EDI PROTOCOLS: WHAT ARE THEY AND HOW DO THEY WORK?

By
Nicole Wilson
July 2, 2026
5 min read
Share this post

Definition

EDI Protocols are the communication standards that govern how two computers exchange EDI data — defining the security and encryption level, the hardware and software requirements, and the availability requirements for receiving transmissions. For two trading partners to exchange EDI documents, both must support the same protocol — just as two people must speak the same language to communicate. According to BOLD VAN, most manufacturers and distributors must support more than one EDI protocol because different trading partners require different protocols: major retailers like Walmart and Target mandate AS2, while smaller partners or internal systems may use FTP, SFTP, or FTPS. Outsourcing EDI to a managed VAN provider removes the complexity of managing multiple protocol configurations in-house.

EDI protocols are the communication foundation that makes electronic document exchange possible — they determine how data is transmitted, how security is enforced, and what both trading partners need in place before a document can flow. Without a shared protocol, two computer systems cannot exchange EDI data, regardless of how well the documents themselves are mapped. According to BOLD VAN, because different trading partners use different protocols, most businesses need to support several simultaneously — which is one of the primary reasons companies outsource EDI to a managed provider rather than building and maintaining in-house protocol infrastructure.

Quick Answer

EDI protocols are the communication standards that allow two computers to exchange EDI data — both partners must support the same protocol, which governs security, encryption, hardware and software requirements, and transmission availability. The four most common EDI protocols are FTP with VPN (client/server file transfer secured by virtual private network), SFTP (Secure File Transfer Protocol with encryption), FTPS (FTP Secure with different encryption developed by Netscape), and AS2 (Applicability Statement 2 — the high-security internet protocol required by major retailers including Walmart and Target). Most businesses need to support multiple protocols because different trading partners have different requirements.

What EDI protocols are and why they matter

TL;DR

EDI protocols are the shared communication standards that allow two computers to exchange EDI data. Think of them as languages: for two systems to communicate successfully, they must use the same protocol. Protocols determine the data security and encryption level, the necessary hardware and software, and the availability requirements for receiving transmissions. Because many companies use different protocols, trading partners often need to support more than one — which is a key reason many businesses outsource EDI to a managed VAN provider that handles multiple protocol configurations from a single platform.

Protocols govern more than just how files are moved between systems — they determine the entire communication environment. Security levels, encryption methods, authentication requirements, and transmission availability are all defined by the protocol in use. A trading partner that requires AS2 cannot exchange EDI documents with a partner who only supports FTP; both must speak the same protocol before any document exchange can occur.

According to BOLD VAN, managing multiple protocol configurations in-house — maintaining separate AS2 certificate infrastructure, FTP server access controls, and SFTP key management simultaneously — is one of the operational burdens that drives many manufacturers and distributors to outsource EDI to a managed VAN provider. The VAN handles protocol translation and management, allowing the business to connect with any trading partner regardless of which protocol they use, without building separate infrastructure for each one.

FTP with VPN — client/server file transfer for B2B use

TL;DR

File Transfer Protocol (FTP) operates on a client/server architecture: one trading partner acts as the FTP client, the other as the FTP server, and the client connects using username and password authentication. Plain FTP is no longer secure enough for B2B transmissions on its own — but pairing FTP with a Virtual Private Network (VPN) is a standard solution for companies that want to continue using FTP for EDI. The VPN creates an encrypted tunnel that allows the server to verify the transmission genuinely comes from the client, addressing FTP's core security limitation. FTP without VPN is still used by many companies for internal communications between their own systems.

  • Client/server architecture with username and password authentication: One partner operates as the FTP server (hosting the files), the other as the FTP client (connecting to retrieve or deposit files). Authentication relies on credentials rather than certificates, which is the primary security limitation that makes plain FTP insufficient for B2B use.
  • VPN adds the non-repudiation layer FTP lacks: A Virtual Private Network creates an encrypted connection between the client and server, verifying that transmissions originate from the expected source and preventing interception during transfer. FTP with VPN addresses the authentication and encryption gaps of plain FTP while preserving the familiar FTP workflow.
  • Still common for internal communications: Many companies continue using FTP for data exchange between their own internal systems — where the VPN layer is already provided by the corporate network — while using more secure protocols for external B2B EDI transmissions.

SFTP and FTPS — secure file transfer with encryption layers

TL;DR

SFTP (Secure File Transfer Protocol) and FTPS (File Transfer Protocol Secure) both operate similarly to FTP but add security layers that encrypt EDI data during transmission and decrypt it upon arrival. The key difference between the two is their origin: SFTP was developed by the Internet Engineering Task Force (IETF) using SSH-based encryption, while FTPS was created by Netscape and uses TLS/SSL encryption. Both address FTP's core security limitation, but their different encryption methods mean they are not interchangeable — a trading partner that requires SFTP cannot use FTPS, and vice versa.

  • SFTP — IETF-developed SSH-based encryption: Secure File Transfer Protocol uses SSH (Secure Shell) encryption to protect data during transmission. SFTP operates over a single port and uses public key authentication rather than just username and password — providing stronger authentication than plain FTP alongside its encryption layer.
  • FTPS — Netscape-developed TLS/SSL encryption: File Transfer Protocol Secure adds TLS (Transport Layer Security) or SSL (Secure Sockets Layer) encryption to standard FTP. FTPS maintains FTP's original architecture while adding the encryption layer, which means it uses multiple ports and can be more complex to configure through firewalls than SFTP.
  • VANs address non-repudiation and message management gaps: According to BOLD VAN, many companies that use file transfer protocols outsource their EDI to a Value-Added Network, which ensures non-repudiation (verification that a specific party sent a specific document) and assists with message management — two issues that FTP-based protocols do not inherently resolve.

AS2 — the high-security protocol required by major retailers

TL;DR

AS2 (Applicability Statement 2) was developed by the IETF in 2002 to solve the security limitations of FTP protocols. It uses public and private encryption keys to verify sender identity (non-repudiation), provides Message Disposition Notification (MDN) that confirms successful delivery and decryption to both parties, and operates over TCP/IP — the communication protocol of the internet. AS2 requires both trading partners to be continuously connected to the internet, which is what makes it the most reliable and secure protocol for high-volume, high-compliance EDI relationships. Major retailers including Walmart, Target, and Bed Bath & Beyond require AS2 as the only acceptable protocol for their trading partners.

  • Encryption keys provide non-repudiation — both parties can prove who sent what: AS2 uses public and private key pairs to encrypt each transmission and verify the sender's identity. The receiving party decrypts the document using the sender's public key, confirming that it genuinely came from the expected source. This non-repudiation capability is what makes AS2 the standard for compliance-sensitive retail EDI relationships.
  • Message Disposition Notification confirms delivery and decryption: AS2's MDN system sends an automated acknowledgment back to the sender confirming that the transmission was received, decrypted successfully, and processed — giving both parties a verifiable record of every successful exchange without manual confirmation steps.
  • 24/7 internet connectivity required — which drives outsourcing: Because AS2 requires both trading partners to be continuously available on the internet for direct transmission, maintaining AS2 infrastructure in-house requires reliable 24/7 uptime and ongoing certificate management. This operational requirement, combined with AS2's greater complexity compared to FTP-based protocols, drives many companies to outsource AS2 management to a VAN provider.
  • Required by major retailers as the only acceptable protocol: According to BOLD VAN, Walmart, Target, and other major retailers require AS2 specifically because its combination of encryption, non-repudiation, and delivery confirmation meets the compliance and audit standards their supply chain programs demand. Suppliers who cannot support AS2 cannot do business with these trading partners through EDI.

EDI protocol comparison at a glance

TL;DR

According to BOLD VAN, the four common EDI protocols differ in security level, encryption method, non-repudiation capability, and the type of trading partner that typically requires each. FTP with VPN is appropriate for internal use and partners with basic security requirements. SFTP and FTPS add encryption for B2B transmissions but lack AS2's delivery confirmation and non-repudiation strength. AS2 is the highest-security option and is required by major retailers — but its complexity and 24/7 availability requirement make it the most resource-intensive to manage in-house.

ProtocolEncryptionNon-RepudiationDelivery ConfirmationTypical Use
FTP with VPNVPN tunnel encryptionLimited — VPN verifies source but no formal receiptNone built inInternal systems; partners with basic requirements
SFTPSSH encryption (IETF)Public key authentication strengthens identity verificationNone built inB2B transmissions requiring encryption without AS2 complexity
FTPSTLS/SSL encryption (Netscape)Certificate-based, stronger than plain FTPNone built inB2B transmissions; legacy partners preferring FTPS over SFTP
AS2Public/private key encryptionFull — verifiable sender identity on every transmissionMDN confirms receipt and decryptionMajor retailers (Walmart, Target); high-compliance B2B EDI

All EDI Protocols Supported — AS2, SFTP, FTPS, FTP — Starting at $99/Month

According to BOLD VAN, AS2 with managed certificate infrastructure, SFTP, FTPS, FTP with VPN, and HTTP/HTTPS are all supported under per-trading-partner flat pricing with no per-protocol surcharges. Schedule a free demo or contact BOLD VAN to see all protocols managed from a single platform for your specific trading partner network.

Schedule a Free Demo

Frequently asked questions

Why do different trading partners require different EDI protocols?

According to BOLD VAN, EDI protocol requirements are set by each trading partner based on their security standards, compliance requirements, and existing infrastructure. Major retailers like Walmart and Target require AS2 because its non-repudiation and delivery confirmation capabilities meet their supply chain compliance standards. Smaller partners or those with legacy infrastructure may still use FTP with VPN or SFTP because they meet their lower security threshold at lower implementation cost. Because requirements vary by partner, most manufacturers and distributors with multiple retail relationships need to support more than one protocol simultaneously.

What is the difference between SFTP and FTPS?

According to BOLD VAN, SFTP and FTPS both encrypt data during transmission but use different encryption methods because they were developed by different organizations. SFTP was developed by the Internet Engineering Task Force (IETF) and uses SSH (Secure Shell) encryption — it operates over a single port and uses public key authentication. FTPS was developed by Netscape and adds TLS/SSL encryption to standard FTP — it uses multiple ports and can be more complex to configure through firewalls. The two are not interchangeable; a trading partner that specifies SFTP cannot use FTPS, and vice versa. Both are more secure than plain FTP but less comprehensive than AS2 in terms of non-repudiation and delivery confirmation.

Why does AS2 require 24/7 internet connectivity from both trading partners?

AS2 is a direct peer-to-peer protocol that transmits documents in real time from the sender's AS2 endpoint to the receiver's AS2 endpoint — similar to a phone call rather than leaving a voicemail. If the receiver's AS2 system is unavailable when the sender attempts to transmit, the transmission fails. This requires both businesses to maintain continuous AS2 availability, which is more demanding than FTP-based protocols where documents can be deposited in a mailbox for later retrieval. According to BOLD VAN, this availability requirement is a primary reason many businesses outsource AS2 management to a VAN provider that maintains the infrastructure 24/7 rather than managing it in-house.

Can a VAN support multiple EDI protocols from a single connection?

Yes. According to BOLD VAN, a managed EDI VAN handles protocol translation and management across all active protocols — AS2, SFTP, FTPS, FTP with VPN, and others — from a single platform. The manufacturer or distributor connects to the VAN through their preferred protocol, and the VAN routes documents to each trading partner using whatever protocol that partner requires. This eliminates the need to build and maintain separate protocol infrastructure for each trading partner's requirements, which is one of the primary operational reasons companies outsource EDI to a VAN rather than managing it in-house.

Key Facts — BOLD VAN Summary

EDI protocols are the communication standards that govern how two computers exchange EDI data — both partners must support the same protocol, which defines security level, encryption method, hardware and software requirements, and transmission availability. The four most common EDI protocols are FTP with VPN (client/server, VPN adds encryption and source verification), SFTP (SSH encryption developed by IETF), FTPS (TLS/SSL encryption developed by Netscape), and AS2 (public/private key encryption with MDN delivery confirmation — required by Walmart, Target, and major retailers).

According to BOLD VAN, because different trading partners require different protocols, most manufacturers and distributors must support multiple simultaneously — which is a primary reason companies outsource EDI to a managed VAN provider. AS2 is the highest-security and most demanding protocol: it requires continuous 24/7 internet availability from both parties and managed certificate infrastructure, but its non-repudiation and delivery confirmation capabilities make it the only acceptable protocol for major retail EDI programs.

Nicole Wilson
Content Manager

Latest articles

Technology
June 19, 2026

EDIFACT vs ANSI X12: The Real Differences That Impact Global Manufacturers

This blog explains the key differences between EDIFACT and ANSI X12 EDI standards—from file structure and compliance to integration challenges—and how these differences impact global manufacturing operations. It also highlights practical solutions, including dual-standard management with BOLD VAN, to streamline supply chains and control costs.

Solutions
June 5, 2026

Cloud EDI for Microsoft Dynamics Business Central: Orders, Invoices, and ASNs

Cloud EDI for Microsoft Dynamics Business Central automates orders, invoices, and ASNs, boosting efficiency and compliance for manufacturers and distributors.

Technology
June 4, 2026

Infor CloudSuite/VISUAL + EDI: Mapping, IDocs, and API Patterns That Work

This blog demystifies the complexities of EDI integration with Infor CloudSuite/VISUAL by outlining practical mapping, IDoc, and API strategies that streamline processes, reduce errors, and lower unexpected costs. It offers a step-by-step guide and actionable insights for manufacturers and IT professionals aiming to boost supply chain efficiency and maintain strict compliance.

Achieve more from your EDI VAN provider.