EDI – Security Concept
Swedish Customs applies a PKI-based security concept. Here you will find information needed when developing a customs EDI system to communicate with Swedish Customs. Your system must follow the specified security requirements.
Secure electronic data interchange (EDI) means that the issuer of the information can be secured identified, that the information is protected against change, and that it is transferred by means of secure communication. In the Swedish Customs security concept data is locked by an electronic signature created through PKI-based asymmetric cryptography, where only the person issuing the information has access to the private key. The method is based on common standards. Within the limits of Swedish Customs' guidelines and instructions, companies can choose their own method to identify users in their system for submission of information. A company key is used to create a signature. This enables Swedish Customs to uniquely identify the company by the electronic signature, but not the individual user within the company.
In the PKI-based security concept Swedish Customs is the certificate authority of the Company Signature Certificate, used to sign messages to send to Swedish Customs. The certificates issued by Swedish Customs is limited to use only for electronic data interchange with Swedish Customs.
PKI security concept – general instructions for EDIFACT and XML
Detailed information on the PKI-based security concept can be found here:
Please note that the requirement for identification of a natural person to sign electronic declarations is no longer applicable. All declarations now belong to Category 1 according to section 1.5 in the Guidelines and instructions on security for electronic data interchange (EDI). The Guidelines will be updated accordingly.
The Swedish Customs Signature Certificate, that we use to sign messages that we send to You, is replaced annually. To enable automatic monitoring and retrieval functions, Swedish Customs provides links to the current and the next Swedish Customs Signature Certificate.
TullverketEDInext is published in conjunction with the certificate creation and TullverketEDIcurrent is changed within days after the activation has been made.
TullverketEDInext and TullverketEDIcurrent are found here:
- TullverketEDIcurrent – PEM-format
- TullverketEDIcurrent – DER-format
- TullverketEDInext – PEM-format
- TullverketEDInext – DER-format
The requirements on Swedish Customs as certificate issuer are specified in ”Certifikatpolicy (CP) och utfärdardeklaration (CPS) för Tullverkets CA för informationsutbyte via EDI" (available in Swedish only). Pdf, 162.5 kB.
How to order the Company Signature Certificate
Instructions to order signature certificates and answers to frequently asked questions are available here:
Instructions for security concept for EDIFACT
Instructions for security concept for XML
What is updated: Quality assured