Author: Robin Anderson Bostroem

The Peppol network is often described as a “four-corner model”, but what does that actually mean in practice? This article breaks down the Peppol transport model in a simple way, showing how electronic invoices move securely from sender to receiver through trusted Access Points. Learn how the Peppol infrastructure enables reliable document exchange without complex one-to-one integrations, and why the model has become the foundation for modern e-invoicing across Europe and beyond.

EN 16931 is being updated ERP providers and software vendors in the Peppol network need to be ready.

The revised EU e-invoicing standard is expected mid-2026, bringing stricter validation rules, expanded data requirements, and new implications for Peppol and e-invoicing platforms. Read the blog to understand what’s changing and how to prepare.

The Peppol network is a decentralized, international e-invoicing infrastructure using a 4-corner model. This allows organizations to exchange e-invoices through certified service providers without needing bilateral agreements between senders, receivers, or providers. It ensures interoperability and avoids vendor lock-in. Traditional e-invoice (VAN) networks rely on bilateral agreements, creating a fragmented ecosystem.

Belgium’s B2B e-invoicing mandate is now law. From 1 January 2026, nearly all Belgian VAT-registered businesses must send and receive structured electronic invoices using Peppol BIS Billing 3.0, aligned with EN 16931. PDFs and paper invoices will no longer suffice. The framework also prepares Belgium for near real-time VAT e-reporting by 2028, with penalties for non-compliance already defined.

Understanding the difference between a Peppol Certified Service Provider and an Accredited one is key to scaling across jurisdictions. Certification proves technical compliance with Peppol standards, while accreditation is local legal approval. Arratech helps you simplify both with pre-certified, pre-accredited infrastructure.

Understanding How Peppol Authorities Shape Peppol
Peppol Authorities define local rules for operating within the Peppol network. Their PASRs outline operational and accreditation requirements that impact how service providers launch and stay compliant across jurisdictions.

The OpenPeppol PKI migration is a mandatory, breaking change that moves the Peppol network from G2 to G3 certificate authority chains. Service Providers must support both G2 and G3 by February 2026, with all G2 certificates revoked on 1 April 2026. The migration increases security but adds technical complexity, making dual-PKI support, testing and timely cut-over essential to avoid service disruption.

OpenPeppol is introducing mandatory security updates for the Peppol network. From 1 February 2026, all Service Metadata Publishers (SMPs) must operate exclusively over HTTPS, and CNAME-based SML lookups will be fully replaced by NAPTR records. These changes improve security and scalability but require Access Point and SMP providers to update certificates, DNS records and software in line with strict transition timelines.