Digital Identity
Technology Foundation

Relying-party verification is a first-class operation, not an integration afterthought.

The identity capability in Semansys is built on the same architecture that handles validation, delivery, and compliance across the rest of the platform.

Cryptographic verification

Every credential verification operation performs cryptographic validation of the presentation: signature verification against the issuer’s public key material, holder binding confirmation where the credential format requires it, and structural validation of the credential envelope. Verification results are deterministic and logged for audit.

Semansys resolves issuer public keys from publicly available EU Trusted List data and from issuer metadata endpoints published as part of the European Digital Identity ecosystem. This is a relying-party operation that does not require Semansys to hold any special status in the trust chain.

Semansys does not cache verification results across transactions. Each presentation triggers a fresh verification cycle against current key material.

Selective disclosure enforcement

Presentation requests are constructed to ask only for the specific attributes your application requires. The wallet responds with a presentation disclosing only those claims. Semansys does not receive undisclosed claims and does not log credential content beyond the attributes explicitly requested and verified.

Audit logs record that a verification occurred, the result, the attributes requested, and a hash of the presentation envelope. This supports regulatory audit trails without creating unnecessary data retention.

Integration architecture

Identity verification is exposed via the same REST API used for invoicing and reporting, using standard authentication and documented interfaces consistent with the rest of the Semansys platform. Webhook delivery is available for asynchronous verification flows where the relying party cannot hold a synchronous connection.

For organisations embedding Semansys under OEM or white-label arrangements, the identity API is available as a standalone module, decoupled from invoicing and reporting.

Infrastructure

Semansys infrastructure is hosted in the European Union. The platform holds ISO 27001 certification and operates under a security framework aligned with the NIS2 Directive.

Our certifications

XBRL
Certified
GDPR
ready
Peppol Access
Point Certified
Provider
SOC2
TYPE II
ISO
9001:2015
ISO
27001:2022
ISO
20000-1:2018
ISO
22301
ISO
42001:2023
Visit our trust page and security center to view all cerfitications.
Learn more