Anchored in W3C DIDs and Verifiable Credentials. Spec v1.2.1 live, with reference implementation. Verankert in W3C DIDs und Verifiable Credentials. Spec v1.2.1 ist live, inklusive Referenzimplementierung.
TRAIL gives organizations deploying AI agents a verifiable, auditable identity layer aligned with the EU AI Act. Built on open W3C standards (DIDs, Verifiable Credentials, Bitstring Status Lists). did:trail v1.2.1 is published with a conformance test suite and a Node SDK on npm. The project contributes to the broader agent-identity standardization effort. TRAIL gibt Organisationen, die KI-Agenten einsetzen, einen prüfbaren, audit-fähigen Identity-Layer, der zur EU-KI-Verordnung passt. Auf Basis offener W3C-Standards (DIDs, Verifiable Credentials, Bitstring Status Lists). did:trail v1.2.1 ist mit Conformance-Test-Suite und Node-SDK auf npm veröffentlicht. Das Projekt versteht sich als Beitrag zur breiteren Agent-Identity-Standardisierung.
AI agents increasingly act on their own on behalf of organizations: they write, decide, communicate. When something goes wrong or an audit arrives, today it is hard to prove beyond doubt which agent acted, which organization stands behind it, and what exactly happened when. KI-Agenten handeln zunehmend selbstständig im Namen von Organisationen: Sie schreiben, entscheiden, kommunizieren. Wenn etwas schiefgeht oder ein Audit kommt, lässt sich heute kaum zweifelsfrei nachweisen, welcher Agent gehandelt hat, welche Organisation dahintersteht und was genau wann passiert ist.
TRAIL does not make the AI model transparent or reproducible. It is not about how a model thinks or whether its outputs are reproducible.TRAIL macht nicht das KI-Modell transparent oder reproduzierbar. Es geht nicht darum, wie ein Modell denkt oder ob seine Ausgaben reproduzierbar sind.
TRAIL gives every agent a verifiable identity (who it is, which organization stands behind it) and a tamper-evident log of its actions (what was done when).TRAIL gibt jedem Agenten einen prüfbaren Ausweis (wer ist das, welche Organisation steht dahinter) und ein fälschungssicheres Logbuch seiner Handlungen (was wurde wann getan).
Like an employee badge plus an audit-proof record. Not a look inside the model, but proof of who acted on behalf of the organization. Wie ein Mitarbeiter-Ausweis plus revisionssicheres Protokoll. Nicht ein Blick ins Modell, sondern ein Nachweis, wer im Namen der Organisation gehandelt hat.
Every AI agent gets a W3C-compliant DID (did:trail) anchored in a vendor-neutral trust registry. No vendor lock-in, no single point of failure.Jeder KI-Agent erhalt eine W3C-konforme DID (did:trail), verankert in einem herstellerneutralen Trust Registry. Kein Vendor-Lock-in, kein Single Point of Failure.
Ed25519 signatures with DataIntegrityProof (eddsa-jcs-2023). Crypto-agile architecture ready for post-quantum migration.Ed25519-Signaturen mit DataIntegrityProof (eddsa-jcs-2023). Krypto-agile Architektur für post-quanten Migration vorbereitet.
Full transparency on who built an AI agent, what it's authorized to do, and how it has performed. Cryptographically signed and verifiable.Volle Transparenz daruber, wer einen KI-Agenten gebaut hat, was er darf und wie er sich verhalten hat. Kryptografisch signiert und verifizierbar.
| ArticleArtikel | RequirementAnforderung | TRAIL CapabilityTRAIL-Fähigkeit | Status |
|---|---|---|---|
| Art. 13 | Transparency: AI systems must allow human oversight and include sufficient transparency | did:trail DID provides unique verifiable identity; TrailAIPolicyService enables machine-readable disclosure of AI system type and risk class |
DESIGN |
| Art. 14 | Human Oversight: Providers must design high-risk AI with tools for effective oversight | Verifiable Credentials create tamper-proof audit trail; trust score tracks behavioral consistency over time | DESIGN |
| Art. 26 | Deployer Obligations: Deployers must use systems in accordance with instructions | KYB-verified identity links agents to accountable legal entities; revocation mechanism enables immediate suspension | DESIGN |
| Art. 49 | Registration: Providers must register high-risk AI in EU database | TRAIL Registry serves as complementary technical registry alongside official EU database | GAP TRAIL is NOT the official EU AI database. Art. 49 registration required separately. |
| Art. 52 | Transparency for Certain AI: Users must be informed when interacting with AI | TRAIL DID can be presented in real-time; TRAIL Badge provides visual trust indicator | Q3 2026 |
| GDPR Art. 5 | Data Minimisation: Personal data must be adequate, relevant, and limited | No personal data in DID documents; signatures contain only public keys | DESIGN |
| GDPR Art. 25 | Privacy by Design: Data protection by design and by default | Fingerprint scheme enables verification without data disclosure; selective disclosure profile | DESIGN |
The complete did:trail method specification, including CRUD operations, trust model, security considerations, crypto agility, key rotation, Managed Agent Identity Binding, and governance.Die vollständige did:trail-Methodenspezifikation mit CRUD-Operationen, Trust-Modell, Sicherheitsbetrachtungen, Krypto-Agilität, Key Rotation, Managed-Agent-Identity-Binding und Governance.
View on GitHubAuf GitHub ansehen →In-depth technical overview of the TRAIL architecture, trust model, credential framework, threat model, and EU AI Act alignment.Detaillierte technische Übersicht der TRAIL-Architektur, des Trust-Modells, Credential-Frameworks, Bedrohungsmodells und EU-AI-Act-Ausrichtung.
Read WhitepaperWhitepaper lesen →Full source code, reference implementation (49 tests), DID document examples. Spec: CC BY 4.0. Code: MIT License.Vollständiger Quellcode, Referenzimplementierung (49 Tests), DID-Dokument-Beispiele. Spec: CC BY 4.0. Code: MIT-Lizenz.
View RepositoryRepository anzeigen →Join the conversation. Ask questions, propose features, share your use case, or challenge the protocol design.Nimm an der Diskussion teil. Stell Fragen, schlage Features vor, teile deinen Use Case oder hinterfrage das Protokolldesign.
Join DiscussionsDiskussionen beitreten →