How Distributed Trust Works in Regulated Sectors
In 1961, diplomats from dozens of countries gathered at The Hague to solve a surprisingly persistent problem: how does a document issued by authorities in one country get accepted as authentic by authorities in another? The answer they produced — the Apostille Convention — is elegant in its simplicity. A standardized certificate, attached to the document, confirms that the signature and seal are genuine. The receiving country verifies the certificate independently. No phone calls to the issuing authority. No shared database. No central “World Document Authority” that everyone must trust.
Sixty-five years later, the digital world cannot do what a rubber stamp achieves for paper.
When a hospital in Zurich needs to verify that a referral from a clinic in Bern was sent by someone who actually holds a current medical licence, there is no digital Apostille. The systems fall back to perimeter security — “this message arrived through an authenticated channel, so it is probably legitimate” — or to manual verification processes that are slow, expensive, and do not scale.
This is the trust gap that every regulated sector faces: not managing access within an organization, but verifying identity and authority across organizational boundaries.
The Same Gap, Different Names
The vocabulary changes. The structure does not.
In healthcare, the question is: “Is the person sending this referral actually a licensed physician at the institution they claim to represent?” In finance, it becomes: “Is the person authorizing this transaction actually empowered to act on behalf of this legal entity?” In pharmaceuticals: “Was this shipment handled exclusively by licensed distributors with unbroken chain of custody?” In government services: “Does this citizen’s credential actually confirm what it claims, and is it still valid?”
Each of these is a question about trust at institutional boundaries. Each requires the receiving party to verify something that was asserted by a different organization, under a different governance structure, using different systems. And in each case, the receiving party needs to perform this verification independently — without calling the issuing authority, without sharing a database, without trusting a single central broker.
How does healthcare handle this today? How does finance? How does pharma?
Mostly, they don’t. They work around the gap with bilateral agreements, manual processes, or by converging on platform providers who become the de facto central authority. The workarounds are expensive. The platform dependency is a strategic risk. And the manual processes are exactly the kind of bottleneck that regulation was supposed to eliminate, not create.
Why Certificate Authorities Break at Boundaries
The standard answer from enterprise IT is: “We have PKI for this. Certificate authorities verify identity. Problem solved.”
Not quite.
Certificate authorities work well for one thing: confirming that a server is who it claims to be. Your browser trusts that vereign.com is actually Vereign because a CA vouched for it. But every CA is a third party that holds trust hostage — an entity that can be compromised, coerced by governments, or simply fail. Let’s Encrypt alone holds roughly 60% market share for TLS certificates. A single US institution as the structural single point of failure for the majority of internet transport security.
For cross-institutional trust between organizations, the problems compound. If Hospital A and Clinic B want to verify each other’s credentials, they need either a shared CA — who governs it? — bilateral CA trust agreements that scale at O(n²), or convergence on a platform provider. Ten thousand institutions means up to fifty million bilateral negotiations. Which recreates exactly the centralization problem that was supposed to be avoided.
The structural problem with PKI is not managing certificates. It is delegating trust to third parties whose incentives, jurisdiction, and operational reliability you do not control.
Healthcare Proved the Fix Works
Switzerland’s Health Info Net AG — HIN — has been running secure medical messaging infrastructure for thirty years. Today, SEAL processes more than 800,000 encrypted interactions per month across this network, connecting over 30,000 GP offices with hospitals, specialists, pharmacies, and laboratories.
SEAL is the starting point of what is becoming an entirely new trust infrastructure. Stargate, the full platform now being rolled out, puts the Certificate Authority function at the edge — at each participating institution rather than at a centralized third party. Each organization maintains its own cryptographic identity anchored to a self-certifying identifier. Any counterparty verifies trust by reading that organization’s key event log directly. No bilateral negotiation. No shared CA. No intermediary trust agreement.
The ongoing HIN transformation is not a pilot or a proof of concept. It is the live replacement of three decades of gateway infrastructure — with an architecture designed so that adding participant number ten thousand is no harder than adding participant number ten.
This is the digital Apostille. A credential that travels with the actor, carries cryptographic proof of who issued it and whether it is still valid, and can be verified by any receiving party independently.
The Architecture Is General
The Global Legal Entity Identifier Foundation (GLEIF) recognized the same structural need when it selected the same category of cryptographic infrastructure as the foundation for the verifiable Legal Entity Identifier (vLEI) programme, now codified under ISO 17442-3:2024. Banks verifying counterparty identity. Authorized representatives proving their authority to act. The same pattern: verifiable credentials, decentralized key management, independent verification.
Pharmaceutical supply chains need unbroken provenance from manufacturer to patient. Legal proceedings need chain-of-custody for digital evidence. Energy trading platforms need counterparty verification across jurisdictions. Government digital identity initiatives — including Switzerland’s own Swiyu — are built on verifiable credentials that citizens hold and present, rather than identity data locked in a central government registry.
Each of these is the same problem with different regulatory vocabulary. And the architecture that solves it is the same: decentralized key management that distributes trust to the edges rather than concentrating it in intermediaries. What changes between sectors is the credential schema, not the trust infrastructure.
Back to The Hague
The diplomats who designed the Apostille Convention in 1961 understood something that enterprise IT has been slow to internalize: cross-boundary trust works when each party can verify independently, without depending on a central authority that both parties must trust.
They solved it for paper. Healthcare is proving it works for digital infrastructure — at scale, in production, with 800,000+ verifiable interactions per month.
The trust problem is not domain-specific. The solution is not either. Every regulated sector that requires accountability at institutional boundaries — which is, in practice, all of them — needs the same architectural foundation.
The only question is who builds it next.
