The Political Economy of Trust Registries
Trust Registries as Hidden Governance Layer
[Note: The text of this essay is expanded from the notes of a talk of the same name I gave around mid-August 2025. While the audience was comprised of technologists, the overarching topic included how to design public technology infrastructure.]
Digital trust stacks are often described as a set of modular components: identifiers, verifiable credentials, wallets, protocols, assurance frameworks. In that diagram, trust registries are usually drawn as a small box somewhere in the background, labelled “directory of issuers” or “list of authorities.” The visual rhetoric is deliberate, and it is misleading: it suggests that registries are supporting utilities rather than centres of power.
As ecosystems move from paper processes and ad hoc trust to cryptographic credentials and automated validation, trust registries become a hidden governance layer. They decide which entities are allowed to issue authoritative claims, which schemas are acceptable, which assurance levels are recognised and which actors are excluded entirely. Once these decisions are embedded into workflows, APIs and regulation, the registry is no longer just a list. It is an institutional filter that shapes who can participate in a market and on what terms.
Political economy asks a set of questions that technical architecture diagrams tend to avoid. Who owns and operates the registry? What are their incentives? Who pays to be included or excluded? Which actors gain rents from controlling the definition of “trusted issuer”? How does inclusion or exclusion change bargaining power across the ecosystem? What happens when regulators start treating a specific registry as canonical?
These questions matter because the role of trust registries is expanding. In proof-first environments, verifiers will often not talk directly to issuers. They will talk to cryptographic proofs and to registries that tell them whether those proofs should be believed. That intermediation creates leverage. The registry operator becomes the arbiter of legitimacy, able to shape markets through technical configuration and policy decisions that are often presented as neutral.
The economic dynamics follow quickly. If access to markets, compliance regimes or state systems depends on being listed in a registry, then listing becomes a scarce resource. Scarce resources attract pricing. Fees, certification programmes, “trust tiers,” integration charges and premium services follow. What begins as infrastructure becomes a tollgate. Actors with the capital, legal capacity and technical sophistication to navigate registry requirements gain a structural advantage; smaller or peripheral actors face friction or exclusion.
A purely technical account of registries treats them as necessary scaffolding for verifiable ecosystems. A political-economic account treats them as instruments through which power is exercised, rents are extracted and competition is structured. The same component can behave like a public utility, a quasi-regulatory body or a monopolistic choke point, depending on ownership and governance.
This essay examines trust registries as political-economic institutions, not just technical artefacts. It argues that:
The logic of “who is allowed to issue what” is inseparable from questions of authority and legitimacy.
Registry ownership and governance determine whether infrastructures serve public power or private rents.
Design choices around schemas, policies and revocation are political choices, even when expressed as configuration files.
A future with a single canonical registry is politically fragile, regardless of its technical elegance.
To make that argument concrete, the essay proceeds in three steps. It begins by defining trust registries in operational terms and tracing their historical lineage from older accreditation and licensing structures. It then analyses ownership models, business models and distributional impacts. Finally, it explores counter-infrastructures, plural registry ecosystems and design principles for treating registries as part of digital public power rather than as proprietary tollgates.
Trust registries will increasingly sit at the junction between cryptography and law, between code and institutional trust. That junction is where governance actually happens. It deserves more scrutiny than a small box on a reference diagram.
What Is a Trust Registry? From Directory to Gatekeeper
A useful way to understand trust registries is to strip away the abstractions and describe what they actually do in a live ecosystem.
At the simplest level, a trust registry is a structured list of entities and policies. It records which organisations are allowed to issue which kinds of credentials, under which assurance frameworks, using which schemas. It also records which entities are allowed to verify those credentials, and under what constraints. The registry is queried at runtime by wallets, verifiers, gateways or intermediaries to answer a series of operational questions:
Is this issuer recognised in this ecosystem at all?
If so, for which credential types or schemas?
Under which trust framework or policy regime?
Are there any additional requirements, such as accreditation, licensing or sectoral regulation?
Has this issuer been suspended or revoked, and for what reason?
From the perspective of a verifier, the registry is where “should I trust this credential in this context?” gets translated into a deterministic decision. The verifier does not manually review the issuer’s legal status or read the trust framework document; it checks the registry, applies its configured policy and proceeds. Trust is turned into a protocol call.
Once you view the registry at that level, its political significance becomes clear. Whoever controls the contents and policies of the registry controls the mapping between credentials and legitimacy. That mapping is what markets and regulators begin to depend on. The registry is not an optional convenience; it becomes the canonical source of truth for an ecosystem’s trust decisions.
The distinction between “directory” and “gatekeeper” is not semantic. In the early stages of an ecosystem, a registry may genuinely act as a simple directory, listing a small number of participants in a loosely coupled network. Over time, as more verifiers integrate against it, as more regulations reference it and as more business processes depend on its entries, the registry becomes infrastructure. When that threshold is crossed, changes to the registry have material consequences. Adding or removing an issuer can grant or remove market access, sometimes across entire sectors.
Technically, trust registries can take many forms. They might be:
Centralised services operated by a single organisation.
Distributed ledgers with governance encoded in smart contracts.
Federations of registries linked through discovery protocols.
Sectoral registries linked to specific regulators or accreditation bodies.
The implementation details matter for resilience and transparency, but they do not change the underlying function: encoding and publishing decisions about who is trusted to issue or validate credentials.
It is tempting to describe registries as neutral tools that simply implement externally defined rules. In practice, the line between “implementing” and “defining” is porous. Inclusion criteria, assurance levels, issuer categories, error handling and revocation policies all require interpretation. Those interpretations accumulate. They shape the perimeter of the ecosystem and the friction profiles for different actors.
The registry also becomes a surface where multiple logics intersect:
Regulatory logic: licensed entities, compliance status, sanctions lists.
Market logic: which issuers drive demand, which sectors are prioritised.
Technical logic: protocol compatibility, schema conformance, operational reliability.
Balancing these logics is not a purely technical exercise. It is governance. When the registry operator decides to require additional certification from certain types of issuers, that decision has distributional effects. When it decides to fast-track some applicants and slow-walk others, it shapes competitive dynamics. When it decides how much explanation to provide for revocation or refusal, it sets the tone for accountability.
From a distance, trust registries are easy to trivialise: “just JSON with some DID references and metadata.” The political economy begins the moment that JSON becomes the gate you must pass through to join a market. At that point, the registry is no longer background plumbing; it is a strategic asset.
Historical Lineage: Registries, Legitimacy and Market Formation
Trust registries are not a novelty of decentralised identity. They are the latest expression of a longstanding pattern: societies use lists to formalise legitimacy, regulate entry into professions and sectors, and create predictable environments for exchange. The move from paper registers to digital trust registries is an evolution in medium, not in function.
Historical examples are everywhere. Merchant guild rosters in medieval cities specified who could trade, under what rules and in which markets. Colonial charters granted exclusive rights to certain companies, and lists of recognised chartered entities decided who enjoyed protection and access. Professional registers for doctors, lawyers and engineers have long acted as authoritative inventories of who is allowed to practice. Accreditation lists for universities, licensing registers for banks, membership lists for bar associations—each of these structures has functioned as a trust registry in analogue form.
These lists did three things simultaneously.
First, they created an official perimeter around a domain. Being on the list meant being recognised as legitimate within that domain. Being off the list meant operating in a grey or black market, with limited recourse and higher perceived risk.
Second, they managed competition. Entry conditions—years of training, fees, sponsorship, examinations—acted as filters that shaped how many actors could enter the field and how quickly. These conditions were often justified as quality control or consumer protection. They also had the practical effect of limiting supply and preserving professional or corporate rents.
Third, they encoded social hierarchies. Access to licensing bodies and accreditation processes was heavily skewed along lines of class, gender, caste and race. Whole populations were either excluded by design or faced steep structural barriers to entry. The registry was never a neutral device; it reflected the social and political order of its time.
Financial infrastructures provide a more recent example. Interbank networks depend on lists of recognised participants. SWIFT identifiers, bank routing numbers and BIC codes all derive their authority from central registries controlled by specific institutions. Inclusion determines whether a financial institution can participate in cross-border settlement. Exclusion, whether voluntary or imposed via sanctions, is economically devastating. These registries are treated as technical necessities, yet they are plainly instruments of geopolitical and regulatory power.
The same logic surfaces in telecommunications, where numbering plans and operator codes are controlled by standards bodies and regulators, and in the web PKI ecosystem, where certificate authorities and root programmes determine which entities can prove domain control and under what assurance levels. In each case, the registry or root list acts as the arbiter of trust. Decisions about who can join, who can be removed and under what conditions become consequential.
Trust registries in verifiable credential ecosystems sit in this lineage. They translate old practices of accreditation, licensing and root lists into environments where cryptographic proofs and decentralised identifiers are the raw material. The rhetoric has changed—“self-sovereign identity,” “user-centricity,” “open ecosystems”—but the structural role is familiar. Registries define which authorities are recognised, which claims are valid and which participants can operate at scale without constant suspicion or friction.
Understanding this lineage matters for two reasons.
First, it dispels the illusion that registries are new and therefore exempt from historical critique. Every previous generation of registries has been used both to stabilise markets and to entrench incumbents. There is no reason to assume that digital trust registries will automatically avoid the same pattern.
Second, it clarifies what is at stake when registries move from paper and internal databases to publicly queryable infrastructure embedded in protocols. The speed and reach of digital systems amplify the consequences of inclusion and exclusion. A badly governed licensing board can harm specific professions; a badly governed global trust registry can shape cross-border economic participation.
When we design and deploy digital trust registries, we are not starting from a blank slate. We are inheriting a set of institutional habits about who gets to decide who counts. Political economy asks us to make those habits explicit and to decide whether we want to replicate them, reform them or replace them with something different.
Authority and Ownership: Who Decides Who Counts?
Every trust registry encodes a simple but loaded question: who is allowed to speak with authority in this ecosystem? The registry does not validate individual claims; it validates claimants. It draws a line between those who can issue credentials that others must take seriously and those whose credentials can be ignored with no consequence. That line is not drawn by mathematics. It is drawn by governance.
The authority embedded in a registry can be read directly from the questions it answers. When a verifier queries the registry, it is implicitly asking whether the organisation is permitted to issue credentials at all, whether it is permitted to issue this type of credential, whether it is operating under a recognised framework or licence and whether anything has happened that should change how its claims are treated. Each answer is the outcome of a decision someone made: a board, a regulator, a foundation or a platform owner. Those decisions may be codified in policy documents and implemented through technical controls, but they remain institutional choices. The registry is simply where those choices are stored and made accessible to code.
Ownership defines who has the final say over these choices. Three broad models dominate early discussions of trust registries.
In state-owned models, a government agency or delegated regulator operates the registry. This aligns with existing patterns in sectors like banking, healthcare and transport, where public or quasi-public bodies already maintain lists of licensed entities. The promise is clarity: one authoritative list, backed by the coercive power of the state, minimises ambiguity for verifiers and relying parties. The danger is overreach. A state-controlled registry can easily become a mechanism for political control, exclusion of dissenting actors or fine-grained surveillance if inclusion is tied to compliance with broader policy agendas. Once other infrastructure layers anchor to a state registry, the ability to build alternative trust networks diminishes.
In platform-owned models, a private entity—often a large technology company or consortium—operates the registry as part of a broader service offering. The incentives in this model are commercial. The registry helps drive adoption of the platform’s standards, tooling and services, and it becomes a point of leverage in negotiations with regulators and ecosystem partners. The advantages are speed and integration: decisions can be made quickly, implementation can be tightly coupled to platform infrastructure and user experience can be optimised. The downside is predictable: shareholder interests dominate. Inclusion criteria can be shaped to favour existing partners, competitors can be quietly excluded and opacity around policies can be justified as protection of intellectual property or risk controls.
Federated or cooperative models attempt to distribute authority. In these setups, a multi-stakeholder body—foundation, association or consortium—manages the registry according to agreed governance processes. Members may include issuers, verifiers, regulators, civil society groups and technical experts. The value proposition is legitimacy: decisions carry more weight because they are not unilaterally imposed. The trade-offs include slower decision-making, potential for gridlock and vulnerability to capture by organised blocs with higher capacity to participate in governance.
Ownership and governance structures determine whose interests the registry serves when trade-offs emerge. Consider a scenario where small community issuers seek inclusion but do not have the resources to meet high compliance demands. A platform-owned registry may quietly deprioritise them as low-revenue, high-support actors. A state-owned registry may treat them as marginal and not worth regulatory attention. A cooperative registry with explicit representation from community actors may instead adjust criteria or create specific tiers to accommodate them.
Authority in a registry is exercised not only through explicit decisions about inclusion and exclusion but also through the design of onboarding processes, documentation requirements, technical integration paths and dispute resolution channels. A registry that demands extensive legal vetting, multi-month accreditation processes and sophisticated protocol implementations signals that participation is for large, well-resourced actors. A registry that provides clear templates, accessible help and low-cost integration paths signals a different set of priorities.
The gap between technical specification and practical accessibility is where authority hardens into hierarchy. Two registries could publish identical policy documents but differ radically in how those policies are implemented. One might offer a streamlined, well-documented API and responsive support; another might bury applicants in ambiguity and silence. Both claim neutrality; only one is usable for smaller actors. Ownership and incentives explain this divergence.
The premise that a registry can be “just implementing external rules” is therefore untenable. Even when regulations define certain inclusion criteria, they rarely define all the operational details. Choices about how strictly to interpret grey areas, how quickly to act on new applications, how much transparency to provide about failure reasons and how to handle borderline cases are all political choices. The entity that owns the registry exercises authority with every such decision.
In an environment where trust registries become critical dependencies for digital markets, these choices accumulate. Over time, the registry defines what “normal” looks like. Actors outside that norm face friction or exclusion. At that point, the question is no longer “who runs the JSON file,” but “whose world does this registry make real?”
Rent, Lock-In, and the Business Model of Legitimacy
Once market access flows through a registry, ownership of that registry can be monetised. Legitimacy becomes a potential revenue stream. This is the point where trust registries move into the realm of political economy.
The most direct rent-extraction mechanism is fees. Registry operators can charge for initial onboarding, annual renewal, assurance upgrades, compliance certifications or extended metadata listings. These fees may be framed as cost recovery or quality control, but they also function as filters. Small issuers, community organisations and actors from low-income regions face a heavier relative burden. Large incumbents treat these fees as minor operating costs and, in some cases, as a way to keep the competitive field thin.
More subtle forms of rent arise through tiered models. A registry can create multiple levels of “trust,” each associated with different costs and privileges. Higher tiers might offer faster propagation of updates, preferred placement in recommended issuer lists or regulatory recognition in specific sectors. Lower tiers may be technically functional but practically marginal. Markets, predictably, gravitate towards higher tiers, turning them into premium positions that issuers are pressured to buy into if they wish to compete. Trust becomes stratified, and so does the ability to issue credentials that verifiers will rely on without extra friction.
Network effects amplify these dynamics. The more verifiers, regulators and platforms rely on a particular registry, the more valuable inclusion becomes. The more valuable inclusion becomes, the more pricing power the operator can exercise. Even if the registry began as a low-cost or community-oriented initiative, success can tempt a shift in business model. Fee structures can creep upward. Access to certain APIs can be reclassified as “enterprise.” Enhanced analytics and monitoring features can be monetised, turning the registry into a vantage point for selling intelligence about the ecosystem.
Lock-in is not merely economic; it is architectural. Integrating a registry into verification flows requires work: code changes, configuration, governance alignment, legal review. Once these investments are made, switching to another registry or maintaining multi-registry compatibility incurs additional cost. The more complex the trust policy logic, the higher the switching cost. A dominant registry can therefore raise prices or tighten conditions with relatively low risk of mass exit, especially if there is no viable alternative with comparable coverage.
Data exhaust presents another vector for rent. A registry operator sits at a privileged observation point: it sees which issuers are active, in which schemas, at what volumes and with what lifecycle patterns. Even if individual credential content is never visible, these metadata patterns are informative. They can be analysed to identify growth sectors, dominant issuers, emergent markets or systemic vulnerabilities. This intelligence can be monetised through reports, consulting or bundled services. It can also be used strategically by the operator if it is itself a market participant.
From a regulatory perspective, regulators may begin to depend on a registry for supervisory purposes. They may require regulated entities to check the registry before accepting credentials, or they may use registry data to monitor compliance. This dependency increases the registry’s leverage. The operator can position itself as an indispensable partner for regulators, reinforcing its centrality. Over time, the line between private infrastructure and quasi-regulatory body blurs.
The risk is not that registry operators will charge fees. Infrastructure has costs, and cost recovery is legitimate. The risk is unexamined rent extraction: fee and data models that quietly reshape the market landscape, making it harder for smaller or alternative actors to participate and easier for incumbents to consolidate positions. A registry that started as an open utility can, under pressure from investors or changing leadership, drift into a tollbooth.
Political economy insists on asking who pays, who profits, who can walk away and who cannot. In the context of trust registries, these questions translate into concrete design and policy choices. Transparent fee schedules versus bespoke pricing. Open publication of inclusion criteria versus ad hoc discretion. Restricted use of data versus broad secondary monetisation. Governance structures that can be influenced by those who rely on the registry versus closed ownership.
When legitimacy becomes a monetisable asset, the temptation to over-engineer scarcity is strong. Registries can be designed to make inclusion appear difficult, thereby justifying premium services for “navigating the process.” They can outsource complexity to consulting partners, creating ecosystems in which access is mediated by gatekeepers who themselves collect rents.
The alternative is to treat trust registries as infrastructure that should minimise artificial scarcity. Fees cover costs; governance checks prevent predatory behaviour; transparency ensures that the price of legitimacy is not quietly inflated over time. Whether ecosystems achieve this depends less on the protocol and more on the institutional commitments made at the outset.
State, Platform, or Commons? Competing Models of Registry Governance
Choosing who operates a trust registry is not an implementation detail. It is a decision about where to anchor authority in the ecosystem. Three broad governance models—state, platform and commons—offer different trade-offs.
The state-centric model builds on existing regulatory infrastructures. In heavily regulated sectors such as banking, healthcare or energy, it is intuitive to place the registry under the control of a public authority or a supervised agency. This aligns legal accountability with operational control. If a bank loses its licence, the state-managed registry can reflect that status quickly and uniformly. Verifiers can rely on the registry as an extension of the legal framework.
The strengths of this model are coverage and coherence. A state can mandate that certain actors must be in the registry to operate legally. It can require regulated entities to consult the registry. It can integrate the registry into supervisory tooling. These powers can accelerate adoption and ensure that trust registries are not optional add-ons but core infrastructure.
However, the centralisation of authority raises predictable concerns. A government that controls the registry can use it to pursue political agendas: excluding organisations aligned with opposition groups, pressuring civil society actors or enforcing ideological conformity under the guise of compliance. Even in relatively benign contexts, the temptation to expand registry logic beyond its original scope is strong; today it lists issuers, tomorrow it becomes entangled with surveillance programmes. Moreover, the assumption that the state is a neutral actor is often false, particularly for marginalised communities.
The platform-centric model places the registry in the hands of a private, often global, operator. This could be a technology company, a cloud provider, a fintech platform or a consortium dominated by a few large firms. The appeal is agility and alignment with product strategy. Platform owners can design the registry to integrate seamlessly with their tools, can iterate quickly and can offer strong developer experiences that accelerate adoption.
In this model, the main accountability mechanism is market discipline. If the platform abuses its position, participants can—in theory—leave. In practice, as noted earlier, lock-in and network effects limit this exit option. Shareholder interests introduce another constraint: decisions about inclusion, pricing or transparency are filtered through profitability considerations. Actors that do not fit the platform’s business priorities may find themselves marginalised, even if they are important for broader public interest.
The commons-oriented model aims to treat the registry as shared infrastructure. Governance is distributed across stakeholders: issuers, verifiers, relying parties, regulators, civil society actors and technical stewards. The registry is often operated by a foundation, non-profit organisation or cooperative. Decisions are made through formal processes—boards, working groups, voting mechanisms—that attempt to balance interests.
This model’s strength is legitimacy. When done well, it can produce policies that reflect a broader range of needs and reduce the risk of unilateral capture. It can embed principles such as openness, non-discrimination and transparency into the registry’s charter. It can be explicit about resisting rent extraction and prioritising ecosystem health over short-term revenue.
The challenges are coordination and resourcing. Commons governance requires time, attention and organisational capacity. It is vulnerable to the classic pitfalls of multi-stakeholder processes: dominance by those with more time or funding to participate, slow reaction to change and under-specification of accountability when decisions go wrong. Financial sustainability is also a constraint; without clear funding mechanisms, commons-based registries can drift into dependence on a small number of sponsors, recreating centralised influence through the back door.
In practice, real-world registry ecosystems are likely to combine these models. A state may recognise a foundation-operated registry as the canonical source for a given domain, creating a hybrid of public mandate and common governance. A platform may operate a registry but agree to subject certain decisions to a multi-stakeholder oversight structure. Sectoral bodies may run domain-specific registries while interoperating with broader, cross-domain frameworks.
The key point is that governance cannot be treated as an afterthought. The decision between state, platform and commons models should be made explicitly, with a clear understanding of the incentives and risks each brings. It is not enough to say “we will have a registry”; one must also ask “whose registry, serving whose interests, under whose oversight?”
Political economy insists that infrastructures be evaluated in terms of power: who gains it, who loses it and what safeguards exist. Trust registries are no exception. They sit at the junction of cryptographic assurance and institutional legitimacy. Their governance models will heavily influence whether proof-first markets become instruments of broad-based resilience or new mechanisms of centralised control.
Distributional Consequences: Who Gets In, Who Gets Stuck Outside
The technical pitch for trust registries emphasises clarity and safety. Verifiers no longer have to guess whether an issuer is legitimate; they can query the registry and proceed. That story is incomplete. Registries do not simply make trust more efficient; they redraw the boundary between insiders and outsiders. The criteria used to manage this boundary have distributional consequences that are rarely acknowledged in design documents.
The first axis is access. To appear in a registry, an issuer must satisfy a bundle of requirements: legal form, compliance posture, technical capabilities, documentation and sometimes insurance or capital thresholds. Each of these requirements filters out certain classes of actors. Large incumbents with compliance departments, legal counsel and dedicated IT teams can clear these hurdles routinely. Small organisations, community groups, cooperatives or institutions in low-income regions often cannot, even if they are deeply embedded and trusted in their local contexts.
This is not just a capacity problem; it is a structural one. When trust is redefined as “ability to clear the registry’s onboarding bar,” trust becomes aligned with existing power distributions. Professionals and firms already inside formal systems are recognised as legitimate issuers. Actors who operate in informal or hybrid spaces—microfinance groups, informal worker unions, community health networks, cross-border diaspora associations—are relegated to the margins. Their knowledge and authority remain uncredentialed, even if they are the primary source of trust for their communities.
The second axis is stratification. Many registries experiment with tiered trust models: different assurance levels, credential types or issuer categories. In principle, this allows nuance. In practice, it can create a hierarchy of legitimacy. Top-tier issuers, often large regulated entities, issue credentials that receive frictionless acceptance. Lower-tier issuers issue credentials that trigger additional checks, manual reviews or limited use cases. The ecosystem quietly internalises the idea that some origins of truth are “more equal” than others.
This stratification maps onto existing economic hierarchies. Multinationals, elite institutions and well-funded platforms occupy the top tiers. Regional or community issuers occupy the lower ones, regardless of their actual performance or reliability. Over time, the tiers harden; verifiers optimise for the paths of least friction, relying heavily on top-tier issuers and ignoring the rest. The registry becomes a sorting machine that stabilises concentration.
The third axis is exclusion. Not every actor that fails to get into a registry is an obvious risk. Some are simply misaligned with its design assumptions. An issuer may operate in a legal grey zone, in a jurisdiction not recognised by the registry’s governance. It may represent a community that is politically marginal or inconvenient. It may be unwilling to accept intrusive data-sharing or surveillance conditions as a price of entry. The registry, from its vantage point, sees a non-compliant applicant. The affected population sees yet another institution refusing to recognise its reality.
At the edge of the system, individuals experience these distributional effects as friction, delay and denial. They present credentials from institutions that matter in their lives and are told that these credentials do not “count” because the issuer is not in the registry. They are asked to obtain proofs from distant or hostile institutions that have never served them. They encounter a new regime of documentary requirements that has the veneer of neutrality but the substance of exclusion.
Intersectionality deepens the analysis. The issuers most likely to be disadvantaged by high barriers, opaque requirements and centralised governance are those serving already marginalised groups: women’s cooperatives, indigenous governance bodies, migrant worker collectives, slum-level health networks. The registry does not directly target these populations; it does not need to. By setting a uniform bar calibrated to the capacities of incumbents, it ensures that the periphery remains peripheral.
None of this is inevitable. Registries could be designed with explicit goals of inclusion: lower or subsidised fees for small issuers, technical assistance, tiering models that reflect actual performance rather than institutional prestige and governance seats for community actors. But such design choices rarely emerge by default. They require a political decision to treat the registry not only as risk infrastructure but also as an instrument for reshaping participation.
The distributional question can be phrased simply: when trust is formalised, who gains new pathways into markets and systems, and who finds the door even heavier than before?
Design Choices as Political Choices: Schemas, Policies, and Revocation
Technical specifications for trust registries are often written in the language of schemas, APIs and policy engines. It is easy to mistake this language for neutrality. In reality, each design choice in a registry encodes a stance on power. Schemas determine what categories exist. Policies determine how those categories are used. Revocation determines who can be erased.
Start with schemas. A registry rarely lists issuers as a flat set. It typically categorises them: banks, universities, regulators, notaries, civil registries, certification bodies and so on. Each category may be associated with specific credential types, assurance levels and regulatory regimes. The decision to create or omit a category is a political act. If there is a category for “licensed financial institutions” but none for “worker cooperatives,” that absence signals a view of which economic actors matter in the ecosystem.
Even within categories, metadata choices matter. Does the schema capture jurisdiction only at a national level, or does it distinguish regions and indigenous territories? Does it include attributes about governance model, community representation or accountability structures? Or does it assume that corporate status and regulatory licence are sufficient proxies for trustworthiness? Decisions about the richness or minimalism of schemas shape how verifiers and regulators can reason about the ecosystem.
Policies operationalise these schemas. Onboarding policies decide what evidence an applicant must provide, how conflicts of interest are handled and how borderline cases are resolved. Runtime policies decide which issuers can be used in which contexts and how policy evolution is managed over time. Each of these choices redistributes friction. A policy that demands audited financial statements will favour certain institutions. A policy that allows self-declaration with post-hoc checks will favour others. A policy that requires explicit regulator endorsement will centralise power; a policy that allows multiparty endorsements may distribute it.
Policy transparency is another axis of power. Some registries may publish detailed onboarding criteria and evaluation reports. Others may provide only high-level descriptions and reserve wide discretion. Discretion allows flexibility, but it also opens the door to arbitrary decisions and preferential treatment. From the outside, a denial may look like a quality decision; from the inside, it may reflect political or commercial bias. Without transparency, there is no way to distinguish the two.
Revocation concentrates these dynamics. Removing an issuer from a registry is not a technical housekeeping step; it is an act that can disable entire credential ecosystems. Holders who relied on those credentials may find themselves suddenly untrusted. Verifiers may be forced to reject proofs they previously accepted. Issuers may lose hard-won legitimacy overnight. The decision to revoke thus functions as a disciplinary tool. It sends a signal to other issuers about the consequences of non-compliance, conflict or dissent.
The questions around revocation are direct. Who can initiate it? Who must agree? What evidence is required? What notice is given? Is there an appeals process? Are the reasons published? Are partial or context-specific suspensions possible, or is removal always global and immediate? Each answer reflects a specific balance between ecosystem safety and issuer protection, between regulatory demands and resilience for holders.
There is also the question of holder-level impact. Registries typically focus on issuers and verifiers, but revocation decisions cascade down to individuals and organisations who hold credentials. A blunt revocation policy can turn someone’s identity, licence or qualification into a dead asset with no warning. A more nuanced approach might support grace periods, transitional arrangements or mappings to replacement issuers. Designing for holder protection is as much a political choice as designing for strict enforcement.
The key point is that registries cannot escape these choices by hiding behind implementation detail. A JSON schema is a model of the world. A policy engine is a codified view of acceptable and unacceptable behaviour. A revocation endpoint is an instrument of power. Whether these tools are used in ways that favour incumbents, support inclusion, suppress competition or enable experimentation depends on decisions made by humans in governance forums, not by protocols.
Recognising design as politics does not mean paralysing every engineering discussion with ideological debate. It means being explicit about objectives. If the goal is to support small issuers, that goal must be reflected in schemas and policies. If the goal is to prioritise regulatory comfort, that must be acknowledged and its consequences weighed. The political economy of trust registries begins with the refusal to call value-laden choices “mere configuration.”
Counter-Infrastructures: Plural Registries, Forking, and Institutional Competition
The more central a trust registry becomes, the more attractive it is as a point of control. From a narrow efficiency standpoint, this might suggest convergence on a single canonical registry per domain. From a political economy standpoint, that convergence is dangerous. A monopoly registry, whether state or private, becomes a single point of failure not just technically but institutionally.
Counter-infrastructures offer a different trajectory. Rather than assuming that one registry must rule them all, ecosystems can be designed with plural registries that coexist, interoperate and, where necessary, compete. This plurality introduces friction, but it also introduces resilience. It prevents any single operator from unilaterally rewriting the rules of legitimacy without repercussions.
Plurality can take several forms. Sectoral registries can specialise: one for healthcare issuers, another for education, a third for financial services, each with governance tailored to its domain. Regional registries can reflect local realities and regulatory environments. Community-driven registries can represent specific networks—worker cooperatives, indigenous governance bodies, transnational NGO coalitions—whose trust relationships are meaningful even if they sit outside mainstream regulatory frameworks.
Technical interoperability is the enabler. Registries can expose common interfaces and data models that allow verifiers to query multiple registries or use meta-registries that aggregate and contextualise responses. Discovery mechanisms can help actors find the right registry for a given domain. Verification policies can be written to accept issuers recognised by any member of a defined set of registries, not just a single source.
Forking is a particularly important governance right. If a registry’s governance becomes captured, abusive or unresponsive, stakeholders should have the ability to replicate the registry’s data and governance code, then evolve it under new leadership. Forking is not costless, but its mere possibility disciplines incumbents. It signals that legitimacy flows from the ecosystem’s consent, not from the operator’s brand. Without a realistic path to forking, claims of “open governance” ring hollow.
Counter-infrastructures also create space for experimentation. Alternative registries can try different inclusion models, fee structures, assurance frameworks and governance forms. Some may fail. Others may demonstrate that it is possible to run a registry that is both robust and inclusive, or both regulator-friendly and community-inclusive. Dominant registries, under pressure from such examples, may be forced to adjust.
Competition between registries is not purely market competition; it is institutional competition. Ecosystems are choosing not just services but value systems. A registry that foregrounds transparency, multi-stakeholder oversight and inclusion may attract actors aligned with those principles. A registry that foregrounds tight compliance with specific regulators may attract another set. Verifiers and relying parties can choose which combinations of registries to trust for different use cases.
Plurality does carry risks. Fragmentation can increase complexity for developers and verifiers. Inconsistent governance quality can introduce weak links. Badly governed registries can act as weak entry points for fraud or low-assurance issuers. These risks argue for guardrails, not for monoculture. Shared baseline standards for interoperability, minimum transparency requirements and externally verifiable governance processes can help manage the downside without eliminating the benefits of plurality.
The strategic question is whether ecosystems are willing to tolerate some messiness to reduce the concentration of institutional power. If they are not, they should at least be honest about the trade-off they are making: a single registry may optimise certain forms of friction, but it also centralises political and economic leverage in ways that may be difficult to reverse.
Strategic Directions: Designing Trust Registries for Public Power Rather Than Private Rents
Bringing these threads together, the picture that emerges is clear. Trust registries are not minor components. They are institutional levers. Their design determines who defines legitimacy, who pays for it, who profits from it and who remains at the edges of the system. Any serious discussion of digital trust infrastructure must treat them as first-class objects of governance.
Strategically, there are at least four directions that ecosystems can pursue if they want registries to serve public power rather than private rents.
The first is to formalise public-interest mandates in registry charters. Whether a registry is state-operated, platform-hosted or foundation-run, its purpose should be explicit. If the goal is to enable broad-based participation, non-discriminatory access and minimal artificial scarcity, these goals must be written into governing documents and reflected in measurable policies. Fee structures, onboarding processes and revocation mechanisms can then be evaluated against this mandate.
The second is to embed multi-stakeholder governance with real teeth. Advisory councils without veto power are not enough. Issuers, verifiers, regulators, civil society organisations and representatives of affected communities should have structured roles in decision-making. Governance processes should be transparent, with published minutes, rationales for major decisions and open mechanisms for appeal. Rotation of leadership and term limits can reduce the risk of long-term capture.
The third is to design for pluralism from the outset. Protocols and architectures should assume the existence of multiple registries, not resist it. Discovery, interoperability and policy expression should accommodate federated patterns. Regulators should resist the temptation to bless a single “official” registry for all time and instead recognise criteria and processes that registries must meet to be treated as legitimate. This protects both regulatory objectives and ecosystem resilience.
The fourth is to treat data and analytics as constrained resources, not limitless rent opportunities. Registry operators will inevitably have access to valuable metadata. The use of this metadata should be governed by explicit policies that prioritise privacy, fairness and ecosystem health over revenue maximisation. Secondary monetisation should be bounded, audited and contestable. In some contexts, the safest option may be to prohibit certain forms of analytics altogether.
For governments, the policy implications are direct. If they lean on trust registries for supervision and compliance, they should also establish regulatory frameworks for registries themselves. These frameworks can include requirements for transparency, non-discriminatory access, structured governance, anti-capture provisions and explicit processes for recognition and de-recognition. Registries that operate outside these parameters can still exist, but they would not enjoy the privileges of integration into digital public infrastructure.
For platforms and industry consortia, the strategic opportunity lies in adopting governance models that trade some unilateral control for long-term legitimacy. A registry perceived as fair, inclusive and accountable will attract a stronger ecosystem and face less resistance from regulators and civil society. The short-term costs of shared governance may be offset by reduced political risk and higher adoption.
For communities building open trust infrastructure, trust registries are where abstract commitments to decentralisation and autonomy encounter institutional reality. It is not enough to deploy public ledgers or open protocols if the registry that defines “authoritative issuers” is effectively captured. Designing registries as digital public goods—with open source implementations, forkable governance and public-interest funding models—should be treated as core work, not as a later optimisation.
Within the broader narrative of digital trust, trust registries occupy a central but often unacknowledged position. They sit at the junction of the three arcs that have been unfolding elsewhere: markets and infrastructure, personhood and identity, and harm and risk. They shape how proof-first markets are structured, whose identities are accepted as legitimate and how harms from misclassification or exclusion are produced or mitigated.
The choice is not whether to have registries. Any serious proof-first ecosystem will need them. The choice is what kind of institutional reality these registries will create. Monocultures optimised for incumbents and rent extraction are one possibility. Plural infrastructures aligned with public mandates and designed to distribute power are another.
The political economy of trust registries sits at the centre of the implementation story. If we ignore it, the small box on the architecture diagram will quietly become the most powerful one.
Exceptional framing of registries as institutional filters rather than neutral infrastructure. Your point about how onboarding comlexity becomes a de facto barrier for community issuers is crucial, because technical requirements that seem reasonable to incumbents often function as structural exclusion for peripheral actors. The historical analogy to guild rosters and professional registers is spoton, showing that while the technology changes, the underlying power dynamics remain remarkably consistent. The fork-ability argument is particularly compelling as a governance safeguard, since it transforms registry control from a permanent monopoly into acontested and revocable authority.