Zero-Trust Architecture for Legal Entities

Abstract

The European Commission is developing a European Digital Identity (EDI), which will enable a trustworthy digital proof of identity for its citizens. We present a proof of identity in combination with cryptographic evidence of the natural person being authorized to act on behalf of a legal entity. Our study achieves this by connecting users of our system with trusted issuers, the European Blockchain Services Infrastructure (EBSI), and verifiers. Accordingly, we provide a zero-trust architecture for legal entity representation, making trust portable by providing irrefutable proof of a natural person acting as a legal representative of an organization. Our zerotrust architecture aims to change how we represent legal entities and delegate authorizations with powers of attorney (PoA) as a legal primitive, making trust portable and secure. With government assistance, we conducted a pilot deployment of our prototype with live connectivity to the legal source of truth, the Kamer van Koophandel (KVK). In our pilot, a commercial business-only retailer acted as the verifier of the PoA. We shorten legally binding delegation that is cross-border, decentralized, verifiable, and revokable from a week-long process to mere seconds.