Guiding questions

Participant Identification

Purpose: Define how legal entities and representatives will be uniquely and reliably identified.

  1. What identifiers (EORI, VAT ID, DUNS, DID, etc.) will be accepted for legal entities?

  2. How will natural persons be identified and cryptographically bound to their role as authorised representatives of legal entities (e.g., Verifiable Credentials such as W3C/OpenID?

  3. Will eIDAS-compliant solutions be mandatory, optional, or one of several supported schemes?

  4. Will authentication rely on PKI?

Credential Types & Attestations

Purpose: Establish the credentials and attestations required for onboarding, compliance, and sector-specific participation.

  1. Which credential types are required for onboarding (identity, membership, compliance)?

  2. Will W3C/OpenID Verifiable Credentials be the primary format for organisational identity and representative roles?

  3. What sector-specific or regulation-driven attestations will participants need to provide?

  4. Will conformity assessments based on ISO/IEC 17000 be recognised for certain claims/attestations?

  5. How will validity periods, renewals, and revocations be managed?

Credential Issuance & Verification

Purpose: Determine who issues credentials, how trust anchors are structured, and how verification will operate.

  1. Who acts as the Trust Anchor(s) for credential issuance?

  2. Will credential issuance be centralised under DSGA or federated across multiple accredited providers?

  3. How will the verification process be implemented (centralised compliance service vs. distributed verification)?

  4. How are credential issuance, renewal, and revocation managed (trust anchors, revocation lists/registries)?

  5. Will verification align with eIDAS/ETSI trust lists and support automated status/revocation checks?

Standards & Interoperability

Purpose: Adopt interoperable standards to ensure credentials are machine-readable and compatible across data spaces.

  1. Which technical standards (W3C VC, DIDs, OIDC4VC, SHACL, ETSI Trusted Lists) will be adopted

  2. Will JSON-LD be used for credential data models and metadata?

  3. How will interoperability with other data spaces and trust frameworks be ensured?

  4. Will machine-readable rulebooks be published for automated compliance checks?

  5. Will PKI profiles and secure-channel requirements be defined for credential transport?

Governance & Lifecycle Management

Purpose: Set rules for managing credential changes, revocations, and disputes to maintain trustworthiness.

  1. How will credential revocation, suspension, and reinstatement processes be triggered and managed?

  2. How will changes in participant status (mergers, closures, ownership changes) be handled in credential records?

  3. What is the escalation process for identity disputes or fraudulent credential usage?

  4. Where and how will conformance evidence (certificates, manifests, audits) be published for discovery (e.g., in catalogs/registries)?

PreviousIdentity & Attestation ManagementNextTrust Framework

Last updated