What standards does the platform support?

W3C Verifiable Credentials, SD-JWT, ISO 18013-5 mDoc, OIDC4VCI/VP, DIDComm v2, FIDO2, ISO 30107-3, and eIDAS 2.0/EUDI readiness.

How does this help citizens without smartphones?

Delegated Agent Mode enables authorized field agents to facilitate credential operations on behalf of citizens who lack personal devices. A custodian wallet model provides additional access paths. Built for WCAG 2.1 Level AA accessibility with multi-language support.

How is citizen data protected?

Privacy by design is an architectural default. Selective disclosure, consent management built into the credential protocol, on-device biometric processing with no central database, and alignment with GDPR.

Can credentials be recognized across countries?

Yes, architecturally. Standard credential formats ensure interoperability. Cross-border recognition is supported through shared trust frameworks and attestation policies.

How does this relate to existing foundational identity systems?

The platform operates at the credential ecosystem layer, complementing foundational identity systems. It takes verified identities and makes them usable as credentials across sectors.

Sovereign Digital Identity

The Sovereign Digital Identity Platform

Q: What makes this different from other digital identity platforms?

Most digital identity platforms ship a wallet that stores credentials for a single use case. KeyShare's platform is workflow-driven: any organization connects through a standard integration bridge and sends structured workflows. The citizen wallet renders each interaction dynamically. New workflows create new capabilities without code changes.

Q: Can we deploy this on our own infrastructure?

Yes. The platform is designed for sovereign deployment — within the government's own infrastructure. Three deployment topologies are supported: centralized, decentralized, and hybrid. Source code is available for independent government security audit.

Q: Does this work offline?

By design, not as a fallback. Verification completes in under 2 seconds with no network connection. Devices operate autonomously for up to 72 hours offline. Three verification modalities work offline: QR presentation, NFC/BLE proximity, and high-density barcode.

Q: Who deploys and customizes the platform for each country?

KeyShare builds and maintains the platform. Deployment partners customize and deploy it for each country, integrating with national registries and adapting to local infrastructure.

Open standards. Offline-first. Government-inspectable. Workflow-driven.

Request a Government Briefing Download DPI Alignment Brief

Built by KeyShare. Deployed by experienced partners for national-scale ecosystems.

< 2 sec Offline identity verification

72 hr Autonomous offline operation

8+ Open standards supported

3 Sovereign deployment topologies

The Problem Platform Pillars Inclusion Standards & DPI Security & Partnership Deployments FAQ

A government ID in a government app is not a digital identity ecosystem.

One system

Most programs ship a wallet that stores a credential for one agency, one use case. A static credential store does not create ecosystem value.

No connectivity

Critical verification happens where connectivity doesn't — rural clinics, border posts, polling stations.

No ecosystem

Citizens need a wallet that works across every government service, every bank, every hospital, every university.

The KeyShare Digital ID Platform is the technology foundation behind government credential ecosystems — handling credential issuance, verification, trust governance, and workflow orchestration at national scale.

The Platform

Five pillars. One platform. National scale.

Sovereign Ownership

Your country. Your infrastructure. Your data. Your rules.

The platform deploys within sovereign infrastructure — on-premise or in the government's own cloud account, in-country, under government operational control. The government controls the trust framework, data residency policies, and operational parameters. KeyShare provides the technology. The country owns the ecosystem. Source code available for independent government security audit.

Workflow-Driven Wallet

The citizen wallet is a universal ecosystem interface — not an ID card in an app.

Any organization — government ministry, bank, hospital, university — connects to the ecosystem through a standard integration bridge and sends structured workflows. The citizen wallet renders each interaction dynamically. New workflows create new capabilities — without code changes to the wallet or the platform.

What this looks like in practice:

A national hospital network decides to issue digital vaccination records to citizens through the platform — without any change to the wallet or platform code:

Hospital connects via a standard integration bridge — no custom development.

Hospital defines a workflow — data fields, credential format, consent steps.

Citizen receives it — the wallet renders a screen it has never shown before.

No code changed. The ecosystem expanded. The wallet simply does something new.

Offline-First by Design

Built for the environments where identity matters most.

Rural health clinics, border posts, agricultural extension offices, election polling stations — the locations where identity verification is most critical are the locations with the least reliable connectivity. Verification completes in under 2 seconds with no network connection. Devices operate autonomously for up to 72 hours offline. Three verification modalities work offline: QR presentation, NFC/BLE proximity, and high-density barcode.

Open Standards, No Lock-In

Built on the standards the world is converging on.

The platform supports W3C Verifiable Credentials (v1.1/v2.0), SD-JWT, and ISO 18013-5 mDoc — issued via OIDC4VCI and presented via OIDC4VP. Messaging uses DIDComm v2. Authentication uses FIDO2. Biometric liveness verification is built for ISO 30107-3 compliance. The architecture is eIDAS 2.0 / EUDI-ready.

Open standard interfaces at every architectural layer boundary mean the underlying components are replaceable. The country is never locked into a single vendor for any layer of the stack.

Trust Governance

Trust is not assumed. It is governed.

A government identity ecosystem involves dozens of organizations — each with different authorization levels, different data access needs, and different accountability requirements. The platform provides a full governance model: hierarchical trust chains define who can issue which credential types, verifiable accreditations confirm each organization's authorization, and machine-readable policies enforce rules automatically. Based on the EBSI framework, adapted for multi-country deployment.

For the full technical architecture, see the KeyShare Digital ID Platform.

Inclusion

Designed for every citizen — including those without smartphones.

Delegated Agent Mode

Authorized field agents — government workers, bank tellers, community health workers — facilitate credential operations on behalf of citizens who lack personal devices. The citizen's cryptographic keys and data remain in a secure cloud wallet; the agent's device is a secure interface, not a data custodian.

Custodian Wallet Model

Additional access paths for citizens who need their credentials managed by a trusted institution — with full audit trail and consent management.

Accessibility

Built for WCAG 2.1 Level AA. Multi-language support with right-to-left (RTL) rendering. Gender-responsive by design.

SDG 16.9

Legal identity for all, including birth registration, by 2030. The platform is designed as infrastructure for achieving this goal — extending verifiable digital identity to populations that existing systems have failed to reach.

Standards & DPI

Built on the standards the world is converging on.

W3C VC Credential format

SD-JWT Selective disclosure

ISO 18013-5 mDoc standard

OIDC4VCI/VP Issuance & presentation

DIDComm v2 Secure messaging

FIDO2 Authentication

ISO 30107-3 Biometric liveness

eIDAS 2.0 EU regulatory ready

DPI-native — designed from the ground up.

Interoperability

Open standard credential formats at every interface

Minimalism & Reuse

New capabilities through workflows — zero-code extensibility

Privacy by Design

Selective disclosure, consent management, holder-initiated sharing

Evolvability

Organizations deploy integration bridges independently — the ecosystem grows without platform changes

Sovereign Ownership

Government controls trust framework, data residency, and operational policies

Inclusion

Delegated Agent Mode, custodian wallet, WCAG 2.1 AA

GovStack Building-Block Alignment

Identity — Full Consent — Full Digital Registries — Partial

Security & Partnership

Security architecture for citizen-scale data.

Data Minimization

Verifiers receive only the specific claims they need through selective disclosure. A verifier requesting age confirmation receives a yes/no answer, not a date of birth. Consent management is built into the credential presentation protocol. Architecturally aligned with GDPR.

Cryptographic Key Management

HSM integration for all cryptographic operations — keys never exist outside the secure element in unencrypted form. On-device biometric processing with one-way hash templates. No central biometric database.

Code Auditability

Government-inspectable source code — your security team can audit every line of code that touches citizen data. This is a structural property of the deployment model.

Compliance & Incident Response

Architecturally aligned with ISO 27001 and NIST CSF. Zero-trust design principles. Comprehensive audit trail. Documented incident response procedures with vulnerability disclosure program.

See our Security & Trust Center →

KeyShare builds the platform. Partners deploy it.

KeyShare builds and maintains the sovereign digital identity platform — the engineering, the standards compliance, the credential infrastructure, and the ongoing platform evolution.

Deployment partners customize and deploy the platform for each country's unique requirements: integration with national registries, local infrastructure adaptation, country-specific compliance, and ongoing operational support.

Request a Partner Briefing For technology firms evaluating the platform as a deployment foundation for your region.

Deployments

Active across three continents.

Active government programs spanning Asia-Pacific, Africa, and Latin America. Release 1.0 delivering in 2026.

Asia-Pacific

Africa

Latin America

The breadth of standards the platform supports — W3C VC, SD-JWT, mDoc, OIDC4VCI/VP, DIDComm v2, FIDO2, ISO 30107-3, eIDAS/EUDI — is itself evidence of engineering maturity. Each standard represents months of implementation, testing, and compliance work.

FAQ

Frequently Asked Questions

Most digital identity platforms ship a wallet that stores credentials for a single use case. KeyShare's platform is workflow-driven: any organization — government ministry, bank, hospital, university — connects through a standard integration bridge and sends structured workflows. The citizen wallet renders each interaction dynamically. New workflows create new capabilities without code changes. The wallet is a universal ecosystem interface, not a static credential store.

Yes. The platform is designed for sovereign deployment — within the government's own infrastructure, whether on-premise or in a government-controlled cloud account. The government's servers, the government's operational team, the government's security perimeter. Source code for every component that touches citizen data is available for independent security audit. Three deployment topologies are supported: centralized, decentralized, and hybrid.

By design, not as a fallback. Verification completes in under 2 seconds with no network connection. Devices operate autonomously for up to 72 hours offline, re-syncing trust data automatically when connectivity returns. Three verification modalities work offline: QR presentation, NFC/BLE proximity, and high-density barcode. Automated verification terminals operate without a human operator or a network connection.

W3C Verifiable Credentials (v1.1 and v2.0), SD-JWT, and ISO 18013-5 mDoc for credential formats. Issuance uses OIDC4VCI; presentation uses OIDC4VP. Messaging uses DIDComm v2. Authentication uses FIDO2. Biometric liveness verification is built for ISO 30107-3 compliance. The architecture is eIDAS 2.0 / EUDI-ready. Open standard interfaces at every architectural layer boundary ensure no vendor lock-in.

Delegated Agent Mode enables authorized field agents to facilitate credential operations on behalf of citizens who lack personal devices. The citizen's cryptographic keys remain in a secure cloud wallet. A custodian wallet model provides additional access paths for credentials managed by trusted institutions. Built for WCAG 2.1 Level AA accessibility with multi-language support including RTL rendering.

KeyShare builds and maintains the platform. Deployment partners customize and deploy it for each country — integrating with national registries, adapting to local infrastructure, navigating country-specific compliance requirements, and providing ongoing operational support. This ensures each deployment benefits from deep in-country expertise while running on a globally maintained technology platform.

Privacy by design is an architectural default. Citizens control what they share through selective disclosure. Consent management is built into the credential presentation protocol. Data minimization is structural. Biometric processing happens on-device with one-way hash templates — there is no central biometric database. Architecturally aligned with GDPR and supports deployment-level Privacy Impact Assessments.

Yes, architecturally. The platform uses standard credential formats (W3C VC, SD-JWT, mDoc) that are interoperable by design. A credential issued in one country can be verified in another if both participate in a mutual trust framework. The trust governance model supports cross-border recognition through shared attestation policies.

The platform operates at the credential ecosystem layer — it takes verified identities and makes them usable as credentials that citizens carry in their wallets, present to organizations, and use across sectors. For countries that already have a foundational identity system, the platform integrates with it rather than replacing it. The foundational system establishes identity; the credential ecosystem makes that identity useful across the entire economy.

Ready to explore the platform?

Request a government briefing — a substantive conversation about your country's digital identity requirements, architecture, and deployment model. We'll connect you with the right team for your region.

Request a Government Briefing Download DPI Alignment Brief

Assess your country's digital identity readiness →