HomeGlossaryThird-Party Verification
ESPD & Supplier Documentation

Third-Party Verification

Third-party verification is the process by which an independent accredited body confirms the accuracy of a supplier's claims about its qualifications, management systems, or compliance status, providing contracting authorities with objective assurance that exceeds the self-declaration alone and underpins certificates such as ISO 9001, ISO 14001, and ISO 27001.

Quick answer

Third-party verification is the process by which an independent accredited body confirms the accuracy of a supplier's claims about its qualifications, management systems, or compliance status, providing contracting authorities with objective assurance that exceeds the self-declaration alone and underpins certificates such as ISO 9001, ISO 14001, and ISO 27001.


Third-party verification is the independent assurance mechanism that transforms a supplier's own claims into objectively evidenced facts. While the self-declaration in the ESPD system allows suppliers to state their compliance at bid stage, the certificates and attestations they ultimately produce as means of proof are only meaningful because they are issued by parties independent of the supplier. Understanding the verification ecosystem is essential for suppliers managing their qualification portfolio.

What is third-party verification?

Third-party verification in the procurement context occurs when an entity other than the supplier (first party) or the contracting authority (second party) independently assesses and confirms a supplier's compliance with a stated standard, legal requirement, or quality criterion.

Accreditation bodies. The root of the verification chain is national accreditation bodies (NABs). NABs are public bodies that assess and accredit certification bodies, inspection bodies, and testing laboratories against international standards (principally ISO/IEC 17021 for management systems certification bodies). In Europe, national accreditation bodies are members of the European co-operation for Accreditation (EA), which operates a multilateral agreement ensuring mutual recognition of accreditation across member states. Examples include UKAS (UK), DAkkS (Germany), COFRAC (France), and Accredia (Italy).

Certification bodies. Accredited certification bodies conduct audits of management systems and issue certificates. When you hold an ISO 9001 certificate, an ISO 14001 certificate, or an ISO 27001 certificate, the certifying body has audited your systems against the relevant standard and issued a certificate confirming compliance. The value of the certificate depends on the certification body being genuinely accredited by an EA-member NAB.

Inspection and testing bodies. For product-related contracts, accredited inspection and testing bodies verify that products meet specified technical standards. CE marking in the EU is supported by conformity assessment procedures that often involve notified bodies designated by member states.

Fiscal and legal verification. For tax and social security compliance and criminal record matters, the "third party" is the competent public authority (tax agency, court registry, social security institution). These authorities verify the supplier's standing against their official records and issue the certificate.

EMAS verifiers. EMAS environmental statements must be validated and verified by accredited EMAS verifiers before registration. This is a sector-specific application of third-party verification to the environmental management domain.

The procurement system relies on the integrity of the accreditation chain. Contracting authorities do not typically have the resources to conduct their own technical audits of management systems; they rely on the accredited certificate as a proxy for verified compliance. This is why Article 62 of Directive 2014/24/EU specifies that certificates must come from accredited conformity assessment bodies, and why submitting certificates from non-accredited bodies is a grounds for rejection.

Why third-party verification matters for bidders

Third-party verification establishes market trust. A supplier claiming ISO 9001 compliance without a certificate can be ignored or discounted. The same supplier with an accredited certificate from a recognised body is credible to buyers who have no other way to assess quality systems across dozens of tenderers.

For suppliers expanding into new European markets, ensuring that their certifying body is accredited under the EA multilateral agreement prevents the problem of holding a certificate that a foreign contracting authority does not recognise.

Example

A Belgian data analytics company holds ISO 27001 certification from a Belgian accredited certification body (Belcert, accredited by BELAC). It bids for a Scandinavian public data infrastructure contract. The Norwegian contracting authority verifies that BELAC is a member of the EA multilateral agreement, confirms that Belcert is listed as accredited for information security management systems, and accepts the certificate as valid third-party verification of the company's ISMS. The company's ESPD Response noted the certificate; the certificate itself is submitted as means of proof.

Frequently Asked Questions

How do I check if a certification body is genuinely accredited?

Most national accreditation bodies maintain public registers of accredited certification bodies on their websites. The IAF also maintains a global directory. Check the register for the NAB in the certification body's home country. If the body is not listed, its certificates may not be accepted in EU procurement.

Can contracting authorities conduct their own audits instead of accepting third-party certificates?

Article 62(1) of Directive 2014/24/EU allows contracting authorities to conduct their own audits of a supplier's technical capacity as an alternative to requiring a third-party certificate, but this is rarely done in practice due to the time and cost involved. Contracting authorities almost universally rely on third-party accredited certificates.

What if my third-party certificate lapses between bid submission and contract award?

Notify the contracting authority immediately. Most contracting authorities require certificates to be valid at the time of submission of means of proof, not merely at bid submission. If a certificate lapses due to a missed surveillance audit, arrange an urgent audit and obtain evidence that the certification body is actively processing renewal. A lapsed certificate that you have not disclosed is a ground for exclusion under Article 57(4)(h) of Directive 2014/24/EU for providing misleading information.

How Bidovate helps

Bidovate puts Third-Party Verification to work inside your capture and proposal workflow.

Tender discovery

See Bidovate in action

Book a demo and we will show you the platform using your actual contract data.

Related terms

Certificates and Attestations

Certificates and attestations are official documents issued by competent national authorities or accredited third parties that verify a supplier's legal, financial, professional, or technical standing, serving as the primary means of proof for exclusion and selection criteria in European public procurement.

View

Means of Proof

Means of proof are the actual certificates, attestations, declarations, and other documents that a contracting authority requests from the winning or shortlisted tenderer to verify the self-declarations made in the ESPD Response, confirming compliance with exclusion and selection criteria before contract award.

View

Quality Management Certificate

A quality management certificate, most commonly ISO 9001, is an accredited third-party certification confirming that a supplier operates a documented quality management system meeting an internationally recognised standard, used as means of proof for technical and professional ability selection criteria in European public procurement.

View

Environmental Management Certificate

An environmental management certificate, principally ISO 14001 or the EU's EMAS registration, is an accredited third-party certification confirming that a supplier operates a structured environmental management system, used as means of proof for technical and professional ability selection criteria in European public procurement.

View

Information Security Certificate (ISO 27001)

An ISO 27001 information security certificate is an accredited third-party certification confirming that a supplier operates an information security management system meeting the international ISO/IEC 27001 standard, increasingly required as a selection criterion in European public procurement for IT, data processing, and professional services contracts.

View