Trusted Data Sharing

Share sensitive data with the right party, for the right purpose, at the right time
– proven, governed, and auditable

Share sensitive data with the right party,
for the right purpose, at the right time
– proven, governed, and auditable

Share sensitive data with the right party, for the right purpose,
at the right time – proven, governed and auditable

Contact a TradeVeris Expert

Trade isn’t just about moving goods anymore – it is about connecting identities, documents and data under enforceable policies. The classic Buy–Ship–Pay model still anchors global trade, but today’s reality demands verifiable trust at every step – from contracting to delivery to settlement to audit.

What we Deliver

Data Spaces, Not Data Dumps

  • Participate in federated data spaces where access is policy‑driven and auditable.
  • Support for IDSA Dataspace Protocol connectors and decentralised claims/DC‑API bridges for machine‑to‑machine trust.
  • Optional admission frameworks (e.g., membership attestations) so only vetted organisations can even request data.

Identity‑Gated Access

  • Verify organisational identity with vLEI (available now) and LPID/EUDI (emerging).
  • Bind roles and delegations (OOR/ECR, PoA) to data requests.
  • Selective disclosure: present only the attributes the policy requires.

Storage You Control (Federated or Decentralised)

  • Keep data where it is (cloud buckets, object stores, or decentralised/federated nodes).
  • Gaia‑X–aligned service patterns for sovereignty and interoperability.
  • Optional blockchain/DLT anchoring for tamper‑evidence of events (not required for operation).

Usage Control & Consent

  • Enforce purpose, time, scope, and geography constraints before data moves.
  • Issue expiring tokens, watermark downloads, and track link lifecycles.
  • Revoke access centrally; propagate changes to connectors.

Evidence & Audit

  • Every request/decision is cryptographically linked to the identity and policy in force at that time.
  • Generate exportable evidence packages (timestamps, credential references, policy ID, storage pointer, optional DLT hash).
  • Support for regulatory inquiry: prove who accessed what, when, and under which lawful basis/purpose.

Security, Privacy & Compliance

Strong Auth

FIDO2/WebAuthn, device binding; QES/QSeal via QTSP where required.

Data Minimisation

Share only what the policy allows; prefer derived subsets over whole files.

Selective Disclosure

Present only necessary attributes (role, membership, delegation).

PII Handling

Retention and masking controls; evidence logs avoid storing raw content.

Revocation & Suspension

Live status checks on credentials and grants.

Auditability

Exportable evidence packages support internal/external audits and regulatory inquiries.

How It Works

  1. Discover
    A partner or connector finds your data product (catalogue entry) and requests access for a stated purpose.
  2. Authenticate
    The requester presents organisational credentials (vLEI now; LPID/PID as EUDI wallets become available).
  3. Authorise
    Policies check role/delegation, membership, purpose, scope, location/time window, and data sensitivity.
  4. Execute (Least Data Necessary)
    The data flows from your storage to the requester’s connector – no wallet data copies – under negotiated constraints (format, subset, rate, retention).
  5. Log & Prove
    We record a verifiable decision trail (who/what/why/when), with optional hash anchoring for immutability.
  6. Revoke & Evolve
    Change or revoke grants at any time; revocations are enforced at connectors and reflected in evidence logs.

Architecture at a Glance

Identity Gate

vLEI (KERI/ACDC), LPID/PID (OID4VCI/OID4VP) when available.

Policy Engine

Purpose, roles, delegations, time/geo windows, rate limits; call‑outs for custom logic.

Connectors

IDSA‑style connectors and DC‑API bridge to request verifiable presentations without wallet plumbing in relying apps.

Storage Plane

Your cloud stores or Gaia‑X–aligned federated services; optional decentralised storage.

Evidence & Anchoring

Consent and decision logs; optional DLT anchoring for tamper‑evidence.

Developer Surface

Webhooks for request/approve/deny, revocation, and data‑delivery status.

Why TradeVeris for Trusted Data Sharing

Data now moves as often as goods. Partners, authorities, and systems need controlled access to real files and datasets, not just claims – without copying, oversharing, or weakening compliance. TradeVeris Trusted Data Sharing lets you:

  • Keep data in your domain
    Govern access without duplicating content.
  • Prove control
    Every decision is linked to identities, policies and timestamps.
  • Interoperate
    IDSA‑style connectors, DC‑API bridge, wallet‑agnostic.
  • Scale trust
    From one partner to an entire data space with the same policy model.
  • Fit for trade and beyond
    ports/logistics, enterprise, legal, finance, and public sector.

Get Started

Talk to a Data Spaces Expert → we’ll map one data product, one partner, and one policy into a working pilot

Get Started

Use Cases

Port Telemetry → Customs & Terminal (Operational)

Share IoT streams for 48h under operational purpose

 

  • Terminal requests lane‑specific telemetry from the port data hub for a declared operational purpose.
  • Terminal presents vLEI + membership attestation → policy checks role, route, time window.
  • Subset of IoT stream delivered for 48 hours; watermarking and rate caps applied.
  • Evidence log recorded (requester, purpose, time, policy ID, dataset pointer, hash).
Get In Touch

Legal Bundle Sharing (Private Sector / Public Authority)

Law firm gets case files for 7 days, read‑only, no onward share

 

  • A law firm requests case files from a logistics provider for a dispute.
  • Firm presents vLEI + delegation from the client; policy limits access to 7 days, read‑only, no onward share.
  • Files remain in the provider’s storage; download tokens are scoped and watermarked.
  • Revocation mid‑window is enforced; full audit trail available to both parties.
Get In Touch

Billing Data (B2B Finance)

Accounting tool retrieves invoice datasets via DC‑API with policy‑bound access

 

  • Accounting tool asks for a verifiable invoice dataset via DC-API.
  • Supplier’s org wallet presents vLEI + invoice VC references; policy approves access to PDFs + line‑item JSON for 30 days.
  • Evidence package produced for auditors (who/what/why/when, credential refs, storage pointers).
Get In Touch

Small Print: Gaia X, DLT & Compliance

  • Gaia‑X defines federation and compliance rules – it’s not a storage provider.
  • Tamper‑evidence can be achieved with cryptographic hashes and optionally anchoring events to DLT.
  • Legal enforceability (e.g., for title) depends on laws and standards (like MLETR) and on how your system ensures control, integrity, and singularity.
    (Informational, not legal advice.)