Blockchain

European Blockchain Sandbox: Lessons Learned

8 Min Read
image
mycryptopot

Constructing a Web3 Id Resolution

TL;DR:

The European Blockchain Sandbox has concluded its second cohort, that includes IOTA Basis’s Tokenized Know Your Buyer Resolution with IDnow, walt.id, and Bloom Pockets. The Sandbox offered key classes on compliant and privacy-preserving id verification in Web3, together with using off-chain verification, soulbound tokens, and GDPR-aligned pockets and node practices.

We’ve accomplished our participation within the European Blockchain Sandbox, a three-year initiative by the European Fee that provides modern distributed ledger tasks the possibility to check their options with regulators throughout Europe. Annually, 20 tasks are chosen to affix, and the IOTA Basis was a part of the second cohort, which ran from June 2024 to March 2025.

mycryptopot

Our contribution targeted on the Tokenized Know Your Buyer (KYC) Resolution, developed along with IDnow, walt.id, andBloom Pockets. This proof-of-concept answer lets customers confirm their id off-chain and obtain a tokenized proof of their pockets. This permits dApps, exchanges, and different companies to substantiate eligibility necessities (resembling age verification) with out exposing delicate information on-chain.

The shut of the sandbox is marked by the European Fee’s Greatest Practices Report for the second cohort. The report shares suggestions and greatest practices from this system, providing worthwhile steerage for anybody growing DLT options and navigating their regulatory implications.

mycryptopot

Key Sandbox Takeaways: Sharing Buyer Knowledge

A key focus within the Sandbox was how Anti-Cash Laundering (AML) and KYC guidelines apply in follow. Regulators emphasised that crypto-asset exchanges and different service suppliers have a authorized obligation to know their customers’ identities. Because of this our Tokenized KYC Resolution permits the entity answerable for finishing up a KYC test to acquire entry to verified private information from the id verification supplier (in our case, IDnow). Equally, authorities just like the police can request private information linked to a selected non-transferable (soulbound) token.

To make buyer onboarding simpler, firms can typically reuse KYC information that one other entity has already collected. However the guidelines for doing this differ throughout Europe. In some international locations, information can solely be shared among the many similar class of entities, whereas broader sharing requires particular approval from nationwide authorities. Fortuitously, the upcoming Anti-Cash Laundering Regulation (AMLR) is anticipated to harmonize these guidelines concerning using buyer data collected by different entities.

Key Sandbox Takeaways: Soulbound Tokens

The Report additionally highlighted key learnings on self-hosted wallets, KYC, and the way information is classed on public permissionless DLTs like IOTA. In our Tokenized KYC Resolution, solely soulbound tokens are recorded on-chain. These tokens don’t comprise private information themselves however show that the KYC course of was accomplished, with the underlying KYC information saved securely off-chain. The Sandbox famous that such tokens should be handled as pseudonymized private information, which means the GDPR applies. As a result of this classification might evolve with new case legislation and pointers, it requires ongoing overview. To reduce information safety dangers, our answer follows an information safety by design method by limiting the quantity and sort of knowledge shared on-chain. This follows the precept of knowledge safety by design.

Key Sandbox Takeaways: Pockets Suppliers and Node Operators

One other essential matter within the Sandbox was howwallet suppliers and node operators are categorised below the GDPR.

  • The report concludes that self-hosted pockets suppliers are usually not thought of information controllers or processors if the pockets runs solely on the consumer’s gadget with out counting on an exterior backend. In our Tokenized KYC Resolution, verified id information stays off-chain with IDnow, whereas the consumer’s self-hosted pockets solely holds a soulbound KYC attestation. This design aligns with the GDPR steerage: duty for private information rests with the entities that truly entry or use it – for instance, IDnow for verification and off-chain information storage and, the place relevant, an integrating service like a dApp or change when it lawfully requests or makes use of the info.
  • The GDPR classification of node operators wants cautious nuance. As we not too long ago commented on the European Knowledge Safety Board’s European Knowledge Safety Board’s pointers for private information in blockchains, nodes carry out solely technical capabilities; they neither decide nor management the needs of knowledge processing. Treating them as controllers would misrepresent their position and impose disproportionate obligations. Our Tokenized KYC Resolution reinforces this distinction. Verified id information stays off-chain with IDnow, whereas the chain data solely a non-transferable KYC attestation with out private attributes. Nodes merely relay or validate this pseudonymised attestation and by no means entry the id dataset. Even when such attestations qualify as private information, the design minimizes on-chain publicity and ensures accountability rests with the entities that truly course of id data. This offers a workable path to fulfill AML/KYC necessities whereas respecting rel=”noreferrer”>Switch of Funds Regulation and Anti-Cash Laundering Regulation require entities like cryptoasset exchanges to carry information concerning the consumer of a self-hosted pockets and to determine the proprietor of the self-hosted pockets. On the similar time, dApps and DeFi operators are more and more in search of methods to allow compliant id checks with out compromising privateness and safety. There’s an rising want for on-chain identification instruments to make sure easy and compliant interactions in Web3 ecosystems.

    Our proof-of-concept Tokenized KYC Resolution brings collectively all the mandatory steps into one easy-to-use instrument:

    • A trusted get together witnesses an identification course of and tokenizes it as a soulbound token, permitting dApps and different entities to believe within the identification course of, with out revealing the precise Personally Identifiable Info.
    • The soulbound token can be utilized for on-chain processes, permitting Web3 native interactions.
    • The trusted get together can reveal the id data if requested by an authorised get together (e.g., legislation enforcement).
    • The trusted get together may revoke the token if an invalidation is required (e.g., watchlist modifications).

    Following the completion of this mission, the rebased IOTA Mainnet has launched with a brand new structure primarily based on the Transfer Digital Machine. To help use instances just like the Tokenized KYC Resolution, we’ve developed the IOTA Belief Framework, a collection of composable infrastructure elements, every developed with privateness, compliance, and value in thoughts.

mycryptopot

You Might Also Like

NERO Chain & Hyperlane Join Forces to Enhance Asset Transfers Across 130+ Blockchains

Velo Integrates USD1 with WLF to Empower PayFi Infrastructure Across Asia

$340M Bitcoin Bet: The Blockchain Group Pushes Institutional Crypto Wave In Europe

Atua.ai Partners With Bitgert to Advance User Engagement on Web3

Metis Launches Hyperion Testnet With $400K Rewards and AI Focus

TAGGED:
Share This Article
Previous Article image ETH Whale Short Shocks Market with $329 Million Bet
Next Article UK lifts retail ban on crypto ETPs, unlocking access to a £800B market UK lifts retail ban on crypto ETPs, unlocking access to a £800B market
Leave a comment
- Advertisement -
mycryptopot

Popular News

- Advertisement -
mycryptopot