Stephan Wolf, CEO of GLEIF, reports on the rapid progress GLEIF and its partners have made in creating a standardized and independent service that allows any legal entity in the world to digitally confirm its authenticity
For businesses around the world, trust in digital authenticity is a scarce commodity. Can you be sure that your bank’s website is not an elaborate phishing scam? Do the electronic invoices really come from your business partner? How can you tell?
As businesses increasingly collaborate and transact remotely and across borders, the systems they use to build trust must also evolve.
GLEIF has worked to directly address this requirement by enhancing the global LEI system with a “verifiable LEI” (vLEI), a standardized, digitized version of the LEI that enables instant, automated trust between legal entities and their authorized representatives and the legal entities and counterparty representatives with whom they interact.
To trust in the future, the business world needs the LEI
Led by GLEIF, the global LEI system has for years provided open and reliable data that uniquely identifies legal entities around the world. With more than two million LEIs now in use, GLEIF is now taking steps to build on this success by driving the voluntary adoption of LEIs by legal entities across all industries worldwide to establish the LEI as the de-facto global system for organizational identity.
Helping legal entities participate effectively in the global digital economy is central to this goal. But it’s a dangerous world out there, and things are moving fast. In 2021 alone, cybercrime cost the global economy an estimated $6 trillion. New business models and newly automated processes are constantly emerging, driven by myriad technological advances, from APIs to blockchain to IoT.
Against this backdrop, it is easy to understand why digital trust between legal entities is rare. Yet that is precisely what is needed: When legal entities digitally engage with their customers, partners and suppliers, they need to be able to trust that these organizations are indeed who they say they are.
Building digital trust is therefore central to GLEIF’s ongoing work. They believe that every legal entity in the world should have only one global identity that supports their participation in the digital economy. Only then can everyone collaborate in a way that unlocks the true potential of digitalization: Innovation and collaboration can flourish without geographical boundaries, and money, goods and services can flow securely around the world faster, more efficiently and more cheaply than ever before.
A new digital trust ecosystem for legal entities everywhere
GLEIF has been working to extend the global LEI system to directly meet this requirement. Their work began by looking at existing systems that enable digital trust, for example by standardizing the way a legal entity’s LEI code can be embedded in digital certificates.
In parallel, they also looked for next-generation technologies that could be developed to create a new system.
In the early 2020s, the idea was born to create a digitally verifiable version of the LEI – the vLEI. The concept was simple: enable a legal entity to use its LEI to establish instant, digital trust with counterparty organizations and their representatives.
Move fast and create things
By December 2020, a series of research initiatives confirmed demand from the pharmaceutical, healthcare, telecommunications, financial services and automotive industries, prompting GLEIF to launch an international cross-industry development program. The program aimed to create an ecosystem and credential management framework and technical infrastructure for vLEI.
Three months later, in February 2021, GLEIF unveiled its models for the vLEI technical infrastructure and issuance process. This sets out how a legal entity’s LEI code will be packaged into verifiable credentials and issued by GLEIF to legal entities through a network of qualified vLEI issuers. The infrastructure establishes GLEIF as a digital “trust foundation” that ensures the integrity of the vLEI chain of trust. This means that all vLEIs can be traced back to their original LEI record in the global LEI index through a cryptographically protected chain of credentials.
GLEIF also recognized that to be adopted by all legal entities, the vLEI system must work seamlessly and securely with all technology models, including blockchains, cloud services and APIs. To achieve this, GLEIF adopted a ‘network of networks’ approach enabled by the Key Event Receipt Infrastructure (KERI) protocol.
Using KERI, vLEIs can be created and used independently of any particular organization, while ensuring the highest levels of security, privacy and ease of use. KERI also allows GLEIF and the vLEI trust ecosystem to operate under the GLEIF governance framework, unencumbered by the governance of external systems, including those of blockchains and distributed ledger consortia.
A busy year ahead: software, governance, standardization and field trials
The year 2022 is already full of vLEI activities.
In February, GLEIF published the vLEI Ecosystem Governance Framework, which is fully in line with the standards and recommendations of the Trust Over IP Foundation (under the auspices of the Linux Foundation). Developed from the ground up to complement GLEIF’s existing LEI governance, the framework defines the vLEI operating model and describes how the various actors in the new ecosystem issuing vLEIs will qualify for and perform their roles in the global LEI system. It provides essential details on the governance structures and processes that will shape the development of the vLEI ecosystem, together with the services provided by GLEIF.
Also in 2022, vLEI’s open-source beta software will enter field testing after a year of development and sandbox testing in a number of industry verticals. The software will provide functionality for issuing, presenting and revoking vLEI’s verifiable credentials and enable secure key management using the KERI protocol.
Finally, GLEIF’s standardization work with the ISO/TC 68/SC 8 committee is also nearing completion, with an international standard (ISO 5009) for defining official organizational roles in financial services reference data currently being published. Once implemented, the ISO 5009 standard will enable a globally consistent listing of official organizational roles in a structured form so that they can be specified by a legal entity and included in its vLEI official organizational role disclosures. Similarly, the standard will enable organizational roles to be referenced consistently and embedded in other digital assets that use the LEI, such as digital certificates, now and in the future.
A bright future
The vLEI has the potential to become one of the most valuable digital credentials in the world; it is set to become the mark of authenticity for any legal entity anywhere. This new family of digital credentials can serve as a chain of trust for anyone who needs to verify the legal identity of an organization or a person lawfully acting on behalf of that organization. It changes the rules of the game for organizations’ digital identities and will represent a fundamental shift in digital trust that will benefit every country, every business and ultimately every citizen in the world.