What Is AS2 and why is it important for EDI?

AS2 is a secure and cost-effective way for businesses to enable secure data exchange over the internet. It is widely used in EDI document exchange and for other structured formats. Through encryption, digital signatures and creating a secure transmission route, AS2 protects sensitive information during transfer and provides real-time delivery confirmation.

It ensures end-to-end data integrity, auditability, and compliance with industry and regulatory standards.

While AS2 offers strong security and efficient internet-based transmission, implementing AS2 for EDI can be time-consuming. Challenges include ongoing partner management, certificate renewal, and firewall configuration.

SEEBURGER simplifies AS2 implementation with a managed B2B routing service that manages multiple connections, and automates certificate handling. This gives you the flexibility to scale securely and efficiently, and the time to concentrate on your core business.

Industries such as retail, logistics, and healthcare rely on AS2 to streamline operations, safeguard data, and meet compliance requirements.

AS2 (Applicability Statement 2) is an HTTP-based protocol for transmitting messages, - including EDI  messages - securely and reliably via the internet. Over the past 20 years, AS2 has become the most widely used EDI over HTTP protocol across industries such as retail and consumer packaged goods.

AS2 (Applicability Statement 2) is an HTTP-based protocol for transmitting messages — including EDI messages — securely and reliably via the internet. It establishes a direct, secure connection between two trading partners (known as a point-to-point connection), enabling encrypted, digitally signed data exchange without intermediaries. Over the past 20 years, AS2 has become the most widely used B2B file transfer protocol across industries such as retail and consumer packaged goods.

To establish an AS2 connection, you need two computers—a sender and a receiver – connected over the internet. AS2 encrypts and digitally signs the data, then transmits it via a direct, secure link between the two systems, often referred to as a point-to-point connection. Once the data arrives, the receiver decrypts the message and verifies the signature. A delivery receipt, known as a Message Disposition Notification (MDN), is sent back to confirm successful delivery. This setup supports high-performance, scalable EDI transmission solutions that are compliant with industry standards.

AS2 protocol steps: How secure EDI transmission works

1. The sending system prepares the data and then encrypts and digitally signs it using an AS2 certificate.
2. The secured message is transmitted via HTTP or HTTPS.
3. The receiving system decrypts the message and verifies the signature.
4. A Message Disposition Notification (MDN) is sent back to confirm successful delivery.

An AS2 connection enables secure, acknowledged message delivery. It is widely used in automated B2B integration workflows across supply chains.

• One AS2 identification (GLN - Global Location Number) and one certificate per participant
• The public keys for all certificates used by your partners
• AS2-capable software

Your AS2 ID is essential for uniquely identifying trading partners and ensuring messages are routed correctly — a critical step in setting up AS2 connections.

AS2 certificates enable secure data exchange and meet defined security standards. You can create and sign these certificates with your own software or obtain them from a certification authority. You send the certificate to the communication partner before they receive the message.

A valid AS2 certificate makes sure your messages are trusted and delivered securely. This helps avoid delays or rejections from invalid credentials. Managing AS2 certificates plays a key role in maintaining seamless communication between trading partners.

Note: Self-signed certificates can trigger security warnings and disrupt the exchange of EDI messages over AS2.

An AS2 MDN is an electronic receipt that is sent back to the sender after a message is delivered. It confirms that the EDI message was transmitted successfully.

The MDN checks:

• Whether the AS2 interchange was completed successfully
• Whether the message was received intact by the correct recipient

How an AS2 MDN connection works:

1. The sender sends an encrypted, digitally signed EDI message.
2. The recipient decrypts and verifies it.
3. The recipient sends back a digitally signed MDN.
4. The sender verifies the MDN to confirm secure delivery.

The MDN ensures secure EDI communication and supports non-repudiation in compliance-driven industries.

A GLN (Global Location Number) is a unique identifier of up to 13 digits used to identify a company or business location worldwide. Large enterprises use GLNs to avoid confusion and prevent duplication. They are issued by GS1, a global nonprofit that ensures each GLN is unique. AS2 GLN identifiers are critical for correctly routing EDI messages between trading partners in global supply chains.

Security features:

• Encryption: Uses AES and 3DES for confidentiality.
• Digital signatures: Ensure authenticity and integrity.
• SSL/TLS support: Enables secure AS2 file transfer.

Reliability:

• Message Disposition Notification (MDN): Confirms successful receipt.
• Non-repudiation: Confirms both sending and receipt.

Compression:

• Reduces message size to improve speed and reduce bandwidth use.

Data formats:

• Supports EDI, XML, plain text, and binary files.

Interoperability:

• Open standard used by many EDI solutions.

Standardized headers:

• Metadata includes sender/receiver IDs, message ID, and instructions.

Timestamping:

• Ensures messages are processed in order and provides an audit trail.

Asynchronous Communication:

• Supports both synchronous and asynchronous transmission for flexibility.

These AS2 features ensure data integrity, confidentiality and reliability in electronic transactions, which make AS2 a robust and secure protocol for EDI file transfer and beyond.

AS2 supports several message types and combinations to meet different B2B communication needs. These message types support secure, traceable, and standards-compliant B2B data exchange across industries.

EDI data message: The core message that contains the actual business documents or data. These can include purchase orders, invoices, or shipping notifications in formats such as EDI (X12, EDIFACT), XML, plain text or binary files. It is the main content that AS2 is used to send securely.

MDN (Message Disposition Notification): An acknowledgment that confirms whether a message was received successfully or if there were errors. MDNs ensure reliability and non-repudiation of receipt.

• Synchronous MDN: Sent in the same HTTP session immediately after the receiver processes the message.
• Asynchronous MDN: Sent in a separate session after the initial transmission, allowing more time for processing.

Signed message: The sender applies a digital signature to confirm message authenticity and data integrity. The recipient verifies the signature to ensure the message hasn't been altered.

Encrypted message: The message is encrypted so only the intended recipient can decrypt and read it. This protects the confidentiality of the transmitted data.

Compressed message: The data is compressed before transmission to reduce file size and improve delivery speed, especially for larger payloads.

Signed and encrypted message: Combines both encryption and a digital signature to ensure the message is both confidential and verifiably authentic.

Receipt request: An optional flag included by the sender asking the recipient to send an MDN. This ensures the sender receives confirmation of successful delivery and processing.

AS2 also supports sending messages that are compressed, signed, and encrypted in any order, depending on partner agreements and security requirements. These combinations help meet compliance standards and enhance performance in high-volume trading environments — especially in AS2 EDI message exchange scenarios.

Industries and regions worldwide use AS2. Here’s a summary of how seven industries across North America, Europe and Asia-Pacific use AS2.

Industries using AS2

Retail: AS2 is used in retail EDI integration for retailers and their suppliers to exchange purchase orders, invoices, shipping notices and inventory updates. AS2 enables seamless communication between stores, distribution centers and suppliers.

Logistics and Transportation: Freight forwarders, carriers, and customs agencies use AS2 to share shipping instructions, delivery schedules, customs declarations, and status updates.

Healthcare and Pharma: Hospitals, clinics, insurers, and regulatory bodies exchange patient records, claims, billing information, and compliance documentation via AS2.

Automotive: Manufacturers and suppliers use AS2 for just-in-time inventory management, production schedules, order processing, and shipment tracking

Financial Services: Banks and financial institutions use AS2 to transmit payment instructions, account statements, and regulatory reports securely

Consumer Packaged Goods (CPG): Companies in the consumer goods sector use AS2 to manage orders, inventory levels, shipping notices and promotional information between manufacturers, suppliers and retailers.

Utilities: Utility companies use AS2 for managing customer accounts, billing information, service orders and regulatory compliance reports between service providers, customers and regulatory agencies.

Regions using AS2

1. North America:
   • The United States and Canada are major users of AS2, particularly in industries such as retail, manufacturing, healthcare, and logistics. Large retail chains like Walmart and major manufacturers like General Motors have standardized on AS2 for their supply chain communications.
2. Europe:
   • AS2 has been widely adopted across Europe with significant usage in Germany, the United Kingdom, France and Italy. The automotive industry, led by companies like Volkswagen and BMW, and the retail industry, with European chains like Tesco and Carrefour, are prominent users of AS2.
3. Asia-Pacific:
   • In the Asia-Pacific region, AS2 is used extensively in Japan, China, South Korea and Australia. The manufacturing and electronics industries in these countries, including giants like Toyota, Samsung and Sony, rely on AS2 communication protocols for their B2B data transfer.

• High level of security with encryption and digital signatures
• Cost-effective due to internet-based transmission
• Real-time responses using synchronous communication
• Globally supported across multiple industries

The resulting advantages of AS2 are:

• Security
• Simplicity
• Low cost

SEEBURGER also enables cloud-based AS2 integration with a single AS2 connection to the SEEBURGER Cloud.

• Partner management requires point-to-point setup and key exchanges, a task that becomes time-intensive as the number of trading partners  increases
• Firewall configuration may require open ports
• Certificates must be regularly updated to avoid expiry-related errors

SEEBURGER offers a B2B routing service that manages multiple AS2 connections and expired certificates efficiently, ensuring secure and uninterrupted communication.

AS2 vs. FTP – What’s the difference?

Unlike FTP, which lacks built-in security, AS2 provides end-to-end encryption, digital signatures, and message delivery receipts. This makes AS2 ideal for industries where compliance, data integrity, and confidentiality are essential — making it a superior FTP replacement for EDI.