Image generated by Deeptech Times using Google Gemini
Temasek-backed Affinidi has announced a pilot programme designed to boost both global and regional interoperability. This initiative allows smoother cross-border movement of trade, assets and talent for Singapore businesses by using verifiable credentials.
This helps to tackle a major industry problem: background screening companies currently conduct manual checks on candidates, which typically take between five and 15 days. The lengthy process often results in delays, higher costs and increased risk of fraud – a concern underscored by Gartner’s forecast that one in four hiring profiles could be fraudulent by 2028.
The company streamlines background checks by converting them into cryptographically signed, verifiable credentials stored in digital wallets, allowing candidates to instantly share their career documents with employers without needing to resubmit. This helps cut verification times from weeks to minutes.
Professionals gain a reusable digital ‘passport’ and maintain full control over their verified credentials. The pilot programme will start with the Singapore-India corridor.
Deeptech Times spoke to Glenn Gore, CEO of Affinidi, about the initiative.
In the 2026 pilot, does the claim that verification can be completed in minutes include the initial process of verifying and issuing credentials for first-time candidates? If a candidate’s education or employment records have not yet been converted into verifiable credentials by a screening partner, wouldn’t the process still depend on the same manual checks that can take up to 15 days?
It’s incredibly easy and cheap to create false information today, but verifying that information is expensive and time-consuming.
When you apply this to cross-border movement of talent, especially across Southeast Asia, the risks become significant. Governments have a responsibility to ensure that the skills entering their labour markets are legitimate and that local workforces are protected. If false claims about education or employment history go undetected, the consequences can be serious.
We’ve all seen cases where professionals, even doctors, have submitted falsified credentials. So this isn’t just about making hiring more efficient. It’s about building the foundation for a trusted digital economy.
What begins as employment verification between countries like India and Singapore can extend much further into healthcare, financial services, education and beyond. When individuals can own and control verifiable versions of their data, transactions become faster, more secure and more trustworthy.
That said, today there are far fewer verified credentials in circulation compared to traditional paper or PDF documents. In practice, there are two scenarios.
In the best-case scenario, a candidate already has a verified credential. In that case, verification takes only seconds.
More commonly, candidates still rely on paper certificates or scanned documents. In those cases, the first verification process still takes the same amount of time as today, sometimes days or weeks. However, once the background screening company completes that verification, it can issue a verifiable credential on the candidate’s behalf, effectively certifying that the information is legitimate.
From that point onward, the credential can be reused and verified instantly in future applications. Over time, this helps convert legacy paper-based records into verifiable digital credentials in an organic and scalable way.
At what specific percentage of market saturation does the ecosystem begin to deliver the ‘instant’ hiring experience promised to the public?
Adoption likely reaches a tipping point when around 10 to 15 per cent of the ecosystem is using verifiable credentials. At that stage, you start to see real efficiency gains.
Verification becomes much faster, significantly more accurate and easier to trace. Employers can see exactly where the information came from, what was checked and how it was verified. In many cases, employers themselves will drive this shift by making verifiable credentials a best practice for candidates.
If candidates come prepared with verified credentials, employers can make hiring decisions more quickly and with greater confidence. Over time, this should also reduce costs. Some types of background checks are currently expensive because they rely heavily on manual processes. As a result, they are sometimes skipped for certain roles.
If verification becomes faster and more affordable, it can be applied more broadly, lowering barriers to entry for candidates and creating benefits for both employers and job seekers.
Following that argument, might the types of credentials that get converted tend to be in the higher paying roles?
I think higher paying, but also those with a high frequency of job changes.
For example, healthcare workers often move between employers every six to 12 months. Each time they switch jobs, they must undergo lengthy background checks. For these roles, digitising verified credentials can deliver significant value because it removes repeated manual verification.
So it’s not only high-income, high-status professions like financial advisors, lawyers or doctors that benefit. It’s also roles that combine high trust and high risk, and especially those where people move frequently between employers.
The gig economy is another strong example. Gig platforms onboard and offboard workers daily and are constantly seeking efficiency. In markets like India, the gig economy is massive, and fraud rates can be relatively high. In such environments, reusable verifiable credentials can reduce friction, lower costs and improve trust across the ecosystem.
While did:web may enable faster enterprise adoption, it still relies on traditional web infrastructure such as DNS and TLS, which are centralised systems. If, for example, a university’s domain were hijacked or if Affinidi’s hosting environment were compromised, wouldn’t that put the trust foundation of thousands of credentials at risk?
Given that exposure, why did Affinidi choose this model instead of adopting a more decentralised approach, such as a witness-based or ledger-anchored system like KERI, which could provide a more tamper-resistant and independently verifiable audit trail?
We looked at KERI and we’ve looked at a lot of the other verifiable history-based methods. The reality is they’re not quite ready for production use yet.
If someone is graduating from university right now, their credentials need to be read for the next 40 years. So we err on the side of simplicity as we go through this and that process.
DNS and domains have been around for a long time. I don’t think they’re going anywhere.
There are some exciting extensions to did:web, such as did:webvh, which stands for verifiable history, that is bringing in exactly what you’re talking about: witnesses and watchers and rotation aspects that you get from KERI and others into the web standard.
But the first thing I’d say is did:web is just a presentation of the decentralised identifier (DID) document. If the domain gets hacked, it doesn’t mean you can issue new credentials. It’s just that the web document may not be accurate as you go through, which actually means you either won’t be able to verify and you can’t issue.
The biggest security concern for issuers is keeping the issuing keyset safe and secure, and for that, we recommend using standard key management services and best practices in terms of managing those keys. You then combine that with the rolling of the key, like doing that every 30 days. What then happens is the credentials, depending what month they were issued, they get locked to the keys that were active at that point in time to the DID document.
When I need to verify your education credential that was issued, say in January 2024, I then have to find the DID document that was valid at that point of time using cryptographic proofs, which will then give me the public key information for the issuing credential for your verified credential. I validate from there as you go through it.
The good news is that migrating from did:web to did:webvh is relatively straightforward, as the two are largely compatible. When you implement did:webvh, a corresponding did:web identifier is created in parallel. This dual compatibility provides flexibility across different use cases.
DIDs are used for much more than verifiable credentials. They also enable secure messaging, support data integrity proofs and serve other trust-related functions. Increasingly, DIDs are being applied in the AI domain as well, for example, to assign cryptographic identity to AI agents and their keys.
Does that then mean that there’s a bit more time needed in the verification process, or is it within the same window that you think about when you verify credentials?
Same window. We conducted an experiment using 10 years’ worth of did:webvh history. During that time, the cryptographic keys were rotated every 30 days, and the witnesses were updated every six months, which generated a significant amount of data.
Even with that heavy history, resolving the DID took only about 100 milliseconds. This demonstrates one of the key strengths we’ve observed over years of developing the technology: it remains fast and efficient, even under long-term, high-volume conditions.
At Affinidi, our focus has been on making verification extremely fast, efficient and scalable, which ties back to the tipping point you mentioned earlier.
If the goal is for all background and identity information to become attestable and instantly verifiable, the system must handle millions of proofs per second, at a cost of just fractions of a cent per verification.
That’s why we carefully choose our cryptographic methods and delivery architecture. While did:web isn’t perfect, it’s practical and reliable enough to get started, with clear migration paths to more advanced DID methods over time. The ecosystem is evolving rapidly, with new approaches emerging constantly, and we continue to evaluate and build alongside that progress.
Affinidi’s Professional Passport emphasises user control and selective disclosure. In high-trust scenarios like hiring, how do you balance individual data sovereignty with an employer’s need for comprehensive risk visibility? Specifically, how does the framework prevent strategic non-disclosure of adverse credentials while preserving privacy?
That’s a good question. The honest answer is: nothing prevents someone from withholding a negative credential, and that’s intentional.
In a system built on verifiable information, the absence of a required credential can be just as meaningful as a negative one. For example, if an employer asks for a verified security background check from the Singapore Police and you’re unable to provide it, the process simply doesn’t move forward. In that sense, not presenting the credential already sends a signal.
In fact, this is one of the strengths of the system. Today, when credentials aren’t verifiable, someone who fails a background check might try to falsify a PDF document and hope it isn’t scrutinised too closely. With verifiable credentials, that kind of forgery becomes far more difficult.
The system also gives individuals control over what they choose to share: whether that’s their credit score, loan history, education records, performance reviews or other attestations. Not all of it may be positive. Some records may reflect mistakes or setbacks. But the individual decides whether to present that information, and if they do, they can provide context around it.
This opens the door to a more balanced reputation model. If someone lacks a particular credential, they may choose to present other verified information that demonstrates growth, improvement or a strong track record elsewhere. A past issue might have been a one-off event, and verifiable credentials allow a person to show what they’ve done since to rebuild trust.
In that sense, the system isn’t about hiding negative information. It’s about enabling verified transparency, combined with personal agency and narrative context.
The pilot focuses on cross-border use between Singapore and India. But technical interoperability under W3C standards is not the same as legal recognition. Under India’s Digital Personal Data Protection (DPDP) Act 2025, has Affinidi obtained formal confirmation from the relevant Indian authorities that a cryptographically signed digital proof is legally equivalent to an original physical document?
Without that kind of mutual recognition, is there a risk that conservative HR teams in Mumbai or Delhi will default to manual PDF submissions and traditional verification processes, effectively reducing the digital passport to an optional, redundant layer?
Affinidi does not own or control the standards behind this technology, nor does it operate a storage service in India. Individuals hold their own data in their wallets, so Affinidi does not need formal approval as a data custodian under Indian regulations.
The purpose of the pilot is to better understand how these technologies work in real-world conditions. Like any emerging technology, they solve existing problems but may also introduce new considerations. That’s why a gradual, carefully managed rollout, with strong monitoring and oversight, is the right approach.
There is also growing global validation of these standards. The European Union has adopted W3C Verifiable Credentials as part of its European Digital Identity (EUDI) framework. In the United States, SMART Health Cards are built on VC technology. Google is also integrating verifiable credential support directly into the Chrome browser. These developments show that the broader ecosystem is moving in this direction.
That said, cross-border legal recognition and governance frameworks are still in the early stages. More pilot programmes will be needed before formal bilateral or multilateral recognition mechanisms are fully established.
