Trust between organizations needs a foundation that lasts.

nexyo Trust issues verifiable credentials, manages them across their entire lifecycle and operates the trust anchor that every participant relies on.

Credential Issuance and Trust Infrastructure for Data Spaces

See the live demo How onboarding works
W3C Verifiable Credentials did:web ID Austria · USP EUDI-ready Self-hosted Credential cascade
The starting point

Every digital cooperation begins with the same question: is my counterpart real?

Data spaces, the EUDI Wallet, supply-chain due diligence, the Data Act. Organizations increasingly need to trust each other digitally, across company boundaries, machine-readable, in real time.

Data spaces

Anyone joining a data space must be verified as an organization before the first record flows.

EUDI Wallet

From 2026, citizens and companies carry their credentials in the wallet. Someone has to issue them.

Supply chain & Data Act

Due-diligence duties require proof that can be verified beyond the boundary of your own system.

The problem

Today, trust is sent as a PDF attachment. That does not hold.

Every proof is an island. Whoever wants to verify has to make a phone call. And regulatory pressure keeps growing.

The PDF certificate

It looks genuine but proves nothing. Not cryptographically signed, freely copyable, never revocable.

The Excel member list

Who is a member sits in a spreadsheet that no one outside the organization can verify.

The email confirmation

Authorizations are promised by mail. That is neither machine-readable nor court-proof.

"A claim is not proof. It is just a claim on letterhead."

The solution

nexyo Trust turns claims into proof that anyone can verify.

A stand-alone credential issuer, a trust list, a cascade mechanism. The PDF becomes a cryptographically signed, verifiable credential. The claim becomes proof.

Identity+Issuance+Cascade
The model

Onboarding is the door. Trust is the house.

One image that carries the whole architecture. You pass through the door once. You live in the house permanently.

The door

Onboarding
  • A one-time, formal entry
  • The participant proves identity and is checked
  • Takes minutes, not weeks
  • Ends with the first issued credential

The house

Trust
  • The permanent operation that stays
  • Credentials are renewed and revoked
  • The issuer identity and the trust list live here
  • The cascade grows and is maintained

The credential is the key. The cascade is the master key.

How it works

Three layers carry the house: identity, issuance, cascade.

Each layer builds on the one below. Together they form proof that anyone can verify without asking nexyo.

Layer 1

Identity

nexyo Trust runs a verifiable issuer identity as a did:web with its own signing keys. This is the foundation: whoever issues is itself unambiguously provable.

Layer 2

Issuance

The issuer signs credentials to the W3C standard. They are verifiable by any verifier without nexyo being asked. The proof carries itself.

Layer 3

Cascade

An issued credential can authorize its holder to issue credentials in turn. One proof becomes an entire chain.

The differentiator

A credential that carries further credentials. Trust flows from the top down.

The credential cascade is the reason trust is operated permanently rather than used once. It grows, it is maintained, every level is individually revocable.

nexyo issues an industry umbrella body an issuer credential. The umbrella body issues membership credentials to its member firms. A firm issues role credentials to its employees. This is the EBSI trust-chain principle, in nexyo language: the credential cascade.

The entry

The way in: invited, identified, issued. In minutes.

Onboarding is the door. Here is how it looks from the perspective of an invited participant.

1

Invitation

The operator creates an identification, the participant receives a link by mail.

2

Choose a method

ID Austria, USP or document upload. The participant decides what fits.

3

Identify

Identity is checked via the chosen method, or by an operator for document uploads.

4

Receive the credential

The first credential is issued and signed. The participant is in the house.

AvailableID Austria, Business Service Portal (USP), document upload
In preparationEUDI Wallet, BundID, video identification
Roadmapitsme, SPID, FranceConnect, BankID and further European methods
See onboarding in detail
The cockpit

The Trust Console: issue, approve, revoke, all in one place.

The operator steers the entire lifecycle of a credential from one surface. Create identifications, approve document uploads, define credential types, authorize API partners.

trust.nexyo.io / console
Identifications
RecipientMethodStatus
Mustermann GmbHID AustriaCredential issued
Beispiel ConsultingUSPCredential issued
Alpenhof KGDocumentAwaiting approval
Donau LogistikID AustriaIdentification running
Manage identifications. Create them, send the invitation, track progress.
Operator approval. Review document uploads and issue the credential with one click.
Audit log. Every step is recorded, from link open to issuance.
Operation

Self-hosted. The keys never leave your house.

nexyo Trust runs as an easily deployable single-tenant stack on your infrastructure. No SaaS, no tenant separation at nexyo, no data hand-off.

Single-tenant

One stack per customer

No shared tenant. Your issuer is your issuer, isolated and under your control.

Key sovereignty

Signing keys stay with you

The issuer's private keys reside on your infrastructure, and only there.

GDPR

No third-country transfer

Identification data does not leave your operation. Data protection is a question of location, not of trust.

Use cases · proposals

Where a trust anchor makes the difference.

Five fields where issuable, revocable proof makes a concrete difference.

Proposal 01

Participant onboarding in data spaces

A verified organization identity as the condition of entry. Whoever wants into the data space proves identity once and is verifiable to all participants afterwards.

Proposal 02

Association and chamber memberships

Digital, revocable membership proof via cascade. The association issues, the member presents, the status is current at any time.

Proposal 03

Supply-chain and due-diligence proof

Certificates that are machine-verifiable. Instead of PDF collections, a signed proof that survives the boundary of your own system.

Proposal 04

B2B federations

Mutual recognition of authorizations without a central platform. Every partner stays sovereign, and trust is still dependable.

Proposal 05

Role and authorization proof

Within an organization: who may do what, provable and revocable. The cascade turns the hierarchy into a verifiable chain.

20+data-space projects
60+hubs in operation
8+enterprise customers
78,000+managed assets

nexyo Trust is not a prototype. It grew out of the live operation of data-space infrastructure.

See nexyo Trust in operation.

A live demo shows the path from invitation to signed credential. In a conversation we clarify what your trust anchor looks like.

Request a demo See onboarding