Spherity

Identity Platforms/Frameworks

Enterprise decentralized identity management solutions for supply chain, pharma, and industrial use cases. Flagship products include CARO (credential service for US DSCSA pharmaceutical compliance enabling Authorized Trading Partner verification) and VERA (Digital Product Passport suite for EU ESPR/Battery Regulation compliance). Acquired Xylene GmbH (December 2024) to strengthen Digital Product Passport market position. Named Digital Identity Solution of the Year 2025 by Enterprise Security Magazine.

Hybrid Company Medium capture risk

Links

Visit Community

Details

License Closed source

Dev Status Released

Owner Spherity GmbH; Dr. Carsten Stöcker (CEO); Dr. Susanne Guth-Orlowski (CISO)

Country Germany

Start Year 2019

Stack TypeScript, Solidity, Ethereum

Funding VC

Last Investigated Mar 10, 2026

Use Case Domains

Identity & Trust

Affordances

Sovereign identity Portable attestations

Identity Toolkit / Platform Attributes

Permissions Proprietary / Partial Open Source — CARO and VERA are commercially licensed enterprise SaaS products; source code is not published. Two repositories are open source on GitHub: the ethr-revocation-registry-veramo-plugin (revocation integration) and the product-pass reference implementation (W3C VC + DID product passport demo). Smart contract audits are conducted by Nethermind (results published). No OSI license applies to the core platforms.

Development Tools Enterprise API-first tooling — CARO (pharma ATP compliance) and VERA (Digital Product Passport) are accessed via REST APIs with OpenAPI/Swagger specification and OAuth2 authentication; Postman collections available for API exploration. VERA API documented at learn.dpp.spherity.com with Basic and OAuth2 authentication. Hardhat (npx hardhat) used for Solidity smart contract compilation and deployment in iden3 contracts (referenced in audit materials). ethr-revocation-registry-veramo-plugin (open source, Spherity GitHub) — a Veramo framework plugin for revocation registry management. product-pass repository (open source demo) provides a W3C VC + DID product passport reference implementation using did:ethr and Secp256k1. Spherity does not publish a general-purpose open-source SDK; integrations are via commercial API contracts.

Authentication & Identity Decentralized ID (DID) for products, organizations, and machines; enterprise wallet infrastructure (EIDA EU Business Wallet); OCI ATP credentialing

Storage Model Enterprise cloud (CARO and VERA as SaaS); DID documents on Ethereum networks; credential verification via enterprise APIs

Interoperability High: OCI (Open Credentialing Initiative) founding sponsor; GS1-compliant DPPs; eIDAS 2.0/EUDI Wallet alignment; Catena-X, Manufacturing-X, Energy data-X integration; INATBA participation

Data Portability Standards-based export (W3C VCs; GS1-compliant DPPs; interoperable across OCI ecosystem)

Governance & Decision Making Company-controlled (Spherity GmbH); co-founder of Open Credentialing Initiative (OCI); active in INATBA, DIF, W3C, standards bodies

Identity Standards W3C DID; W3C Verifiable Credentials; eIDAS 2.0; ISO/IEC 18013; OCI Digital Wallet Conformance Criteria; GS1 standards

DID Methods Supported did:ethr (Ethereum-based; Spherity-operated test networks); did:web

Key Management Enterprise key management (HSM support; enterprise-grade security; OCI-compliant wallet conformance audit completed)

Credential Types Verifiable Credentials (W3C VCDM); ATP credentials (Authorized Trading Partner for DSCSA); Digital Product Passports (battery, automotive, textiles, pharma); organizational credentials; product credentials

Verification Method Cryptographic signature verification (EcdsaKoblitzSignature2016, Secp256k1); blockchain state verification; OCI-compliant credential verification

Privacy Features Enterprise privacy features; selective disclosure; DPP access control (restricted vs. public product data); privacy-preserving credential presentation

Authentication Methods Enterprise authentication; organizational wallet credentials; ATP credential-based supply chain authentication

Revocation Mechanism Credential expiration; issuer revocation; OCI-defined revocation procedures

Agent Types Supported Organizations (primary focus); Products (DIDs for products/Digital Product Passports); Machines/IoT (Industry 4.0 identity); Algorithms (non-human entity identity)

Wallet/Client Types Enterprise wallet (EIDA EU Business Wallet); web-based platforms (CARO, VERA); SDK/API integration

Recovery Mechanisms Enterprise backup and recovery (platform-managed)

Compliance / Regulations DSCSA compliant (US FDA pharmaceutical supply chain — first to complete OCI conformance audit); EU ESPR (Ecodesign for Sustainable Products); EU Battery Regulation (2023/1542); eIDAS 2.0; EcoVadis Gold; GS1 standards

Credential Exchange Protocols OCI credential exchange protocols; Presentation Exchange; enterprise API-based exchange; OIDC4VC

Trust Framework OCI trust framework (Open Credentialing Initiative — neutral ecosystem coordinator for pharma); GS1-based product trust; government-anchored regulation compliance

Cost Model Enterprise licensing (per-product pricing for CARO, VERA, EIDA)

Censorship Resistance Hybrid (enterprise platform is company-operated; credentials anchored on public Ethereum networks; product DIDs are independently verifiable)