Issuer scope of attestation

What firmas.io attests to — and what it does not.

A relying party can only evaluate a credential fairly if the issuer is explicit about the boundaries of its claim. This document is that explicit boundary, in writing, for firmas.io.

1. What firmas is

firmas.io issues non-qualified Electronic Attestations of Attributes (EAA). Its credentials do not meet the qualified-tier requirements set out in Article 45d of Regulation (EU) No 910/2014 (as amended by Regulation (EU) 2024/1183, "eIDAS 2.0"), and rely on the legal-effect safe-harbor of Article 45b of the same Regulation — which provides that an EAA shall not be denied legal effect or admissibility as evidence on the sole ground that it is in electronic form or that it does not meet the qualified-tier requirements. In the United States, firmas operates as a private credential service provider without federal accreditation, voluntarily aligned to NIST SP 800-63 Rev. 4 framing where applicable.

firmas does not perform identity verification in the regulatory sense. Identity verification is reserved for governments and notified eID schemes (in the EU) and for accredited identity service providers (in the US). firmas operates in the adjacent space of attribute attestation: probabilistic statements about properties of a holder, based on evidence the holder has collected on their own device.

2. What firmas attests to

Adult (over 18)

Claim: the holder is 18 years of age or older. Evidence: portfolio age signals derived from age-gated documents the holder has signed (insurance policies, rental agreements, financial contracts), plus — where present — the operating system's declared age range signal (Apple Declared Age Range API on iOS 26+; Google Play Age Signals API on Android), plus optional corroboration from in-person handshakes.

Not a claim: the holder's exact date of birth, the holder's identity, or that the age has been verified against a government register.

Human

Claim: the holder is a real person — probabilistic, peer-witnessed, derived from at least one bilateral in-person handshake plus a portfolio of signed contracts that crosses an anti-forgery threshold (the Vouch v3 score of 75, with controls including a 65 cap on document-only paths, same-provider 7-day collapse, time-spread bonus, and jurisdiction-match halving). Each handshake is anchored to Base Mainnet for tamper-evident timestamping.

Not a claim: cryptographic proof of personhood (the credential is probabilistic, not a biometric uniqueness proof). Not a claim that the holder is the unique human associated with a specific government identifier.

Resident of jurisdiction X

Claim: the holder's document portfolio contains evidence — utility bills, rental agreements, insurance policies — addressed in jurisdiction X, dated within the past 24 months, with jurisdiction-match controls active. Credentials carry a shorter exp (180 days) than humanity or age credentials, reflecting address freshness.

Not a claim: verified residential address, immigration status, citizenship, or that the holder's residence has been confirmed against any authoritative register.

3. What firmas does NOT attest to

The following are explicitly outside the scope of every firmas credential. A relying party receiving a firmas credential receives no claim of any kind on these matters:

Identity verification against an authoritative source

firmas does not call any national identity register (DGP, SCSP, CIE, eID, DMV, SSA, etc.). firmas does not perform government-grade Know-Your-Customer. A firmas credential is not evidence that the holder's identity has been verified against any official record.

Biometric proof of personhood

firmas does not touch, process, or store biometric identifiers: no iris, face, fingerprint, voiceprint, retina, face geometry, gait, or behavioural biometrics. The phone's biometric sensor is used only to unlock the user's own device keys locally; no biometric template, image, or hash crosses the device boundary. A firmas Human credential is not a biometric uniqueness anchor; it is a graph-based, peer-witnessed probabilistic signal.

Government-issued ID equivalence

A firmas credential is not a substitute for a passport, driving licence, national ID card, residence permit, or any government-issued document. firmas does not issue PIDs (Person Identification Data in the eIDAS sense). PID issuance is reserved for Member States under Articles 5a–5c of Regulation 2024/1183.

Citizenship, immigration status, employment, professional licensing

firmas does not attest to citizenship, immigration status, residence permits, employment relationships (unless the employer is the actual issuer), professional licences (lawyer, doctor, engineer, accountant — unless the professional body is the actual issuer), educational qualifications, or financial standing (credit score, income).

Qualified electronic signatures (QES)

firmas does not issue qualified electronic signatures within the meaning of Articles 3(12), 25(2), or 32 of Regulation 2024/1183. firmas is not a Qualified Trust Service Provider and is not listed on any Member State Trusted List (LOTL). The signature tiers firmas offers are simple electronic signature (SES) and advanced electronic signature (AES) only.

Qualified electronic timestamping

The Base Mainnet blockchain anchor used by firmas to record handshake events is not a qualified electronic timestamp within the meaning of Articles 41–42 of Regulation 2024/1183. It is a proof-of-existence and integrity-of-bundle mechanism — tamper-evident and publicly auditable — but does not carry the legal presumption attached to QTSP-issued qualified timestamps.

4. How a relying party should evaluate a firmas credential

Each credential carries an assurance_level claim (self_attested or peer_witnessed) and an assurance_evidence object exposing the underlying evidence graph: Vouch score, unique handshake count, document count and median age, jurisdiction match, OS age signal presence, and the names of the active anti-forgery controls. A relying party should evaluate this evidence directly rather than treating assurance_level as a stand-alone numerical guarantee.

The firmas attribute reliability ladder caps at A2 (peer-witnessed) by design. Higher tiers — document-presented (A3) and authority-verified (A4) — are not offered, because they would require either biometric capture or government-API centralisation, both of which conflict with the firmas privacy posture.

Calibration signals (e.g., approximate alignment with ISO 29115 LoA 1–2 or NIST IAL1, with explicit caveats about Vouch's probabilistic nature) are provided for relying-party convenience. They are not regulatory equivalences. eIDAS LoA is formally defined for identity assurance, not attribute attestation; the mapping is descriptive, not normative.

5. Disclaimers

This document describes firmas's voluntary scope of attestation and is published in support of the non-discrimination clauses of Articles 25 and 45d of Regulation 2024/1183 and the FTC Act's Section 5 substantiation regime. It does not constitute legal advice. It does not create a binding obligation between firmas and any third party except where expressly referenced in a separate signed agreement. Relying parties are responsible for their own legal due diligence.