Skip to Content
New webcast series this fall: "The Future of Business: Digital Transformation, Secure in the Cloud." Register now!
Pillar Pages

What Is AS4?

Overview

AS4 (Applicability Statement 4) is a message protocol based on web services to securely exchange B2B messages between trading partners. The protocol was developed by the technical committee of OASIS (Organization for the Advancement of Structured Information Standards) for ebXML Messaging Services. AS4's web services capability gives it the opportunity to develop into a cloud-based communication standard.

Comparison AS2 and AS4

AS4 and AS2 are very similar by design. During the development of AS4, all advantages of AS2 were analyzed, worked out and inspired by them. In contrast to AS2, AS4 works within a web service context and also has better interaction patterns and delivery notifications. In addition, compared to AS2, AS4 has the option of actively pulling messages by the recipient, since the AS4 server is permanently active.

Main features of the AS4 messaging standard

  • Interoperability: The AS4 messaging standard is defined based on the OASIS standard
  • Security: A subset of web services security features is used to ensure the non-repudiation of the message and data confidentiality
  • Reliability: by exchanging confirmations, AS4 ensures a one-time delivery
  • Independence from use: any type of payload (EDI, XML, ...) can be exchanged

AS4 Messaging Service Handler

The Messaging Service Handler (MSH) is responsible for setting up the AS4 message exchange with the remote station on the sending or receiving side. Communication with the remote station must comply with AS4 specifications and be able to communicate with an internal business application.

Whitepaper: Business Integration Suite | EN

 White Paper

Accelerate and Automate Business-Driven Innovation with Integration

Read now

Message types of AS4

The ebMS 3.0 specification defines the following message types defined within the AS4 usage profile:

User Message

contains the business payload that is exchanged between the business applications of two parties

Signal Message

have the function of establishing non-repudiation and reliability. There are three different types:

  1. Receipt: Confirmed that the received MSH could analyze the incoming message
  2. Error: Confirms that the received MSH encountered a problem while parsing the incoming message.
  3. Pull request: Supports the pull message exchange pattern.

The areas of use of AS4

AS4 is increasingly being used in markets that use a service-oriented architecture for B2B messaging. These include the retail trade, the healthcare and the utilities sector.

For example, the European gas network operators (ENTSOG) have already defined their own usage profile in 2015. Other uses that rely on AS4 include:

  • Peppol (Pan-European Public Procurement Online)
  • e-CODEX (e-Justice communication via online data exchange)
  • ENTSOG (European Network of Transmission System Operators for Gas)
  • EPREL (European Product Registry for Energy Labelling)

Learn more about how SEEBURGER AG offers its customers an AS4 gateway for various purposes.

What are the general advantages of AS4?

The source is clearly defined by digital signatures
Data security through encryption is secured
Proof of timely delivery by delivery notification receipt
Support for large file compressions and file transfers

FAQ MaKo AS4

What did Mako 2023 change?
  • In the electricity sector, email and AS2 communication were replaced by AS4 communication.
  • Each market participant needed to set up new connections to each of their communication partners.
  • AS4 communication in the electricity sector is secured with ECC Brainpool (Elliptic Curve) cryptography.
  • The smart meter public key infrastructure now requires certificates to be obtained by market participants.
  • Market communication has been integrated into the SM-PKI
  • Private keys must be secured in the Hardware Security Module (HSM).
  • Further information can be found in this SEEBURGER AS4 blog post.
What will be changing from October 1st 2024?
  • The gas sector will also be switching to AS4 communication, as has already been implemented in the electricity sector. The transition period is from October 1st 2024 to March 31st 2025.
  • Schedule management data will also be switched to AS4 communication. The switchover period is from October 1st 2024 to November 30th 2024.
What happens if I have not yet switched to AS4 for my marketet communication in the electricity sector?

By 1st April 2024, all market participants in MaKo Strom must have migrated to AS4. The deadline for switching to AS4 has not been extended by the Federal Network Agency.

Is it possible to start integrating AS4 technology before the planned technical implementation period?

You may agree with your communication partners to use the new transmission channel before the official changeover period. However, this must be done in a way that doesn't discriminate against your other partners.

What happens if I cannot use AS4 to communicate in MaKo Strom from October 1st, 2023 Do I have time until the end of the transition period on March 31st, 2024?

The transition period for the electricity sector was understood as a changeover period and assumes that all market participants will be able to communicate via AS4 from 1 October 2023. SEEBURGER cannot say how the BNetzA will deal with market participants that do not comply.

How can I connect new market partners via AS4 after the end of the electricity switchover period? Can I still send switch requests?

No, switch requests were only intended for the switchover period. Further information can be found in the German-language response in the data formats forum.

What is the timeframe for AS4 migration in the gas sector? Do I need to be able to communicate via AS4 from October 1st 2024, like for the electricity sector, or is the deadline the end of the transition period?

Unlike the electricity sector, there is no requirement to be AS4 compliant from October 1st 2024. However, the transition must be complete by the end of the period.

What is the timeframe for switching schedule management to AS4?

Schedule management is not a technical change, as the connections already exist thanks to the changeover in MaKo Strom. You will just need to convert your workflows to AS4.

What do I need to switch to AS4?
  • An AS4 adapter that supports ECC Brainpool. The SEEBURGER adapter already supports this.
  • A hardware security module (HSM) where the private keys are generated and stored.
  • New certificates from the BSI Smart Meter PKI.
Where can I find the AS4 profile or documentation on this?

Here (German language)

What AS4 methods will be used?

Push

Is the URL in the certificate the AS4 address or the web address to access the AS4 parameters?

It is the AS4 address.

When is a file deemed to have been delivered in AS4? Are there readable time stamps for this?

You know that your data has been successfully delivered by AS4 when you receive a non-repudiation receipt (NRR).

Do I need to provide a separate host name for each connection, as with smart meters?

Yes, a host name is required for each endpoint, i.e. each individual MP ID.

What is an HSM?

HSM stands for Hardware Security Module. This is where the keys for the PKI are generated and stored.

Can an organization only use one HSM?

A company can use as many HSMs as it wishes. There are no restrictions.

Can an organization use the same HSM for both MaKo and smart meter communication?

Yes. For further details, see BSI Certificate Policy (CP) der Smart Metering-PKI Version 1.1.2 (German languag

Which HSMs are approved by the BSI?

As far as we know at the moment, you can use any HSM that has already been approved for SM-GW communication.

Is it sufficient to purchase one HSM for multiple organizations/customers or are there scenarios where two or more HSMs are required?

The same HSM can be used for multiple organizations/customers.

In the future, will the HSM be accessed to retrieve certificate information for every macro process using AS4?

No. All cryptographic operations requiring a private key take place within the HSM.

The certificate policy (CP) was published by the BSI in March 2023. It states that it is not possible to streamline either the HSM or the process for "smaller scenarios". How exactly is this to be interpreted, as there are some discrepancies in the current version of the CP?

Inconsistencies in the CP are still being corrected. The example quoted above refers to key storage for communication with the sub-CA, not for market communication.

Why did SEEBURGER choose to use an HSM rather than an alternative cryptographic module such as a smart card or server? We know that passive external market participants (EMTs) fall under security level 1, not 2, which means they don't need to use a certified HSM.

For the MaKo AS4 service, SEEBURGER has chosen to use an HSM certified to the Smart Meter PKI because we want to provide our customers with proof of the compliance of the cryptographic module at all times. An HSM certified to the PKI specifications meets this requirement, as evidenced by the certification and the manufacturer's declaration.

What sub certificate authorities can I use for MaKo, and from when?

There’s a full list of appropriate sub CAs on the BSI website.

How do I apply for the necessary certificates?

You need to follow the process stipulated by the BSI to apply for certificates. This is detailed in:

  • Certificate Policy (CP) for the Smart Metering PKI:
  • BSI TR-03109-4:
  • BSI TR-03116-3:

You can call up these documents here in their most current versions (German language)

Can the TLS-SSL certificate for the https endpoint of the incoming AS4 be from an independent certificate authority, or does it have to come from the BSI PKI?

The TLS certificate must also come from the SM-PKI.

Does each role or division require a separate AS4 certificate? For AS2, this field is currently optional in the certificate specifications

The Smart Meter PKI Certificate Policy states that a separate AS4 certificate is required for each Market Participant ID. This also means for each division as the MP ID must be on each certificate.

Will the AS4 Certificates be valid forever or will they also expire after a certain time and need to be renewed regularly?

As far as we know at the moment, the new AS4 certificates will have an expiry date of 2 years.

What can I do if my company or a market partner is not AS4-capable by October 1st?

There is currently no clear provision for this. For gas, market participants need to be AS4-capable by the end of the transition period. For electricity, market participants needed to be AS4-capable by the beginning of the transition period.

Do we know how the switchover period will run? Who reports to whom and when?

BDEW has a recommended course of action for the changeover phase. In principle, however, "the market must organize itself". Project plans should leave room for potential queries and delays.

Where can I find the BDEW recommended course of action for switchover?

On the Edi@Energy site under the name BDEW Anwendungshilfe Einführungsszenario zur Umstellung auf AS4:

How will the automated migration to AS4 take place after the test run or after the switchover request has been sent?

During the switchover phase, a switchover request is sent to the partner via the SEEBURGER migration service. After the switchover, the partner confirms the request, after which communication can take place in both directions via AS4.

Can I delete the email channel during the transition period?
  • Full email facilities must be maintained as a fallback in the event of system failure during the migration phase.
  • For the electricity sector, this period was October 1st 2023 – March 31st 2024
  • For the gas sector, this period is from October 1st 2024 – March 31st 2025
Can I - and should I - continue maintaining email channels after moving to AS4?
  • Inbound email channels should remain open during the migration period.
  • However, we recommend monitoring these to ensure that market participants who say they have migrated to AS4 are not still sending email.
  • From 1 April 2024, email communication will be prohibited under BNetzA regulations, at which point email facilities should be closed.
  • From the end of the migration phase (MaKo Electricity April 1st 2024, MaKo Schedule Management December 1st 2024 and MaKo Gas April 1 st 2025) email communication is prohibited under BNetzA regulations and email channels should be closed from those dates.
What if the participant is unreachable via AS4 and I get a retry failed message?

If a message cannot be delivered, even after several attempts, the sender receives an error message.

If a single transmission fails, this is not an indication that market communication has broken down.

May I switch back to email communication?
  • You may only switch back if you or your communication partner is experiencing a market communication problem that makes transmission impossible and has announced this. Any switch must be temporary.
  • Any temporary switch to email must be made by mutual agreement and must revert to AS4 by bilateral agreement once the malfunction has been rectified. This rule only applies during the transition period.
Have there been interoperability tests with other manufacturers?

SEEBURGER is in contact with other manufacturers and service providers, directly and through various BDEW and EDNA working groups. The tests are ongoing, including with new manufacturers & service providers who are just entering the market via the gas sector

Is there an exemption for certain market participants? Is there a threshold for low-volume participants?

No, there are no exceptions.

Where is the data decrypted?

In the Hardware Security Module (HSM)

What are the rules for the transmission path?

From 01.10.2024, there will only be one valid version for MaKo Gas, Redispatch 2.0: RzÜ V.1.x

Will there be a central address service?

According to the BNetzA, there are no plans for a central address service to retrieve AS4 communication data. Therefore, you will need to store and regularly update the data for each MP-ID connection by market partner.

The Transmission System Operators (TSOs) have already announced that from 2024 schedule management data will be exchanged via AS4. Is this included in the SEEBURGER Mako Cloud Service for AS4 transmission?

The SEEBURGER AS4 service supports the technical requirements for AS4 communication in schedule management. SEEBURGER offers a separate service with an enhanced SLA for schedule management, as this has more stringent requirements due to the processes and deadlines involved.

How do I connect to the AS4 Cloud Service?

You can connect using AS2 or a REST API

Why do I have to connect to the SEEBURGER AS4 service via AS2 or REST instead other communication methods such as email?

The specifications for the connection are based on the requirements of BSI CP 1.3.3.4 External Market Participants: "In such a system structure, it must be ensured that the data exchange between the service provider and the client has a security level comparable to the security mechanisms defined in [TR-03116-3]. TR-03116-3 refers to TR-02102, which specifies what the BSI considers 'secure' and for how long.

What do I need to be aware of when renewing certificates?

The certificate issuer must make the new certificates available at least 10 working days before the existing certificates become invalid. This creates an overlap period of at least 10 working days during which the previous and new certificates are simultaneously valid. The following applies to this period: Market partners can switch from their previous certificates to the new certificates at any time in the overlap period. These regulations apply changes at the end of the validity period and changes due to change of service provider, etc

Do you work in a sector with its own specific needs?

Take a look at the SEEBURGER range of industry-specific solutions