DLT Identity Solutions: Self-Sovereign Identity, Verifiable Credentials, and Swiss Digital ID
Digital identity is a foundational infrastructure layer for the Swiss DLT ecosystem. Every DLT application — from tokenised securities trading to supply chain verification to decentralised finance — requires mechanisms for identifying participants, verifying credentials, and managing access controls. The emergence of self-sovereign identity (SSI) frameworks, built on distributed ledger technology, offers a paradigm shift from centralised identity management toward user-controlled digital identity that aligns with Switzerland’s strong traditions of privacy, data sovereignty, and institutional trust.
The Identity Challenge in DLT
Traditional digital identity systems rely on centralised identity providers — governments, banks, technology companies — that issue, verify, and manage identity credentials on behalf of users. This model creates dependencies on identity providers, concentrates personal data in centralised databases, and introduces friction when identity must be verified across organisational or jurisdictional boundaries.
In the DLT context, the identity challenge takes specific forms. Permissioned DLT networks require participant identification for governance, compliance, and access control. Regulatory requirements — particularly AML/KYC obligations — mandate the identification and verification of parties to financial transactions. Cross-chain interoperability requires identity portability across different networks. And the privacy expectations of DLT users demand identity mechanisms that enable selective disclosure without unnecessary data exposure.
Existing identity solutions address some of these requirements but fall short in others. Centralised KYC databases enable compliance but create data silos and privacy risks. Federated identity systems (such as SAML and OpenID Connect) enable cross-organisational authentication but depend on bilateral trust relationships. Blockchain-native pseudonymous identities (wallet addresses) provide privacy but do not satisfy regulatory identification requirements.
Self-Sovereign Identity
Self-sovereign identity (SSI) is a framework in which individuals control their own identity credentials without depending on a centralised authority. In an SSI system, identity credentials are issued by trusted authorities (governments, banks, universities, employers), held by the individual in a digital wallet, and presented to verifiers who can independently confirm the credential’s authenticity and validity without contacting the issuer.
The technical architecture of SSI systems typically comprises three components: decentralised identifiers (DIDs), verifiable credentials (VCs), and a verifiable data registry (which may be implemented on a distributed ledger).
Decentralised identifiers are globally unique identifiers that can be resolved to DID documents containing public keys and service endpoints. Unlike traditional identifiers (email addresses, usernames), DIDs are not issued by a centralised authority and can be created by any entity. The DID document, which is typically anchored on a distributed ledger, contains the cryptographic material needed to authenticate the DID controller.
Verifiable credentials are digitally signed attestations issued by a credential issuer to a credential holder. A VC might attest to the holder’s identity (issued by a government), professional qualification (issued by a professional body), credit rating (issued by a rating agency), or KYC status (issued by a bank). The holder stores VCs in a digital wallet and presents them to verifiers as needed. The verifier can cryptographically confirm the VC’s authenticity by checking the issuer’s digital signature against the issuer’s public key, which is registered on the distributed ledger.
Selective disclosure mechanisms enable the holder to reveal only the specific attributes required by the verifier, without disclosing the entire credential. For example, a verifier who needs to confirm that the holder is over 18 years old can receive a proof of this fact without learning the holder’s exact date of birth, name, or other personal details. Zero-knowledge proof technology enables selective disclosure that is cryptographically verifiable without revealing unnecessary information.
Swiss Digital Identity Landscape
Switzerland’s digital identity landscape is shaped by several legislative and policy developments that create both opportunities and constraints for DLT-based identity solutions.
The Swiss E-ID Act (BGEID), passed by parliament and currently in implementation, establishes a framework for government-issued electronic identity credentials. The act mandates a decentralised architecture in which the government issues identity credentials but does not store or process the identity data centrally. The individual retains control over their credentials through a digital wallet, presenting them to verifiers as needed. This architectural choice aligns closely with SSI principles and creates a natural integration point between the government-issued e-ID and DLT-based identity infrastructure.
The city of Zug’s pioneering blockchain-based digital identity initiative, launched in 2017, demonstrated the feasibility of DLT-based identity for municipal services. Residents could register a digital identity on the Ethereum blockchain and use it to participate in municipal votes and access city services. While the initial implementation was a pilot, it established Zug as a reference point for government engagement with DLT-based identity and attracted international attention.
The Swiss financial sector’s KYC infrastructure, which requires banks and other financial intermediaries to verify the identity of their clients, creates a significant use case for DLT-based identity solutions. The ability to issue verifiable KYC credentials — attesting that a client has been identified and verified by a regulated financial institution — and to present these credentials to other institutions for onboarding purposes, could significantly reduce the cost and friction of client onboarding in the Swiss financial system.
Applications in Swiss DLT Ecosystem
DLT-based identity solutions serve multiple functions within the Swiss DLT ecosystem.
DLT securities compliance requires the identification of token holders for AML/KYC purposes, shareholder register maintenance, corporate governance (voting, general meeting participation), and tax reporting. Verifiable credentials that attest to KYC status, investor qualification (professional or retail), and tax residency can be integrated with token smart contracts to enable automated compliance checks at the point of transfer.
Institutional DLT network access control relies on identity mechanisms that verify the eligibility of participants to join and transact on permissioned networks. Verifiable credentials issued by network authorities can replace manual onboarding processes, enabling automated provisioning and de-provisioning of network access based on the validity and attributes of the participant’s credentials.
Cross-border identity verification is particularly relevant for Switzerland’s internationally oriented financial sector. Verifiable credentials that are interoperable across jurisdictions — enabling a Swiss bank to verify a credential issued by a foreign government or financial institution — would reduce the friction and cost of cross-border client onboarding. The development of international interoperability standards for verifiable credentials is essential for this use case.
Supply chain participant identification requires the verification of manufacturers, transporters, inspectors, and other supply chain actors. DLT-based identity solutions enable the issuance and verification of credentials that attest to a supply chain participant’s identity, certifications (ISO standards, organic certification, fair trade accreditation), and regulatory compliance status.
Privacy and Data Protection
The use of DLT for identity management raises specific data protection considerations under the Swiss FADP and, where applicable, the EU GDPR.
The storage of personal identity data on a distributed ledger creates tension with the right to erasure and the principle of data minimisation. Swiss DLT-based identity solutions address this tension through several architectural choices: storing personal data off-chain in encrypted form, with only non-identifying references (hashes or pseudonymous identifiers) recorded on the ledger; using zero-knowledge proofs to enable credential verification without revealing the underlying personal data; and implementing revocation mechanisms that allow credential issuers to invalidate credentials without deleting the on-chain record.
The principle of purpose limitation requires that personal data collected for one purpose not be used for another without the individual’s consent. In a verifiable credential model, purpose limitation is built into the architecture: the holder decides which credentials to present to which verifier and for what purpose, retaining control over the use of their personal data.
Technical Standards and Interoperability
The interoperability of DLT-based identity solutions depends on the adoption of common standards for DIDs, verifiable credentials, and credential exchange protocols.
The W3C Decentralised Identifiers (DID) specification defines the syntax, data model, and resolution mechanism for DIDs. Multiple DID methods have been developed for different ledger platforms, enabling DIDs to be created and resolved on Ethereum, Hyperledger Indy, and other DLT networks.
The W3C Verifiable Credentials Data Model defines the structure and properties of verifiable credentials, providing a common vocabulary for credential attributes, issuer identification, and proof mechanisms. The standard is designed to be ledger-agnostic, enabling credentials to be issued and verified across different DLT platforms.
The DIDComm messaging protocol, developed by the Decentralised Identity Foundation, provides a secure, transport-agnostic protocol for communication between DID-identified parties. DIDComm enables the exchange of verifiable credentials, the negotiation of trust relationships, and the management of identity-related workflows in a decentralised manner.
Outlook
The convergence of Switzerland’s e-ID legislation, the maturation of SSI technology, and the growing demand for identity infrastructure within the DLT ecosystem creates a favourable environment for the development and adoption of DLT-based identity solutions. The Swiss e-ID’s decentralised architecture provides a government-backed foundation on which private-sector identity solutions can build, creating a layered identity ecosystem that serves both public administration and commercial applications.
The key challenges remaining include the development of governance frameworks for verifiable credential ecosystems, the achievement of cross-border interoperability through international standards adoption, and the building of trust in DLT-based identity mechanisms among institutions and individuals accustomed to centralised identity models.
For related analysis, see our coverage of privacy-preserving DLT and healthcare DLT applications.
Donovan Vanderbilt is a contributing editor at ZUG DLT, covering distributed ledger technology law, regulation, and institutional adoption from Zurich. The Vanderbilt Portfolio AG provides research and analysis on Swiss digital asset infrastructure.