15 January 2026
Strengthening Peppol security: automated e-invoice content screening
From 1 January 2026, all VAT-registered businesses in Belgium must send and receive structured electronic invoices for B2B transactions via the Peppol network. Peppol ensures that only authorised parties can exchange documents and that invoices arrive safely and reliably. That security is essential, but it only protects the transport of invoices. It doesn’t guarantee that the content is correct, genuine, or free of fraud. Our Invoice Screening API gives Peppol access point providers and their customers a way to automatically validate or flag invoices beyond structural compliance.
Peppol secures the transport layer, not the content. It ensures that a company can safely send something to another company, but it never checks what is being sent. Our solution fills that gap by validating content and protecting against invoice manipulation. Peppol sécurise la couche de transport, pas le contenu. Il garantit qu'une entreprise peut envoyer quelque chose en toute sécurité à une autre entreprise, mais il ne vérifie jamais ce qui est envoyé. Notre solution comble cette lacune en validant le contenu et en protégeant contre la manipulation des factures.
Nicolas Chalon
Innovation Lead, Isabel
Invoice Screening adds a proactive layer of protection that helps prevent fraud and reduces risks at the moment invoices are received.
Why is screening invoice content important?
Even if an e-invoice meets the technical format requirements and is delivered safely, the content can still be manipulated:
Hijacked supplier identity
Swapped IBAN numbers
Inactive or bankrupt companies appearing as senders
Malware in attachments
Traditionally, employees manually checked invoice details. But with fully automated flows, invoices go straight into the ERP or business software, which opens the door to new types of fraud. Our service helps companies preventing that.
Nicolas Chalon
Innovation Lead, Isabel
How is the invoice content screened?
The Invoice Screening API adds a layer of protection on top of Peppol transport security. It checks the content of incoming invoices, not just their structure.
Below are the core services available today, with further additions on the way:
IBAN and company name validation
Flags mismatches that may indicate a forged invoice or updated bank details.
Fraud and threat detection
Detects signs of malicious or manipulated content, such as spoofed supplier names, invalid VAT numbers, or dangerous attachments.
Metadata feedback
Detects potential Peppol-address hijacking and checks the supplier status (e.g., inactivity, bankruptcy).
Risk scoring and flagging
Returns a clear risk level (safe, warning, danger) and flags which parts of the invoice may be problematic.
Who benefits from Invoice Screening?
Businesses
Businesses can get invoice protection beyond structural validation:
Reduce exposure to fraudulent invoices
Increase trust in the e-invoice exchange
Cut down disputes and manual corrections
Peppol access point providers
Platforms can offer added-value screening to their users:
Simple integration with one endpoint: invoices are sent to the API, screened, and returned with a clear risk flag.
Warnings and flags can be displayed in the platform according to the provider’s preference.
Sandbox environment available for realistic testing with real invoice data in a safe and controlled way.
Already live with our first partner
Dokapi(opens in a new window) is the first Peppol access point provider to implement the Invoice Screening API. As traffic over Peppol will really take off in January, we expect many more partners to implement the API to protect the invoice flows of their customers.
Read more about the solution and our collaboration with Dokapi in this FDmagazine interview(opens in a new window) with Tim van der Wee, CTO at Isabel.
With mandatory e-invoicing starting in 2026, businesses and Peppol access point providers will increasingly look for ways to secure invoices beyond transport alone. Automated invoice content screening adds that essential layer of fraud prevention and trust.
