Tullverket

EDI – Security Concept

Swedish Customs applies a PKI-based security concept. Here you will find information needed when developing a customs EDI system to communicate with Swedish Customs. Your system must follow the specified security requirements.

Secure electronic data interchange (EDI) means that the issuer of the information can be secured identified, that the information is protected against change, and that it is transferred by means of secure communication. In the Swedish Customs security concept data is locked by an electronic signature created through PKI-based asymmetric cryptography, where only the person issuing the information has access to the private key. The method is based on common standards. Within the limits of Swedish Customs' guidelines and instructions, companies can choose their own method to identify users in their system for submission of information. A company key is used to create a signature. This enables Swedish Customs to uniquely identify the company by the electronic signature, but not the individual user within the company.

In the PKI-based security concept Swedish Customs is the certificate authority of the Company Signature Certificate, used to sign messages to send to Swedish Customs. The certificates issued by Swedish Customs is limited to use only for electronic data interchange with Swedish Customs.

PKI security concept - general instructions for EDIFACT and XML

Detailed information on the PKI-based security concept can be found here:

Guidelines on security for electronic interchange EDI version 2.0 EN Pdf, 330 kB.

Please note that the requirement for identification of a natural person to sign electronic declarations is no longer applicable. All declarations now belong to Category 1 according to section 1.5 in the Guidelines and instructions on security for electronic data interchange (EDI). The Guidelines will be updated accordingly.

Swedish Customs signature certificate and new intermediate certificates for Swedish Customs’ CA for electronic data interchange (EDI) Pdf, 325.2 kB. (2021-03-01)

More information such as the Certificate Policy (CP), root certificate and intermediate issuer certificate is available in Swedish.

How to order the Company Signature Certificate

Instructions to order signature certificates and answers to frequently asked questions are available here:

EDI – Signature certificates and registration of contact person

Questions and answers about signature certificates

Instructions for security concept for EDIFACT

Technical specifications for security concept EDIFACT (SCTS-SC)

Example of an interchange with CUSDEC or CUSRES with accompanying AUTACK based on PKI Pdf, 40.4 kB. (2011-09-20)

PKI technical FAQ Pdf, 248.1 kB.

Instructions for security concept for XML

Technical specifications for security concept XML (SCTS-ENV)

How to manually control an XML-signature Pdf, 238.2 kB. (in Swedish)

Last updated:

What is updated: The information on signature certificates is new.


4000