CEN/TR 16931-4:2017

SLOVENSKI STANDARD
01-oktober-2017
Elektronsko izdajanje računov - 4. del: Smernice o interoperabilnosti elektronskih
računov na prenosni ravni
Electronic invoicing - Part 4: Guidelines on interoperability of electronic invoices at the
transmission level
Elektronische Rechnungsstellung - Teil 4: Leitfaden über die Interoperabilität
elektronischer Rechnungen auf der Übertragungsebene
Facturation électronique - Partie 4: Lignes directrices relatives à l’interopérabilité des
factures électroniques au niveau de la transmission
Ta slovenski standard je istoveten z: CEN/TR 16931-4:2017
ICS:
03.100.20 Trgovina. Komercialna Trade. Commercial function.
dejavnost. Trženje Marketing
35.240.63 Uporabniške rešitve IT v IT applications in trade
trgovini
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

CEN/TR 16931-4
TECHNICAL REPORT
RAPPORT TECHNIQUE
July 2017
TECHNISCHER BERICHT
ICS 35.240.63; 35.240.20
English Version
Electronic invoicing - Part 4: Guidelines on interoperability
of electronic invoices at the transmission level
Facturation électronique - Partie 4: Lignes directrices Elektronische Rechnungsstellung - Teil 4: Leitfaden
relatives à l'interopérabilité des factures électroniques über die Interoperabilität elektronischer Rechnungen
au niveau de la transmission auf der Übertragungsebene

This Technical Report was approved by CEN on 14 May 2017. It has been drawn up by the Technical Committee CEN/TC 434.

CEN members are the national standards bodies of Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia,
Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania,
Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and United Kingdom.
EUROPEAN COMMITTEE FOR STANDARDIZATION
COMITÉ EUROPÉEN DE NORMALISATION

EUROPÄISCHES KOMITEE FÜR NORMUNG

CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CEN All rights of exploitation in any form and by any means reserved Ref. No. CEN/TR 16931-4:2017 E
worldwide for CEN national Members.

Contents Page
European foreword . 3
Introduction . 4
1 Scope . 6
2 Normative references . 8
3 Terms and definitions . 8
4 The challenge of interoperability at the transmission level . 9
4.1 Definition of Interoperability . 9
4.2 The current market reality for e-Invoicing . 9
5 Guidelines . 11
5.1 Common terminology . 11
5.2 Best practices for transmission and related network services . 11
5.3 Use of common technology standards at the transmission level . 12
5.4 Identification, addressing and routing . 13
5.5 Authenticity and integrity . 14
5.6 Data protection . 15
5.7 Implications of format conversion services at the transmission level . 15
5.8 The role of visual presentations (for legibility) including 'hybrid' invoices . 16
5.9 Guidance for the implementation of Operating Models . 17
5.9.1 Introduction . 17
5.9.2 Specific additional Guideline regarding Direct Connection (Bilateral) models . 17
5.9.3 Specific additional Guideline regarding three-corner models . 18
5.9.4 Specific additional Guideline regarding four-corner models . 18
5.10 The need for legally binding agreements at the transmission level . 18
Annex A (informative) Legislation summary . 20
Annex B (informative) Abbreviations . 21
Bibliography . 23
European foreword
This document (CEN/TR 16931-4:2017) has been prepared by Technical Committee CEN/TC 434
“Electronic invoicing”, the secretariat of which is held by NEN.
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CEN shall not be held responsible for identifying any or all such patent rights.
This document has been prepared under a mandate given to CEN by the European Commission and the
European Free Trade Association.
This document is part of a set of documents, consisting of:
— EN 16931-1:2017, Electronic invoicing — Part 1: Semantic data model of the core elements of an
electronic invoice;
— CEN/TS 16931-2:2017, Electronic invoicing — Part 2: List of syntaxes that comply with EN 16931-1;
— CEN/TS 16931-3-1:2017, Electronic invoicing — Part 3-1: Methodology for syntax bindings of the
core elements of an electronic invoice;
— CEN/TS 16931-3-2:2017, Electronic invoicing — Part 3-2: Syntax binding for ISO/IEC 19845 (UBL
2.1) invoice and credit note;
— CEN/TS 16931-3-3:2017, Electronic invoicing — Part 3-3: Syntax binding for UN/CEFACT XML
Industry Invoice D16B;
— CEN/TS 16931-3-4:2017, Electronic invoicing — Part 3-4: Syntax binding for UN/EDIFACT INVOIC
D16B;
— CEN/TR 16931-4:2017, Electronic invoicing — Part 4: Guidelines on interoperability of electronic
invoices at the transmission level;
— CEN/TR 16931-5:2017, Electronic invoicing — Part 5: Guidelines on the use of sector or country
extensions in conjunction with EN 16931-1, methodology to be applied in the real environment;
— FprCEN/TR 16931-6:2017, Electronic invoicing — Part 6: Result of the test of EN 16931-1 with
respect to its practical application for an end user.
Introduction
The European Commission states that “The mass adoption of e-invoicing within the EU would lead to
significant economic benefits and it is estimated that moving from paper to e-invoices will generate
savings of around EUR 240 billion over a six-year period” [1]. Based on this recognition “The
Commission wants to see e-invoicing become the predominant method of invoicing by 2020 in Europe”.
As a means to achieve this goal, Directive 2014/55/EU [2] on electronic invoicing in public
procurement aims at facilitating the use of electronic invoices by economic operators when supplying
goods, works and services to public administrations (B2G), as well as the support for trading between
economic operators themselves (B2B). In particular, it sets out the legal framework for the
establishment and adoption of a European Standard (EN) for the semantic data model of the core
elements of an electronic invoice (EN 16931-1).
In line with Directive 2014/55/EU [2], and after publication of the reference to EN 16931-1 in the
Official Journal of the European Union, all contracting public authorities and contracting entities in the
EU will be obliged to receive and process an e-invoice as long as:
— it is in conformance with the semantic content as described in EN 16931-1;
— it is represented in any of the syntaxes identified in CEN/TS 16931-2, in accordance with the
request referred to in Paragraph 1 of Article 3 of Directive 2014/55/EU;
— it is in conformance with the appropriate mapping defined in the applicable subpart of
CEN/TS 16931-3 (all parts).
The Standardization Request issued by the European Commission in connection with
Directive 2014/55/EU requested that CEN should also develop Guidelines on interoperability of
electronic invoices at the transmission level, taking into account the need of ensuring the authenticity of
the origin and the integrity of the electronic invoices’ content, to be given in a Technical Report (TR)
The Guidelines cover interoperability at the transmission level for invoices based on the core invoice
model and its syntax representations to and from the involved trading and supporting parties. They
could also be applied more widely to cover the transmission of electronic invoices rendered in other
standards and formats i.e. they are invoice content and format neutral.
The Guidelines for interoperability at the transmission level (the Guidelines) are intended to guide all
stakeholders who make use of e-Invoicing within the European Union (EU) and the European Economic
Area (EEA), and Switzerland. They are addressed to trading parties, service and software providers in
relation to the transmission methods or network solutions they use or support, in order to encourage
the adoption and further development of good practices, recommendations and standards for the
transmission level. This is intended to promote efficient, cost effective and widely available e-Invoicing
practices and services.
It is expected that some groups of stakeholders, such as small and medium-sized businesses (SMEs) and
smaller contracting authorities, may find these Guidelines inherently technically challenging and
inaccessible at a practical level. This is recognized, and consequently it is important that at a context-
specific level e.g. at Member State or Sector level, policy-makers, larger contracting authorities, SME
representative and municipal associations, supportive government agencies, professional advisers, and
service and solution providers take responsibility to guide such organizations in relation to these
Guidelines. It is by the nature of the Guidelines that the provision of further specific guidance for SMEs
and smaller contracting authorities could not be done at a European level, but rather at national and
sector-specific level,
It is recommended that the Guidelines set out herein are adopted by market participants, in such a way
that separate and competing approaches, solutions and networks find common ground at the
transmission level, and on the basis of which trading parties are able to reach the maximum number of
their counterparties in a convenient manner. The Guidelines leave as many aspects as possible as a
matter of choice or in the competitive domain by only focusing on those features of transmission that
are essential to establishing interoperability.
It is envisaged that a large number of network and network-based solution instances will subscribe to
and adopt the Guidelines. There is a clear separation between the Guidelines and the design and
implementation of individual network and transmission solutions, which range from use of the ‘open’
Internet through virtual private Networks and managed services. The Guidelines are neutral as to the
individual interoperability models that the market develops and uses to accelerate the mass adoption of
e-Invoicing.
The following EU stakeholders have been consulted in addition to the Members of CEN/TC 434 and
their supporting National Standards Organizations (NSOs):
— European Multi Stakeholder Forum on e-Invoicing;
— European Commission units responsible for EU Large Scale Pilots, in particular e-SENS – DIGIT, DG
CONNECT, DG GROW, and for the Connecting Europe Facility (CEF) in particular the Digital Service
Infrastructure for e- Delivery;
— OpenPEPPOL Association;
— European E-invoicing Service Providers Association (EESPA).
1 Scope
This Technical Report recommends a set of Guidelines to ensure interoperability at the transmission
level to be used in conjunction with the European Norm (EN) for the semantic data model of the core
elements of an electronic invoice and its other associated deliverables. The Guidelines are by nature
non-prescriptive and non-binding.
These Guidelines take into account the following aspects:
1) recommending best practices for use at the transmission level;
2) supporting interoperability between all the parties and systems that need to interact and within the
various operating models in common use;
3) ensuring a level playing field for the various operating models and bi-lateral implementations and
for the use of existing and future infrastructures, which support e-Invoicing;
4) promoting a common terminology and non-proprietary standards for transmission and related
areas;
5) ensuring the authenticity of origin and integrity of electronic invoice content;
6) providing guidance on data protection, on the enablement of format conversion, and on e-invoice
legibility, including the use of a readable visual presentations, as required;
7) providing guidance for identification, addressing and routing;
8) identifying requirements for robust legal frameworks and governance arrangements;
9) recognizing the roles of trading parties, solution and service providers and related infrastructure
providers.
The Objectives of the Guidelines are:
10) to support the implementation of the EU Directive 2014/55/EU on e-Invoicing and the core invoice
model;
11) to propose best practices and recommendations for standards to enable electronic exchange of e-
Invoices and related data between participants by providing a basis for interoperability at the
transmission level, based on common requirements and scenarios;
12) to facilitate Straight Through Processing (STP) by the key actors in the supply chain (Buyers,
Sellers, Tax Authorities, Agents, Banks, Service and Solution Providers, etc.);
13) to provide a set of non-prescriptive and non-binding Guidelines and recommendations that are
applicable to all common operating models for e-invoice exchange and transmission whilst also
providing recommendations specific to each of the common operating models.
To accomplish these objectives, the Guidelines are based on the following Requirements and Guiding
Principles:
14) the need to cover the transmission of e-invoices and related documents from the system of the
sending trading party to the system of the receiving trading party, including transmission issues for
any intermediary platforms;
15) the need to allow any seller in any European (EU, EEA and Switzerland) country to deliver invoices
to any buyer in any location in another European country (EU, EEA and Switzerland);
16) the need to support all common invoicing processes and modes of operation;
17) the need to be compatible with the current legislative and regulatory environment for the exchange
of e-Invoices and related data;
18) the need to support the European Norm and other commonly accepted content standards;
19) the need to ensure that other document exchanges beyond e-Invoicing can be supported;
20) the need to establish clear boundaries between the collaborative and competitive domains;
21) the need to enable competition between business models, solutions and service providers and
foster innovation;
22) the need to ensure that European supply chains remain an integrated and competitive part of the
global economy;
23) the need to promote network effects leading to the development of critical mass as e-Invoicing
becomes the dominant mode of invoicing (network effects result in a service becoming more
valuable as more trading parties use it, thus creating a virtuous circle and further momentum for
adoption).
The following items are considered to be in the competitive domain and therefore out of scope of the
Recommendations:
24) Private entity space: the private entity space meaning the internal functionality or behaviour of any
individual sender and receiver of invoices and their solution and service providers.
25) Schemes and community solutions: as described above, the creation of these Guidelines for
interoperability at the transmission level is considered to be a collaborative activity. Individual
schemes, operating models, networks and network-based solutions at a European, national, global,
or sector level are considered as lying in the competitive domain for the purposes of these
Guidelines.
26) Choice of networks and technical solutions: the usage of any particular network or technical
solution by any community or bilateral pair of service providers is a private competitive matter.
27) Service offerings: the actual utilization of the Guidelines in relation to a commercial service offering
is a commercial activity and therefore out of scope.
28) Business integration: the integration of services with other processes, systems or solutions is in the
competitive domain, as is storage and archiving.
29) Pricing: pricing and contractual arrangements in any form are in the competitive domain.
30) Legal and tax compliance: steps taken to ensure compliance with legal and tax requirements are
private obligations of taxable persons.
2 Normative references
Not applicable.
3 Terms and definitions
For the purposes of this document, the following terms and definitions apply.
3.1
transmission
delivery (including sending and receiving), presentation or the ‘making available’ of invoices in a timely
and secure manner between trading parties and any third parties acting on their behalf
3.2
bilateral model
model in which the transmission takes place on a direct connection basis between the trading parties
3.3
three-corner model
model in which a single service provider acts on behalf of both the supplier and the buyer to offer e-
Invoicing and other supply chain services
3.4
four-corner model
model in which the seller and buyer each have their own service provider, which in turn inter-operate
with each other, either on the basis of bilateral agreements, or as part of a multilateral network
3.5
interoperability
ability of disparate and diverse organizations to interact towards mutually beneficial and agreed
common goals, involving the sharing of information and knowledge between the organizations, through
the business processes they support, and by means of the exchange of data between their respective ICT
systems
3.6
network and network-based solution
physical or virtual electronic network based on a specification and a contractual framework, in which
multiple parties engage in electronic transmission
3.7
service or solution provider
intermediary party, which provides facilities or tools for the transmission of e-invoices and other
documents and messages
3.8
trading party
party which may either be the invoice sender or receiver being the parties engaged in the supply and
receipt of goods and services
3.9
structured format for an electronic invoice
invoice that has been issued, transmitted and received in a structured code electronic format, often
based on mark-up, which allows for its automatic and electronic processing
3.10
unstructured format for an electronic invoice
invoice that has been issued as a document containing information that is purely alpha-numeric in
nature or represents an image, capable of being read by a human, but not automatically processed
4 The challenge of interoperability at the transmission level
4.1 Definition of Interoperability
The European Interoperability Framework (EIF) defines interoperability as “…the ability of disparate
and diverse organizations to interact towards mutually beneficial and agreed common goals, involving
the sharing of information and knowledge between the organizations, through the business processes
they support, and by means of the exchange of data between their respective Information, Computer
and Technology (ICT) systems” [3].”
The goal of interoperability is to allow information to be presented in a consistent manner between
business systems, regardless of technology, application or platform. It thus provides organizations with
the ability to transfer and use information across multiple technologies and systems by creating
commonality in the way that business systems share information and processes across organizational
boundaries. Such processes should not involve the end-user in onerous initiation and operational
processes.
In a heterogeneous business environment actors do not need to know in detail how another actor
operates within its internal environment; however, the existence of business agreements that set out a
common collaborative way of working together is vital.
Interoperability can be identified on four different levels:
1) legal interoperability;
2) business and organizational interoperability;
3) process interoperability- semantic;
4) technical interoperability- syntax and transmission (the latter being the subject of these
Guidelines).
At the transmission level, there is a focus on the methods and practices through which delivery,
presentation or the ‘making available’ of invoices are conducted in a timely and secure manner. This
includes related requirements such as validation, signing, encryption, the enablement of format
conversion but not issues concerning invoice content or message payload. The focus is on the delivery
or presentation of e-invoices and related documents from the system of the sending trading party to the
system of the receiving trading party, including transmission issues for any intermediary platforms.
4.2 The current market reality for e-Invoicing
As essential context for developing relevant Guidelines for the transmission level it is important to
understand the current market reality for e-Invoicing across Europe.
Trade involves many types of trading party (e.g. businesses of all sizes, consumers and government
agencies) trading with each other. A lack of interoperability between the many trading parties and the
operating models they use for the electronic transmission of trade information could, if not addressed,
inhibit participation by important market segments such as small businesses and smaller contracting
authorities; it will also create barriers to reach, which is the ability of one entity to forward electronic
business documents to another in a safe and predictable manner.
By addressing cooperation to create interoperability at all levels including transmission, all trading
parties (suppliers and buyers) and service providers should be better able to work with their counter-
parties. The European economy will benefit in terms of cost effectiveness from the results of
standardization, while at the same time continuing to benefit from a vigorous competitive market for e-
Invoicing solutions.
The following is the current market reality in the general landscape for e- Invoicing services and
provides context for the creation of the Guidelines:
Relative immaturity: whilst e-Invoicing technologies have been maturing for some time, the trend
towards e-Invoicing adoption and the development of supporting services is still relatively young and
most actors are in a build-up phase. The market for supporting services has developed to help trading
parties overcome business and technical complexity and any perceived uncertainty in the legal
environment. Geographic regions and countries are at varying stages of maturity in terms of e-Invoicing
adoption. Many heterogeneous and incompatible e-Invoicing processes and transmission methods have
evolved and have been adopted in the market. The trust equation for electronic business between users
and between service providers and users is still emerging and business models are still developing.
Fragmentation: The use of multiple standards for invoice content and multiple transmission methods
creates complexity and may be impeding the achievement of critical mass. Format conversion services
provided by service providers shield users from these underlying problems. Many trading parties
engage in bilateral connections using humanly generated unstructured formats, such as PDFs, but the
usage of unstructured formats leads to suboptimal processes due to the resultant absence of end-to-end
business process automation. Structured formats make possible significant benefits from automated
processing, but where such formats are in use, they often use sector-specific or local formats and
transmission channels.
The needs of smaller businesses: Small business is not fully engaged with e-invoicing at this stage.
Many are required to participate in e-Invoicing based on the automation of supply chains by larger
enterprises or invoice other SMEs and individuals using PDFs. Efforts are needed to provide easy to use
tools, transmission methods and other capabilities to enable full participation by SMEs, preferably
without involving software installation and maintenance.
Operating models: Direct (bilateral) connections are common. However, many invoice exchanges are
intermediated using 'Three-Corner' models, often cloud-based, in which buyers and sellers participate
in various communities by being connected to a number of separate service platforms. This is common
in the automated supply chain segment especially but not exclusively B2B. 'Four-Corner' models
involving connections between service providers are being increasingly deployed.
At the current stage in the development of e-Invoicing, the following are therefore the principal
examples of operating models:
— bilateral, peer-to-peer, hub and spoke, and Electronic Data Interchange (EDI) models, whereby
transmission takes place via a direct or point to point connection between the trading parties;
— three-corner model whereby a single service provider or network acts on behalf of both the
supplier and the buyer to offer e-Invoicing and other supply chain services;
— four-corner model whereby the seller and buyer each have their own service provider, which in
turn inter-operate with each other either on the basis of bilateral agreements or as part of a
multilateral network.
Figure 1 — Common operating models for e-Invoicing
5 Guidelines
5.1 Common terminology
This Guideline calls for the consistent use of terminology to describe and clarify the roles and
responsibilities of actors and roles involved in transmission. Much of the required terminology is
embedded in the EN, but there are other terms relevant to the transmission level, a selection of which
are set out in this document. As terms and definitions are used by actors in the transmission process,
they should be clearly defined and consistently used in legal and operational documents. Reference
should be made to common definitions used by standardization bodies, such as CEN, UN/CEFACT and
ISO.
5.2 Best practices for transmission and related network services
The following business and technical best practices to ensure interoperable transmission are proposed,
whilst recognizing that their actual adoption or their provision by means of services is a matter of
choice and lie in the competitive domain:
1) Agreement on transmission method: Trading parties should agree on, or find acceptable, one or
more transmission channels to be used for e-Invoicing and related communication. Such channels
will usually, be established at the initiative of the invoice receiver, and this could be termed a 'pull'
mode. In other cases, the invoice sender may create or find an electronic connection acceptable to
the invoice receiver, and this could be termed a 'push' mode.
2) Needs of trading parties: In establishing such transmission channels the initiator of the
transmission method should take into account the needs of their trading party, in terms of ease of
use and factors such as size of enterprise, technical capability and geographic location, providing,
where appropriate, choice and flexibility. There is a need for easy to use and cost effective solutions
for SMEs to send invoices to their buyers whilst not impeding process automation on the buyer
side.
3) Transmission availability: All networks and transmission methods should support reliability,
availability and resilience as appropriate to the business circumstances. There should be support
for multiple time-zones and, as feasible, 24x7x365 service availability.
4) Message structure and identifiers: There should be a separation of the message header,
envelope, or metadata from message content or payload. Message identifiers should be available so
that individual messages are unambiguously identifiable. Where a networks are provided for e-
invoice delivery, an identifier for each network instance should be made available in order to
unambiguously identify each network and permit interoperability between networks.
5) Message types: There should be made available or mutually agreed a comprehensive range of
message types, including business level responses and message level responses, such as
acknowledgements, invoice status, response messages and rejections.
6) Clear boundaries: There should be clear definitions as to where a transmission process begins and
ends and what gateway, node or access point creates the boundary between the system of the
sender or receiver. Such boundary conditions shall be consistent with the allocation of business and
legal responsibility and liability.
7) Transmission security: All transmission connections including access to portals and websites
should be protected by security and confidentiality methods and devices, such as firewalls, access
controls and the use of electronic signatures (advanced and qualified digital signatures). Security
requirements need to include protection of the transmission process from intrusion and
infringement of confidentiality. Encryption may be employed where appropriate in the context of
the data being exchanged.
8) Web services: The employment of websites for uploading and downloading e-invoices, data and
related documents should be deployed in an easy-to-use and secure manner. It is possible to
organize secure transmission within a secure 'closed loop' environment based on such web
services.
9) E-mail: The use of e-mail is very widespread and allows messages to reach the intended recipients
in the vast majority of instances, although delivery is not guaranteed. Nevertheless additional
controls should be considered by sender and receiver to mitigate basic e-mail limitations, such as
the impact of spam, fraud attacks and lack of confidentiality. Additional controls such as encryption,
the use of digital signatures, response messages and delivery confirmations, should be agreed and
documented. Senders and receivers also need to have a clear definition of the e-mail process to be
used (payload attached or embedded in the body of the message, the use of compression, the
number of documents per email, etc.). Due to the nature of the email protocol, the receiver will
need to pay special attention to issues of authentication and security, and the methods issues
described in 6.2. E-delivery Services as defined in the eIDAS regulation are recommended in
appropriate circumstances. These provide an enhanced form of e-mail with supporting evidence
relating to the handling of an e-mail including proof of submission and delivery.
Further requirements for technology standards, addressing and routing, authenticity and integrity, and
data protection are covered in the paragraphs below.
5.3 Use of common technology standards at the transmission level
This Guideline recommends the use of common, non-proprietary, royalty-free European and
international information technology standards for communication and related areas such as security.
Such standards and technology should enable interoperability and foster competition and innovation.
The number of strictly mandated technical requirements shall be kept to a minimum as a matter of
principle.
Examples of standards relevant to these Guidelines at the transmission level are:
1) AS2 (IETF), AS4 (OASIS), OFTP2 (ODETTE) and SMTP (Email) - protocols for the secure and reliable
transmission of messages across the Internet;
2) SBDH - a standard for the envelope or header, which incorporates a payload or content message
such as an e-invoice;
3) SML/SMP (Service Metadata Locator/Service Metadata Publisher) – Oasis Specifications for
distributed registry lookup and discovery;
4) digital certificates/PKI (Public key Infrastructure) – ETSI standards for trust services;
5) http protocol based standards and specifications (REST, Web services, SSL/TLS etc.) for web
applications.
Attention is drawn to the CEF e-Delivery which has the status of a generic Digital Service Infrastructure
in the CEF programme in the area of data exchange with a focus on interoperability, security, scalability
and performance, and legal assurance and accountability. CEF e-Delivery is developed by the European
Commission in consultation with other stakeholders based on the e-SENS Large Scale Pilots and the
PEPPOL specifications. These may be used to support any four-corner model for the exchange of e-
invoices or other related documents and are accordingly recommended for adoption, as appropriate.
CEF is the Connecting Europe Facility a multi-year funding and policy programme involving transport,
energy and telecoms, supporting the EU Digital Single Strategy initiative.
The e-Delivery building blocks can be found on https://joinup.ec.europa.eu/community/cef/.
ETSI/TS 102 640 about Registered Electronic Mail (REM) and ETSI SR 019 050 about Electronic
Registered Delivery Services (ERDS) are relevant standards for the implementation and
interconnection of invoice transmission services. ETSI/TS 102 640-5 about REM-MD Interoperability
Profiles provides relevant standards for the interconnection of both types of transmission services:
i.e. Store and Forward (S&F) and Store and Notify (S&N). ETSI is also preparing additional Standard
Reports and Technical Specifications as part of the M/460 mandate concerning the eIDAS trust services
– electronic registered mail and registered electronic delivery services. An important part of this work
programme are technical specifications “Testing Conformance and Interoperability” for delivery
services.
5.4 Identification, addressing and routing
This Guideline proposes the principles to be applied to the development of commonly recognized
identification schemes, interoperable addressing and routing processes both within and across different
domains and networks, and the identifiers that enable them. The proposed principles are as follows:
1) A distinction should be made between an identifier by which a person is generally recognized (e.g.
name, company number, VAT number etc.) and an address which is the location, at which a natural
person (individual) or legal person (corporate entity), a system, or a device may be reached,
recognizing that any of these may require more than one address.
2) All transmission solutions should provide or create the tools for the use of an unambiguous
identifier for both the users themselves and, where applicable for any associated solution or service
providers on a basis that is cost effective and easy to use including facilitating the transfer of
business relationships from one solution to another to avoid lock-in.
3) All solution and service providers should also obtain and widely distribute an address to enable
others to route all relevant messages to them and their customers.
4) Addresses and identifiers should be sufficient to support the processing of invoices, invoice related
messages and potentially other business messages to senders and receivers.
5) All networks and network based solutions should publicly make available their various addressing
and routing structures and numbering conventions on a transparent basis, as required by the needs
of their trading parties.
6) All networks and network based solutions are encouraged to (but should not be compelled to)
publish an easily accessible directory, in which are found the identifiers and addresses of end-
users, who wish that such information be published in this way.
7) Unless it is a condition of participating in a particular network or network based solution, no end-
user (a natural or legal person, being the ultimate invoice receiver or sender) should be compelled
to agree to the publication of such information, for any reason such as confidentiality, or the use of
practices where it discovers the necessary details on a private bilateral basis.
8) The identifiers should be capable of being re-used for other e-procurement services and preferably
be globally unique.
9) Existing identifiers and numbering conventions should be used where possible.
10) Attention is drawn to the SML/SMP/ Directory artefacts present in the PEPPOL and e-Delivery
specifications for the creation of Directory Services.
11) Commission Implementing Regulations (EU) 2015/1501 and 2015/1502 are additional regulations
concerning the identification of data relating to natural or legal persons, the applicable Levels of
Authentication (LOA) and the necessary controls.
Industry participants are encouraged to cooperate in the further development and adoption of more
interoperable and easy to use addressing and routing procedures within a standards body such as CEN
and ETSI and also, taking due account of relevant international standards.
5.5 Authenticity and integrity
The authenticity of the origin and the integrity of the content of any invoice should be ensured in
accordance with Article 233 of the VAT Directive 2010/45/EU, which describes three ways to ensure
authenticity of origin and integrity of invoice content:
Business controls which create a reliable audit trail. An example of a business control is the
matching of supporting documents such purchase orders, delivery notes and remittance advices.
Controls should be appropriate to the size, activity and type of the taxable person. An audit trail should
contain source documents, processed transactions and references to the linkage between them.
Business controls have no impact at the transmission level, so have no implication for these Guidelines
on transmission, as it is a pure business process handled before (by the sender) or after (by the
receiver) the actual transmission of the invoice; however, it is nevertheless recommended for quality
purposes to follow the best practices for transmission described in these Guidelines when using the
business controls method.
Advanced electronic signature. By definition, this type of signature uniquely identifies and links its
signatory to the content (authenticity of the origin) and invalidates the signature if the signed data has
been tampered with (integrity of the data). Advanced digital signatures can be technically implemented,
following the XAdES, PAdES or CadES (COMMISSION IMPLEMENTING DECISION (EU) 2015/1506). It is
recommended to always apply the signature to the transmitted payload so that the authenticity and
integrity of the invoice can be verified during the whole legal archiving period and for confidentiality
purposes. At the message or header level, the transmitted message could be also signed (e.g. when sent
using the AS2 protocol), for the whole or during a stage or stages of the transmission process, but the
use of signatures in these circumstances is separate from its use to ensure authenticity and integrity.
EDI (Electronic Data Interchange). There shall be a previously executed agreement between the
parties (Commission Recommendation 1994/820/EC) before any EDI transmission may be used as
guarantee for the authenticity of the origin and integrity of the data. The implemented transport
security methods should be documented in the agreement. There are various types of agreements
between parties that could be used for this purposes, such as bilateral agreements between two parties,
multilateral agreements used in legal frameworks such as OpenPEPPOL, and a variety of national
agreements.
The above three methods are cited in the Directive as valid options, but it is contemplated that there are
and will be in the future other possible ways of ensuring Authenticity and Integrity. An example is
described in the Regulation (EU) N°910/2014 on electronic identification and trust services for
electronic transactions in the Internal Market (eIDAS Regulation), which provides a regulatory
environment to enable secure and seamless electronic interactions between businesses, citizens and
public authorities. Among other items, it provides the regulatory environment for electronic signatures,
electronic seals, timestamps and other proofs for authentication mechanisms to enable electronic
transactions with the same legal standing as transactions performed on paper.
Mention should also be made of the e-Delivery services (Regulation (EU) N°910/2014) which defines a
service that makes it possible to transmit data between third parties by electronic means and provides
evidence relating to the handling of the transmitted data, including proof of sending and receiving the
data, and that protects transmitted data against the risk of loss, theft, damage or any unauthorized
alterations. Documents transmitted using an e-Delivery service are guaranteed to have authenticity,
integrity and confidentiality.
5.6 Data protection
Key principles for data protection when processing and transmitting invoices shall be applied:
— data shall be protected against unauthoriz
...