circle-check
zkPassport is now live — verify ePassport authenticity with zero-knowledge proofs, a trust anchor for identity in the age of AI.
Learn morechevron-right
search
GitHubTwitterDiscord

Proof-of-vLEI

zkMe supports verifiable LEI (vLEI) credential checks within its zkKYB suite, enabling cryptographically verifiable corporate identity based on the globally recognized LEI standard.

hashtag
What is a vLEI?

A Legal Entity Identifier (LEI) is a 20-character alphanumeric code defined by ISO 17442 and governed by the Global Legal Entity Identifier Foundation (GLEIF). It uniquely identifies legal entities involved in financial transactions worldwide. However, an LEI alone is only an identifier; it does not provide cryptographic proof of authenticity.

A verifiable LEI (vLEI) addresses this by packaging the LEI as a cryptographically verifiable credential. Built on KERI (Key Event Receipt Infrastructure), with GLEIF as the root of trust, vLEI enables instant, automated verification of legal entities and their authorized representatives, without manual review or document-heavy checks.

The vLEI ecosystem includes three credential types:

  1. Legal Entity vLEI Credential: Confirms an organization’s identity via its LEI, with cryptographic traceability to GLEIF.

  2. Official Organizational Role (OOR) Credential: Verifies that a person holds an official role (e.g., CEO, CFO, Director), validated against public records or official documents.

  3. Engagement Context Role (ECR) Credential: Verifies that a person is authorized in a specific context (e.g., signatory, compliance officer, contractor).

hashtag
How vLEI Works in zkKYB

hashtag
The vLEI trust chain

The vLEI ecosystem follows a hierarchical trust model rooted in GLEIF:

  • GLEIF as Root of Trust: GLEIF establishes a Root Autonomic Identifier (AID) through KERI, anchoring the trust chain.

  • Delegation to QVIs: GLEIF delegates authority to Qualified vLEI Issuers (QVIs), which are vetted and approved to issue and revoke vLEI credentials. Only QVIs that pass GLEIF’s qualification process can operate in the ecosystem.

When a legal entity applies for vLEI credentials, issuance follows this sequence:

  1. Legal Entity vLEI Credential The entity works with a QVI, which verifies LEI status and confirms that the applicant is authorized to act on the entity’s behalf. The QVI then issues the Legal Entity vLEI Credential, which is published on GLEIF’s website for public discoverability.

  2. OOR vLEI Credentials Once the entity credential is in place, the entity may request OOR credentials for individuals in official roles. The QVI verifies each person’s identity and validates the claimed role against public sources or official corporate records (e.g., board resolutions, articles of incorporation).

  3. ECR vLEI Credentials The entity may also issue ECR credentials for context-specific roles (e.g., authorized signatories, compliance staff, contractors). These may be issued by either the QVI or the legal entity itself, depending on the model.

Each credential is cryptographically traceable to GLEIF’s Root AID. A verifier can follow the signature chain from the credential, through the delegated QVI AID, back to GLEIF to confirm trusted issuance.

hashtag
zkMe’s Role in vLEI Verification

zkMe acts as both a verification layer and a privacy layer:

  • Credential verification: During zkKYB, when a business presents a vLEI credential, zkMe verifies the full cryptographic chain: the issuer is a qualified QVI, the QVI’s authority is delegated by GLEIF, and the credential is not revoked.

  • Authorized representative verification: Using OOR and ECR credentials, zkMe verifies not only the entity but also whether a specific individual is authorized to act on its behalf in a defined capacity. This is essential in KYB workflows.

  • Zero-knowledge credential issuance: After validating the vLEI chain, zkMe issues its own ZKP-based credential attesting to the verification result, allowing relying parties (e.g., DeFi protocols or regulated platforms) to verify compliance claims while minimizing disclosure.

hashtag
Use cases

  • Permissioned DeFi: Verify that counterparties are legitimate registered entities before granting access to institutional pools or lending markets.

  • RWA tokenization: Validate the identity and legal standing of entities involved in real-world asset issuance and management.

  • Cross-border compliance: Use standardized vLEI credentials for entity verification across jurisdictions without relying on fragmented local registries.

  • Regulatory reporting: Support requirements under frameworks such as MiCA, AMLD, and FATF guidance, which increasingly require LEIs for legal-entity identification in financial transactions.

PreviousProof-of-UBONextKYT - Know Your Transaction

Last updated