Guiding questions

Purpose: Define how legal entities and representatives will be uniquely and reliably identified.

  1. Participant Identification

  • What identifiers (EORI, VAT ID, DUNS, DID, etc.) will be accepted for legal entities?

  • How will natural persons be identified and cryptographically bound to their role as authorised representatives of legal entities (e.g., Verifiable Credentials such as W3C/OpenID?

  • Will eIDAS-compliant solutions be mandatory, optional, or one of several supported schemes?

  • Will authentication rely on PKI?

Purpose: Establish the credentials and attestations required for onboarding, compliance, and sector-specific participation.

  1. Credential Types & Attestations

  • Which credential types are required for onboarding (identity, membership, compliance)?

  • Will W3C/OpenID Verifiable Credentials be the primary format for organisational identity and representative roles?

  • What sector-specific or regulation-driven attestations will participants need to provide?

  • Will conformity assessments based on ISO/IEC 17000 be recognised for certain claims/attestations?

  • How will validity periods, renewals, and revocations be managed?

Purpose: Determine who issues credentials, how trust anchors are structured, and how verification will operate.

  1. Credential Issuance & Verification

  • Who acts as the Trust Anchor(s) for credential issuance?

  • Will credential issuance be centralised under DSGA or federated across multiple accredited providers?

  • How will the verification process be implemented (centralised compliance service vs. distributed verification)?

  • How are credential issuance, renewal, and revocation managed (trust anchors, revocation lists/registries)?

  • Will verification align with eIDAS/ETSI trust lists and support automated status/revocation checks?

Purpose: Adopt interoperable standards to ensure credentials are machine-readable and compatible across data spaces.

  1. Standards & Interoperability

  • Which technical standards (W3C VC, DIDs, OIDC4VC, SHACL, ETSI Trusted Lists) will be adopted

  • Will JSON-LD be used for credential data models and metadata?

  • How will interoperability with other data spaces and trust frameworks be ensured?

  • Will machine-readable rulebooks be published for automated compliance checks?

  • Will PKI profiles and secure-channel requirements be defined for credential transport?

Purpose: Set rules for managing credential changes, revocations, and disputes to maintain trustworthiness.

  1. Governance & Lifecycle Management

  • How will credential revocation, suspension, and reinstatement processes be triggered and managed?

  • How will changes in participant status (mergers, closures, ownership changes) be handled in credential records?

  • What is the escalation process for identity disputes or fraudulent credential usage?

  • Where and how will conformance evidence (certificates, manifests, audits) be published for discovery (e.g., in catalogs/registries)?

PreviousIdentity & Attestation ManagementNextTrust Framework

Last updated