- 1 Introduction
- 2 Signatory Rights Issuance process
- 3 Signatory Rights Verification process
- 4 Signatory Rights attributes
- 5 Trust infrastructure details
- 6 References
Disclaimer: This document is a draft and needs to be commented on and completed to be published as EWC WP3 T3.2.3 deliverable. The definitions (part 1.5) have been generated by AI and are only a base for Business Registries to discuss with their legal departments which terminology is the most suitable in our context.
This document is the Signatory Rights Data Rulebook. It contains requirements specific to the Signatory Rights and its issuance process. This Signatory Rights Rulebook contains the following topics: background of Signatory Rights, a reference to Signatory Rights attributes, a reference to the generic Signatory Rights issuance and verification process, and Trust Infrastructure details.
[Topic 10/23] in the ARF 1.4 specifies that attestation must be issued in the [SD-JWT VC] format amongst other. This rulebook supports the [SD-JWT VC] requirements.
The need of a Signatory Rights attestation have been expressed by EWC business scenarios owners and Business Registries. The diversity and complexity of rights and powers over companies in the EU justifies the creation of an attestation that allows the identification of the persons that have a statutory right over the company.
Thanks to the work of Business Registers participating in EWC we were able to agree on a simple attribute list according to the data availability in the registries and the reality of the national usages and requirements.
The Signatory Rights attestation will be used by companies in the EWC pilots with, in parallel a continuous work done by a Business Registry working group to improve this attestation. As this version simplifies the complexity of the signatory rights of the company representatives, some modifications to this rulebook are expected before the delivery to the commission.
The goal of the Signatory Rights attestation is to identify with no possible doubt the legal or natural person, registered in the National Business Registry, who have a full signatory right defined by national law to engage a company. This attestation does not allow any limitation of this right, except the possible necessity to act jointly with another Signatory in order to engage the company. This unique rule is not used in EWC and will only allow signatory to act alone.
This document uses the capitalized key words 'SHALL', 'SHOULD' and 'MAY' as specified in [RFC 2119], i.e., to indicate requirements, recommendations and options specified in this document.
In addition, 'must' (non-capitalized) is used to indicate an external constraint, i.e., a requirement that is not mandated by this document, but, for instance, by an external document. The word 'can' indicates a capability, whereas other words, such as 'will', and 'is' or 'are' are intended as statements of fact.
This document uses terminology specified in Regulation (EU) 2024/1183.
In addition to the attributes definition necessary to understand the data schema it’s important to understand
Natural person : an individual human being who has legal rights and obligations. Unlike a legal person (which refers to an organization or entity), a natural person is a human with the capacity to engage in legal relationships, enter into contracts, own property, and be subject to legal actions.
Natural persons are distinct from artificial entities (like corporations or governments), and they have fundamental legal attributes, such as:
The ability to own property, to sue or be sued, to enter into legal contracts, to vote or participate in elections (in many legal systems).
In legal terms, a natural person is someone who exists as a human being, as opposed to a corporate or fictional entity.
Legal person : an entity that has legal rights and obligations, similar to a natural person (an individual). It is an organization or group recognized by law as having the capacity to enter into contracts, sue, and be sued, and own property. Legal persons are distinct from the individuals who may own, manage, or be part of them.
Examples of legal persons include Corporations, Government agencies, Public entities (that are granted legal recognition to act on behalf of the state), Nonprofit organizations
A legal person exists as a separate legal entity, meaning it can perform legal actions in its own name, distinct from the actions of its members.
Legal entity : an organization or structure that is recognized by law as having legal rights and responsibilities distinct from those of its members or owners. A legal entity can enter into contracts, own property, incur debts, and be held liable for legal actions in its own name.
Legal entities include various forms of organizations such as Corporations, Limited liability companies (LLCs), Nonprofit organizations, Partnerships
The key characteristic of a legal entity is that it has its own legal existence, allowing it to perform actions independently of the individuals who are involved with it.
Legal representative : Natural or legal person authorized to act on behalf of another person or organization in legal matters. This person has the legal authority to represent the interests of the entity, such as a company, in dealings with other parties, including signing contracts, making decisions, and appearing in legal proceedings.
For businesses, a legal representative can be a director, officer, or another person designated by the company’s governing body (like the board of directors) to represent the company in legal matters. In the case of individuals, a legal representative might include a guardian, power of attorney holder, or someone with similar legal authority to act on behalf of the person.
Signatory Rights : the authority or power granted to an individual or entity to legally bind an organization or company by signing contracts, agreements, or other formal documents. This authority can be granted to a specific person, such as an executive, director, or authorized representative, and can be either individual (where one person alone can sign) or joint (where multiple individuals are required to sign together). Signatory Rights are important because they ensure that any commitments made by the organization are legally valid and enforceable.
The terms and scope of Signatory Rights are usually outlined in the organization's internal governance documents, such as its bylaws, and can vary based on the level of responsibility and the nature of the agreements being signed.
In the EWC context, a generic attestation issuance process has been described by wallet providers in the pilots. Those controls and generic steps are described in RFC-001.
While different business registries have national processes, there is an agreement that :
-
The Signatory Rights attestation can only be requested by the signatory himself with a presentation of a high level of insurance PID attestation. Therefore this attestation can only be issued to a EUDI valid wallet (organizational or natural).
-
The signatory rights attestation can only refer to one Signatory
In the EWC pilot context, the Signatory rights attestation can be issued with any identity attestation presentation and either to an organizational wallet or a natural person wallet
In the EWC context, a generic attestation verification process has been described by wallet providers in the pilots. Those controls and generic steps are described in RFC-002.
EWC participating Business Registries don’t impose any data or attributes specific verification at this stage of the pilot, it is up to the Relying Party needs and requirements in the business or administrative process to decide.
Signatory Rights attributes have been decided together by business registries in the EWC pilot in accordance with the LPID and EU Company Certificate attestation.
This table contains the name of the attribute, it description and if the attribute is required or not.
Here is a table with all the attributes from the provided JSON schema, including their descriptions and whether they are required:
| Attribute | Description | Required |
|---|---|---|
| legal_person_name | Official current legal person name as registered in the business register. | Yes |
| legal_person_id | Unique id for organisations in EUID structure. | Yes |
| signatory_rights | Information about the person and their signatory right about the legal entity. | Yes |
| full_name | Full name of the physical person representing the company. | Yes |
| date_of_birth | Date of birth of the physical person representing the company. | Yes |
| nationality | Nationality of the physical person representing the company. | No |
| signatory_rule | Information if the signatory can engage the company alone or jointly. | Yes |
| post.code | National code of the post of the person. | No |
| post.name | Name of the post of the person as registered. | Yes |
The SIGNATORY RIGHTS schema is available in the EWC schemas and rulebooks repository: Signatory Rights data schema.
Note: The Signatory Rights attestation metadata are aligned with the LPID. The necessary information about those can be found in the LPID Rulebook.
This document defines the following attributes related to the signatory of a company. This list of attributes allows Signatory rights issuers to use either or both list in order to describe a signatory who is a natural person or a legal person.
- full_name
- date_of_birth
- nationality
- signatory_rule
- post
- legal_person_name
- legal_person_id
- signatory_rule
- post
There is no minimum number of optional attributes for the Signatory Rights. Each Business Registry will have the responsibility to fill in the attributes when registered in their national registry.
In this chapter, trust requirements and general considerations regarding the Signatory Rights attestation itself are described.
5.1 Trust requirements on the Signatory Rights attestation from the perspective of company registration offices as authentic sources for the Signatory Rights
In the ARF 1.4. the following information for Pub-EAAs and QEAAs Providers is given.
Pub-EAAs and QEAAs Providers are trusted entities responsible to:
-
verify the identity of the EUDI Wallet User in compliance with LoA high requirements,
-
issue attestations to the EUDI Wallet in a harmonised common format and
-
make available information for Relying Parties to verify the validity of the attestation.
The Signatory Rights SHALL contain the qualified electronic signature or qualified electronic seal of the issuing body and adhere to the legal requirements defined in Annex VII of the Regulation (EU) 2024/1183.
The Signatory Rights SHALL follow the SD-JWT format.
It SHALL not be possible to log into company registers solely with the Signatory Rights, since procedures legally require an individual person to act.
Signatory Rights Issuers SHALL follow the Signatory Rights requirements and trust mechanisms defined by Authentic Sources on national level.
Authentic Sources that are company registration offices need to accept each other's PUB-EAA attestations according to the regulation. Therefore, common legal trust mechanisms need to be stablished in order for the trust ecosystem to be trustworthy:
-
The Signatory Rights unique identifier SHALL be unique and agreed upon on EU and EES level.
-
There SHALL be one common schema for the Signatory Rights which is accepted by all company registries offices.
-
Only mandatory metadata and attributes SHALL be present in the Signatory Rights attestations.
-
The Signatory Rights SHALL be in a machine-readable format defined in the ARF during its whole lifecycle.
-
The Signatory Rights SHALL be in a format that can scale to additional/new legal forms.
-
The Signatory Rights SHALL apply for all legal persons.
-
The issuer of the Signatory Rights SHALL be responsible for its revocation.
To trust a signature or seal over a Signatory Rights, the Relying Party needs a mechanism to validate that the public key it uses to verify that signature or seal is trusted. OpenID4VP provides such mechanisms. However, additional details need to be analyzed to fully specify these mechanisms for Signatory Rights within the EUDI Wallet ecosystem. It is assumed that this will be part of a detailed specification from a standard organization.
For authenticating Signatory Rights, trust anchors will be used that are present in a SI Signatory Rights Provider Trusted List.
Signatory Rights is fully compliant with [OpenID4VP] and [SD-JWT VC].
- RFC-001: Issue Verifiable Credential
- RFC-002: Present Verifiable Credentials
- SD-JWT VC: SD-JWT VC Draft
- OpenID4VP: OpenID4VP Specification