Blockchain

European Blockchain Sandbox: Lessons Learned

8 Min Read
image

Constructing a Web3 Identification Answer

TL;DR:

The European Blockchain Sandbox has concluded its second cohort, that includes IOTA Basis’s Tokenized Know Your Buyer Answer with IDnow, walt.id, and Bloom Pockets. The Sandbox supplied key classes on compliant and privacy-preserving id verification in Web3, together with using off-chain verification, soulbound tokens, and GDPR-aligned pockets and node practices.

We’ve accomplished our participation within the European Blockchain Sandbox, a three-year initiative by the European Fee that offers revolutionary distributed ledger tasks the prospect to check their options with regulators throughout Europe. Every year, 20 tasks are chosen to hitch, and the IOTA Basis was a part of the second cohort, which ran from June 2024 to March 2025.

Our contribution centered on the Tokenized Know Your Buyer (KYC) Answer, developed along with IDnow, walt.id, andBloom Pockets. This proof-of-concept answer lets customers confirm their id off-chain and obtain a tokenized proof of their pockets. This enables dApps, exchanges, and different providers to substantiate eligibility necessities (akin to age verification) with out exposing delicate information on-chain.

The shut of the sandbox is marked by the European Fee’s Greatest Practices Report for the second cohort. The report shares suggestions and greatest practices from this system, providing beneficial steering for anybody growing DLT options and navigating their regulatory implications.

Key Sandbox Takeaways: Sharing Buyer Information

A key focus within the Sandbox was how Anti-Cash Laundering (AML) and KYC guidelines apply in apply. Regulators emphasised that crypto-asset exchanges and different service suppliers have a authorized obligation to know their customers’ identities. This is the reason our Tokenized KYC Answer allows the entity accountable for finishing up a KYC verify to acquire entry to verified private information from the id verification supplier (in our case, IDnow). Equally, authorities just like the police can request private information linked to a particular non-transferable (soulbound) token.

To make buyer onboarding simpler, firms can typically reuse KYC information that one other entity has already collected. However the guidelines for doing this fluctuate throughout Europe. In some nations, information can solely be shared among the many similar class of entities, whereas broader sharing requires particular approval from nationwide authorities. Fortuitously, the upcoming Anti-Cash Laundering Regulation (AMLR) is predicted to harmonize these guidelines concerning using buyer info collected by different entities.

Key Sandbox Takeaways: Soulbound Tokens

The Report additionally highlighted key learnings on self-hosted wallets, KYC, and the way information is classed on public permissionless DLTs like IOTA. In our Tokenized KYC Answer, solely soulbound tokens are recorded on-chain. These tokens don’t comprise private information themselves however show that the KYC course of was accomplished, with the underlying KYC information saved securely off-chain. The Sandbox famous that such tokens should be handled as pseudonymized private information, which means the GDPR applies. As a result of this classification could evolve with new case legislation and tips, it requires ongoing evaluation. To attenuate information safety dangers, our answer follows a knowledge safety by design method by limiting the quantity and sort of information shared on-chain. This follows the precept of information safety by design.

Key Sandbox Takeaways: Pockets Suppliers and Node Operators

One other vital matter within the Sandbox was howwallet suppliers and node operators are categorised beneath the GDPR.

  • The report concludes that self-hosted pockets suppliers aren’t thought-about information controllers or processors if the pockets runs solely on the consumer’s system with out counting on an exterior backend. In our Tokenized KYC Answer, verified id information stays off-chain with IDnow, whereas the consumer’s self-hosted pockets solely holds a soulbound KYC attestation. This design aligns with the GDPR steering: duty for private information rests with the entities that truly entry or use it – for instance, IDnow for verification and off-chain information storage and, the place relevant, an integrating service like a dApp or alternate when it lawfully requests or makes use of the information.
  • The GDPR classification of node operators wants cautious nuance. As we lately commented on the European Information Safety Board’s European Information Safety Board’s tips for private information in blockchains, nodes carry out solely technical features; they neither decide nor management the needs of information processing. Treating them as controllers would misrepresent their position and impose disproportionate obligations. Our Tokenized KYC Answer reinforces this distinction. Verified id information stays off-chain with IDnow, whereas the chain information solely a non-transferable KYC attestation with out private attributes. Nodes merely relay or validate this pseudonymised attestation and by no means entry the id dataset. Even when such attestations qualify as private information, the design minimizes on-chain publicity and ensures accountability rests with the entities that truly course of id info. This supplies a workable path to fulfill AML/KYC necessities whereas respecting rel=”noreferrer”>Switch of Funds Regulation and Anti-Cash Laundering Regulation require entities like cryptoasset exchanges to carry information in regards to the consumer of a self-hosted pockets and to determine the proprietor of the self-hosted pockets. On the similar time, dApps and DeFi operators are more and more in search of methods to allow compliant id checks with out compromising privateness and safety. There may be an growing want for on-chain identification instruments to make sure clean and compliant interactions in Web3 ecosystems.

    Our proof-of-concept Tokenized KYC Answer brings collectively all the required steps into one easy-to-use software:

    • A trusted celebration witnesses an identification course of and tokenizes it as a soulbound token, permitting dApps and different entities to have faith within the identification course of, with out revealing the precise Personally Identifiable Data.
    • The soulbound token can be utilized for on-chain processes, permitting Web3 native interactions.
    • The trusted celebration can reveal the id info if requested by an authorised celebration (e.g., legislation enforcement).
    • The trusted celebration may also revoke the token if an invalidation is required (e.g., watchlist adjustments).

    Following the completion of this undertaking, the rebased IOTA Mainnet has launched with a brand new structure primarily based on the Transfer Digital Machine. To assist use circumstances just like the Tokenized KYC Answer, we’ve developed the IOTA Belief Framework, a set of composable infrastructure parts, every developed with privateness, compliance, and value in thoughts.

You Might Also Like

UK Startup Optalysys Debuts Server for Blockchains

AI Agents Were Supposed to Power a New Economy on Blockchain —What Went Wrong

Blockchain and no-code tools challenge AWS’ dominance: Crypto exec

Interview With Charles Hoskinson and Shahaf Bar-Geffen, CEO of the COTI Blockchain Network

Social Currencies In Brazil: Blockchain’s Newest Frontier?

TAGGED:
Share This Article
Leave a comment

Popular News