Sovereign Digital Foundations for Global Health
The 3rd Global Convening of the Global Initiative on Digital Health (GIDH) has brought together a diverse and distinguished set of delegates: ministry directors, UN agencies, non-governmental organisations, and industry. Every contribution shares a common thread that ties the whole conversation together: digital foundations matter, and no country can build them alone.
That is the eternal challenge of large-scale human endeavours. They rely on cooperation and collaboration, the very principles on which the United Nations was founded.
But a foundation has one property we rarely say out loud. Whoever pours it, owns it.
The Global Initiative on Digital Health is built on a correct instinct: resilient health systems need shared digital foundations, and those foundations have to be built together. The agenda this week covers topics that all depend on these foundations: resilient data systems, the digital public infrastructure investment case, data and digital sovereignty, AI readiness. Different sessions, one underlying question.
Who controls the layer that everything else stands on?
Because you can run a national health stack on open standards, host it on sovereign soil, and write it into law, and still not own it if the trust layer underneath it has a single operator. The certificates, the keys, the authority to say “this is genuine”: if those live with one party, then every participant is a tenant. A foundation with a landlord is not a foundation. It is a lease.
Digital sovereignty is decided at the trust layer, not the application layer.
What we built instead
Vereign builds trust infrastructure on Decentralized Key Management (DKMS, built on KERI), an open Trust over IP Foundation specification. The plain-language version: every organisation holds its own keys, and no central authority sits between participants vouching for them. Think of it as the Certificate Authority moved to the edge, into the hands of the institutions that actually carry the responsibility for the data.
It is Open Source, under the AGPLv3. Any government, any ministry, any national network can read the code, run it on its own soil, audit every line, and (should it ever need to) fork it. There is no black box, and there is nothing to be locked into. It is infrastructure, not a platform. A Suite, never a platform. No intermediary owns the data flow.
This is not a whiteboard
Several speakers highlighted that we have seen enough pilots. We fully agree.
In Switzerland, SEAL delivers more than 800,000 secure, verifiable interactions every month across the national health network operated by HIN (Health Info Net), the technical infrastructure operator run by the healthcare sector, for the healthcare sector. Each of these messages is encrypted end to end, provable, in production.
Verimesh, the full trust infrastructure Suite that extends SEAL, is in early production rollout with HIN now, and the first institutions have been onboarded in June 2026.
“Digital health does not fail because of lack of technology, it fails because of lack of trust infrastructure. What Vereign demonstrates in Switzerland is that trust can be operationalised: secure, verifiable and scalable across institutions without compromising control.”
— Mira Ganova, CEO, DHI Cluster Bulgaria
Why this matters for GIDH
Three properties of this architecture speak directly to what GIDH is trying to do.
It works where PKI maturity is uneven. A verified document opens in any browser: no app to install, no account to create, no pre-existing certificate hierarchy required. For a country building from a different starting point than Switzerland, that removes a precondition rather than adding one. Zero-installation trust is not a slogan; it is what 800,000 messages a month look like in practice.
It is ready for what comes next. Because each organisation controls its own keys, cryptography can be migrated one participant at a time, including the move to post-quantum algorithms, without a global flag day and without waiting for everyone else. Decentralisation is not only a sovereignty property. It is also how you stay current.
It speaks the existing languages. The architecture bridges to X.509, so it complements the federated trust networks already in production rather than replacing them. Existing workflows keep working; existing systems gain additional functionality and security. Structured clinical exchange over HL7 FHIR is the next step on the roadmap. It depends on hospital-side onboarding, and the earliest realistic production exchange is in late 2026.
An open invitation
All of this work is being driven by the Swiss healthcare sector. It is work for the doctors of Switzerland, by the doctors of Switzerland, with an open door for anyone who would like to learn from our experience and contribute to the solutions that serve us all.
The Health Innovation Center was established earlier this year to give that approach a name, and it is how governments, ministries, national health networks, and digital health organisations work with us directly. Members shape the roadmap before general availability, build production competency on infrastructure that is already running at scale, learn from peers who have crossed the same institutional boundaries, and are supported from first proof of concept all the way to production. The same path that took HIN from a 2023 pilot to national-scale operation.
Open Source means this is collaboration, not procurement. You are not buying a sealed product. You are joining the people who are building it, and running it, and you keep what you build.
If your health system is wrestling with cross-institutional trust, and across these sessions I suspect many of you are, get in touch. Tell us where you are, and we will be honest about where we can help.
Pour the foundation together, and everyone who stands on it owns it.
Let’s build it, together.
