Issuer scope of attestation
A relying party can only evaluate a credential fairly if the issuer is explicit about the boundaries of its claim. This document is that explicit boundary, in writing, for firmas.io.
firmas.io issues non-qualified Electronic Attestations of Attributes (EAA). Its credentials do not meet the qualified-tier requirements set out in Article 45d of Regulation (EU) No 910/2014 (as amended by Regulation (EU) 2024/1183, "eIDAS 2.0"), and rely on the legal-effect safe-harbor of Article 45b of the same Regulation — which provides that an EAA shall not be denied legal effect or admissibility as evidence on the sole ground that it is in electronic form or that it does not meet the qualified-tier requirements. In the United States, firmas operates as a private credential service provider without federal accreditation, voluntarily aligned to NIST SP 800-63 Rev. 4 framing where applicable.
firmas does not perform identity verification in the regulatory sense. Identity verification is reserved for governments and notified eID schemes (in the EU) and for accredited identity service providers (in the US). firmas operates in the adjacent space of attribute attestation: probabilistic statements about properties of a holder, based on evidence the holder has collected on their own device.
Claim: the holder is 18 years of age or older. Evidence: portfolio age signals derived from age-gated documents the holder has signed (insurance policies, rental agreements, financial contracts), plus — where present — the operating system's declared age range signal (Apple Declared Age Range API on iOS 26+; Google Play Age Signals API on Android), plus optional corroboration from in-person handshakes.
Not a claim: the holder's exact date of birth, the holder's identity, or that the age has been verified against a government register.
Claim: the holder is a real person — probabilistic, peer-witnessed, derived from at least one bilateral in-person handshake plus a portfolio of signed contracts that crosses an anti-forgery threshold (the Vouch v3 score of 75, with controls including a 65 cap on document-only paths, same-provider 7-day collapse, time-spread bonus, and jurisdiction-match halving). Each handshake is anchored to Base Mainnet for tamper-evident timestamping.
Not a claim: cryptographic proof of personhood (the credential is probabilistic, not a biometric uniqueness proof). Not a claim that the holder is the unique human associated with a specific government identifier.
Claim: the holder's document portfolio contains evidence — utility bills, rental agreements, insurance policies — addressed in jurisdiction X, dated within the past 24 months, with jurisdiction-match controls active. Credentials carry a shorter exp (180 days) than humanity or age credentials, reflecting address freshness.
Not a claim: verified residential address, immigration status, citizenship, or that the holder's residence has been confirmed against any authoritative register.
The following are explicitly outside the scope of every firmas credential. A relying party receiving a firmas credential receives no claim of any kind on these matters:
firmas does not call any national identity register (DGP, SCSP, CIE, eID, DMV, SSA, etc.). firmas does not perform government-grade Know-Your-Customer. A firmas credential is not evidence that the holder's identity has been verified against any official record.
firmas does not touch, process, or store biometric identifiers: no iris, face, fingerprint, voiceprint, retina, face geometry, gait, or behavioural biometrics. The phone's biometric sensor is used only to unlock the user's own device keys locally; no biometric template, image, or hash crosses the device boundary. A firmas Human credential is not a biometric uniqueness anchor; it is a graph-based, peer-witnessed probabilistic signal.
A firmas credential is not a substitute for a passport, driving licence, national ID card, residence permit, or any government-issued document. firmas does not issue PIDs (Person Identification Data in the eIDAS sense). PID issuance is reserved for Member States under Articles 5a–5c of Regulation 2024/1183.
firmas does not attest to citizenship, immigration status, residence permits, employment relationships (unless the employer is the actual issuer), professional licences (lawyer, doctor, engineer, accountant — unless the professional body is the actual issuer), educational qualifications, or financial standing (credit score, income).
firmas does not issue qualified electronic signatures within the meaning of Articles 3(12), 25(2), or 32 of Regulation 2024/1183. firmas is not a Qualified Trust Service Provider and is not listed on any Member State Trusted List (LOTL). The signature tiers firmas offers are simple electronic signature (SES) and advanced electronic signature (AES) only.
The Base Mainnet blockchain anchor used by firmas to record handshake events is not a qualified electronic timestamp within the meaning of Articles 41–42 of Regulation 2024/1183. It is a proof-of-existence and integrity-of-bundle mechanism — tamper-evident and publicly auditable — but does not carry the legal presumption attached to QTSP-issued qualified timestamps.
Each credential carries an assurance_level claim (self_attested or peer_witnessed) and an assurance_evidence object exposing the underlying evidence graph: Vouch score, unique handshake count, document count and median age, jurisdiction match, OS age signal presence, and the names of the active anti-forgery controls. A relying party should evaluate this evidence directly rather than treating assurance_level as a stand-alone numerical guarantee.
The firmas attribute reliability ladder caps at A2 (peer-witnessed) by design. Higher tiers — document-presented (A3) and authority-verified (A4) — are not offered, because they would require either biometric capture or government-API centralisation, both of which conflict with the firmas privacy posture.
Calibration signals (e.g., approximate alignment with ISO 29115 LoA 1–2 or NIST IAL1, with explicit caveats about Vouch's probabilistic nature) are provided for relying-party convenience. They are not regulatory equivalences. eIDAS LoA is formally defined for identity assurance, not attribute attestation; the mapping is descriptive, not normative.
This document describes firmas's voluntary scope of attestation and is published in support of the non-discrimination clauses of Articles 25 and 45d of Regulation 2024/1183 and the FTC Act's Section 5 substantiation regime. It does not constitute legal advice. It does not create a binding obligation between firmas and any third party except where expressly referenced in a separate signed agreement. Relying parties are responsible for their own legal due diligence.