Welcome BOSA, the Belgian Peppol Authority, welcomes you to this collaboration area dedicated to the Belgian jurisdiction. It supports the forums that we are used to organize since 2016 to assist the IT sector in widening the eInvoicing and eProcurement solutions in the Belgian market. → The structure of this area will grow gradually to best fit with the discussions and opportunities that will arise.
Enjoy your visit and let us know! the eInvoicing team @BOSA
Hermes (hrms) offers the possibility to Service Providers operating a Peppol Access Point (AP), to integrate hrms into their outbound invoicing services. This testplan lets the AP check the behavior of hrms in the different scenarios. APs can familiarize themselves with hrms, including instances when sent invoices fail hrms validations .
This testplan is designed to require minimal input, effort and time from the AP. The complete execution takes less than 1 hour. BOSA advises to agree on a joint schedule, but this is up to the AP to decide.
1. Description of the test session
The test consists of the following steps. (More details below in section 2)
Kick-off BOSA and AP meet and greet, agree on the setup and exchange the information required to execute the set of round and launch the tests.
Initial round This test set validates the behavior of hrms when the AP is not yet registered on the whitelist.
Main round This test set validates the behavior of hrms when theAP is registered on the whitelist and no email address is recorded.
Final round (optional) This test set validates the behavior of hrms when the AP is registered on the whitelist and a central email address is recorded.
Wrap up BOSA and AP share their findings, observations and conclusions. They sign off the results. This closes the session.
2. More details
There are only 2 details worth noting: (a) what information must be exchanged at kick-off and (b) what is the sequence of each test round.
(a) what information must be exhanged at kick-off?
The AP must provide the following information to BOSA:
enterprise number of a sender for which the AP registered MLR Receiving Capabilities
email address (4.. Final round) : if the AP wishes to test the scenario where hrms returns negtive feedback by email to a centralized email address :
BOSA will hand over the set of (9) invoices (xml’s) to be used through the different runs - tuned to the AP’s context. These 9 xmls cover the different cases that need to be checked. For info, please find here a zip file containing the 9 sample reference xml invoices. [NB: if, exceptionally, the enterprise communicated by the AP is registered in the hrms senders list, BOSA will remove it for the sake of the test]
(b) what is the sequence of each test round?
Each round only takes 2 simple steps:
AP sends the 9 invoice and informs BOSA once the set is duly sent
BOSA (a) tracks the outcome of each invoice sent (based on the ID of each invoice), (b) modifies the hrms configuration for the next round, and (c) gives the GO to the AP to move to next round
The testplan is designed to require minimal input, effort and time from the AP.
This is the opportunity for the AP to get first hand, in only a few minutes, a glimpse of the workings of hrms.
BOSA invites all APs to take this opportunity.
CBE Identification scheme ID migration (9956>0208)
Introduction of schemeID 0208 completed :
initiated with Peppol BIS schematron summer 2020 release
completed at the initiation of the schemeID 9956 removal
Removal of schemeID 9956 :
initiated with the BIS schematron spring 2021 release and
completed with the BIS schematron fall 2021 release
Removal : scheduled Sep 1, 2023
In an initial phase of the use of Peppol, the Belgian enterprise number has been assigned a PEPPOL schemeID in 2016 (9956).
The introduction of the EN 16931 caused the need to replace schemeID 9956 by an ICD-compliant new schemeID. FPS Economy, owner of the enterprise number, proceeded with the due registration of the enterprise number. ICD 0208 was assigned in april 2020, and recorded in EAS in june 2020.
Consequently the migration of 9956 to 0208 introduction was necessary. It was coordinated in the present section
Additional Coordination notes
Due to the remaining use of the old BIS (2.0) MLR (aka. "MLRv1") at end of the migration May 1, 2021 , schemeID 9956 removal could not be scheduled. Deprecation of old BIS MLR was not possible until BIS IMR was duly introduced in B2G invoicing. Use of BIS IMR to return B2G invoice responses was introduced in March 2022; use of old BIS MLR to return B2G invoice responses was interrupted in September 2022. -> schemeID 9956 removal discussions are reprogrammed on the SP forum.
At forum Sep 15, 2020 it was decided that the minimal scenario will be complemented with regular monitoring by BOSA (see below : share periodic progression data). Progress on the 3 stages will be monitored on the basis of a questionnaire that will be sent out on a monthly basis. The 3 identified stages are :
stage 1 : Stop registering new participants under scheme ID 9956
stage 2 : Finish migrating 100% of portfolio from scheme ID 9956 to scheme ID 0208
stage 3 : Exclusive use of Scheme ID 0208 for all existing and new participants
At forum Jul 14, 2020 forum there was no clear preference for any migration support discipline. Consequently the only official migration scenario is the minimal one, where each SP is solely responsible of meeting the schedule and the possible negative impact of missing milestone B. BE PA will nevertheless reassess options and at least gather and share periodic progression data.
Decommissioning old BIS Billing (2.0) - incl. old BIS decommissioning enforcement on smp.belgium.be
Since Jun 28, 2020smp.belgium.be throws a BELMA-306 error code upon attempt to register a non-BIS (3.0) document type prior to registering the equivalent BIS
The Belgian Government took measures to phase out all non-BIS (3.0) traffic reaching it. old BIS (2.0) BILLING receiving capability of Government entities was removed (a) from the test environment on Oct 1, 2020 and (b) from production on Mar 31, 2021
NB: Although this is not supposed to happen, technically speaking, smp.belgium.be does not reject new registration based on old BIS (2.0), provided that BIS (3.0) equivalent receiving capability is already registered, no explicit cleanup of old BIS-based receiving capabilities has been executed yet on smp.belgium.be . Until the removal of the related identifier is decided, it is the responsibility of each service provider to duly assist their end users in properly de-registering deprecated receiving capabilities.
Hsmp migration token collection interface
as a result of the Hermes initiative, all active Belgian enterprises are registered on Peppol. 98% of them are registered on HermeSMP and ready for migration onto another solution ( + smp). No Blegian enterprise can be registered “from scratch” anymore. In order to speed up the migration of Belgian enterprises out of Hermes (hrms) towards a suitable e-invoicing tools, BOSA decided to (1) initiate migration for all hrmsparticipants and (2) let HermeSMP (hsmp) expose a (secure) Migration Token Collection Interface (mtci).
The interface specifications were submitted to a review round to the Belgian SP/AP forum members in June 2020. The first stable version of the specs were posted below on Jul 3, 2020 . The interface is ready for tests as of Sep 14, 2020 The testing window closed on Oct 16, 2020 . No specific bug were reported during the testing window. Consequently, BOSA has initiated the acceptance and go-live phase of hsmp mtci.
The specs and other useful documentation are maintained below.
Swagger: compliant with the applicable standards, this API is subject to one single and comprehensive, machine- and human-readable specification file: hsmp_migration_key.yaml NB: human-readable rendering can be made more convenient by using specific editors, such ashttps://editor.swagger.io/
Test Plan: compliant with applicable standards, the following resource is made available to enable any (future or current) API-user to perform local tests during its development cyccle: HSMP_migration_key.postman_collection.json (Postman)
NB: above specifications include all possible cases/scenarios, including exceptions/errors. Additionally, during the API development cycle the list of responses codes was gradually elaborated and discussed using the table 1below. This information is still available for tracking purposes only.
Online User-Testing data - practical aspects
The API is available in a test environment to support online user-tests at the end of the user development cycle. This section explains how online tests are organized.
how does it work
we prepared 20 datasets. Each tester gets his own dataset so he can perform his own test without risk of clash with any other tester.
upon request to BOSA, each tester will get an own test dataset assigned.
test data will be recycled daily
below you find a matching of the test data with the scenarios to be tested.
matching test data - test scenario:
(a) Preamble: - each dataset is subdivided in types of participants, - each participant of a given type is suitable for a given test scenario. - bullet (b) below lists the types , and bullet (c) below lists the matching of the types with the datasets
(b) Types of participants: Type 1: Participants registered in HSMP but not registered in SMK. These are not valid KBO enterprises and therefore cannot be used to migrate to Belgium SMP. (Can be used for load testing, black listing...) Type 2: Participants flagged as migrated in HSMP but not registered in SMK. Type 3: Participants flagged as deleted in HSMP but not registered in SMK. Type 4: Invalid participants Type 5: Participants registered in HSMP and in SMK. These are valid KBO enterprises and therefore can be used to migrate to Belgium SMP.
(c) Matching with test cases (cf Postman documentation)
Case 2.1 : Type 1, Type 5 Case 2.2 : Any Case 2.3 : Type 4 Case 2.4 : Type 1, Type 5 Case 2.5 : Type 4 Case 2.6 : Type 2 Case 2.7 : Type 3 Case 2.8 : Type 1, Type 5
Case 3.1 : Type 1, Type 5 Case 3.2 : Type 4 Case 3.3 : Type 2 Case 3.4 : Type 4 Case 3.5 : Any
Sep 22, 2020 (1°) Testing phase schedule adapted. (2°) Test datasets descriptions posted and practical details info updated (in line with our discussions on Sep 15, 2020 and the availability of one dataset per tester.)
Oct 23, 2020 publication of test results and move to acceptance / go-live phase
verify that the outcomes of the previous phases meet the expectations
DONE - validation based on user testing results
Table 3 summary of testing phase results
abstract: All SPs ave been given the opportunity to test hsmp mtci. at Oct 19, 2020 , 6 datasets were distributed. positive test results was received from 4 testers. no negative feedback was received
I did some basic tests and was able to migrate an active participant and register it to Belgium SMP and then register it for the wanted DocumentTypes. This all went very smooth. I also tested some of the other paths and everything seems in order with the documentation. These tests were not very extensive, I was not yet able to test the all the cases and was not yet able to do some load tests.
I ran the collection file once per type. At first sight everything seems to be ok. Please find in attachment the exported results from postman runner. Mathieu's reaction: I am glad that your first tests were successful. Did you get a chance to perform a second round of testing? Do you need any help or clarification from us? Don't hesitate to call me if you have any questions.
via Wim Maerevoet 23.9
No information upon start. No feedback on tests.
Started 6.10 - question raised, ticket open at TS, answer given
We started the testing and noticed there is a connection issue with the Hermes SMP. Could you confirm we can start using the Hermes SMP with our Peppol AP certificates for the test network? When we try to reach the smp-test.belgium.be with the certificates everything if working as expected, but when trying to reach spm.acc-hermes-belgium.be we receive no response (see attached image). Could you have a look what happened and how we should connect? answer from Tradeshift: The root cause of the issue is simply the TLS certificate that is not the final one for smp.acc-hermes-belgium.be (fyi, was misspell in the support request) . Is it possible to simply ignore the TLS error for the moment until we have the proper certificate in place?
Thanks for the test dataset. Since we only have a small amount of customers using Peppol, we currently do all registrations with Postman. So we were able to do all required testing by using the provided Postman collection of the confluence page. All API calls worked as expected.
via Oriol Bausà Peris (13.10)
No information upon start. No feedback on tests.
Hermes agreements framework
Hermes helps leveraging B2G e-invoicing adoption on B2B e-invoicing adoption in Belgium. It makes it possible to Belgian Peppol invoice senders, to reach all their Belgian customers on Peppol. For juridical reasons, its use requires a specific agreement between the sender and the Belgian government (represented by BOSA), in addition to the Peppol agreements. Service providers are invited to support this and integrate Hermes in their service offering. Access to Hermes is free of charge for the Service Provider. BOSA designed agreements that fulfill these purposes. The Belgian SP/AP forum members reviewed the initial agreements (minimal viable product) in June 2020, and the updated agreement (improved version) in Q3 2022. In this latest version, the agreement as such provides the terms and conditions that specifically apply to the integrator, while other terms and conditions are listed in annexes listed at the end of the agreement. It is the case of (a) generic terms and conditions, (b) terms and conditions that apply to the sender, in his quality of user of Hermes, and the receiver in his quality of end-user (ultimate beneficiary) of Hermes, and (c) technical, functional and security guidelines
The Hermes integrator agreement template can be found at the following address:
Answers to questions posted by SPs during 8th edition of the forum (23/06/2020)
Will we be informed when Babelway is ready and when we can start testing ?
Will we get an update on the interface spec?
Yes. BOSA will keep using the BE AP forum page to publish updates in the documentation and project progress, and members will be informed by email. An update will be published soon. This update closes the design phase: the specifications are considered stable enough to move to development.
Do sender and AP need to sign agreement or is one enough?
The SP needs to sign the integrator’s agreement. The sender needs to sign the sender’s agreement. However, to accommodate the SP’s processes, the formalism is up to the AP, as long as it can be audited that the sender has indeed formally agreed the convention. It does not necessarily need to be a “good old written signature on paper”, but it must be opposable and auditable.
The agreement should be signed with all the Service Providers in Peppol, not only with Belgian ones, isn't it?
The Belgian restriction applies to senders and receivers, not to SPs. At this stage the convention is only available in the official Belgian languages but foreign APs operating in Belgium can sign it.
Was the Hermes proposed process submitted to approval of OpenPEPPOL ?
Of course OpenPeppol is informed in detail about the Hermes project.
The receivers are then in Peppol, and reachable from Peppol everywhere. Michel's point on mixing the reliable Peppol delivery with the mail is really relevant.
It is not only about what is relevant, but also about what is the most relevant. Indeed emails are less reliable but today the sender has no choice anyway. By reconciling both models (as much as possible), we expect to boost the uptake of end-to-end e-invoicing, opening a boulevard for the industry. The risk of losing a few invoices in the process, a risk which exists today anyway, is really minor compared to the benefits.
Why does the HermeSmp not register all the Belgian entities with a customized version of the bis3 invoice that has a mandatory email address? This would resolve the issue of enforcing it no?
If there is a change in the behaviour of PEPPOL, my understanding is that it should be approved by the impacted parties. As an AP, I request this to be put to a formal approval
There is no such change
I support Michel that having a standard and efficient way to differentiate receivers in Peppol lookup/directory that are reachable via BIS3 via Peppol to pdf via email delivery from the standard einvoice receivers in Peppol. This maybe achieved by a national process/profile etc.
It is very easy to differentiate a Hermes receiver from others: the Hermes receivers are not published on Peppol Directory. In other words, any Belgian enterprise (identified by his enterprise number) that is not on the Peppol Directory, is a Hermes receiver. Another way to look up this information, that is cleaner from a technical perspective (but may be harder for a lambda user), is to query hsmp directly.
Hermes – possible confusion with some Peppol principles – clarification (published 15/06/2020)
With Hermes, BOSA DT implements the mandate formulated by the Minister of Digital Agenda in his policy note 2018, in respect of the solution described in the tender “BOSA 2018/M1087”, also approved by the Minister.
The policy goal is to help the suppliers to get a faster payback for their initial efforts to comply with Government requirement to use Peppol. The proposed solution is to (a) publish Peppol BIS Billing receiving capabilities for all Belgian enterprises (except the ones already publishing such capabilities), and (b) build a system that converts Peppol BIS invoices into equivalent PDF and forwards these by email to the receiver. This brings all Belgian enterprises within the reach of the Peppol senders - and their service providers.
In addition to the pay-back effect for the senders, the use of Hermes offers 4 strategic advantages:
It reduces the friction between the senders and the receivers. By converting Peppol BIS into PDF, Hermes gives more freedom to each party in the management of his e-invoicing transformation. For senders, it removes the need to maintain multiple channels (at least for domestic traffic).
It provides a communication channel to Belgian enterprises: in addition to the invoice, the email sent by Hermes also provides information to the enterprises about the available solutions on the market, thereby speeding up the adoption. Moreover, the enterprises receive the information along with the invoices. This is the moment where they are supposed to be most sensibilized.
It generates a significant growth of the volume of invoices that can be processed automatically. This will turn into a better/broader sharing of the costs of technology and boost the development of new tools. Consequently, it will help the IT sector to grow, and the Belgian enterprises to find suitable solutions at affordable prices.
It will also benefit to B2G adoption:
Directive 2014/55 obliges the public sector to receive e-Invoices, but it doesn’t oblige the private sector to send them.
This creates a risk that the public sector does not receive sufficient invoices to compensate the investments made to meet the obligation.
Hermes provides an additional motivation to the senders, and thus reduces the risk described above.
Hermes is only a temporary solution. In the Peppol terminology, all Hermes receivers are ready to migrate from day one. As soon as such receiver finds a suitable and affordable tool to automate the inbound invoice processing, he/she migrates onto it. Once a sufficient adoption of interoperable e-invoicing is achieved, Hermes will retire. The sooner the better.
Purpose of this paper
To use Hermes, Peppol senders must meet three conditions: (1°) be a Belgian enterprise, (2°) accept the conditions of use of Hermes and (3°) communicate the email address of their client. The degree of alignment of some of these conditions with the Peppol principles, seems to cause confusion to some stakeholders. The purpose of the present paper is to clarify how these conditions relate to the Peppol specifications.
Be a Belgian enterprise
BOSA DT is a Belgian Federal public service. It can only provide service to Belgian enterprises. Consequently Hermes can only handle invoices sent by Belgian enterprises. If Hermes would also handle invoices sent by foreign enterprises, it would clearly fall outside the scope of action of BOSA. BOSA cannot afford to take this risk.
This condition does not seem to be the subject of a discussion, hence it does not require any additional clarification.
Accept conditions of use
Hermes is an intermediate component between the sender and the receiver. It cannot operate without a clear mandate from one of the two parties. Obviously it is not feasible to receive such a mandate from every Belgian enterprise. Therefore it must be mandated by the sender.
In the first place, this formality is not related to Peppol. No entity, private nor public, can act as an intermediate without having an agreement with at least one of the parties. It is also needed to clearly delineate the boundaries of the service, such as the domestic coverage (previous condition). Therefore, in the current design of Hermes, this aspect is handled outside of any Peppol-related consideration, before even considering Peppol. Peppol comes into play in many other aspects of Hermes, but not in this one.
More specifically, Hermes must not be confused with a receiving Access Point (C3). It is situated in the business layer (C1 – C4). In C1, Hermes offers a solution to the sender to capitalize on their existing interoperable outbound invoicing systems. In C4, it is a gateway that takes care of the last mile, after the Peppol transmission. It is based on a non-ambiguous identification of the suppliers and customers coming from the authoritative source of Belgian enterprises. Such a construction indeed is difficult to map in the Peppol model. The Hermes reasoning supersedes the Peppol reasoning, it does not contradict it.
By design, all invoices sent to Hermes must be converted to human readable format and forwarded by email to the final destination. Therefore the correct email address of the receiver is required. As this email address can depend on many factors (even for the same receiver), the supplier (sender of the invoice) must provide the correct address. The only other way to handle this need would be to store a suitable email address for every Belgian company in the Hermes configuration data. During design, this option was judged excessively complex and disproportionate.
Requiring extra information on top of the BIS is not uncommon. Most if not all invoices exchanged over Peppol contain information that is not mandatory but nevertheless indispensable in the specific business scenario of the invoice. For instance, the Flemish government requires a Purchase Order number. The need for an email address is considered to be proportional to the scenario addressed by Hermes.
On the basis of the political mandate, the legal checks and the clarifications above, BOSA is confident that the Hermes construction cannot reasonably be judged to be in contradiction with the Peppol principles. On the contrary, deep down the fundamental principles of Peppol we can find the core principle of inclusiveness. Hermes increases alignment of Peppol with this core principle.
Additionally, BOSA explores possibilities to improve the alignment between Peppol and Hermes. The most likely option would be to define a national use case. This is the subject of an upcoming effort and is driven by additional factors and constraints.
Hermes documents review round 202006 - closed
This section shares information with the Belgian Service providers about Hermes in the context of a draft review round.
Timewise, this round
started with a presentation during the 7th Belgian AP forum on May 26, 2020 .
In addition to the convention of use, DT offers the possibility to integrators to incorporate Hermes in their service offering, and the collection of the senders' agreement with the conditions of use in their own service subscription process. For this the integrator must sign a convention of integration, that describes the responsibilities that the integrator is expected to take to insure smooth operations
offers the Peppol APs the possibility to automate the collection of the Hermes participants migration tokens. It is a REST service with the same security as smp.belgium.be. This interface specification consists in (a) a swagger; (b) a Test Plan , and (c) additional info if needed
(hsmp) migration token collection interface - Test Plan
Currently only the Table of Contents of the text plan is available. However ,once it is reviewed, the Test plan will be elaborated and packaged as a Postman Project that suits for the testing of the interface. The graphical representation of the high-level description is also provided. notice however that an inconsistency was found when comparing the TOC and the viusal - the error 3 seems to overlap hsmp801. This is under investigation
High-Level Description / “table of contents”
response :: http - detail
response :: http - detail
valid and not yet migrated enterprise number
200 - the pair enterprise number & migration token
401 - no certificate provided with the request
error while parsing certificate
401 - error while parsing client certificate
certificate expired or not yet valid
401 - client certificate expired or not yet valid
the enterprise number does not correspond to an existing enterprise (or is garbage)
404 - invalid or non-existing enterprise number + id
the enterprise number was deleted (in the context of the monthly processing of the CBE dump or the admin removal function)
404 - inactive enterprise number + id
the enterprise number that was already migrated to another smp
404 - already migrated + id
any request of a used that exceeded the blacklisting limit and was not yet reactivated
429 403 - you have been blacklisted please contact BOSA
internal server error
500 - internal server error
(hsmp) migration token collection interface - Additional info
AP forum: discuss the interface specifications, practicalities
then post a draft proposal to collect comments (2weeks)
then publish (initial) documentation package ( swagger + Test plan + read-me ) and schedule on agreed repository
development and babelway test
includes update of the documentation package at end of dev phase
includes collection of test results, fixing, updating the documentation package
verify that the outcomes of the previous phases meet the expectations
Currently, no need for such an additional piece of documentation is identified. During the specifications review round, review participants are invited to describe the additional documentation they would need, if any.