Questionnaire

Know your customer process in the Peppol network

This is a questionnaire for Service Providers regarding the know your customer / end user identification process in the Peppol network. This topic’s importance was decided in the face-to-face meeting in Brussels in June 2025.

Many thanks to Finnish Peppol Authority for creating the original survey, which we adapted slightly for our purposes.

Please answer this questionnaire with the best of your knowledge. The first page of the questionnaire deals with the activities of service providers in identifying their end user customers, and the second page deals with the activities of Peppol Authorities in identifying their service providers. The answers will be combined and the conclusions will be discussed in the Netzwerk-Meeting in Kassel, on November 12. The next steps will be decided based on the results.

Service Provider’s contact information is not collected, and responses cannot be linked to a specific SP.

Relevant chapters in the Internal Regulations for this questionnaire are:

3.3 End User Identification
3.3.1 Information to be Collected
3.3.2 Requirements for the Peppol Authorities
3.4 Peppol Service Provider Identification

See the internal regulations here.

Auf dem Bild ist das Icon von Peppol zu sehen, Es ist weiß und wird auf blauem Grund abgebildet.

    1. Do you consider the End User Identification Requirements set for Peppol Service Providers in the Internal Regulations chapter 3.3.1 sufficient?

    What could be improved in the requirements?

    2. Do you think that you do comply with these requirements?

    What could be improved in the requirements?

    3. Would it be helpful if your Peppol Authority would pre-emptively do something to make sure that you as a Service Provider comply with these requirements?

    Note: the presumption is that every Peppol Authority will take action if a problem is first discovered.

    Pre-emptive measures may include, for example, requesting the service provider to provide a written notice of its end-user identification process, requiring a certification of a sort, or going over these requirements in a meeting before signing the Service Provider Agreement.

    What pre-emptive actions might be helpful?

    4. To the best of your knowledge, would mandatory ISO27001 certification for Peppol service providers enhance the KYC / end user identification process, thereby making the Peppol network more secure?

    Why additional measures would not be needed / would be needed?

    5. Do you consider the requirements set for the Peppol Authority in the Internal Regulations chapter 3.3.2 AND in the chapter 3.4 sufficient?

    What could be improved in these requirements?

    6. Is there a requirement in the 3.3.2 or 3.4 chapter that is hard for you as a Service Provider to fulfill?

    7. What are the two best actions that Service Provider can take to improve the KYC / end user identification process in the Peppol network?

    You can respond from either perspective: service providers identifying their end user customers or Peppol Authorities identifying their service providers. Feel free to copy and paste your previous answer, if suitable.

    Thank you for your participation!

    Bleiben Sie mit unserem RSS-Newsfeed auf dem aktuellsten Stand!

    Mit unserem RSS-Newsfeed erhalten Sie alle Informationen zu neusten Entwicklungen, Veranstaltungen und Standardveröffentlichungen direkt und sofort.
    Verwenden Sie folgenden Link: https://xeinkauf.de/aktuelles/feed

    Kontakt

    Senator für Finanzen
    Koordinierungsstelle für IT Standards (KoSIT)

    Rudolf-Hilferding-Platz 1

    28195 Bremen

    xeinkauf@finanzen.bremen.de

    Schnellzugriff
    XStandards Einkauf
    Rechtliches