CivicLayer's TrustNet Protocol Goes Live Across 12 European Municipalities, Offering Residents a Self-Sovereign Digital Identity

Amsterdam — CivicLayer, a civic technology company founded in Rotterdam in 2024, announced the live deployment of its TrustNet decentralized identity protocol across 12 European municipalities, covering approximately 2.3 million residents in the Netherlands and Estonia. The launch, which follows a 14-month pilot program in Eindhoven and Tallinn, represents the largest real-world implementation of self-sovereign identity (SSI) at the municipal level to date.

TrustNet enables residents to hold a cryptographically verifiable digital identity stored entirely on their own devices, rather than on government or corporate servers. The system is built on a novel permissioned distributed ledger — not a public blockchain — designed specifically to meet European data protection standards, including the GDPR's requirements for data minimization, right to erasure, and purpose limitation.

How TrustNet Works

In the TrustNet system, residents' identity attributes — such as their birthdate, citizenship status, or professional licenses — are stored as encrypted credential blobs on their own smartphones. When a resident needs to prove an attribute to a third party (a government agency, a bank, an employer), they do not transmit the underlying data. Instead, using the TrustNet mobile app, they generate a zero-knowledge proof (ZKP) — a mathematical construct that proves the credential is valid without revealing any information beyond the single fact being verified.

For example: to prove to a rental agency that one is over 21, a resident's phone generates a ZKP attesting that the birthdate in their credential satisfies the condition — without showing the birthdate itself. The rental agency receives only a yes/no verification result, not the resident's date of birth.

The TrustNet ledger itself does not store identity data. It stores only revocation registries — a list of credential IDs that have been revoked — and the public keys of authorized issuers (government agencies, universities, licensed employers). This design ensures that even if the ledger is compromised, no personal data is exposed.

The TrustNet Protocol Specification

CivicLayer designed TrustNet as an open protocol, published in full as an IETF draft RFC in September 2027. The protocol defines three core roles: Issuers (entities that create verified credentials), Holders (individuals who store and present credentials), and Verifiers (entities that check credentials). Communication between all three roles travels over encrypted channels using the W3C's Verifiable Credentials Data Model 2.0 standard, with CivicLayer's own extension layer for ZKP generation that the company says is 40 times faster than the baseline W3C ZKP draft.

The protocol also introduces a novel concept CivicLayer calls "Temporal Trust Scores" — a dynamic reputation metric assigned to each identity that reflects the age and usage pattern of a holder's credentials. Credentials that have been held and verified frequently over long periods accumulate higher trust scores, which Verifiers can optionally consult to assess the reliability of an identity claim. Importantly, CivicLayer says Trust Scores are computed on-device and never transmitted to the ledger or any third party.

Municipal Adoption and Privacy Tradeoffs

The 12 municipalities launching TrustNet this month include Amsterdam, Rotterdam, Utrecht, Eindhoven, and The Hague in the Netherlands, and Tallinn, Tartu, Narva, Pärnu, Kohtla-Järve, Viljandi, and Rakvere in Estonia. All participating municipalities will initially use TrustNet alongside existing identity systems, not as a replacement, allowing residents to choose which system to use for each transaction.

Civic technology advocates have praised the deployment as a landmark for digital rights. "This is the first time a large-scale population has had the option to interact with public services using an identity they fully control," said Dr. Emilia Söderström, a digital governance researcher at the University of Oslo. "The privacy implications are significant."

However, the rollout has not been without friction. Privacy organizations including Privacy International have flagged concerns about Temporal Trust Scores, arguing that the metric could inadvertently penalize new residents, immigrants, or others who are new to the system and therefore have low trust scores — creating a digital two-tier citizenship. CivicLayer disputes this characterization, arguing that Verifiers can set their own thresholds and that the system is designed to accommodate low-trust-score holders equally.

A separate concern involves interoperability: TrustNet's permissioned ledger is currently incompatible with other SSI ecosystems, including the European Union's planned European Digital Identity framework, which is expected to become law in 2028. CivicLayer has committed to building a cross-protocol bridge, but technical details remain sparse.

Funding and Business Model

CivicLayer has raised €45 million to date, including a €20 million Series A in March 2027 led by the European Innovation Council Fund, with participation from the Dutch Ministry of Economic Affairs' Regional Investment Fund. The company's revenue comes from licensing the TrustNet protocol stack to municipalities and charging a per-transaction verification fee of €0.02 paid by Verifiers — a model CivicLayer calls "municipal-scaled SaaS."

CivicLayer CEO Floor van der Berg framed the launch as the beginning of a broader transition: "We want to make self-sovereign identity as boring and ubiquitous as email — invisible infrastructure that just works, and that you own completely." The company is targeting deployments in 40 additional European cities by the end of 2029.