ediverse Explore the platform

Spotlight PEPPOL BIS Billing 3.0 The EU e-invoicing mandate is here — France Sept 2026, Belgium Jan 2026, Germany 2025.

ENCRYPTION-AT-REST

Encryption of stored data — AES-256-GCM with key rotation.

Definition

Recommended standard: AES-256-GCM (FIPS 140-3 approved) or XChaCha20-Poly1305. Keys managed by AWS KMS / GCP KMS / Azure Key Vault / HashiCorp Vault Transit / HSM. Yearly rotation minimum. For databases: Transparent Data Encryption (TDE) or app-level (column-level) encryption. For object storage: S3 SSE-KMS / GCS CMEK.

Origin

Widespread practice since 2010 with FIPS 197 (AES) and regulatory pressure (HIPAA, PCI DSS, GDPR).

Example in context

An S3 bucket with SSE-KMS encrypting all EDIFACT files deposited, using a 12-month rotated CMK key.

Last updated: May 14, 2026