For issuers

Vouch for holders, never expose them

In plain terms: issuers are the organisations that check who someone is, once, and vouch for them from then on. Only council-approved KYC organisations may issue accepted credentials on MintID. You run the KYC, sign the credential, and publish a live status root — but you are the only party that can ever link a credential back to a person, and only under documented due process.

What an accepted issuer is responsible for

Each issuer is recorded on-chain with its public keys, allowed assurance tiers, authorization state, bond status and status-root metadata. The protocol holds you to those commitments cryptographically.

Accepted-issuer model

Only KYC organisations approved by the compliance council may issue credentials that verifiers will accept. Your on-chain record carries your public keys, authorization state and the assurance tiers you are permitted to issue.

A

Private assurance grades

You issue credentials at assurance tiers A1 through A4 according to the depth of verification performed. The grade travels with the credential as a provable claim, never as exposed personal data.

30s

30-second status roots

You publish a signed status heartbeat and root at least every 30 seconds, or faster. Verifiers check a credential against your latest finalized root, so revocations and changes propagate without ever revealing who a credential belongs to.

Emergency revocation

A separately registered emergency key lets you push an emergency status root immediately. It takes effect on finality and is publicly attributable, so a compromised credential can be cut off without waiting for the next heartbeat.

Issuer bonds & council

You lock a native-token bond as slashable collateral — your activation depends on it, and only your own operator account can post it. The compliance council adjudicates misconduct through a documented, evidence-committed process that can suspend or revoke an issuer at the issuer level; if a slash leaves your bond under the protocol minimum, suspension is automatic and immediate. Routine key rotation stays in your hands: you rotate your own keys with your operator account, no committee involved — the council only steps in, through due process, if your operator key itself is lost or compromised.

🔒

Private case vault

You are the only party holding the private vault and case reference that can link a credential — including an agent credential — back to a human. That link is released only under due process — for agent disputes, decided by an independent arbiter and supervised by the council — and never on-chain.

Off-chain

What you run

Issuance and status live in your own off-chain services. The chain only ever sees signed roots and metadata — never personal data, documents or the credentials themselves.

VCI

OpenID4VCI issuance

An OpenID4VCI endpoint issues credentials to holders after KYC, binding each one to your signing keys and assurance tier.

REG

Status registry

A registry tracks the live status of every credential you have issued — active, suspended or revoked — without storing who holds it.

ROOT

Status-root builder

A builder compiles the registry into the signed status root you publish at least every 30 seconds for verifiers to check against.

KYC

KYC adapter

An adapter connects your existing KYC and identity-verification pipeline so the protocol never sees source documents or personal data.

HSM

HSM signing

Hardware-backed signing protects your issuer and emergency keys so roots, credentials and revocations cannot be forged.

CHAIN

Chain relayer

A relayer submits signed roots and metadata to the chain and tracks finality, keeping your on-chain state current.

Become an accepted issuer

Issuer admission runs through the compliance council. Talk to us about approval, allowed tiers and bonding, or read how issuance, status roots and the registry economics fit into the protocol.