ephyto Industry Update
by Reese Giangola, on Jul 29, 2020 11:09:31 AM
Note: This is an update that is only relevant to those interested in the technical aspects of how ephyto is advancing in the US.
We were pleased to participate in the virtual ePhyto Industry Advisory Group (IAG), ePhyto Steering Group (ESG) meeting with Industry Representatives this June – and wanted to provide a quick update on the questions posed by industry that we found most relevant to our audience and to those that are tracking the matter now that the meeting notes have been made public.
How does the ESG see third party systems fit in to the system?
The Hub is like a post office and each country has its own post box. What we will start doing is establishing a box for each industry system. The industry boxes will only be able to access phytosanitary certificates (PCs) that have been addressed to their individual system.
Does the industry system need to be identified in the header of the PC? Will that be the copy that goes to the industry system?
Yes, the industry system will be an additional field in the header (ePhyto envelope). When an exporting country also sends the ePhyto to an industry system(s), the company/companies will be in the header through a code. This is how the Hub can read it and subsequently place in the appropriate box.
How do industry groups know what options to use to get a copy of the ePhyto?
The channel consists of two options, one is delegation e.g. EU TRACES which one single entity on behalf of many countries, and the second is similar to being a cc on an email.
The first option of delegation is envisioned as a government solution. For example, all PCs need to be received in that one system for instance, a single window system. The second option is about distributing it to different entities like the cc-ing to different entities, which don’t automatically get access to every PC. When a national system is sending the ePhyto out, it can be marked with everyone to send it to. The industry system has to be registered in the Hub to receive a copy of the PC.
How can a receiving company verify the digital signature?
Digital signatures are still a topic of discussion for the ESG. The ePhyto exchange happens via X.509 certificates and most certificates do not have any specific signature.
The exporter will advise the NPPO to send a copy of the ePhyto but how will they know that the importing company is registered? Is it a direct agreement between importer and exporter?
The private company will connect their systems (i.e. register) to the official national system (Hub). In the US they intend to maintain and pull regularly a list of the registered industry systems. As exporters request PCs, they will be able to select which industry systems they want to share that PC with (even multiple systems). In designing ePhyto there is an assumption how the commercial platform will be working. A copy can be sent to this platform and the steps from a commercial aspect need to be determined by the industry system regarding how/who will then get access to the PC in the industry system.
Signing up / registering to the Hub is confusing. Will companies need to sign up to the Hub before signing up to the commercial platform?
More information on the registration will be forthcoming. The channel is for entities which have their own system and workflows and would like to receive these PCs electronically. It may be companies that are the actual exporters/importers, but it’s more likely that it will be a company that deals with multiple exporters/importers for purposes beyond the phytosanitary certificate and just need the PC in their internal workflow (example: delivery service companies).
Can one entity use multiple systems and/or switch systems? How does one platform with multiple entities work? How do you know which platform to send the PC to?
As the exporter is applying for their ePhytos they can select multiple industry systems to send the PC (ePhyto) to. All of the connected channels can be pulled down so there is a list to choose from and the exporter can pick who they want to send it to. In order for those industry systems to be selected, they have to be registered with the Hub. The exporter needs to go to the National systems to get the PCs (as is already done) but the industry systems who can receive the copy are made available in a list to pick from for the exporting country.
Guatemala is an example related to the generic system (GeNS). The exporter can log in to the GeNS and when it applies for a PC the system will display all connected parties registered to the Hub and they can choose in the system who to send it to (the NPPO plus verified industry systems).
Companies are reluctant to be obliged to use several services and several connections. Platform to get PC on the behalf of company’s user will be appreciated.
The IPPC project is focused on activities that happen after a certificate is issued. These other precertification processes are up to each country to work with their corresponding industry. For example, in the U.S. they are talking with companies so that instead of entering their data directly in the US official IT system, they would prepare an application into their own company IT system and send it through a web service. Several other countries already have that capacity.
If a load is sold during transport and the buyer uses a different system than the one that was selected. Can it be redirected to the system of the new buyer?
In that case the solution is to issue a replacement certificate. As the exporter requests the replacement they would again have the option to pick with industry systems they want to share the certificate with. In the ePhyto world, the first ePhyto is sent a new “withdraw” message which would be used to update the status of a previously issued certificate.