Design Principles

Three design principles govern the trust in depth framework. They are not implementation details. They are architectural commitments that constrain every design decision — what gets built, how it interoperates, and what it deliberately does not attempt to own.

Built With Institutions, Not Against Them

There is a persistent assumption in technology that institutions are obstacles — legacy systems to be disrupted, intermediaries to be disintermediated, gatekeepers to be routed around. This assumption is wrong, and building on it produces systems that cannot function in the real world.

The legal system — imperfect, evolving, jurisdiction-specific, frequently frustrating — is irreplaceable. It is the mechanism by which billions of people who do not know or trust each other cooperate at scale. Contract law, property law, corporate law, arbitration frameworks, regulatory bodies — these are not constraints on commerce. They are the infrastructure that makes commerce possible.

The agentic future will be built on the same foundation as everything else: social constructs, translated for a new era.

Code can execute logic. It cannot provide justice. It cannot interpret intent when the literal terms produce an absurd outcome. It cannot balance competing interests when both parties have legitimate claims. It cannot adapt to circumstances that neither party anticipated when the agreement was formed. A smart contract can transfer value with mathematical precision. It cannot determine whether the transfer was fraudulent, whether the underlying agreement was entered under duress, or whether enforcement of the literal terms would produce an unconscionable outcome.

The Romans introduced bona fides — the principle that parties must deal honestly beyond the literal terms of their agreement — over two thousand years ago. It remains a foundational principle of contract law in every major legal system because the alternative — rigid literal enforcement of every term — produces outcomes that are not merely unjust but economically destructive. No code-based system has replicated this capacity. None is likely to.

Arbitration bodies like the AAA and ICC are not obstacles to agentic commerce. They are prerequisites for it. The AAA has administered commercial disputes for nearly a century. Its awards are enforceable under the New York Convention in over 170 countries. No technology startup, no matter how well-funded, can replicate that institutional standing or that jurisdictional reach. The correct approach is not to replace these institutions but to extend their authority into the agentic space — to give them the tools and the on-chain evidence infrastructure to resolve disputes that involve AI agents, cryptographic credentials, and autonomous transactions.

Financial regulators are not barriers to innovation. They are the institutions that make financial systems trustworthy enough for ordinary people to use. Standards organizations like GLEIF are not bureaucratic overhead. They are the entities that create the shared infrastructure — like the Legal Entity Identifier — on which interoperability depends.

Consider the alternative. A fully autonomous dispute resolution system — AI agents analyzing evidence, applying rules, and issuing binding decisions without human institutional oversight — has no enforcement mechanism. No court in any jurisdiction will enforce an AI-generated ruling that was not produced under the authority of a recognized arbitration body. The technology to analyze evidence may be excellent. The institutional standing to make that analysis enforceable does not exist outside of established institutions — and cannot be manufactured by technology companies, no matter how capable their systems.

Trust in depth extends institutional authority into the agentic space. It does not route around it.

Open, Not Owned

Solutions must be open — not owned by a single platform, a single company, or a single technology stack.

This is not an ideological commitment. It is a structural requirement. Agent commerce is inherently cross-platform, cross-jurisdictional, and cross-protocol. An agent built on Google ADK may transact with a merchant using Shopify's UCP integration, pay through Mastercard's VI credential chain, and settle via Stripe. No single company controls this stack. No single company can.

A framework that requires all participants to use the same identity provider, the same payment network, the same credential format, or the same dispute resolution mechanism is not a framework. It is a platform. And platforms, by their nature, serve the platform owner's interests, not the participants'.

The identity landscape is permanently fragmented — and this is a feature, not a bug. Governments issue identity credentials. Banks verify financial identity. Employers attest professional roles. Standards bodies accredit organizations. Payment networks verify merchants. Each of these identity providers has domain expertise, regulatory standing, and institutional credibility that no single platform can replicate.

The key architectural insight is separation of concerns: the protocol defines what questions must be answered about identity at each layer. The provider determines how.

A government-issued digital credential, an enterprise identity platform, a blockchain-anchored attestation, and a payment network's KYC verification can all fulfill the same identity operation through different mechanisms. What matters is not the mechanism — it is the outcome:

• Was a real human identified?
• Was organizational authority verified?
• Was agent authorization bounded and auditable?
• At what assurance level was each of these proven?

The protocol needs to understand what was proven and at what assurance level. It does not need to understand — and must not require — a specific method of proof.

This is how Integra's identity bridge operates. EAS attestations record what was verified (human identity, entity authority, agent authorization) and at what assurance level (low, medium, high). They do not mandate which provider performed the verification or which credential format was used. A ZK mDL proof and a vLEI chain produce attestations at different assurance levels through entirely different mechanisms, but both flow into the same protocol-agnostic trust infrastructure.

The same principle applies to dispute resolution. The AAAResolverV1 implements a specific dispute resolution lifecycle under AAA rules. But the resolver interface is not AAA-specific. Other arbitration bodies, other dispute resolution mechanisms, other jurisdictional frameworks can implement the same interface. The protocol defines the lifecycle states (INITIATED, FILED, EVIDENCE, AWARD, COMPLIANCE). The institution determines the rules under which those states are traversed.

Openness is not altruism. It is the only architecture that can function in a world where no single entity controls the identity stack, the payment stack, the agent stack, or the legal stack — and where any architecture that assumes otherwise will fail at the first jurisdictional boundary.

Proportional, Not Maximal

Trust in depth does not mean maximum assurance at every layer for every interaction.

A $20 API call and a $5M equipment contract do not need the same infrastructure. Requiring bank-grade identity verification for a low-value, low-risk transaction is not security — it is friction that drives adoption to zero. Accepting DNS-only identity verification for a high-value medical equipment purchase is not convenience — it is negligence.

The EU's eIDAS regulation codifies this proportionality in three assurance levels:

The eIDAS framework does not mandate qualified signatures for every interaction. It provides a graduated system where the assurance level matches the stakes. A newsletter subscription requires simple identification. A consumer contract requires advanced identification. A real estate transfer requires qualified identification. The regulation does not treat all transactions as equal because they are not equal.

Every identity approach trades on the spectrum between convenience and integrity:

Corporate-managed identity (Stripe, banks, payment networks) provides strong identity verification backed by regulatory obligations and institutional incentives. The trade-off is centralization — identity is owned by the intermediary, not the individual, and is not portable across platforms. A merchant's Stripe identity is meaningless to a bank. A bank's KYC is meaningless to a different bank.

Crypto wallet identity provides speed, autonomy, and pseudonymity. The trade-off is accountability — a wallet address proves control of a private key, not who holds it, what authority they have, or what jurisdiction governs their actions. For speculative trading, this trade-off is acceptable. For medical equipment procurement, it is not.

Government digital credentials (mDL, eIDAS, India's Aadhaar) come closest to closing the gap between convenience and integrity. They bind to a verified human, carry institutional credibility, and are increasingly designed for privacy-preserving selective disclosure. The trade-off is availability — not all jurisdictions issue them, and cross-border recognition remains incomplete.

Reputation systems complement identity but cannot substitute for it. A merchant with ten thousand positive reviews may be trustworthy for a $50 purchase. Reputation provides no basis for trusting them with a $185,000 medical equipment order — and no recourse when that trust is violated. Reputation systems are also inherently gameable at the scale that AI agents operate, as the problem statement describes.

Trust in depth makes the assurance level at each layer explicit, auditable, and proportional to the stakes of the interaction. The Maria Santos scenario illustrates this directly: Meridian's high-assurance vLEI attestation and MedTech's low-assurance DNS verification both enter the same trust infrastructure, but the assurance gap between them is visible to every participant. The framework does not demand that MedTech obtain vLEI verification for a catalog inquiry. It does make clear — to all parties, before the transaction — that MedTech's identity assurance is lower than Meridian's.

Whether that asymmetry is acceptable is a business decision, not a protocol decision. The protocol's job is to make the asymmetry visible.

---

The Forcing Function

History suggests that new technologies force the evolution of legal and social frameworks, not the other way around.

The printing press led to copyright law. The automobile led to traffic regulation, liability insurance, and an entirely new body of tort law. The internet led to electronic commerce legislation, data privacy regulation, and the reconceptualization of jurisdiction for a borderless medium. In each case, the technology arrived first. The legal and social frameworks evolved in response — sometimes quickly, sometimes over decades, but always in response to the disorder that unregulated technology created.

AI agents are the next forcing function.

The disorder is already here. Autonomous agents are transacting at scale without identity, without enforceable agreements, without dispute resolution, and without connection to the legal systems that govern everything else. The volume of agent commerce is growing faster than the frameworks needed to make it trustworthy.

The frameworks are not here yet. But the principles for building them are identifiable: build with institutions, not against them. Make the infrastructure open, not owned. Keep the assurance proportional to the stakes, not maximal by default.

Trust in depth is a starting point — not the answer, but a principled architecture for finding answers. The legal and institutional frameworks for agentic commerce will evolve, just as copyright law evolved after the printing press and traffic regulation evolved after the automobile. The question is whether that evolution is guided by deliberate architectural principles or driven by crisis response after the failures become too large to ignore.

The architecture proposed here is a bet on the former.