A sub-CPO is a third party that is indirectly connected to Hubject's systems through a partner's CPMS , also known as a bundler. The bundler acts as a CPO towards Hubject and connects several smaller CPOs to Hubject via its backend systems.
A sub-CPO may use a different Operator-ID than the bundler to operate its EVSEs, with EVSEs operated using the bundler's Operator-ID not considered sub-CPO EVSEs.
The bundler is required to inform Hubject about each sub-CPO, its EVSE IDs, and relevant security information, such as the hardware used. This information must be sent to the Plug & Charge team via email at email@example.com. Once approved by the PnC team, the respective EVSEs can obtain production rights from the CPMS. Until then, the EVSEs will not be able to retrieve certificates via the backend.
Sub-CPOs are only allowed to use hardware that has been previously audited by Hubject, as this is the only way to ensure that security rules, such as secure handling of key material, have been met. This auditing can be verified by the Plug & Charge CHECK seal. In exceptional cases, Hubject may be asked to perform a hardware audit for an individual sub-CPO, which must be remunerated by the sub-CPO.