EDI – Security Concept

Swedish Customs applies a PKI-based security concept. Here you will find information needed when developing a customs EDI system to communicate with Swedish Customs. Your system must follow the specified security requirements.

Secure electronic data interchange (EDI) means that the issuer of the information can be secured identified, that the information is protected against change, and that it is transferred by means of secure communication. In the Swedish Customs security concept data is locked by an electronic signature created through PKI-based asymmetric cryptography, where only the person issuing the information has access to the private key. The method is based on common standards. Within the limits of Swedish Customs' guidelines and instructions, companies can choose their own method to identify users in their system for submission of information. A company key is used to create a signature. This enables Swedish Customs to uniquely identify the company by the electronic signature, but not the individual user within the company.

In the PKI-based security concept Swedish Customs is the certificate authority of the Company Signature Certificate, used to sign messages to send to Swedish Customs. The certificates issued by Swedish Customs is limited to use only for electronic data interchange with Swedish Customs.

PKI security concept – general instructions for EDIFACT and XML

Detailed information on the PKI-based security concept can be found here:

Guidelines on security for electronic interchange EDI version 2.0 EN Pdf, 330 kB.

Please note that the requirement for identification of a natural person to sign electronic declarations is no longer applicable. All declarations now belong to Category 1 according to section 1.5 in the Guidelines and instructions on security for electronic data interchange (EDI). The Guidelines will be updated accordingly.

Published root certificate, intermediate issuer certificates, Swedish Customs Signature Certificates and server certificates

Description of certificate hierarchy (root certificate and intermediate issuer certificates) for Swedish Customs’ CA for electronic data interchange (EDI) Pdf, 173.4 kB.

Swedish Customs Signature Certificate used from April 5, 2022 Pdf, 274.8 kB.

The Swedish Customs Signature Certificate, that we use to sign messages that we send to You, is replaced annually. To enable automatic monitoring and retrieval functions, Swedish Customs provides links to the current and the next Swedish Customs Signature Certificate.

TullverketEDInext is published in conjunction with the certificate creation and TullverketEDIcurrent is changed within days after the activation has been made.

TullverketEDInext and TullverketEDIcurrent are found here:

The requirements on Swedish Customs as certificate issuer are specified in ”Certifikatpolicy (CP) och utfärdardeklaration (CPS) för Tullverkets CA för informationsutbyte via EDI" (available in Swedish only). Pdf, 162.5 kB.

How to order the Company Signature Certificate

Instructions to order signature certificates and answers to frequently asked questions are available here:

EDI – Signature certificates and registration of contact person

Questions and answers about signature certificates

Instructions for security concept for EDIFACT

Technical specifications for security concept EDIFACT (SCTS-SC)

Example of an interchange with CUSDEC or CUSRES with accompanying AUTACK based on PKI Pdf, 40.4 kB. (2011-09-20)

PKI technical FAQ Pdf, 248.1 kB.

Instructions for security concept for XML

Technical specifications for security concept XML (SCTS-ENV)

How to manually control an XML-signature Pdf, 238.2 kB. (in Swedish)

Last updated:

What is updated: Quality assured