EDI – Security Concept

Swedish Customs applies a PKI-based security concept. Here you will find information needed when developing a customs EDI system to communicate with Swedish Customs. Your system must follow the specified security requirements.

Secure electronic data interchange (EDI) means that the issuer of the information can be secured identified, that the information is protected against change, and that it is transferred by means of secure communication. In the Swedish Customs security concept data is locked by an electronic signature created through PKI-based asymmetric cryptography, where only the person issuing the information has access to the private key. The method is based on common standards. Within the limits of Swedish Customs' guidelines and instructions, companies can choose their own method to identify users in their system for submission of information. A company key is used to create a signature. This enables Swedish Customs to uniquely identify the company by the electronic signature, but not the individual user within the company.

In the PKI-based security concept Swedish Customs is the certificate authority of the Company Signature Certificate, used to sign messages to send to Swedish Customs. The certificates issued by Swedish Customs is limited to use only for electronic data interchange with Swedish Customs.

PKI security concept – general instructions for EDIFACT and XML

Detailed information on the PKI-based security concept can be found here:

Guidelines on security for electronic interchange EDI version 2.0 EN Pdf, 330 kB.

Please note that the requirement for identification of a natural person to sign electronic declarations is no longer applicable. All declarations now belong to Category 1 according to section 1.5 in the Guidelines and instructions on security for electronic data interchange (EDI). The Guidelines will be updated accordingly.

Swedish Customs’ CA for electronic data interchange (EDI)

Published root certificate, intermediate issuer certificates, Swedish Customs Signature Certificates and server certificates

Description of certificate hierarchy (root certificate and intermediate issuer certificates) for Swedish Customs’ CA for electronic data interchange (EDI) Pdf, 173.4 kB.

The requirements on Swedish Customs as certificate issuer are specified in ”Certifikatpolicy (CP) och utfärdardeklaration (CPS) för Tullverkets CA för informationsutbyte via EDI" (available in Swedish only). Pdf, 162.5 kB.

Swedish Customs Signature Certificate

The Swedish Customs Signature Certificate, which we use to sign messages that we send to your company, is replaced annually. The replacement is normally done during March or April and a new Swedish Customs Signature Certificate is published at least a month before the replacement.

More information about the replacement can be found on Swedish Customs Signature Certificate.

How to order the Company Signature Certificate

Instructions to order signature certificates and answers to frequently asked questions are available here:

EDI – Signature certificates and registration of contact person

Questions and answers about signature certificates

Instructions for security concept for EDIFACT

Technical specifications for security concept EDIFACT (SCTS-SC)

Example of an interchange with CUSDEC or CUSRES with accompanying AUTACK based on PKI Pdf, 40.4 kB. (2011-09-20)

PKI technical FAQ Pdf, 248.1 kB.

Example to manually check and create EDIFACT signatures Pdf, 402.8 kB.

Zip archive with example files to manually check and create EDIFACT signatures Zip, 422 kB.

Instructions for security concept for XML

Technical specifications for security concept XML (SCTS-ENV)

Example to manually check and create XML signatures Pdf, 560.4 kB.

Last updated:

What is updated: New document: Swedish Customs Signature Certificate used from March 21, 2023

Spam protection with captcha * (mandatory)