Trust Has No Borders

2 days ago
8 min read

Why Verifiable Identity Infrastructure Is the Common Language of Digital Trade and Modern Communications

Randy Warshaw

Senior Expert Advisory Group Member, Verifiable.Trade Foundation | CEO, Provenant

The core challenge in global trade and digital communications is the same: how do you verify the identity and integrity of a transaction across a chain of parties who do not share a common platform? Today, that question is answered by network membership. Tomorrow, it will be answered by the data objects themselves. This is what the shift from network-based to object-based trust means in practice, and why it matters for every organization operating across borders.

Every institution involved in global trade, finance, or digital communications is grappling with a version of the same question: how do you establish trust in a transaction when the parties involved have never met, operate under different legal systems, and rely on a chain of intermediaries none of them fully controls?

The instinctive answer has been to build platforms: centralized networks that vouch for participants and govern interactions. But platform trust has a ceiling. It works within a network. It breaks at the boundary. And as the world becomes more interconnected, the boundaries are everywhere.

There is a more durable answer. It is not new, having emerged from decades of cryptographic research, but it is only now reaching the maturity required for enterprise and regulatory adoption. That answer is object-based, verifiable identity: the ability to attach cryptographic proof of authenticity and provenance directly to a data object, so that trust travels with the object itself, independent of the network that carries it.

This is the infrastructure principle at the heart of the Verifiable.Trade Foundation's work, and it is the same principle that Provenant has been deploying in a domain that might surprise readers of a trade publication: telecommunications.

The parallel is not coincidental. It reveals something important about the nature of the problem, and about why the solution scales.

The Trust Problem Is a Data Supply Chain Problem

Consider what happens when a cross-border invoice moves from seller to buyer through a chain of banks, logistics providers, customs authorities, and trade finance platforms. Each party in that chain needs to answer three questions: Is this document authentic? Does it represent the counterparty it claims to represent? And has it been altered since it left its origin?

Today, those questions are answered by network membership. The document arrived through an authorized channel, from a certified platform, via a trusted intermediary. The trust is in the pipe, not the object.

The trust is in the pipe, not the object. That is a fragile architecture.

That is a fragile architecture. It means trust cannot survive a handoff between networks. It means verification requires interrogating the chain of custody rather than the object itself. And it means that as agentic AI systems begin executing transactions autonomously, the absence of object-level authenticity becomes a liability that scales with every automated decision.

The same structure, and the same fragility, appears in telecommunications.

When a voice call or SMS traverses a modern carrier network, it passes through multiple operators, routing platforms, and aggregators before reaching its destination. At each hop, the question is the same: did this communication originate from who it claims? Was it modified in transit? Is the caller identity legitimate? Today, those questions are answered by network trust, by the fact that the call arrived through an authorized interconnect. Spoofed calls and SMS fraud persist precisely because network membership can be impersonated while object-level provenance cannot be verified.

In both domains, the underlying problem is identical: a data object, whether a trade document or a communications event, must carry verifiable evidence of its origin and custody chain, independent of the network infrastructure that transports it.

From Documents to Verifiable Objects

The Verifiable.Trade Foundation's International Secure Trade Transfer Protocol (ISTTP) addresses this by transforming trade documents from static representations into cryptographically-bound objects. An invoice is not just a structured data file; it is a graph of verifiable claims, each component signed by an identified legal entity whose credentials require no central registry to validate.

This can help to maintain business secrecy, as not the entire graph needs to be submitted to everyone. A customs broker procuring customs proceedings for a client, needs to handle the invoice to present it to the authority, but to do so, needs not see the price information contained in it. After all, it is likely the customs broker also services a competitior of his client. For the customs authority, however, only matters who issued the invoice, rather than having to trust the chain of custody.

The underlying technology, KERI and ACDC, was designed specifically to solve this class of problem. Think of KERI as a way of establishing a permanent, tamper-proof identity for any organization or document, without requiring a central authority to issue or maintain it. ACDC then allows multiple verified claims to be chained together into a compound object whose integrity and provenance can be checked by anyone, anywhere, at any point in the chain.

GLEIF, the global LEI issuing organization, deployed this stack in the vLEI system, establishing the world's first cryptographically-anchored global legal entity identity infrastructure. The vLEI allows any party in a trade chain to verify the legal identity of a counterparty without intermediation, automatically, at machine speed, across jurisdictions.

ISTTP builds on this foundation to extend verifiable identity from entity credentials to trade objects themselves: invoices, bills of lading, transferable records. The result is a trade document that carries its own proof of authenticity, verifiable by any party in the chain without reference to the network that delivered it. The following example illustrates this:

In today’s trade reality, a German machinery exporter shipping to a buyer in Singapore issues an invoice as a PDF, while the Bill of Lading is generated separately by the carrier and shared across multiple platforms. The buyer must manually reconcile invoice data, shipment status, and delivery confirmation before initiating payment. Banks or factors repeat these checks, often relying on document copies, platform integrations, and duplicated KYC processes. This leads to delays, inconsistencies, and a persistent risk of mismatch or fraud, especially when documents diverge across systems.

Under ISTTP, the same transaction becomes event-driven and data-native. The invoice, shipment information, and delivery confirmation exist as cryptographically signed, structured data objects. When the buyer acknowledges receipt by signing a “clean” delivery note, this event automatically triggers the payment or financing process. There is no need for manual reconciliation or revalidation of documents. Financial institutions rely on verifiable data shared across Trade Data Gateways, enabling immediate trust in the transaction. Financing can be triggered at shipment or delivery with full confidence in data authenticity, reducing friction, accelerating cash flow, and seamlessly connecting trade, logistics, and finance into a single, interoperable process chain.

The Telecommunications Parallel: A Proof of Generalization

Trade documents and communications events look nothing alike on the surface. But strip away the domain specifics and both are data objects moving through multi-party chains where provenance must be established at every handoff. The trust problem is structurally identical, and so is the solution.

Provenant has built the Verifiable Voice Protocol (VVP), an open protocol that applies the same KERI/ACDC credentials to communications events. A phone call, under VVP, becomes a verifiable data object: the originating carrier, the calling party's authenticated identity, and the chain of custody through interconnecting networks are all cryptographically bound to the call itself. A receiving party, whether human or AI system, can verify the communication's provenance without trusting the delivery network.

The practical consequence is significant. Spoofed robocalls, SMS phishing, and AI-synthesized voice fraud all exploit the same gap: the absence of object-level authenticity in communications. Network-level authentication (STIR/SHAKEN in North American carrier implementations) addresses part of the problem but breaks at international borders, precisely because it is network-anchored rather than object-anchored.

This work is now advancing through the Open Verifiable Communications program at GSMA, establishing the protocol framework for verified communications at carrier scale.

Any data object, whether an invoice, a bill of lading, or a communications event, can be made self-authenticating without requiring a central authority or a shared platform.

The VVP implementation demonstrates something important for trade practitioners: the KERI/ACDC stack is not domain-specific. Any data object, whether an invoice, a bill of lading, or a communications event, can be made self-authenticating without requiring a central authority or a shared platform. The identity of every actor in the chain, whether legal entity, individual, or AI agent, can be bound to the object at the moment of creation and verified by any downstream party at the moment of consumption.

Its deployment in telecommunications is not a detour from the trade agenda. It is evidence that the primitive generalizes.

Why This Matters for Agentic AI

Both trade and telecommunications are on the cusp of significant AI-driven automation. In trade, AI agents will execute contract formation, financing decisions, customs declarations, and settlement instructions. In telecommunications, AI agents will manage call routing, fraud detection, and increasingly, direct participation in voice and messaging transactions.

In both domains, the accountability question becomes acute at scale. When an AI agent procures transport insurance for a cross-border consignment, how does the insurer (or their AI agent) learn who the beneficiary of an insurance certificate will be? Procuring could be performed by an AI agent operated by a service provider of the consignor, and the beneficiary could change in the course of the transport in case the incorterm FOB (free on board) has been agreed upon. What are the legal identities of all acting entities involved? Back to telco: When an AI voice system initiates a call, who is the verifiable originator? Or is the AI system operated by a service provider and an authority delegation in place? The absence of machine-verifiable identity does not slow down AI — it simply disconnects AI action from legal accountability. Both in telco, as in trade.

Object-based trust infrastructure addresses this directly. Credentials can be issued to and by AI agents operating under delegated authority from a legal entity, with scope and limits cryptographically defined and auditable. The agent's actions carry verifiable provenance, traceable to the authorizing human organization without requiring real-time interrogation of a central registry.

Accountability without object-level provenance is an aspiration. Accountability with it is enforceable.

Protocol, Not Platform

One clarification is necessary for decision-makers evaluating these approaches: ISTTP, VVP, KERI, and ACDC are protocols, not platforms. The distinction is consequential.

A platform creates a network. Participants benefit from membership, and the platform operator holds structural leverage over access, pricing, and governance. Platform trust works within the network and depends on the platform's continued operation and neutrality.

A protocol defines rules. Any conformant implementation can participate. No single operator controls access. The infrastructure can be governed by standards bodies, regulators, or industry consortia without privileging any commercial interest. Trust is portable across implementations because it is encoded in the object, not granted by network membership.

The global trade system, which spans hundreds of jurisdictions, thousands of regulatory frameworks, and millions of participants, cannot be governed by a platform. It requires protocol-level infrastructure that any party can implement, any regulator can audit, and any legal system can recognize.

The same is true of global communications. The phone network works because SS7 is a protocol, as is IP, not because a single operator runs it. Verifiable identity in communications requires the same architecture.

What This Means for Decision-Makers

The shift from network-based to object-based trust is not a distant technical roadmap. The infrastructure is operational. GLEIF's vLEI system is live. ISTTP is being implemented. VVP is advancing through GSMA. The organizations that engage now, whether as implementers, standard-setters, or informed regulators, will have a disproportionate role in shaping how this infrastructure is governed.

Three implications follow for senior leaders. First, identity is no longer a compliance function. It is a strategic infrastructure decision that determines which platforms you depend on, which borders you can cross efficiently, and how exposed you are when those platforms change their terms or fail. Second, AI deployment without verifiable identity is ungovernable at scale. The accountability architecture must be built before the automation runs ahead of it. Third, the organizations that engage with standards processes now, at GSMA, at GLEIF, at UN/CEFACT, are not just preparing for the future. They are writing the rules that will govern it.

The Verifiable.Trade Foundation's blog series is designed to support that engagement, building the strategic understanding necessary to participate in these decisions as an informed actor rather than a late adopter.