Skip to main content

Actors

This project involves four key actors: the Bundesanzeiger, the Enterprise, the Bank, and the Wallet Provider. This section outlines the respective roles and responsibilities of these parties in ensuring the reliability of enterprise data.

Bundesanzeiger

The Bundesanzeiger plays a crucial role in publishing company disclosures in Germany. It serves as the official medium for mandatory financial statements, corporate governance reports, and other significant business announcements. Companies are required to publish their annual financial statements, management reports, and audit reports in the Bundesanzeiger to ensure transparency and compliance with legal obligations. This platform helps investors, creditors, and the public access critical financial and corporate information, promoting accountability and informed decision-making. Additionally, the Bundesanzeiger's online presence facilitates easy access to these disclosures for stakeholders.

The objective of this project is to facilitate the issuance of verifiable credentials by the Bundesanzeiger to enterprises. In this context, the term "enterprises" refers to the data subject, who requests and holds credentials issued by the Bundesanzeiger. The Bundesanzeiger collects information from a range of primary authentic sources, including the transparency register and the business register. This information is then consolidated and potentially reviewed before being issued as claims that form part of a verifiable credential. Consequently, the Bundesanzeiger assumes the role of the issuer in the SSI model. For the purpose of enabling the issuance of verifiable credentials, the Bundesanzeiger is identified by a unique DID.

In order to enable verifiers to ascertain the currency of a presented credential, the Bundesanzeiger is also tasked with monitoring the claims included in issued credentials. In the event of changes to claims being identified, the respective credentials are revoked by updating the revocation list. This list is accessible to verifiers and permits credential validation in a manner that preserves the confidentiality of the individuals concerned. Furthermore, the Bundesanzeiger is entitled to inform the holders of the revocation of their credentials.

Enterprise

The interconnectivity of modern business enterprises has resulted in a significant increase in the necessity for the authentication of business partners. The necessity for specific data fields, such as master data, is determined by the particular use case in question. Furthermore, information from authentic sources may be required in order to confirm the legitimacy of the business partner. The use of the SSI model enables enterprises to simplify these processes by requesting the required data from a trusted issuer, in this case the Bundesanzeiger, and presenting it to any business partner.

In order to maintain control over their identities and verifiable credentials, enterprises maintain wallets that are responsible for managing the identities and credentials of both the enterprise (a legal person) and its employees (natural persons). Each identity is represented by a distinct DID. Additionally, unique key pairs are generated, facilitating the signing and encryption of messages and credentials.

The enterprise identity enables autonomous interactions with business partners, facilitating the request and presentation of requisite credentials. In this instance, the company is duly authorised to undertake the requisite actions without the necessity for human intervention. Consequently, processes can be automated in the absence of individual liability. Furthermore, the enterprise identity permits issuers to create verifiable credentials directly linked to the company in question. Therefore, the enterprise itself acts as a holder and can present received credentials to business partners. For example, the Bundesanzeiger can issue an Enterprise Credential containing KYC data to the enterprise. In the following, this credential can be requested by verifiers to perform KYC processes without the need to obtain further external data.

Natural Person Identity

Although the enterprise identity facilitates a high level of automation in inter-organisational processes, other applications necessitate the involvement of reliable natural persons in representing the enterprise. In an enterprise, two distinct categories of natural persons can be identified: functionaries and employees.

Functionary. A functionary is defined as an individual who occupies a specific office or position within an enterprise, frequently in a bureaucratic or administrative capacity. They are accountable for the fulfilment of the obligations and the execution of the tasks inherent to their role within the enterprise. It is the responsibility of businesses to report their associated personnel to the transparency register. In certain business interactions, it is necessary for functionaries to demonstrate their status as such within the company. As the Enterprise Credential issued by the Bundesanzeiger also includes the respective functionaries received from the transparency register, it can be presented by the functionary to prove their role within the enterprise to third parties. In order to enable this process, functionaries register at the Bundesanzeiger in advance to prove their identity and link their DID.

Emloyee. It is also possible for employees who are not acting in the capacity of a functionary to receive individual DIDs for the purpose of receiving and presenting credentials in the enterprise wallet. As they are not included in the Enterprise Credential issued by the Bundesanzeiger, no registration with the Bundesanzeiger is necessary, and no natural person credential is received. However, they may receive credentials from external or internal issuers. For example, a functionary may issue a Power of Attorney Credential, which would allow receiving employees to act on behalf of the functionary.

Bank

Banks in the European Union are bound by rigorous Anti-Money Laundering (AML) standards aimed at curbing financial crimes such as money laundering and terrorist financing. These standards encompass customer due diligence, which entails verifying the identity of clients, monitoring transactions for suspicious activity, and reporting any such transactions to the relevant authorities. Furthermore, banks are obliged to implement robust internal controls to guarantee compliance with AML regulations.

One aim of this project is to optimise the due diligence and monitoring processes that banks have to carry out for corporate clients. The due diligence process encompasses the authentication and authorisation of the applicant representing the enterprise, as well as the collection of relevant enterprise data, such as the ultimate beneficial owners. The SSI model allows the bank to receive all relevant data from the applicant in a verifiable manner, which reduces the complexity of the due diligence process, as no additional data must be requested from external sources and no manual processing is required. The bank assumes the role of verifier, requesting the necessary credentials directly from the applicant. By publishing a unique DID, the bank offers the secure presentation of verifiable credentials.

Once a new enterprise customer has been onboarded, it is essential to monitor the company data for any changes. To this end, the bank conducts regular checks on the revocation status of the presented credential. In the event that a claim has been modified and the credential has been revoked, the bank requests an updated credential from the enterprise. This process ensures that data records remain current, while also reducing the bank's liability risks and monitoring costs.

Wallet Provider

The Wallet Provider furnishes the requisite software for the issuance, storage, and presentation of verifiable credentials. In accordance with the European Digital Identity Wallet (EUDIW) Architecture and Reference Framework (ARF), Personal Wallet Providers are mandated by EU member states to make EUDI Wallet solutions accessible to users. Additionally, they are responsible for providing Wallet Trust Evidence (WTE) and Wallet Instance Attestation (WIA). While the WIA serves to certify a wallet, the WTE indicates the type of trusted computation device available.

Given that the ARF is concerned with the identification of natural persons, the legal role and responsibilities of Enterprise Wallet Providers remain undefined. It seems unlikely that comparable requirements will be established, given the existence of disparate prerequisites. For instance, personal wallets are operated in an environment presumed to be insecure, whereas enterprise wallets are managed within a secure server environment. Accordingly, WIA and WTE may not be necessary for Enterprise wallets.