Skip to content

Company Compliance

Compliance is the cornerstone of trust in any data ecosystem, but given the novelty of decentralized identity ecosystems and their transformative potential, getting compliance wrong could have a tremendous impact on user confidence, potentially stalling or even regressing the adoption of these innovative new ecosystems. Therefore, at Ver.iD, compliance forms one of our key pillars, ensuring every aspect of our service meets the highest standards in audits, certifications, and regulations. Internally, we live by the 'highest standards' in each aspect of our organization. This commitment enables us to contribute confidently to establishing a trusted and secure decentralized identity ecosystem. In this section, we offer a transparent and detailed overview of our compliance efforts, detailing our roadmap for each topic and providing precise locations where further information can be found.

Assessments

Data Protection Impact Assessment (DPIA)

The Data Protection Impact Assessment (DPIA) is a critical process for evaluating how personal data is processed in an organization, ensuring that data processing practices align with privacy and data protection standards. This proactive assessment identifies and mitigates privacy risks, embodying our commitment to safeguarding user data within the decentralized identity ecosystem and is mandatory by the Personal Data Authority. Check out the DPIA overview to get an up-to-date status of this assessment.

Certifications

ISO 27001

The ISO 27001 certification outlines the requirements for an information security management system (ISMS), ensuring that Ver.iD systematically examines information security risks and implements a coherent and comprehensive suite of information security controls. Check out the ISO 27001 overview to get an up-to-date overview of our implementation.

NEN 7510

NEN 7510, similar to ISO 27001 but specifically designed for the Dutch healthcare sector, emphasizes the protection of patient information. While Ver.iD may not directly deal with health data, the principles of NEN 7510 highlight the importance of securing personal information in sensitive sectors and are viewed as an additional layer of security on top of the ISO 27001 standard. Check out the NEN 7510 overview to get an up-to-date overview of our implementation.

Audits

SOC 2

SOC 2 audit reports provide assurance regarding the controls Ver.iD implements to secure its data against unauthorized access and disclosure. These reports are critical for demonstrating compliance with the principles of security, availability, processing integrity, confidentiality, and privacy—reassuring clients that Ver.iD adheres to high standards of data protection and operational integrity. Check out the SOC 2 overview to learn more about SOC 2.

Regulations

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) sets the benchmark for data protection and privacy in the European Union, emphasizing the principles of data minimization, consent, and individuals' rights over their personal data. For Ver.iD, this means implementing stringent data processing and protection measures, ensuring that user data is handled in a manner that respects privacy and autonomy, fundamental to the ethos of decentralized identity apps. Please refer to our general Privacy Policy for more information on how we deal with personal data in our platform or check out our GDPR overview to get an up-to-date overview on how we deal with personal data in our platform.

Electronic Identification, Authentication and Trust Services (eIDAS 2.0)

eIDAS 2.0, the regulatory framework for electronic identification and trust services, expands on its predecessor to cover the increasing scope of digital identities. Ver.iD’s alignment with eIDAS 2.0 is crucial for facilitating secure and seamless identity transactions across borders within the EU. The eIDAS regulation provides a legal framework for identities within the borders of member states of the European Union. For more information, please go to our dedicated eIDAS 2.0 overview.

Digital Operational Resilience Act (DORA)

The Digital Operational Resilience Act (DORA), tailored for the financial sector, mandates rigorous standards for ICT risk management, incident reporting, and resilience testing. You as a customer may need to obey standards set by this regulation and therefore all your suppliers are in scope for review. At Ver.iD, by enabling developers within this industry to utilize our service, we must ensure that our service is robust against cyber threats, thereby supporting the operational resilience of our financial sector clients. Please refer to our dedicated DORA overview for more information.

Accreditations

Qualified Trust Service Provider (QTSP)

Qualified Trust Service Provider (QTSP) accreditation is a testament to compliance with the rigorous standards established by the eIDAS 2.0 regulation for trust services. While QTSP accreditation under eIDAS 2.0 is a relatively new requirement, it becomes essential when issuing credentials from governmental bodies through our service to specific identity apps. QTSPs significantly bolster the trustworthiness and legal recognition of the digital identities they help to manage. For use cases involving governmental credentials, we provide a dedicated page on QTSP accreditation for further information.

Ver.iD