LeCloud by Rectangle

Managed Peppol · PDP/PA · AP/SMP

Production-grade Peppol.
Sovereign by construction.

A fully managed Peppol Access Point and SMP, aligned with the French e-invoicing mandate (facturation électronique). Designed to support PDP/PA accreditation paths — running on Outscale SecNumCloud infrastructure.

Book an architecture reviewExplore the platform

Why sovereign infrastructure matters

Why sovereign infrastructure matters for e-invoicing data flow.

Every structured invoice routed through a Peppol Access Point carries fiscal, counterparty and supplier-chain data that falls squarely inside the French e-invoicing perimeter. Where that data is processed, who can compel access to it, and how it is segmented between tenants is a regulatory question — not an infrastructure preference.

LeCloud enforces row-level tenant isolation across the Peppol stack: each customer perimeter is a discrete identity, key namespace, database row scope and audit boundary. No shared schemas. No implicit joins. No cross-tenant data paths reachable from a misconfigured policy.

Isolation model

  • [ ]
    Per-tenant identity scope
    Keycloak realms, mTLS material and Peppol participant IDs are partitioned per perimeter.
  • [ ]
    Row-level database isolation
    Sovereign-hosted PostgreSQL with RLS policies enforcing tenant scope on every read and write.
  • [ ]
    Object storage partitioning
    Per-tenant buckets and KMS keys — no cross-perimeter blob path is reachable by design.
  • [ ]
    Verified at plan time
    Our proprietary formal verification engine refuses plans that would weaken tenant boundaries.

Distribution partnership

A leading European digital trust provider as our domain authority partner.

LeCloud's Managed Peppol stack is delivered in distribution partnership with a leading European digital trust provider — recognised across the EU for qualified trust services, eIDAS-grade timestamping and electronic signature authority.

The partnership provides regulated buyers with continuity of authority on the trust layer (signatures, timestamps, qualified evidence) while LeCloud operates the sovereign platform substrate underneath.

eIDAS qualified trust servicesJoint Peppol distribution

Technical architecture

The stack under your Peppol perimeter.

Kubernetes (OKE)

Managed Kubernetes on Outscale (OKE) as the sovereign runtime substrate for AP, SMP and supporting services.

Tyk API gateway

mTLS termination, quota, throttling, identity and observability at the Peppol edge.

GitOps via ArgoCD

Every configuration is a signed Git commit reconciled by ArgoCD. Drift surfaces as a reviewable event.

Temporal approval paths

Temporal-driven workflows orchestrate plan review and human-in-the-loop approval before any apply.

What's included

The Peppol stack, managed end to end.

  • Peppol Access Point (AP) with mTLS and signed exchanges
  • Peppol SMP — service metadata publishing for your perimeter
  • Tyk API gateway with quota, throttling and observability
  • GitOps-driven configuration via ArgoCD
  • Designed to support PDP / PA accreditation paths for the French mandate
  • Runs on Outscale SecNumCloud infrastructure
Illustrative session
peppol-ap · status
ap.endpoint https://ap.fr-par.lecloud.eu
smp.endpoint https://smp.fr-par.lecloud.eu
mtls on
quota 10k/s
peppol exchanges last 24h: 184,210 ✓
audit: signed · archived (LTA · NF Z42-013)

Who it's for

Regulated French and EU teams that need Peppol in production — not a proof of concept.

  • Large and mid-cap enterprises preparing for the September 2026 mandate
  • PDPs and platform vendors building on Peppol AP/SMP
  • ETI/PME shipping ahead of the September 2027 issuance deadline
  • Banks, insurers and fintech routing structured invoices at scale

What it replaces

Bespoke Peppol stacks duct-taped on hyperscalers.

  • DIY Peppol AP/SMP deployments on AWS, GCP or Azure
  • Manual mTLS, quota and key rotation across multiple environments
  • Audit trails reconstructed from logs after the fact
  • Non-EU control planes inside a French e-invoicing perimeter

French e-invoicing mandate

Why now — timeline of facturation électronique.

Sept 2026

Réception obligatoire

All French companies must be able to receive structured e-invoices via a PDP.

Sept 2026

Émission — grandes & ETI

Large and mid-cap enterprises must issue structured e-invoices.

Sept 2027

Émission — PME & TPE

Small and micro businesses must issue structured e-invoices.

Indicative timeline — confirm against current DGFiP guidance.

30-day readiness path

From scoping to evidence export — in 30 days.

A scoped engagement to land Peppol AP/SMP on sovereign infrastructure with audit evidence wired in from day one.

Days 1–5

Assess

Workload review, PDP/PA scope, identity and residency constraints.

Days 6–12

Blueprint

Map your perimeter to verified Peppol AP/SMP blueprints with signed plans.

Days 13–24

Deploy

Land on Outscale SecNumCloud infrastructure with GitOps and human approval gates.

Days 25–30

Evidence export

First LTA evidence export and regulator-ready audit pack delivered.

Indicative path — actual scope confirmed during initial review.

Be ready before the mandate.

30-minute scoped review with a Rectangle engineer — sovereign architecture mapped to your PDP/PA horizon.

Book an architecture reviewExplore the platform