records update for Peppol

  • Replace CNAME records for SML lookups
  • Provide flexibility for future routing innovations
  • Scales better as Peppol adoption grows
  • Becomes mandatory from Feb 1, 2026

Transition timeline:

May 1 – Nov 1, 2025: Both lookup methods run in parallel.
Nov 1, 2025: NAPTR becomes the primary method.
Feb 1, 2026: CNAME is fully deprecated.

timeline https

What does it mean for Peppol Access Point and Peppol SMP providers?

If you are operating and hosting a Peppol Access Point and/or SMP, you need to perform the updates according to the timelines stated above. This ensures you remain compliant and prevent interruptions to your service:

  1. Watch the webinar from OpenPeppol to learn more about the details and read this document.
  2. Migrate SMPs to HTTPS with TLS certificates from approved authorities.
  3. Update your systems to handle NAPTR-based lookups.
  4. Test thoroughly during the transition to avoid service disruptions.
Transition to HTTPS and NAPTR are mandatory

Don’t worry, we’ve got you.

At Arratech, we live and breathe Peppol. Instead of losing sleep over maintaining your Peppol service, migrate to Arratech and we will ensure compliance and uninterrupted service, 24/7. The 2026 deadline isn’t optional. The question is: will you scramble at the last minute, or be compliant from day one with Arratech?

👉 Talk to the Peppol experts today and stay ahead of the 2026 deadline.

LightBulb

The Smarter path through service metadata infrastructure migration

This migration represents a significant investment of time and resources. Without a managed solution, you’ll need to handle certificate renewals, DNS reconfiguration, SMP software updates, and compliance testing. Instead, migrate directly to Arratech’s Peppol Access Point and SMP solutions. We take care of all updates and guarantee uninterrupted connectivity to the Peppol Network. You could spend months planning, testing, and maintaining this migration — or simply hand it off to Arratech. Our HTTPS- and NAPTR-ready infrastructure keeps you compliant without the operational burden.

Get in touch today and learn how we can support you:

GET A DEMO

Get Updates
FAQs Hero Image

FAQs

Do I need to upgrade my SMP immediately?

No, but don’t wait until the last moment. Migration to HTTPS must be complete by Feb 1, 2026, and you can begin moving from Nov 1, 2025. Early testing is strongly recommended.

Will the switch to NAPTR records disrupt document exchange?

Not if you prepare. Both CNAME and NAPTR will work in parallel from May 1 – Nov 1, 2025, giving you a testing window. By Feb 1, 2026, all systems must use NAPTR.

Do I need new infrastructure to comply?

In most cases, no. You’ll need:

  • Valid TLS certificates for HTTPS
  • DNS updates to support NAPTR records
  • Updated software configurations for Access Point lookups

Glossary

Peppol Service Metadata Publisher (SMP)

A Service Metadata Publisher (SMP) is a registry on the Peppol network that stores essential details about a business or organisation — such as which types of electronic documents (e-documents) it can receive (e.g., e-invoices, purchase orders) and how those documents sho

If your organisation wants to receive e-documents via Peppol, it must be registered in an SMP. Without this registration, other companies and government agencies cannot find the technical information they need to deliver documents to you.

Service Metadata Locator (SML)

The Service Metadata Locator (SML), the only central component in the Peppol eDelivery Network. It keeps track of where each participant’s Service Metadata Publisher (SMP) is located. When a sender wants to deliver an electronic document, their Access Point queries the SML to find the correct SMP address for the recipient. The SMP then provides the detailed technical information needed to send the document securely and correctly.

CNAME record

A DNS record type formerly used for SML lookups (pointing one domain name to another) that is being deprecated in this context.

NAPTR (U-NAPTR) record

A DNS record type that replaces CNAME in the new lookup method. It supports more advanced and flexible routing for metadata resolution.

Glossary Hero Image
More Stories
Three people discussing what certified vs accredited Peppol Service provider mean
Peppol Certified vs Accredited Service Providers, Why the Difference Matters
Blog Post
Flags from the world representing Peppol authorities
Understanding how Peppol Authorities Shape Peppol
Blog Post
Peppol Explained Hero
The Peppol Network - Explained
Blog Post
Discover all stories