The Peppol network relies on a “Four-Corner Model” (expending to a “Five-Corner Model”) where businesses exchange documents via certified Access Points, in a secure way thanks to digital certificates.
As we move through February 2026, the Peppol network is in the final stages of its most significant security evolution to date, the mandatory transition from G2 to G3 certificates, a key component of Peppol Public Key Infrastructure.
For Peppol Access Points, the hard deadline is April 1st, 2026, where failure to complete this migration would result in a total loss of connectivity to the network.
Understanding the Peppol Public Key Infrastructure
At the heart of the global Peppol network lies the Public Key Infrastructure (PKI), the security engine that ensures every message is authentic, untampered, and sent by a verified Service Provider acting as a Peppol Access Point (AP).
When the Sender’s AP (Corner 2) sends a message to the Receiver’s AP (Corner 3), it uses this PKI to perform a “digital handshake.” This process confirms the following essential elements:
- Identity: The sender is a certified Peppol AP
- Integrity: The message hasn’t been modified by a third party
- Non-Repudiation: The sender cannot later claim they didn’t send the document
The PKI operates on an asymmetric encryption model, using:
- A “Private Key” held securely by the AP to “sign” outgoing messages
- A “Public Key” shared with the network via the PKI and used by the receiving AP to “unlock” and verify the signature.
Understanding the use of Peppol certificates
Peppol certificates are the active technical tools that allow the “Four-Corner Model” to function securely.
Their primary role is authentication, serving as a digital passport that a Service Provider presents to prove it is a valid Peppol AP. Beyond identity, these certificates are the core of digital signing during the exchange of business documents via the AS4 protocol.
In practice, every time an electronic invoice is sent, the sender uses their Private Key to sign the message, while the receiver uses the sender’s Public Key (contained in the certificate) to verify that the message is authentic and has not been tampered with.
Additionally, certificates facilitate encryption to ensure data confidentiality, ensuring that data remains secure and private throughout its entire journey across the network.
The migration impacts and stakes
The transition from G2 (Generation 2) to G3 (Generation 3) certificate is not a routine update. It is a critical security overhaul of the network’s underlying trust infrastructure.
The primary stake is business continuity. G3 certificates are not automatically compatible with G2 certificates. This is why the April 1st, 2026 deadline is a hard cutoff, meaning on this day, the G2 trust chain will be revoked globally.
Comprehensive guidelines [↗︎] have been published by OpenPeppol in order to facilitate the migration for all Peppol Service Providers.
Businesses should therefore ensure their Peppol AP is fully ready and compliant with the new G3 certificate. The impact of missing this deadline is severe. If an AP (or SMP – Service Metadata Publisher) has not successfully migrated its certificate, it won’t be able to issue or receive messages through the Peppol Network.
With April 2026 set as the hard deadline, the current transition period makes it essential for receiving Access Points to be “dual-capable”, able to trust and verify signatures from both legacy G2 and new G3 certificates.
