Digital identity
Decentralised Identifiers (DIDs) and the Identity section of the Operator Portal are planned for a future release. The Identity sidebar item does not currently appear in the Company Portal. This page describes the planned functionality.
Traceable uses Decentralised Identifiers (DIDs) to establish a cryptographically verifiable identity for your company. This identity is the foundation on which all DPP authorship claims, verifiable credentials, and signed documents rest.
What Is a Decentralised Identifier?
A Decentralised Identifier (DID) is a globally unique identifier defined by the W3C DID specification. Unlike a domain name or a company registration number, a DID:
- Is not issued or controlled by a central authority.
- Is cryptographically bound to a key pair that only your organisation holds.
- Can be verified by any party without contacting a registry or intermediary.
- Persists independently of any single platform — it is yours, not Traceable's.
This design means that if a market surveillance authority or supply chain partner wants to verify that a DPP was genuinely authored by your company, they can do so by checking the cryptographic signature on the DPP against your published DID document — without needing to trust Traceable as an intermediary.
This aligns with the data sovereignty principles underpinning EU Battery Regulation 2023/1542, where the responsible economic operator must be identifiable and accountable for the data they assert.
How Traceable Assigns Your DID
Your company DID is created automatically when your Traceable account is activated. No manual steps are required. During account setup:
- A cryptographic key pair is generated — the private key is stored securely in Traceable's key management infrastructure; the public key is published in your DID document.
- A DID is derived and anchored, making it resolvable by any W3C-compliant DID resolver.
- Your DID is associated with your company account and cannot be transferred to another account.
You do not need to understand the underlying cryptography to use Traceable. Your DID operates automatically in the background when you publish DPPs, issue credentials, or sign documents.
Where to Find Your DID
- Click Identity in the left sidebar of the Operator Portal.
- Your DID is displayed at the top of the Identity page in the format
did:method:unique-identifier. - Click the Copy button to copy your full DID string to the clipboard.
What Your DID Is Used For
| Use Case | How Your DID Is Involved |
|---|---|
| DPP authorship | Every DPP you publish includes a signed claim identifying your DID as the issuing operator. This is how authorities and partners know the DPP originated from your company. |
| Verifiable credentials | When you issue a credential (e.g., a Supplier Verification Credential), it is cryptographically signed with your DID's private key. |
| Document anchoring | Compliance documents attached to a DPP are hashed and the hash is signed with your DID, providing tamper-evidence. |
| Supply chain trust | When you connect with a supplier or verifier on Traceable, their system receives your DID as your identity reference. |
Sharing Your DID with Partners
To share your DID with a supply chain partner, an auditor, or a regulatory authority:
- Navigate to Identity in the left sidebar.
- Click Copy DID to copy your DID string to the clipboard.
- Share the DID string via email, secure document, or your partner's onboarding portal.
Your DID is public information — it is designed to be shared. The corresponding private key is never shared and never visible in the Traceable interface.
The DID Document
Clicking View DID Document on the Identity page opens the full DID document in JSON-LD format. The DID document contains:
id— your DID string.verificationMethod— the public key(s) associated with your DID, used to verify signatures made by your account.authentication— specifies which key is used to authenticate your identity.service— service endpoint URLs, including your Traceable DPP registry endpoint, which allows resolvers to discover your published products.
The DID document is publicly resolvable. You can share the URL of your DID document directly with any party who needs to verify your identity independently.
When You Will Need Your DID
The following scenarios commonly require you to reference or share your DID:
- Market surveillance audits — an authority may ask you to demonstrate that a published DPP was authored by your company. Your DID and the DPP's embedded signature provide this proof.
- Verifier onboarding — when engaging a third-party verifier to assess your DPPs, they will request your DID to configure their verification tooling.
- Partner integrations — system-to-system integrations between Traceable and a partner's ERP or PLM may require your DID as part of the authentication handshake.
- Cross-border recognition — if operating in markets that have adopted W3C DID-based product identity schemes, your Traceable DID may be directly recognised without any additional registration.
Your DID is permanent for the lifetime of your Traceable account. It cannot be reset, regenerated, or transferred. If you believe your account's private key has been compromised, contact Traceable support immediately — key rotation procedures will be initiated and all previously signed artefacts will remain valid under the old key until explicitly revoked.