Comment la confiance distribuée fonctionne dans les secteurs réglementés

Regulated industries share a structural problem: the organisations that need to trust each other do not share infrastructure. A hospital and a pharmacy. A bank and a regulator. A manufacturer and a customs authority. Each operates within its own security perimeter, with its own identity systems, its own compliance requirements, and its own chain of command.

Distributed trust is the architecture that resolves this problem without requiring a central intermediary that all parties must depend on.

Why Centralised Trust Fails at Institutional Scale

Centralised trust models — where a single authority vouches for all participants — work within an organisation. Active Directory authenticates employees. OAuth tokens grant access to internal services. Certificate authorities vouch for server identities.

But when trust must span organisations, centralisation creates structural weaknesses. A single certificate authority becomes a single point of failure. A central identity provider becomes a dependency that all participants must trust — and a target that, if compromised, undermines every relationship in the system.

The Distributed Alternative

Distributed trust replaces the single authority with a mesh of bilateral trust relationships. Each organisation manages its own cryptographic identity. Trust is established peer-to-peer: Organisation A and Organisation B establish a trust relationship directly, based on verifiable credentials that each presents to the other.

This is the model behind Stargate, now deployed across Swiss healthcare. Each participating organisation runs its own Stargate node. Trust relationships are established bilaterally, anchored in DKMS (Decentralised Key Management System) and KERI (Key Event Receipt Infrastructure).

What Makes It Work in Practice

Three properties make distributed trust practical for regulated environments:

Auditability: Every trust relationship, every credential issuance, and every verification event is recorded in tamper-evident key event logs. Regulators can audit the complete history of any trust relationship without depending on a single party’s records.

Resilience: No single node’s failure brings down the network. If one organisation’s gateway goes offline, all other bilateral trust relationships continue to function. The network degrades gracefully rather than catastrophically.

Sovereignty: Each organisation retains control over its own identity and its own trust relationships. No external party can unilaterally revoke an organisation’s identity or alter its trust relationships.

The Healthcare Proof Point

The HIN deployment of Stargate across Swiss healthcare is the largest production proof of distributed trust in a regulated sector. Over 800,000 verified messages per month flow through a mesh of trust nodes connecting hospitals, GP offices, pharmacies, and laboratories.

What this proves is not theoretical. It proves that distributed trust can operate at the scale, reliability, and compliance standards that a national health system requires — without a central intermediary.

Beyond Healthcare

The trust architecture that makes this possible is not healthcare-specific. Any regulated sector that requires cross-institutional trust — finance, legal, government, supply chain — faces the same structural problem. The pattern is consistent: centralised infrastructure for what happens within an organisation, distributed trust for what happens between organisations.

Healthcare has now proven, at national scale, that this architecture works. The question for other regulated sectors is not whether distributed trust is viable — that question has been answered. The question is when they will adopt it.