Loading vLEI.wiki Fetching knowledge base...
vLEI.wiki Comprehensive knowledge base for KERI (Key Event Receipt Infrastructure) and vLEI (verifiable Legal Entity Identifier) ecosystem.
Made by Key State Capital .
© 2025 vLEI.wiki. Educational resource for KERI/vLEI ecosystem.
verifiable-legal-entity-identifier - vLEI.wiki | KERI Knowledge Base - vLEI.wiki
verifiable-legal-entity-identifier Related Concepts No related concepts available
Comprehensive Explanation verifiable-legal-entity-identifier
Official Definition
The verifiable Legal Entity Identifier (vLEI) is defined by GLEIF as a digital credential that provides cryptographic proof that information about a legal entity, as linked to its Legal Entity Identifier (LEI), is verifiably authentic, accurate, and up-to-date. These credentials are issued by authorized validation agents called Qualified vLEI Issuers (QVIs) who operate under the governance framework established by the Global Legal Entity Identifier Foundation (GLEIF) .
Official Abbreviations:
vLEI : verifiable Legal Entity IdentifierLEI GLEIF QVI : Qualified vLEI Issuer
Source Governance Framework: vLEI Ecosystem Governance Framework v3.0, published by GLEIF
Canonical Definition: Verifiable credentials issued by authorized validation agents (QVIs) under GLEIF governance that provide cryptographic proof that information about a legal entity, as linked to its Legal Entity Identifier (LEI), is verifiably authentic, accurate, and up-to-date.
Governance Context
vLEI Ecosystem Role
The vLEI represents a fundamental evolution of the traditional LEI system, transforming a static identifier into a dynamic, cryptographically verifiable credential ecosystem . Within the vLEI ecosystem, the vLEI credential serves multiple critical functions:
Implementation Notes Governance Implementation
Implementing vLEI credentials requires adherence to GLEIF governance:
For QVIs:
Complete QVI Qualification Program
Implement KERI infrastructure meeting Technical Requirements Part 1
Deploy credential issuance systems compliant with Technical Requirements Part 2
Establish identity verification procedures meeting IAL2 standards
Implement multi-signature configurations for security
Maintain witness pools with minimum 5 witnesses
Report issued credentials to vLEI Reporting API
For Legal Entities:
Maintain valid LEI with Active Entity Status
Establish AID with appropriate security (single-sig or multi-sig)
Designate Designated Authorized Representatives (DARs)
Authorize Legal Entity Authorized Representatives (LARs)
Implement credential request and management procedures
Maintain control over organizational AID
For Verifiers:
Implement ACDC verification logic
Verify credential chains to GLEIF root
Check TEL for revocation status
Validate LEI status in Global LEI System
Verify KEL integrity for all AIDs in chain
Support IPEX presentation exchange protocol
Credential Chaining
vLEI credentials form verifiable chains:
GLEIF Root AID → QVI CredentialQVI Credential → Legal Entity vLEI CredentialLegal Entity Credential → OOR/ECR Authorization CredentialAuthorization Credential → OOR/ECR Credential
Each link in the chain must be cryptographically verified, with edge references validated and parent credentials confirmed as non-revoked.
Multi-Signature Considerations
GLEIF governance recommends multi-signature configurations:
QVIs : Minimum 3 QARs with 2-of-N thresholdLegal Entities : Minimum 3 LARs with 2-of-N threshold (when possible)GLEIF : Multi-signature for root operations
Multi-signature provides enhanced security through distributed control and reduces single points of failure.
Digital Identity Foundation : Establishes the cryptographically verifiable digital identity of legal entities in the KERI ecosystemTrust Chain Anchor : Serves as the root credential from which organizational role credentials (OOR and ECR) are derivedDelegation Enabler : Allows legal entities to delegate authority to representatives through chained credentialsInteroperability Bridge : Connects traditional LEI infrastructure with modern decentralized identity systems
GLEIF Context GLEIF operates as the root of trust for the entire vLEI ecosystem. The organization:
Governs the vLEI Ecosystem Governance FrameworkQualifies and authorizes QVIs to issue vLEI credentialsMaintains the GLEIF Root AID as the cryptographic anchorDelegates authority through the GLEIF External Delegated AID (GEDA) to QVIsOversees compliance with governance requirements GLEIF's role extends beyond traditional LEI management to include:
Establishing technical requirements for KERI infrastructure
Defining credential schemas and validation rules
Managing the qualification process for QVIs
Providing governance for the entire credential lifecycle
The vLEI ecosystem involves several key governance entities:
Qualified vLEI Issuers (QVIs):
Organizations qualified by GLEIF to issue vLEI credentials
Operate under contractual obligations defined in the vLEI Issuer Qualification Agreement
Maintain technical infrastructure meeting GLEIF specifications
Perform identity verification according to governance requirements
Organizations holding valid LEIs
Recipients of vLEI credentials from QVIs
Controllers of their own AIDs in the KERI ecosystem
Issuers of role credentials to their representatives
Designated Authorized Representatives (DARs):
Individuals authorized by legal entities to manage vLEI operations
Authority to execute qualification agreements
Responsibility for designating Legal Entity Authorized Representatives (LARs)
Legal Entity Authorized Representatives (LARs):
Representatives authorized by DARs to request credential operations
Authority to request issuance and revocation of vLEI credentials
Responsibility for identity verification of role holders
Roles & Responsibilities
Primary Responsibilities The vLEI credential system establishes clear responsibilities across multiple roles:
Root Authority : Maintain the GLEIF Root AID as the cryptographic root of trustQVI Qualification : Qualify and authorize organizations to become QVIsGovernance : Publish and maintain the vLEI Ecosystem Governance FrameworkTechnical Standards : Define KERI infrastructure requirements and credential schemasOversight : Monitor QVI compliance with governance requirementsDelegation Management : Issue QVI credentials through the GEDA
Credential Issuance : Issue Legal Entity vLEI Credentials to qualified legal entitiesIdentity Verification : Verify LEI validity and legal entity statusInfrastructure : Maintain KERI infrastructure meeting GLEIF specificationsRole Credential Support : Issue OOR and ECR credentials as authorized by legal entitiesRevocation Management : Revoke credentials when required by governanceReporting : Present issued credentials to the vLEI Reporting API Legal Entity Responsibilities:
AID Management : Maintain control over their KERI AIDRepresentative Authorization : Designate and manage authorized representativesCredential Lifecycle : Request issuance and revocation of credentialsRole Delegation : Issue authorization credentials for OOR and ECR rolesCompliance : Maintain valid LEI status
Identity Verification : Verify identity of OOR and ECR personsAuthorization : Issue QVI AUTH credentials authorizing role credential issuanceCredential Management : Request issuance and revocation of role credentialsOOBI Sessions : Conduct supervised identity verification sessions
Authority and Permissions The vLEI ecosystem implements a hierarchical authority structure:
Exclusive authority to issue QVI credentialsExclusive authority to qualify QVIsUltimate authority over governance frameworkDelegated authority through GEDA to QVIs
Delegated authority from GLEIF to issue Legal Entity credentialsConditional authority to issue role credentials (requires LAR authorization)Revocation Verification authority for credentials in their scope
Control authority over their AIDAuthorization authority for role credentialsDelegation authority to representativesRevocation authority for role credentials they authorized
Request authority for credential operationsVerification authority for role holder identitiesAuthorization authority through QVI AUTH credentials
Limitations The vLEI system imposes specific limitations:
Cannot issue credentials directly to legal entities (must use QVIs)
Cannot bypass governance framework requirements
Cannot unilaterally change governance without stakeholder process
Cannot issue role credentials without LAR authorization
Cannot issue credentials to entities without valid LEIs
Must maintain qualification status to continue operations
Cannot modify credential schemas
Legal Entity Limitations:
Cannot issue vLEI credentials to other entities
Cannot authorize role credentials without valid Legal Entity credential
Must maintain valid LEI to keep credentials active
Cannot issue credentials directly (must request through QVI)
Cannot bypass identity verification requirements
Authority limited to their specific legal entity
Credential Lifecycle
Issuance Process The vLEI credential issuance process follows a structured workflow:
Phase 1: QVI Qualification
Organization applies to GLEIF for QVI qualification
GLEIF evaluates against qualification criteria
GLEIF issues QVI credential to qualified organization
QVI establishes required KERI infrastructure
Phase 2: Legal Entity Credential Issuance
Legal entity contracts with QVI for vLEI services
QVI verifies LEI validity in Global LEI System
QVI verifies LEI has Active Entity Status
Legal entity creates AID (single-sig or multi-sig)
QVI and legal entity exchange OOBIs
QVI issues Legal Entity vLEI Credential
QVI presents credential to vLEI Reporting API
Phase 3: Role Credential Authorization
Legal entity identifies individual for role credential
LAR performs identity verification (IAL2 minimum)
LAR conducts supervised OOBI session with role holder
LAR issues QVI AUTH credential to QVI
QVI verifies authorization credential
Phase 4: Role Credential Issuance
QVI verifies QVI AUTH credential validity
QVI issues OOR or ECR credential to role holder
QVI presents credential to vLEI Reporting API
Role holder can present credential to verifiers
Verification Procedures Verification of vLEI credentials involves multiple validation steps:
Cryptographic Verification:
Verify ACDC SAID integrity
Verify issuer AID signatures
Verify credential chain integrity
Verify edge references to parent credentials
Check Transaction Event Log (TEL) for revocation status
Verify credential is within validity period
Verify issuer credential is still valid
Verify LEI status in Global LEI System
Verify QVI credential chains to GLEIF Root
Verify Legal Entity credential chains to QVI
Verify role credential chains to Legal Entity
Verify authorization credentials for role credentials
Infrastructure Verification:
Verify KEL integrity for all AIDs in chain
Verify witness receipts for key events
Verify OOBI resolution for discovery
Verify registry anchoring for TEL
Revocation Conditions vLEI credentials may be revoked under specific conditions:
QVI Credential Revocation:
QVI fails Annual vLEI Issuer Qualification
QVI fails to remediate qualification issues
QVI's LEI lapses or is retired
QVI voluntarily terminates services
GLEIF determines governance violation
Legal Entity Credential Revocation:
Legal entity's LEI lapses or is retired
Legal entity requests revocation
QVI determines credential was issued in error
Legal entity loses Active Entity Status
Role Credential Revocation:
Role holder leaves organization
Legal entity requests revocation
Authorization credential is revoked
Parent Legal Entity credential is revoked
QVI determines credential was issued in error
Grace Period:
The vLEI system includes a 90-day grace period for credential transitions, allowing time for:
Renewal of credentials
Transfer to new QVI
Resolution of temporary issues
Orderly credential lifecycle management
Primary Governance Framework vLEI Ecosystem Governance Framework v3.0
Primary document: vLEI Ecosystem Governance Framework v3.0 Primary Document
Establishes overall governance structure
Defines core policies and principles
Specifies stakeholder roles and responsibilities
Technical Requirements Part 1: KERI Infrastructure
Document: Technical Requirements Part 1 - KERI Infrastructure
Specifies KERI protocol requirements
Defines witness and watcher configurations
Establishes key management standards
Mandates cryptographic strength requirements
Document: Technical Requirements Part 2 - vLEI Credentials
Defines ACDC implementation requirements
Specifies credential schemas
Establishes SAID and signature requirements
Mandates IPEX protocol compliance
Document: Technical Requirements Part 3 - Credential Schema Registry
Establishes schema versioning requirements
Defines SAID-based schema identification
Specifies JSON Schema compliance
Mandates semantic versioning
Credential-Specific Frameworks
Document: Qualified vLEI Issuer Identifier Governance Framework and vLEI Credential Framework
Defines QVI qualification requirements
Establishes QVI credential structure
Specifies delegation requirements
Mandates multi-signature configurations
Legal Entity Credential Framework
Document: Legal Entity vLEI Credential Framework
Defines Legal Entity credential requirements
Establishes identity verification procedures
Specifies multi-signature requirements
Mandates LEI validation procedures
Document: Legal Entity Official Organizational Role vLEI Credential Framework
Defines OOR credential requirements
Establishes identity verification procedures
Specifies authorization requirements
Mandates OOBI session procedures
Document: Legal Entity Engagement Context Role vLEI Credential Framework
Defines ECR credential requirements
Establishes identity verification procedures
Specifies authorization requirements
Mandates OOBI session procedures
Authorization Credential Framework
Document: Qualified vLEI Issuer Authorization vLEI Credential Framework
Defines QVI AUTH credential requirements
Establishes authorization procedures
Specifies multi-signature requirements
Mandates identity verification procedures
Supporting Documents Information Trust Policies
Document: vLEI Ecosystem Information Trust Policies
Establishes security requirements
Defines privacy policies
Specifies availability requirements
Mandates confidentiality policies
Document: vLEI Ecosystem Risk Assessment
Identifies ecosystem risks
Establishes mitigation strategies
Defines risk management procedures
Specifies monitoring requirements
Trust Assurance Framework
Document: vLEI Ecosystem Trust Assurance Framework
Establishes compliance requirements
Defines audit procedures
Specifies certification requirements
Mandates reporting procedures
Document: vLEI Ecosystem Governance Framework Glossary
Defines all capitalized terms
Establishes canonical terminology
Provides authoritative definitions
Ensures consistent interpretation
Qualification Documents QVI Qualification Agreement
Contractual document between GLEIF and QVI
Establishes legal obligations
Defines service level requirements
Specifies termination conditions
Mandates compliance requirements
QVI Qualification Program Checklist
Appendix to Qualification Agreement
Defines qualification criteria
Establishes verification procedures
Specifies documentation requirements
Mandates certification requirements
Appendix to Qualification Agreement
Establishes confidentiality requirements
Defines protected information
Specifies disclosure restrictions
Mandates breach notification
Implementation Significance The vLEI represents a transformative approach to organizational digital identity by:
Bridging Traditional and Decentralized Systems : Connecting the established LEI infrastructure with modern KERI-based decentralized identityEnabling Automated Verification : Providing machine-verifiable credentials that eliminate manual verification processesSupporting Regulatory Compliance : Offering cryptographically verifiable proof of organizational identity for regulatory reportingFacilitating Cross-Border Transactions : Enabling trusted digital interactions across jurisdictionsProtecting Privacy : Supporting selective disclosure and graduated revelation of organizational informationEnsuring Portability : Allowing credentials to be used across different platforms and applicationsMaintaining Governance : Preserving GLEIF's oversight while enabling decentralized operations The vLEI ecosystem demonstrates how traditional identity infrastructure can be enhanced with cryptographic verifiability while maintaining governance, compliance, and regulatory oversight.