Do you want to join the Netherlands Peppol Authority (NPA) to provide your services in the Netherlands? And are you already affiliated to OpenPeppol and/or another Peppol Authority? We have drafted a comprehensive step-by-step guide for service providers who want to deliver services to (registrate in the Peppol network) end-users (both senders and receivers) within the jurisdiction of the NPA.
Please note: Are you not (yet) affiliated to OpenPeppol or another Peppol Authority? We have drawn up a guide to join the NPA (Dutch).
Service providers who are already connected to the Peppol network, are providers that are affiliated to OpenPeppol and/or another Peppol Authority. The guide you find below, outlines the conditions these service providers must meet and the steps they must take to provide services towards end-users within the Netherlands and to be featured in the NPA serviceprovider-community and the list of Peppol serviceproviders on peppol.nl.
Application procedure
You have to send your application to support end-users in the Netherlands, including the signed PEPPOL Service Provider Agreement, to the NPA by email: operations@peppolautoriteit.nl. The information you submit will only be used to process your application. The NPA has a privacy policy that we can send to you upon request.
The NPA evaluates your application and determines whether or not it will be processed.
The NPA may impose additional requirements to those of OpenPeppol and/or the Peppol Authority you are affiliated to. You can find all requirements in our Peppol Authority Specific Requirements (PASR). Besides the PASR requirements, we need additional information.
Please submit:
- An ISO27001 certificate or a TPM (Third Party Memorandum)
- Description of your End User Identification (EUI) process
- A statement saying you will operate towards end-users in accordance to our PASR
- Your endpoint URL(‘s)
Here's a more detailed explanation of the additional information you need to supply:
1. ISO27001 certificate or a TPM
ISO27001 is the global standard for information security. It details requirements for a documented Information Security Management System (ISMS) in the context of the organisation's overall business risks. The certifying organisation for your ISO certificate must be accredited by an International Accreditation Forum (IAF) member. The ISO certificate should contain the services offered as a Peppol service provider.
If your organisation is not yet ISO27001 certified, an assurance report created by a third party (TPM = Third Party Memorandum) may suffice. This report has to be compiled by a registered and independent IT auditor, and it must demonstrate that your information security complies with ISO27001 requirements and thus contains the ISO27001 controls.
2. EUI Process
The End User Identification (EUI) principle stipulates that you must verify the End User before acceptance and (as a minimum) yearly evaluate. Consequently, the NPA requests a process description detailing how the End User's identity will be confirmed and how data will be managed. The conditions for End User Identifications are outlined in article 3.3 of the OpenPeppol Internal Regulations.
3. Statement
We require a statement confirming you will operate towards End Users from the Netherlands according to the conditions of the Peppol Interoperability Framework, and in particular our Peppol Authority Specific Requirements. This statement can be submitted via email or as a separate document. This statement is a crucial part of the process.
4. Endpoint URL
As per the OpenPeppol SLA, we monitor your services availability. Therefore, we need your Endpoint URL(‘s) for our monitoring tool.
If you have submitted all required information, the NPA will review the documentation. If you comply to all requirements, the admission process will proceed, and you will be notified by email. If the documentation does not meet the requirements, you will receive a notification by email explaining the reason(s). You will be asked to submit the necessary information again.
NPA Service Provider Community
Accepted service providers will be invited to join the NPA Service Provider Community. This is a forum for discussing services delivered through the Peppol network and a collaborative platform for addressing solutions and challenges.
Listing on peppol.nl
If your application has been approved by the NPA, we can list you in the overview of service providers on peppol.nl. You can send a request, with landing page (preferably related to Peppol), by email to operations@peppolautoriteit.nl.