Scritto il 8 July 2026
ISO/IEC 27001 Certification Mandatory for Peppol Service Providers from 1 July 2027

It is hereby notified that as of 1st July 2027, all Peppol Service Providers shall be required to hold a valid and active ISO/IEC 27001 certification. This certification constitutes a fundamental requirement for continuing to operate on the Peppol network and ensuring the security of managed information.

ISO/IEC 27001 certification attests that the Service Provider maintains an Information Security Management System (ISMS) in compliance with international standards, subject to independent and recurring audits. This ensures that Peppol network participants benefit from a consistent and verifiable level of assurance regarding information security.

Service Providers that already hold an ISO/IEC 27001 certification must verify that the Statement of Applicability (SOA) explicitly covers the scope of Peppol operations (Access Point, Service Metadata Publisher, End User Identification, document management, integrity controls, logging and audit trail, backup and business continuity). Service Providers that do not yet hold the certification must promptly initiate the implementation project, engaging an accredited certification body specializing in ISO/IEC 27001.

OpenPeppol has established a structured timeline to guide Service Providers through the certification process:

  • 30th June 2026 (T0): Deadline for submission of equivalence requests for other certificates already held
  • 1st September 2026 (T1): Deadline for submission of ISO/IEC 27001 certificates already in possession
  • 1st October 2026 (T2): Deadline for submission of evidence for ongoing certification projects
  • 1st February 2027 (T3): First progress report on ongoing certification work
  • 1st May 2027 (T4): Second progress report on ongoing certification work
  • 1st July 2027 (T5): Mandatory deadline for certification achievement

For further information, please refer to OpenPeppol’s dedicated ISO/IEC 27001 page and the attached. implementation plan.