Governance

Preamble

IDunion is an ecosystem of public and private parties which jointly operate an infrastructure to enable the issuance and verification of digital credentials. One of the decisive criteria for the success of the project are the rules and standards applying for the different participants in the ecosystem. These basic rules are laid down in the statutes, rules of procedure and other agreements of the IDunion-SCE. SCE stands for Sociedad Cooperativa Europea and is a European legal form. The statutes describe the rights and obligations for the parties involved and form the foundation for successful cooperation. Hereinafter, we are going to take a closer look at the most important components in the ecosystem, which are necessary to ensure trust in the digital space.

Public funding & history

In 2020, the Federal Ministry for Economic Affairs and Energy (BMWi) launched the competition phase of the showcase programme “Secure Digital Identities“. The BMWi’s goal is to fund projects with an innovative approach and new concepts for secure digital identities for citizens. At that time, the IDunion project participated in the funding programme under the name “SSI for Germany” and developed a concept for decentralized identity management based on the principles of self-sovereign identities (or SSI in short). Within this project, the governance policy of the European Cooperative Society was presented in detail for the first time.

Constituents and objectives of governance

IDunion strives for a well-balanced relationship between a technologically trustworthy infrastructure and a transparent model of cooperation.

From an organizational point of view, this is based primarily on the contractually defined structures and processes for efficient cooperation. From a technological point of view, it is specifically the decentralized technologies and protocols which allow to avoid potential information asymmetries and control points during operation. The governance policy is aimed to ensure efficient decision-making as the number of participants increases, and to establish and maintain trustworthy and non-monopolistic structures. Maintaining European legal conformity is key.

International standardization & governance

The standardization and ongoing development of the technological open-source frameworks is done in the Hyperledger Project by the Linux Foundation and is therefore subject to the governance of the Linux Foundation and/or the Hyperledger Project. The basic components “Verifiable Credentials” and “Decentralized Identifiers” (DID) are specified and standardized by the World Wide Web Consortium (W3C). The communication protocol “DIDComm” and other important aspects are standardized by the Decentralized Identity Foundation (DIF). Any extension, integration and operation of the infrastructure based on this are subject to the contractual cooperation model of the IDunion-SCE.

Rules and standards of the cooperative

The European Cooperative Society (SCE) Regulation provides the legal basis for the collaboration of different legal entities from any EU country. The key points of the regulation provide a suitable framework to formalize IDunion with democratic structures and a high degree of digitalization. The organizational structure as well as the rights and obligations of the involved parties are further specified in the statutes and rules of procedure and form the foundation for a successful collaboration.

The technical network

The decentralized network does not provide public write access but follows a hybrid model: the operation of the decentralized databases and write access are restricted to verified entities and are regulated via the governance policy of the IDunion SCE. Read access, on the other hand, is public and thus allows for the necessary scaling of applications. The regulatory requirements and the goal of an identity network that is as open and decentralized as possible can thus be ensured.

Participating in the society’s governance processes

Currently, IDunion is a consortium of various companies and public institutions working together as a research and development project within the framework of the BMWi’s (Federal Ministry for Economic Affairs and Energy of Germany) funding programme. The founding of the SCE has been prepared but has not yet taken place. In principle, once the IDunion-SCE has been founded, participation is open to other members. The work of the IDunion-SCE is structured through various bodies (supervisory board, management board, committees, and general assembly). Their activities are regulated in the governance processes. Further details are set out in the section on the structure of the cooperative.

Building trust in the IDunion network

Three essential points are crucial for building trust in the ecosystem: the technical infrastructure of the network, the secure and generally accepted representation of identities and/or the presentation of credentials, as well as the rules and standards governing the transfer of data between the participants.

Sustainability and non-profit principle

The IDunion cooperative serves its members, pursues non-profit purposes, and is aimed at a sustainable continuation of the cooperative. As a non-profit organization, IDunion does not generate profits for its members and does not pursue profit maximization but focuses on covering its operating costs and on reinvesting in a sustainable manner. Any income earned by or donated to SCE is used to pursue the organization’s goals and to maintain its operations.

For more information please refer to the documents referenced below or to our FAQ section.

Illustration of the Structure

Going forward, the identity network shall be organized as a European Cooperative Society in which any EU institution can participate.

They comprise all legal documents of the company

Those Full Members whose corporate bodies or employees have been elected to the Supervisory Board of the Cooperative shall be entitled and obliged to exercise the role of “Trustee” in the Network.

(1) The Supervisory Board shall appoint and dismiss the Executive Board. It shall support and supervise the management of the Executive Board, it shall be familiar with the current issues of the cooperative and its institutions and conduct the necessary audits. The Supervisory Board may request information from the Executive Board on matters of the cooperative at any time. The Supervisory Board shall report to the General Assembly on its activities.

(2) The Supervisory Board shall decide on the admission of new members to the cooperative.

(3) The Supervisory Board shall represent the cooperative vis-à-vis the members of the Executive Board in and out of court.

Role of trustees:
Trustees set the rules of the network at its foundation and can amend the rules of the network according to prescribed voting rules. Each trustee has their own DIDs and keys, which are independent of other roles.

Among other things, the Technical Committee decides on the allocation of development resources and advises the Executive Board on the ongoing development of the network and/or network components. Furthermore, the committee fosters and coordinates cooperation with the international developer community.

A policy Board, which, among other things, establishes an institutional set of rules for the network and advises the Executive Board on legal issues.

Public Advisory Board, which, among other things, advises the Board of Directors on cooperation with the public sector and scientific institutions.

The Board of Directors shall manage the business of the cooperative on its own responsibility in accordance with the legal framework applicable to an SCE. The Board of Directors is appointed and dismissed by the Supervisory Board.

This includes the registration of the trademark as well as possible IP rights for legal defence purposes. The partners also plan to jointly set up their own defensive patent pool (as protection against possible patent attacks by third parties) or join another defensive patent pool if necessary.

A node operator is an organization that meets the relevant qualifications and is thus allowed to operate a server in the IDunion network. These qualifications are specified by the governance bodies.

An endorser is an organization authorized – as per the restricted write access – to approve a transaction by digitally signing that transaction so that it is accepted by a node operator.

The transaction author is an entity that initiates a transaction. This is usually a legal entity that writes its own public key or decentralised identifier to the network.

Network Monitor
Use of a system to constantly monitor a network for faulty components.

According to the German Cooperative Societies Act, every cooperative must belong to a cooperative association that has been granted the right to audit. This association carries out the audit of the cooperative’s foundation and then also audits the economic situation and the proper conduct of the cooperative’s business at regular intervals.

Governance FAQ

About the cooperative:

The network is set up and operated by a European Cooperative Society (S.C.E. = Societas Cooperativa Europaea). This S.C.E. is specifically based on the European legal framework and enables the verification of identity data in accordance with the rights and regulations applicable in Europe as well as with established standards on data protection and IT security. This European legal form gives companies and institutions from all European member states an equal and fair opportunity to contribute to the cooperative’s rules and standards. In doing so, IDunion acts in the interest of all its members. Each member has one vote, which ensures a truly democratic representation of interests. Thanks to this specific legal form, the SCE can adapt to changes in the market, while offering the necessary security and reliability for previously agreed processes. Among other things, the legal form is highly convenient for the digitalization of processes. It offers freedom of scope and flexibility and is based on the European legal framework.

The SCE is based both on European and national law, with European law being directly applicable based on the Council Regulation for the SCE. The SCE implementing laws of the member states (SCEAG)build on this. In addition to this, the SCE Participation Act (SCEBG). applies in Germany. In case a certain area is not or only partially regulated by SCE laws, the SCE is also subject to the cooperative law of the member state in which the SCE has its registered office. In Germany, the German Cooperative Act (GenG) shall apply. Within this legal framework, the specific organisation of the SCE is regulated by its statutes and rules of procedure.

All members receive at least one share upon joining the European Cooperative Society. All members are therefore also the owners of the European Cooperative Society.

The purpose of the cooperative is to establish and operate a decentralised network for linking and securing the identities of natural and legal persons and things, in compliance with the relevant legal provisions in Europe (e.g GDPR, eIDAS ordinance and legal provisions of the cooperative).

The basic prerequisites for the establishment and growth of the digital economy are digital identities that are accessible, interoperable, secure, and easy to use for everyone. Our network is built on decentralised, heterogeneously distributed nodes and agent software and relies on the European legal framework (GDPR, eIDAS).

Based on the European legal framework and principles, the cooperative provides a decentralised network for linking/securing:

• Identities of natural persons worldwide on the network
• Identities of legal entities worldwide on the network
• Identities of things worldwide on the network

Our concept for decentralised and self-sovereign identities complies with the global standards of the DIF, the W3Cs, and the ToIP Foundation, such as Verifiable Credentials, DIDs and DIDComm, to ensure the best possible interoperability with other SSI networks.

We aim to establish data sovereignty for individuals, businesses, and citizens. Furthermore, our infrastructure relies on the principles of Security by Design and Privacy by Design.

  • Clear alignment with the European legal framework.
  • Broad participation from most diverse sectors consisting of private and public representatives.
  • Transparent governance based on European values.
  • As a general rule, the institutions that link identities to the network are also node operators and thus have a natural interest in the stability of the network.
  • The cooperative benefits from long-term and independent funding, ensuring independence from third party investors.

1. Building and operating the technical network

  • Stability of the network and coordination of the node operators.
  • Ongoing development of the technical framework for the implementation of the network based on Hyperledger Indy.
  • Incident management, maintenance of the network incl. service and bug-fixing.
  • Coordinated contributions for software agent modules and building blocks, such as data schema structures, communication protocols and semantics.

2. Building and developing the partner ecosystem.

  • Winning and onboarding of new partners.
  • Operation, contracting, office management as well as billing and invoicing.
  • Governance Orchestration of organizational bodies, election of boards, democratic decision-making processes.
  • Legal issues, liability issues and contract management (internal and external).
  • Coordination of use cases between existing partners.
  • Ensuring sufficient proposals and use cases for end customers through cooperation with providers.
  • Organisational growth and ensuring competitiveness.

3. Communication with external stakeholders

  • International cooperation and participation in establishing international standards.
  • Public relations, marketing, and the provision of public resources.

All decisions are taken by the members or organs of the cooperative. These are:

  • The Board of Directors, which represents the cooperative and acts as managing body.
  • The Supervisory Board, which is appointed by elected representatives from among the full members. It appoints and supervises the Board of Directors, decides on the admission of new members and represents the cooperative. The Supervisory Board is supported by committees such as the Policy Board for regulatory issues, the Technical Steering Committee for technical issues relating to the (future) development of the network, and the Advisory Board for issues relating to cooperation with public and scientific stakeholders.
  • The General Assembly, where the members of the cooperative exercise their membership rights. This includes, among other things, the election of the Supervisory Board, all financial declarations and disposition of funds, or any adjustments to the cooperative’s legal form.

The members pay an annual membership fee, which is based on the size of the enterprise. Categories are as follows:

  • Small enterprises (<10 employees)
  • Medium-sized companies (<250 employees)
  • Large companies (<3000 employees) and
  • Very large enterprises (>3000 employees).

The exact membership amounts are currently being worked out and will be accessible in the bylaws as soon as this document is available.
Furthermore, it is intended to allocate the fixed costs of network operation on the basis of the number of transactions done.

Here you can find the articles of association.

No, the cooperative does not offer its own wallets or other software agents. However, such applications can be provided by individual members. These can be found here.

To build trust in the ecosystem, three essential points are crucial: the technical infrastructure of the network, the secure and generally accepted issuing of identities and/or the provision of certificates, as well as the rules and standards according to which the participants exchange data with each other.

Infrastructure

The Infrastructure represents the core of the ecosystem. Since no content data (personal data) is being kept in the distributed database – only “reference data” (e.g. the public key of the credential issuer) – the need to specifically protect this data is of lesser importance. Data integrity is ensured by using a distributed database, which is hosted on several servers in the network. What is more important, however, is the status of the credentials (valid/revoked) and the robustness of the entire network, to ensure failure protection.

The node operators themselves must identify themselves and can be verified by means of the network as decentralized public key infrastructure (dPKI infrastructure). The endorser) writes the transactions onto the IDunion network on behalf of the transaction authors.

The relationship between the issuer, the holder of the credentials and the verifier can be illustrated as a trust triangle where the parties trust each other based on the common terms and conditions. The technical trust is ensured by means of encryption.

The Walletin which the holder stores his credentials is a security component protected against attacks. The information stored in the wallet must be secured against being changed, exchanged or copied without notification. The wallet itself and the associated actions for sharing content are controlled by the holder and can only be released through an authentication tool (e.g. by means of an unlocking mechanism such as biometrics).

The issuer is a fundamental trust anchor in the network. The issuer itself can be verified by its public key (or decentralised identifier) by means of the network. Write access to the IDunion network requires confirmation by an endorser.

The Verifier is able to check the status of a credential as well as that of the issuer. He must be able to rely on the accuracy of the information, either because the verifier relies on it for any further processing and is liable for services linked to it, or because he himself offers the verified information as a service. The credential issuer is able to identify himself within the network by means of a unique identity according to defined rules and processes. Thus, the verifier can proceed with a fully compliant verification.

Representation of Identity

The starting point of the identity verification is the representation of the identity by means of an identification document issued by a sovereign authority (ID card, passport), which is stored as a verified credential in the user’s wallet. This can be done, for example, by reading the ID card equipped with an eID function via the NFC interface, or by issuing credentials based on user data previously collected in data-compliant form by, e.g., financial institutions. This will significantly increase the reach of the network.
For the representation of identity it is crucial to take into account the European eIDAS Regulation, which was introduced in 2014. It constitutes the legal framework for electronic identifications and the mutual recognition of (notified) identity systems in the EU and thus also sets the technical standards (e.g.
CEN and ETSI) in addition to the legal framework.
For legal entities, identity cards referring to the institution confirm that a specific DID belongs to an organization listed in public registers. With these ID cards, institutions will initially identify themselves in order to establish secure connections with each other. This will enable dynamic scaling of participating organizations and interoperability with other networks. Based on European Directives (eIDAS), these institutional identity cards can be issued by qualified trust service providers or by issuers accredited with other organisations (e.g. GLEIF).

Rules and Standards of the Network

The articles of association of the European Cooperative Society constitute the primary guideline for the participants of the network. This also includes the contracts for participation for the rights and rules system for the administration of the distributed database as well as its access restriction controlled by authorizations and role allocations. The schema regulations, which specify the requirements, especially with regard to the quality, input and acceptance of the content, supplement the set of rules. They document the joint responsibility of the network and give all participants the possibility to refer to them at any time.

For Members:

The cooperative distinguishes between the following two types of membership:

  • Full members:
    They are fully eligible to exercise all rights of participation in the cooperative without restriction. Only legal entities under private and public law or commercial partnerships (or equivalent legal forms under foreign law) whose parent company has its registered office in the European Union, Norway, Switzerland or the United Kingdom can become full members of the cooperative.
  • Supporting members:
    They have limited rights of participation in the cooperative. For example, a supporting member cannot become a “trustee”, their representatives cannot be elected to the supervisory board. The joint voting rights of all supporting members are limited to a maximum of 25%.

A member is admitted on the basis of a written application for membership and admission to the cooperative. The supervisory board within the cooperative decides on admission. You can submit a written application here.

No, for using the network no membership of IDunion is required. Interested legal entities can register as endorsers to be able to write on the ledger.

All members must show a permanent willingness to support and promote the objectives and core principles of the cooperative as well as the purpose of the company; they must show an ongoing commitment and cooperate in accordance with the Articles of Association.

Within the scope of their possibilities, the members shall make services and products developed by them available to the cooperative, and/or they shall make use of the offers, facilities, services and/or benefits of the cooperative.

Every member has the right to make use of the offers, facilities, services and/or member benefits of the cooperative. Depending on the type of membership (full member / supporting member), it is granted the cooperative rights according to the Articles of Association.