EU Trust Registries: Progress and Gaps in Digital Trade

Trust registries are emerging as a cornerstone of digital identity ecosystems – but their evolution for trade and logistics remains uneven and fragmented.

Under eIDAS 2, the EU is introducing a structured trust framework built around Qualified Trust Service Providers (QTSPs), Trusted Lists, and the upcoming European Digital Identity Wallet (EUDI Wallet). These provide strong foundations for credential issuer verification and cross-border assurance. The European Trust List infrastructure already supports cryptographically verifiable issuers. But it is still primarily geared toward citizen identity, signatures and certificates, not to trade-specific actors like ports, freight forwarders, customs brokers or inspection bodies.

Meanwhile, Gaia-X and other data spaces – critical for sharing and securing trade documents – operate under their own trust hierarchies. The Gaia-X Association audits and accredits Trust Anchors (identity issuers); issuer credentials must chain to these anchors to be accepted. This ensures strong governance but also reinforces fragmentation across ecosystems.

Globally, UN/CEFACT has launched its Global Trust Registry (GTR) initiative to enable verifiable registration certificates for authoritative registries in trade and shipping. This is a promising step toward harmonisation, yet multiple registries – national, sectoral, and ecosystem-specific – are here to stay. The challenge is interoperability: how do we ensure that an issuer trusted in one registry isn’t rejected in another?

For dynamic compliance, the EU still lacks a unified, real-time registry for sanctions, regulatory certifications, or KYB-level entity status. These datasets remain scattered across national registries, commercial providers, and sectoral regulators. Alignment with W3C Verifiable Credentials, DID, and vLEI standards is evolving but inconsistent.

Machine-to-machine trust is the least developed area: while the EU’s Cyber Resilience Act and Data Act reference device integrity, no pan-EU trust registry for IoT credentials exists today.

Bottom line: The EU provides a strong legal backbone for trust, but sector-specific, real-time, and machine-oriented registries for automated digital trade are still missing. Fragmentation – and the risk of trust discrepancies – will persist across countries, sectors and data spaces. Solving interoperability is the next frontier, and it’s where innovators like TradeVeris can make a real impact.