IDTRUST Schedule 

This Schedule regarding the "IDTrust" services ("Schedule") is part of the Agreement entered into by and between Service Provider and Customer. Unless otherwise defined herein, capitalized terms shall have the meaning ascribed to them in other documents of the Agreement. The Exhibits to this Schedule, as amended from time to time by Service Provider in accordance with this Schedule, forms part of this Schedule. 

1. SERVICE DESCRIPTION 

   1.1. Services

   The IDTrust services ("Services") consists of: 

   • The IDTrust Platform Services ("HIPS"), as further described in Exhibit 1 ("IDTrust Platform Services (HIPS)"). 

   • Training. 

   • Professional Services. 

   Service Provider shall provide Customer with the Services as agreed on the Order Form and set out herein and in the Agreement. 

   Service Provider acts purely as a technical infrastructure provider. Customer acknowledges and agrees that Service Provider does not act as an identity issuer, verifier, trust registry, certification authority, or qualified trust service provider or issuer of an EUDI Wallet (including in the context of eIDAS 2.0 or similar frameworks). The regulatory qualification of the services provided to end-users and any sector-specific compliance remains the sole responsibility of Customer, and it shall indemnify and hold harmless Service Provider against any costs or losses if Service Provider is nevertheless considered or claimed to be subject to such frameworks and their compliance requirements in view of the Customer's use of HIPS.  

   
   

2. SERVICE DELIVERY

   2.1. Implementation

   Once the Parties have agreed on the provisions of HIPS, Service Provider shall within four (4) weeks (but in any event prior to the Service Start Date, if any) provide Customer with the necessary information (including API access credentials and an API documentation) to enable Customer to access the HIPS agreed. The implementation of the API on Customer's applications and systems is the sole responsibility of Customer and shall be at its own cost and risk.  The implementation is deemed accepted once Customer can successfully make a test call to the API. 

   Training and Professional Services will be provided upon Customer's request as mutually agreed by the Parties. 

   
   

   2.2. Support 

   Service Provider will respond to technical support inquiries of Customer concerning the Service within reasonable time during Business Days (the "Support"). Support is provided on an "as is" and "as available" basis. Insofar an inquiry is not due a deficiency of the Service (e.g., technical help in using the Service, or issues related to third-party services such as the Hedera network or its Mirror Nodes), the inquiry and the reponse to it, respectively, shall be treated as a request for, and performance of, Professional Service and paid accordingly. A "deficiency of the Service" is defined as a verifiable and reproducible failure of the Service to materially conform to its documentation or agreed specifications, where the cause of such failure lies within the sphere of control of Service Provider. It explicitly excludes issues arising from Customer's systems, network, third-party services not engaged by Service Provider (such as Hedera network issues), or Customer's misuse of the Service or Customer's failure to comply with its obligations and responsibilities. 

   
   

   2.3. Other Procedures 

   The API used for accessing HIPS may be amended from time to time by Service Provider to implement improvements, deprecations of features and other changes. Except in cases of emergency, such changes shall be notified to Customer one (1) month prior to their implementation, together with an updated API documentation. Deprecated features will remain functional for a period of at least six (6) months after the deprecation notice, after which they may be removed.  

3. SERVICE LEVEL AGREEMENT (SLA) 

   3.1. Service Levels 

   The HIPS and other Services are provided on an "as is" and "as available" basis with no particular service level, except as expressly set out in the Exhibit 1 ("HIPS") for each particular HIPS.  
   
   

   3.2. Non-Compliance 

   In case of a repeated breach of the agreed service levels within the sphere of responsibility of Service Provider, the Parties shall enter into good faith discussions with a view to resolve such breaches going forward. In case of material repeated breaches over a period of two (2) consecutive months, Customer has a right to extraordinarily terminate the affected Service. The remedies set forth in this section shall be Customer's sole and exclusive remedies for any breach of the agreed service levels. Any other remedies for breach of service levels are excluded. 

4. CUSTOMER RESPONSIBILITIES 

   In addition to the obligations set out in the GTC, the Order Form and otherwise in this Schedule, Customer shall:

   • Designate and maintain a qualified primary contact person for all communications related to the Services, designation not later than 5 working days from contract signing.

   • Cooperate in a timely manner with Service Provider's personnel. 

   • Ensure that any calls to the API are in line with the applicable API documentation, comply with any restrictions contained therein (including the frequency and volume of calls and the size of transmitted data), and within due time implement any notified API changes on the caller part.  

   • Ensure that the Service shall be used only in compliance with applicable laws, regulations and applicable industry and compliance standards, and only for the purpose of Customer's applications. 

   • Safeguard all API access credentials, keep them confidential, and be responsible for any and all activities that occur through the use of such credentials.  

   • In case of Profit Sharing Fees, provide any information reasonably necessary to determine such feess on a monthly basis or upon request, and allow Service Provider to audit or have such information audited (with the costs of such audit to be borne by Service Provider, except in cases where the audit reveals findings detrimental to Service Provider by more than five (5) percent, in which case Customer shall bear the costs). 

   
   

   Customer acknowledges and agrees that:

   • Customer is solely responsible for the management of any cryptographic keys, including end-user private keys, and shall ensure that it and its users undertake adequate technical and organisational measures to protect them. Service Provider does not control or store end-user private keys. Any loss of seed phrases, private keys, or wallet compromise is not attributable to Service Provider. 

   • Customer is solely responsible for any identity verification (e.g., KYC processes) and the consequences of any fraudulent issuance, incorrect identity validation, or downstream misuse of credentials. Service Provider assumes no liability for the authenticity or correctness of credential content. 

5. ANCILLARY APPLICATIONS

   As part of the Service, Service Provider also makes available to Customer the ancillary software applications described in the Exhibit 2 ("IDTrust Platform Software"). During the term of the Services, Customer may use, for its own purposes, and allow its users to use, the Software, solely in connection with its use of the HIPS and for the purpose of developing, testing, and operating its own applications that interact with the HIPS. This license is granted on a non-exclusive, non-transferable, royalty free, revocable, and non-sublicensable basis, except as expressly permitted herein (the "License"). Unless otherwise agreed in an Order Form, the Software is provided on an "as is" and "as available" basis without any warranty, support, uptime, or service level commitments, including with no warranty of fitness for purpose, merchantability, non-infringement of any rights; it may contain errors. Not part of the Service and the License are the Software Development Kits ("SDK") made available by Service Provider for use in connection with the HIPS. The SDK are made available under open source licenses separately.  

6. FEES AND TERM 

   6.1. Fees 

   Customer shall pay the Fees for the Service as agreed on the Order Form or as set out in the applicable Exhibit. Unless otherwise agreed therein, the following principles shall apply: 

   • One-Time Fees (e.g., for implementation or setup) are due in advance of the performance of the respective Service. 

   • Time & Material Fees (e.g., for professional services) are due in arrears of the performance, usually on a monthly basis; if no rates have been agreed, the standard rates of Service Provider apply. 

   • Recurring Fees (e.g., as a based fee for an ongoing online service) are payable monthly in advance, starting on the Service Start Date, and are due irrespective of actual consumption. 

   • Transaction Fees or other variable, usage-based fees are payable monthly in arrears based on the records of Service Provider. 

   • Profit Sharing Fees, if any, are payable as specified in the Order Form or the applicable Exhibit, and calculated based on the records of Customer. 

     
     

   6.2. Price Adjustment 

   Service Provider reserves the right to adjust the prices used to determine future One-Time Fees, Time & Material Fees, Recurring Fees and Transaction Fees for the Services set forth in the Order Form and the applicable Exhibit upon three (3) months prior written notice to Customer. If Customer disagrees to a price adjustment, and the price adjustment cannot be justified by factors beyond the control of Service Provider, Customer may terminate the affected Services within thirty (30) day written notice. 

   
   

   6.3. Term 

   The initial term for the Services is twelve (12) months from the Service Start Date. The term for the Services shall automatically renew for successive twelve (12) month periods unless either Party provides written notice of non-renewal at least ninety (90) days prior to the end of the then-current term. 

7. DATA PROTECTION AND DATA USAGE

   7.1. Controller 

   Service Provider shall act as a Controller with regard to any Personal Data provided to Service Provider in connection with the management of the HIPS as well as with the Training and Professional Services. The Section on Controller-to-Controller Clauses contained in Annex C (Data Processing Addendum) of the GTC shall apply to the relevant transfers of Personal Data from Service Provider to Customer as per that Section. 

   Customer will inform relevant employees and other Data Subjects (the Personal Data of which it discloses to Service Provider) of the identity of Service Provider and its privacy notice, and ensure that Service Provider is permitted to process their Personal Data in line with its privacy notice. 

   
   

   7.2. Processor 

   Service Provider shall act as a Processor on behalf of Customer with regard to the following activities, for which Annex C (Data Processing Addendum) of the GTC shall apply and govern: 

   • The management of Authorized Users within the console operated by Service Provider for Customer; and 

   • Any support- or assistance-related Personal Data Processing activities that Customer asks Service Provider to undertake, and Service Provider accepts. 

   
   

   For the purposes of Annex C (Data Processing Addendum) of the GTC, the Processing is defined as follows: 

   • Subject matter/purpose of the Processing: Provision, administration, and support of the IDTrust Services (including HIPS, Training, and Professional Services) as described in this Schedule and the Agreement. 

   • Categories of Data Subjects: Customer's employees, contractors, agents, and other personnel designated as primary contact persons, and end-users ("Holders") of Customer's applications who interact with the HIPS (e.g., for credential issuance or verification). 

   • Categories of Personal Data: Contact and administration data (including name, email address, user ID, authentication credentials, and system usage logs), support data (including any Personal Data contained within trouble tickets and related correspondence), and transaction data related to the use of HIPS (such as DID-related information and credential status data processed via the Hedera network). 

   • Special categories of Personal Data and any special measures: Not applicable. Processing of special categories of Personal Data is not planned. Customer is prohibited from using the Services to process any special categories of Personal D ata, unless expressly agreed otherwise in writing with Service Provider in a separate amendment to this Agreement. 

   • Duration of the Processing: For the duration of the Agreement. 

   • Nature of the Processing: Collection, recording, modification, structuring, storage, retrieval, consultation, disclosure, dissemination, combination, comparison, restriction, erasure and communication. 

   • Approved Sub-Processors of Service Provider: The approved Sub-Processors engaged by Service Provider are listed at https://www.hashgraph-group.com/contracts/sub-processors . Customer hereby confirms that as of the date hereof, it is aware of this list and consents to the engagement of the Sub-Processors mentioned therein. 

   
   

   Where the EU SCC apply, Annex I.A (in relation to the Processing activities relevant to the Personal Data transferred) and Annex I.B. shall consist of the following information: 

   • Activities relevant to the data transferred under these Clauses: As specified in "Subject matter/purpose of the Processing" above. 

   • Categories of Data Subjects whose Personal Data is transferred: As specified in "Categories of Data Subjects" above. 

   • Categories of Personal Data transferred: As specified in "Categories of Personal Data" above. 

   • Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures: Not applicable. Processing of special categories of Personal Data is not planned. Customer is prohibited from using the Services to process any special categories of Personal Data, unless expressly agreed otherwise in writing with Service Provider in a separate amendment to this Agreement. 

   • Frequency of the transfer (e.g. whether the data is transferred on a one-off or continuous basis): Continuous and ongoing basis. 

   • Nature of the Processing: As specified in "Nature of the Processing" above. 

   • Purpose(s) of the data transfer and further Processing: Service Provider will process the Personal Data to provide, maintain, and support the Service as set out in this Schedule and the Agreement. 

   • Period for which the Personal Data will be retained, or, if that is not possible, the criteria used to determine that period: Personal Data is usually kept for the duration of the Agreement and for a subsequent period of ten (10) years (or longer if required for legal, compliance, evidential or archival reasons). 

   • For transfers to (Sub-)Processors, also specify subject matter, nature and duration of the Processing: The subject matter, nature, and duration of the Processing by approved Sub-Processors are as set forth at https://www.hashgraph-group.com/contracts/sub-processors. Customer hereby confirms that as of the date hereof, it is aware of this list and consents to the engagement of the Sub-Processors mentioned therein. 

   
   

   7.3. Further Use of Data 

   Customer agrees that Service Provider may anonymize or pseudonymize the information processed by the Services and use it in such anonymized or pseudonymized form for improving and further developing its own systems, including without limitation AI systems and models it uses, and including without for the benefit of enhancing the Service. Such anonymized or pseudonymized information shall be owned by Service Provider.  

Exhibit 1: IDTrust Platform Services (HIPS) 

1. Introduction and Scope 

   This Exhibit describes the HIPS to be provided by Service Provider for Customer in connection with the "IDTrust Platform". The HIPS are to be provided by Service Provider to Customer to allow Customer to implement credential issuing, verification, revocation and other services for use within Customer's applications. The platform enables the issuance, management, and verification of digital identities and credentials based on the Hedera distributed ledger technology. 

   
   

   The HIPS comprise the following services: 

   • Credential Issuer Service. 

   • Credential Revocation Service. 

   • Presentation Verifier Service. 

   • Credential & Presentation Definition Services. 

   • DID Service (Universal Registrar Service, Universal Resolver Service). 

   • Audit Trail Service. 

   All Services are designed to be accessed exclusively via a JSON REST Application Programming Interface ("API"). The current documentation is available at https://swiss-digital-assets-institute.github.io/idtrust-docs/documentation/1.0/index.html, and may be updated from time to time by Service Provider.  

   This Exhibit may be amended from time to time by Service Provider to add or change the HIPS without notice (which, however, shall not affect any HIPS already subscribed by Customer for the remainder of its Term).  

   Transactions on the Services may be logged in the context of the Hedera Consensus Service. 

2. The Core HIPS 

   2.1 Issuer Service 

   2.1.1. Service Description 

   The Issuer Service is a backend service that enables Customer to issue verifiable credentials to end-users (so-called "Holders"). The service includes the following functionalities: 

   • Provision of an API interface in accordance with the OpenID for Verifiable Credential Issuance (OpenID4VCI) standard for requesting and issuing credentials. 

   • Creation and cryptographic signing of credentials in the W3C Verifiable Credential data format. 

   • Interaction with the Revocation Service for revoking credentials. 

   • Configurable storage options (full encrypted storage or publishing to external storage after issuance or metadata-only storage) for issued verifiable credentials.  

     
     

   2.1.2. Service Level Agreement (SLA) 

   • Availability: The Service has a monthly availability of 99.5% during Business Days. Availability is measured at the API endpoint of the Revocation Service.  

   • Planned Maintenance Windows: Every first Saturday of the month from 02:00 to 04:00 CET. 

     
     

   2.1.3. Specific Customer's Obligations 

   • Customer is responsible for the correct implementation and connection of its systems to the OpenID4VCI interface. 

   • Customer is responsible for verifying the identity of the persons for whom credentials are issued (KYC process). 

   
   

   
   

   2.2. Revocation Services 

   2.2.1. Service Description 

   The Revocation Service is a dedicated service that stores verifiable credential revocation statusesand caches revocation data retrieved from external systems (Hedera Consensus Service and Mirror Node). It provides an interface for the Issuer API Service to revoke credentials and for the Verifier API Service to check the revocation status of a credential. All transactions on the service are logged in the context of the Hedera Consensus Service. 

   
   

   2.2.2. Service Level Agreement (SLA) 

   The Revocation Service is a dedicated service that stores verifiable credential revocation statusesand caches revocation data retrieved from external systems (Hedera Consensus Service and Mirror Node). It provides an interface for the Issuer API Service to revoke credentials and for the Verifier API Service to check the revocation status of a credential. All transactions on the service are logged in the context of the Hedera Consensus Service. 

   • Availability: The service has a monthly availability of 99.5% during Business Days. Availability is measured at the API endpoint of the Revocation Service.  

   • Planned Maintenance Windows: Every first Saturday of the month from 02:00 to 04:00 CET. 

   
   

   2.2.3. Specific Customer's Obligations 

   • Customer is responsible for the correct implementation and connection of its systems to the interface. 

   • Customer is responsible for verifying the identity of the persons for whom credentials are issued (KYC process). 

   
   

   
   

   2.3. Verifier API Service 

   2.3.1. Service Description 

   The Verifier API Service is a backend service that enables Customer to check digital credentials presented by end-users. The service includes: 

   • Provision of an API interface in accordance with the OpenID for Verifiable Presentations (OpenID4VP) standard for requesting and receiving credentials. 

   • Checking the cryptographic signature of the presented credential. 

   • Verification of the credential's status (e.g., validity, revocation) by querying the information anchored on the Hedera Consensus Service via the Revocation Service. 

   • Feedback of the verification result (valid/invalid) to Customer's system without disclosing any of the verifiable credential data. 

   • Feedback of the verification result (valid/invalid) to Customer's system without disclosing any of the verifiable credential data. The service may be used in support of Customer's compliance with frameworks/regulations such as eIDAS 2.0 and GDPR (which, however, remains solely Customer's responsibility). 

   
   

   2.3.2. Service Level Agreement (SLA) 

   • Availability: The service has a monthly availability of 99.5% during Business Days. Availability is measured at the API endpoint of the Revocation Service.  

   • Planned Maintenance Windows: Every first Saturday of the month from 02:00 to 04:00 CET. 

   
   

   2.3.3. Specific Customer's Obligations 

   • Customer is responsible for the correct implementation and connection of its systems (e.g., web applications, login systems) to the OpenID4VP interface. 

3. Common Provisions 

   Excluded from any agreed service levels, in particular availability calculation, are downtimes, unavailability or other non-compliance due to (i) Planned Maintenance Windows, (ii) Force Majeure events, (iii) issues within Customer's or its users' systems or network connectivity, (iv) failures, other deficiencies or unavailabilities of third-party services not subcontracted by Service Provider (such third-party services in any event include, without limitation, the Hedera Consensus Service, Mirror Nodes, IPFS, and other external DLT infrastructure and ancillary DLT applications, such as wallet applications or block explorers), and (v) Customer's breach of the Agreement. 

   Service Provider does neither warrant nor provide any service levels or other commitments regarding uptime, transaction finality, latency, or data persistence. Any availability and other commitments of Service Provider are limited to its own APIs. 

Exhibit 2: IDTrust Platform Software 

1. Introduction and Scope 

   This Exhibit describes the IDTrust Platform Software (the "Software") licensed to Customer during the Term of the Service. The Software supports Customer in making use of the HIPS with the following ancillary applications: 

   • Decentralized SSO. 

   • Identity Manager. 

   • Identity Wallet. 

2. Decentralized SSO 

   • Description: This application enables end-users to present verifiable presentations to access protected resources. It functions as a bridge between the OIDC4VP and OAuth 2.0 protocols, offering a standardized method for system architects to integrate verifiable presentations as an authentication and authorization mechanism.  

   • Repository (including documentation): https://github.com/Swiss-Digital-Assets-Institute/credential-services/tree/main/apps/auth-api  

3. Identity Manager 

   • Description: The Identity Manager is an application with a user interface that allows Customer to govern verifiable credential schemas and verifiable presentation definitions, including through the use of Decentralized Credential Query Language (DCQL). It also enables the management of credential offers based on the OIDC4VCI standard and permits authorized users to manually issue verifiable credentials.  

   • Repository (including documentation): https://github.com/Swiss-Digital-Assets-Institute/identity-manager/tree/main/apps/web  

4. Identity Wallet 

   • Description: The 'Identity Wallet' is a cross-platform mobile application functioning as a self-sovereign identity wallet. It enables end-users ('Holders') to request, store, and present their verifiable credentials. The wallet operates on a non-custodial basis, meaning the secure storage of the cryptographic key pair, via a seed phrase, is the sole responsibility of the end-user. It also allows authorized users of the Customer ('Issuers') to issue verifiable credentials by connecting the Identity Wallet to the Identity Manager.  

   • Repository (including documentation): https://github.com/Swiss-Digital-Assets-Institute/iw-identity-wallet