# Trust Levels

Liccium enables creators, rights holders, and organisations to make **public and verifiable declarations** about digital content using ISCC fingerprints. Every declaration is cryptographically signed and can include **Verifiable Credentials (VCs)** or **certificates** to establish the **identity and authority** of the declaring party.

However, not every signature carries the same weight. To help platforms, users, and automated systems assess the **reliability and trustworthiness** of a declaration, Liccium defines **four distinct trust levels**. These levels are determined by the **type of credential** used to authenticate the signer and the **verification method** applied.

The trust model is simple, transparent, and extensible. It accommodates everything from pseudonymous creators to fully verified legal entities, and aligns with EU regulatory frameworks.

## Overview of Trust Levels

### **Low – Social Verification**

*User controls a social account (e.g. Bluesky, GitHub, X).*

At this level, a user proves control over a social media account by logging in via OAuth or SSO. Liccium witnesses the login and issues a **self-attested Verifiable Credential (VC)** confirming the user's account ownership. This provides lightweight verification for pseudonymous creators who still want to make verifiable claims tied to a persistent identity.

### **Moderate – Domain Verification**

*User controls a web domain, verified via DNS or `.well-known` endpoint.*

Users prove control over a domain name by setting a DNS TXT record or hosting a DID document using the did:web method. Liccium validates this and issues a VC confirming domain control. This form of verification is well-suited for independent creators, studios, or organisations managing their own domains.

### **High – Third-Party Credential Issuer (with KYC)**

*A trusted third party confirms the user’s identity or role through KYC or affiliation check.*

At this level, Verifiable Credentials are issued by **independent trust services** such as collecting societies (CMOs), professional associations, media organisations, or academic institutions. These issuers typically conduct **some form of KYC (Know Your Customer)** or internal identity validation before issuing credentials. The resulting VC binds the user to a real-world role or affiliation and provides strong assurance for verification workflows.

### **Highest – Qualified Trust Services**

*A legal entity signs declarations using a Qualified eSeal.*

This level applies to declarations signed by legal entities using a **Qualified Certificate for Electronic Seal (QCert)**, issued by a **Qualified Trust Service Provider (QTSP)** in compliance with **eIDAS regulation**. These X.509 certificates are legally binding and confirm the identity of a registered company, public institution, or authorised representative. This trust level is appropriate for institutions publishing declarations with full legal certainty.

## Why Trust Levels Matter

Liccium’s infrastructure is designed to be open and accessible – anyone should be able to declare content. But that openness demands a way to **distinguish between claims made anonymously and those backed by real-world identities**.

By attaching credentials or certificates to declarations, creators and organisations can:

* Increase confidence in authorship and provenance
* Gain visibility in filtered or ranked views (e.g. “verified only”)
* Comply with transparency requirements for AI-generated or opt-out content
* Build a persistent reputation across declarations

Verifiers – whether humans or machines – can evaluate the **attached credential** and assign a **trust score or classification** based on this model.