AS4 Access Point specifications

AS4 Access Points are the technical gateways that enable organisations to exchange data securely within an eDelivery network. The AS4 Access Point specifications define the technical rules that govern how these gateways communicate in an interoperable way.

Current versions

The eDelivery AS4 specifications are maintained in two major versions:

• eDelivery AS4 1.x, which has been widely adopted for more than ten years and provides a stable, interoperable messaging foundation for large-scale production ecosystems.
• eDelivery AS4 2.0, adopted in December 2024, which introduces significant evolutions in cryptography and operational capabilities.

Both versions are part of the eDelivery specification set and are supported in parallel to accommodate different ecosystem needs and migration timelines.

For previous versions, see Archive eDelivery AS4.

What is the eDelivery AS4 profile

The eDelivery AS4 profile is an open technical specification for secure, payload-agnostic message exchange. It specifies how Access Points communicate with each other using the AS4 messaging protocol, enabling interoperable data exchange across organisational and national boundaries.

The profile is designed primarily for four-corner network topologies, where each participant exchanges messages through an Access Point acting as a trusted gateway. At the same time, it can also be used in point-to-point exchanges, making it suitable both for network-based ecosystems and for direct bilateral communication scenarios.

eDelivery AS4 supports:

• Secure message exchange in both four-corner networks and point-to-point exchanges
• One-way and request–response communication patterns
• Payload-agnostic messaging, where the Access Point does not interpret business content
• Digital signatures and encryption based on cryptographic certificates

Standardisation organisations

The eDelivery AS4 profile is based on the ebXML Messaging Service version 3.0 (ebMS3) standard and its AS4 (Applicability Statement 4) conformance profile, developed by OASIS. In 2021, both ebMS3 and AS4 were also adopted as ISO standards (ISO 15000-1:2021 part 1 and ISO 15000-2:2021 part 2).

The profile is also recognised by ETSI as meeting the requirements for Electronic Registered Delivery Services under the eIDAS Regulation (see EN 319 522-4-1).

eDelivery AS4 2.0

eDelivery AS4 2.0 was adopted in December 2024. It represents the current evolution of the AS4 profile, introducing modern security foundations and improved operational capabilities, while remaining aligned with international standards.

It is expected that eDelivery ecosystems and solution providers will progressively adopt AS4 2.0 over the coming years, according to their technical readiness and operational constraints.

The following sections summarise the main evolutions introduced with eDelivery AS4 2.0.

Security foundations

The eDelivery AS4 2.0 profile updates the cryptographic baseline to reflect current best practices:

• Replacement of legacy RSA-based mechanisms with elliptic-curve cryptography, including EdDSA and ECDSA
• Improved key exchange based on Elliptic Curve Diffie-Hellman (ECDH)
• Support for TLS 1.3, providing improved security and performance

These changes strengthen protection of exchanged messages and improve long-term cryptographic resilience.

Operational management

eDelivery AS4 2.0 includes support for ebCore Agreement Update, which allows Access Points to exchange and update configuration parameters in a controlled and secure manner once a communication relationship is established. This capability supports operational scenarios such as:

• Updating certificates used for signing or encryption
• Changing endpoint URLs
• Adapting supported security algorithms or profile parameters

By standardising how such updates are exchanged, AS4 2.0 reduces reliance on manual or out-of-band configuration processes and improves long-term maintainability of large or evolving networks.

Discovery and routing support

The eDelivery AS4 2.0 profile is designed to work in conjunction with the eDelivery service metadata infrastructure, including SMP and SML-based discovery mechanisms. This enables Access Points to obtain communication details dynamically, such as endpoint URLs and certificates, based on information published by network participants.

These mechanisms complement existing discovery approaches used in eDelivery AS4 1.x.

eDelivery AS4 1.x

eDelivery AS4 1.x has been widely deployed across eDelivery ecosystems for more than a decade and continues to support a broad range of operational use cases, including long-standing integrations and sector-specific extensions.

Through successive minor and maintenance releases, AS4 1.x has evolved to address operational needs, clarify behaviour and improve interoperability, while preserving compatibility with existing implementations. Certain features and usage patterns, such as support for SBDH (not supported in eDelivery AS4 2.0), remain relevant in many current deployments.

Compatibility considerations

eDelivery AS4 2.0 is not backward compatible at protocol level with earlier AS4 profile versions, by design. Access Points using eDelivery AS4 2.0 cannot directly exchange messages with Access Points using eDelivery AS4 1.x.

However, implementations can support multiple eDelivery AS4 profile versions in parallel, allowing organisations to

• Use AS4 1.x when communicating with legacy participants
• Use AS4 2.0 when interacting with updated or new participants

This approach supports gradual and controlled migration across digital ecosystems.

Both AS4 1.x and AS4 2.0 play an active role in the eDelivery ecosystem, supporting different operational needs and transition strategies.