Pictured: On November 4^th, EBSI was present at the Reg3 Conference on the future of the crypto economy and web 3

Web 3.0 and the evolution of the web

The Decentralised Digital Economy is gaining traction all over the world. This new iteration of the World Wide Web known as Web 3.0 (Web3), combines innovative technologies such as:

• distributed ledgers/ blockchains to achieve decentralisation,
• cryptography to achieve self-sovereignty,
• smart contracts to achieve transparent rules, and
• common APIs associated with business-driven policies to achieve interoperability.

In short, Web3 is developing as an alternative paradigm to the current platform-based Web 2.0 model.

The Web 2.0 model and the centralisation of trust

When information is hard to verify, centralised intermediaries and platforms become the source of trust. After a decade and a half, the Web2 model, based on platforms with strong network effects, has led to the rise of a few large BigTech platforms with a global dominant position. Given the massive amounts of data that they collect, control and use, these same platforms went on to dominate the Cloud services market. As a result of their control over vast amounts of (user) data, BigTech platforms have slowly started to provide quasi-trust services to other digital services as part of everyday digital transactions. In today’s Web2, authenticating using a Facebook account, using LinkedIn to find a job or a new employee, or using a BigTech platform to validate data is the new normal. It can therefore be said that these platforms have started to compete with institutional players in providing trusted data.

Pictured: the privacy-convenience trade-off in web 2.0, where users trade vast amounts of personal data, often unknowingly, in exchange for using online services

The centralisation of data has turned these platforms, rightfully or not, into quasi-online verification services which in turn reinforce the centralisation of data on these platforms. The capacity to amass data is then used as a key strategic advantage by these platforms to slowly consolidate their position in servicing online and offline services. This has become a self-reinforcing cycle, as users continue -often unknowingly- to share their personal data in exchange for access to more online services. This explains why the European Commission’s 2020 Data Strategy has the ambition to create a single market for data by 2030., and includes measures to increase legal certainty for companies and consumers who generate data, as well as for those who can use such data and under which conditions (see Data Act). This initiative was further complemented with new rules for concerning  data-sharing rights for data controlled by BigTech (see Digital Markets Act).

Verifiability is at the heart of Web3 and the future digital services

 Web3 is a new paradigm where users control their data and choose who to share it with, and when. In contrast with Web2, Web3 puts data back in the users’ hands. This avoids the hoarding of data by just a few platforms. For this new paradigm to allow frictionless digital exchange, we need infrastructure that makes data easy to verify, anywhere, anytime. Decentralised Finance (DeFi) and other token-based initiatives have been among the first sectors to embrace Web3. However, the implementation of these principles is becoming a much larger and wider movement that has the potential to transform eCommerce, eGovernment, eHealth, etc.

A fundamental change brought about by Web3, when compared to the Web 2.0 model based on BigTech platforms, is the use of technology to achieve automated verification of data which in turn enables the decentralisation of services and the removal of intermediaries. For example:

• modern cryptographic solutions allow everyone to publicly prove ownership over any type of information/ digital asset without needing to reveal their identity to a central authority or intermediary;
• distributed ledgers make information stored on the ledger readily available to support online verification processes by, again without the need for data concentration in a central platform or intermediary.

These technologies enable the creation of innovative digital services for the private and public sector, that use verifiable information instead of depending on central entities, intermediaries or BigTech platforms. This evolution of the web can, for example, support the verification of the education and experience of gig workers or SMEs. This would be a way for them to compete with larger players as verification is a means to promote decentralisation, both in the online world as well as in the real economy.

The above explains why the European Commission and the Member States are also engaged in this new Web3 paradigm via the European Blockchain Services Infrastructure (EBSI).

A new verification paradigm: EBSI’s Verifiable Credentials

We need a scalable and decentralised infrastructure of trust, that makes data easy to verify, anywhere, anytime. This is where the European Blockchain Services Infrastructure (EBSI) comes in.

Public sector entities are historically a primary source of authentic information. As part of the Web3 evolution, these entities will need to invest in making this information verifiable in decentralised applications. EBSI’s Verifiable Credentials framework proposes a fully decentralised trust model that aims to do just that. Technically speaking, in EBSI, public sector entities register their accreditations and public keys on the EBSI blockchain ledger. Whenever one of these entities issues a Verifiable Credential (e.g. a diploma) to a citizen or business containing verifiable information, anyone can verify that the issuing entity is trusted by accessing EBSI’s decentralised trusted registries.

Furthermore, when a citizen (the credential holder) presents their credential (i.e., a set of verifiable claims, such as “completed Bachelor’s Degree in Physics” with “grade”), this allows verifiers (for instance a recruiter looking to verify a person’s academic credentials) to instantly check the ledger for the presence of an accreditation to confirm its provenance, and to perform any other verifications they need. This means that verifiers no longer have to contact the Issuer of information, which preserves the privacy of the credential holders (i.e. the issuer no longer needs to know who is verifying the information and for what purpose). The entire verification process becomes faster, cheaper, and trusted – while preserving individual privacy. It is clear that the public sector has a part to play in creating this transparent, reliable registry of accredited issuers, which is where EBSI is making headway.

Pictured: How EBSI’s Verifiable Credentials enable a trusted, decentralised self-sovereign verification framework

Another benefit of Verifiable Credentials is that a holder doesn’t have to present the entirety of a credential to complete a verification process (this is commonly called selective disclosure): for example, if a holder needs to prove their age to access a service, they would, in the old paradigm, have to present an identity document in its entirety, revealing more information than is strictly required. With Verifiable Credentials, it is possible to present only the specific claim (“older than X years”), and be entirely reliable and verifiable, without revealing anything more about the oneself (e.g. name or place of origin). Verifiable presentations can also contain several claims compounded from two or more different credentials (e.g. “age” from an ID document, and “student status” from a recognised student card).

The role of blockchain and decentralised trusted registries

We have established that when exchanging credentials, verifiers can be assured of the authenticity and provenance of the credentials by consulting a decentralised registry on EBSI. What does this mean? A blockchain is essentially a distributed ledger, where all the blockchain’s nodes keep a synchronised copy of the database which is organised by cryptographically chaining data blocks together in a chronological order, append-only, making information tamper-proof and immutable. On EBSI, using our previous example, we use the blockchain to store information about Issuers of credentials such as Universities, and what body accredited them to issue diplomas, such as a Ministry.

Blockchain as a technology is associated with many myths, because the most famous examples of blockchain technology involve cryptocurrencies. But there are many types of blockchain networks. EBSI is different from most public blockchains in several key ways:

• It is permissioned, not permissionless. Concretely, it means that not anyone can operate an EBSI node, and not anyone can write information on it. This prevents EBSI being used for illegal purposes.
• It is sovereign and EU-based, which means that EBSI nodes are based in Europe, and EBSI complies with European values and regulations, such as GDPR.
• It is energy-efficient, because it uses a consensus method based on Proof of Authority. Unlike mining, the common mechanism for reaching consensus on many public chains, Proof of Authority requires almost no computing power and consumes very little energy. This is because fewer actors are involved (it is a permissioned network where node operators are selected based on criteria), and there is no competition to add blocks to the chain (leading to a “computational arms race”).

The Node Operators of EBSI are endorsed by EU Member States and associated countries through the European Blockchain Partnership. As such, it is a truly EU-sovereign, permissioned blockchain. The goal of EBSI is to support cross-border public services using blockchain. As part of this initiative, the EBP countries operate their own nodes (and therefore their own copy of the ledger with all the data) without anyone -including the European Commission- playing the role of a central controlling authority. In other words, the European Commission is now simply acting as an orchestrator of efforts, by implementing the terms and conditions agreed by the EBP associated with EBSI’s operational model which are centred around the respect of European values and compliance with European Regulations.

By creating its own sovereign network, EBSI ensures that Europe benefits from an autonomous and eco-friendly infrastructure, providing legal certainty and engaging public authorities to deliver decentralised services that simplify the life of EU citizens. The decentralised registries can be trusted, and support easy verification, anytime and anywhere.

A glimpse into the future

This gives us a glimpse into a future where people will be able to prove only what they need to prove about themselves in a privacy-preserving way, while significantly reducing the verification burden – it could be as simple as scanning a QR code via an app. Applying for a job and proving your qualifications, walking into a gym and proving your membership, or checking the authenticity of a rating agency when looking at your investment portfolio – all of these things will be made possible by a combination of decentralised trusted registries on EBSI’s blockchain, digital wallets, and self-sovereign information sharing standards like W3C verifiable credentials. This is Web 3.0.

Users will regain control over their data – this is self-sovereignty – without losing any of the benefits of frictionless and interoperable solutions based on EBSI.