Applying for Certificates for the Data Exchange Layer (from 1 May 2026)

What does this instruction cover?

This instruction explains what your organisation needs to do when the application and renewal of certificates used in the Suomi.fi Data Exchange Layer are transferred to the Digital and Population Data Services Agency’s (DVV) e‑services as of May 2026.

This instruction applies to both organisations that maintain their own Security Server, and intermediaries that provide Security Server services to customer organisations. The instruction describes the content of the change and how your organisation can prepare for it. It does not yet describe in detail how to complete the certificate application form or how to fill in individual fields.

What will change from 1 May 2026

The introduction of the e-services for organisations to apply for certificates for the Suomi.fi Data Exchange Layer has been delayed due to technical reasons. The new process will be introduced on 6 May 2026.

All certificate‑related matters in the Data Exchange Layer will be centralised to DVV’s e‑services.

• Organisations and intermediaries will apply for the certificates required for the Data Exchange Layer themselves via DVV’s e‑services.
• The Data Exchange Layer maintenance team will no longer submit certificate applications on behalf of customers.
• Certificate renewal requests sent by email will no longer be processed.
• Applying for ACME certificates will later be moved to a separate ACME account (this will be communicated separately).

What organisations using the Data Exchange Layer need to do

1. Determine who is responsible for applying for certificates in your organisation

The first step is to identify who is responsible for applying for the certificates required for the Data Exchange Layer.

If your organisation owns and maintains its own Security Servers:

The organisation is responsible for applying for its certificates.

• A representative of the organisation will apply for the certificates via the organisation’s own customer account in DVV’s e‑services.

If necessary, a technical contact person (for example, an external service provider) can be added to the certificate application if the installation of certificates on the Security Server is handled by an external technical expert.

If your organisation uses a Security Server owned by an external service provider, such as an intermediary:

The intermediary is responsible for applying for all certificates required for the Security Servers it owns, also on behalf of its customer organisations.

• As the owner of the Security Server, the intermediary applies for the certificates required for the use of the Data Exchange Layer, including signing certificates for customer organisations using the server.

2. Check your organisation’s customer account in DVV’s e‑services (opens in a new window)

The party responsible for applying for certificates must have a customer account in DVV’s e‑services (the identification of the responsible party is described above).

• Do you already have a customer account in the e‑services? If an account exists, it can also be used to apply for Data Exchange Layer certificates.
• If no suitable account exists, create a new customer account.
• Invite the members of your organisation who participate in certificate applications to the customer account. Note: User permissions on the customer account cannot be limited. All account users can view and participate in all transactions carried out via the account. For this reason, external persons cannot be invited to the customer account.

3. Familiarise yourself with the e‑service’s terms and conditions and service description

Before starting to use the e‑services, familiarise yourself with the terms and conditions and service description on DVV’s customer websiteOpens in a new window..

The terms and conditions describe, for example:

• how intermediaries and customer organisations agree on authorisations for certificate applications.

When an intermediary begins applying for certificates on behalf of a customer organisation:

• this must be agreed in advance, and
• the intermediary and the customer organisation must prepare the necessary documentation concerning the authorisation.

It is important to agree on authorisation practices and responsibilities in advance to ensure that certificate applications can be processed without delay.

Read more on DVV’s customer websiteOpens in a new window..

4. Define the responsible roles for certificate management

Agree within your organisation on the following matters to ensure smooth certificate management.

4.1 Who manages the customer account

Appoint a responsible person to manage the organisation’s customer account in DVV’s e‑services (for example, inviting and removing users).

4.2 Who is responsible for contact details

Appoint a responsible person to ensure that contact persons and their details related to the certificate set are kept up to date, both in the organisation’s internal documentation and in DVV’s e‑services.
This is particularly important going forward, as maintenance will no longer submit certificate applications on behalf of customers.

4.3 Who applies for certificates on behalf of the organisation

If the organisation owns its Security Servers:

All certificates required for the Security Servers are applied for via the organisation’s own customer account.

Determine who is responsible for installing the certificates on the Security Server.

• If installation is handled by a person within the organisation, they can be invited to the customer account and submit applications themselves.
• If installation is handled by an external person, they should not be invited to the customer account. Instead, add them as a technical contact person when submitting the certificate application. They will then be able to download the certificate request and receive the signed certificates for installation.

If an intermediary provides the Security Server for customer organisations:

An intermediary may offer Security Server solutions to several customer organisations and applies via its customer account for certificates for both the Security Servers and the customer organisations.

Before applying for certificates, the intermediary and the customer organisation must agree on granting the intermediary authorisation to apply for the customer organisation’s signing certificates, as described in the e‑services’ terms and conditions.

The intermediary applies via its customer account for:

• signing and authentication certificates for its own Security Servers
• signing certificates for customer organisations using the Security Server

When should the first self‑submitted certificate application be made?

A certificate application typically needs to be submitted:

• About one month before your current certificate expires, or
• when your organisation takes the Data Exchange Layer or a new Security Server into use after 1 May 2026.

We recommend you submit the certificate application approximately one month before the certificate’s expiry date. This ensures that you have time to respond to possible requests for additional information and avoids service interruptions.

It is advisable to plan the timing of certificate applications and validity periods so that certificates do not expire during holiday periods.

• (The typical processing time is about one week, but the total duration may be affected by requests for additional information or your organisation’s internal approval processes.)

Old and new certificates can be used simultaneously. Do not remove old certificates before the new ones appear as registered in the Security Server’s user interface. This ensures that replacing certificates does not interrupt your organisation’s services. A more detailed certificate removal instruction is provided on a separate page.

Where to find the actual application instructions

Once you have completed the steps described above, you can then review the detailed application instructions:

• Applying for Data Exchange Layer certificates in e‑services (will be published in English soon)

The instruction covers:

• completing the application form
• required information and attachments
• identifying the correct case number
• descriptions of transaction paths in DVV’s e‑services

More information

• General questions related to certificates in the Data Exchange Layer:: palveluvayla-kayttoonotot@dvv.fiOpens in a new window.
• Technical questions: palveluvayla@palveluvayla.fiOpens in a new window.