This document describes use cases and requirements for a Verifiable Credentials-based Business Wallet infrastructure supporting cross-border business identity, know-your-business-partner compliance, supply chain credential portability, professional qualification verification, transport access, electronic invoicing, AI service governance, autonomous systems, content authenticity, and post-quantum cryptography. Sixteen concrete scenarios are examined, spanning individuals acting as company representatives, structured KYB/KYS/KYC onboarding, cross-border tax representation, micro-credential portability, verified transport access, tamper-evident invoicing, trusted AI agents in B2B commerce, autonomous driving and robotics, C2PA content provenance, battery passports, EV charging, energy grid flexibility, and PQC-resilient data sharing corridors. From these scenarios, normalized requirements are derived, grouped into six categories: core trust primitives, identity, authorization and delegation, interoperability and portability, cryptography and integrity, and AI governance. Twenty-five vocabulary requirements are identified for standardized data models spanning organization identity, AI governance, products and supply chains, energy markets, transport, content authenticity, and cryptography. A requirements traceability matrix maps each requirement to the use cases that depend on it.

This document is a work-in-progress contribution to the W3C Verifiable Credentials Working Group. It has not been formally reviewed or endorsed by the Working Group. Comments and contributions are welcome via the GitHub repository.

Introduction

The Business Wallet is a digital infrastructure initiative enabling organisations to hold, present, and verify machine-readable credentials issued by authoritative sources — business registers, tax authorities, certification bodies, accreditation agencies, and regulatory authorities — across states and third-country partners.

This document collects use cases that motivate the technical requirements for such an infrastructure. Each use case describes a concrete problem faced by real actors — company representatives, compliance managers, procurement officers, students, truck drivers, accounts payable managers, treasurers, fleet operators, production managers, customs officers, and energy grid operators — and shows how verifiable credentials issued and verified through a business wallet architecture can address that problem.

The use cases cover cross-border business identity and representation, structured compliance due diligence (KYB, KYS, KYC), foreign tax representation, professional qualification portability, transport gate access, electronic invoicing integrity, AI-assisted B2B commerce and treasury, autonomous driving and robotics, C2PA content authenticity, automotive supply chains with battery passports, EV charging fleet management, AI-driven energy grid operations, and post-quantum cryptography for cross-border data sharing. Together, they motivate a layered set of requirements:

• Core trust primitives that apply universally: cryptographic proof of control, real-time credential status, verifiable audit trails, and freedom from administrative denial.
• Identity requirements covering legal person identity, decentralized issuance, inter-jurisdictional recognition, employee and contact-person binding, and natural-person-to-legal-person mandate binding.
• Authorization and delegation requirements covering mutual authentication, credential delegation with scoped authority, user-controlled selective disclosure, policy-driven attestation requests, and revocation without intermediary.
• Interoperability and portability requirements ensuring credentials are portable across platforms, survive organisational and service-provider changes, support machine-to-machine exchange, and are usable across jurisdictions without re-issuance.
• Cryptographic and integrity requirements covering qualified electronic signatures, qualified electronic seals as defined under eIDAS 2.0, and post-quantum cryptography for long-term protection.
• AI governance requirements covering AI Service Passports, agent authorization, model validation, human oversight, and runtime monitoring for AI agents acting on behalf of organizations or operating autonomous systems.

Each use case is structured with actors, preconditions, trigger, narrative, postconditions, and an explicit requirements list. The Requirements section provides formal definitions for all requirements. The Vocabulary Requirements section identifies the standardized vocabularies and data models needed to support interoperability across these use cases. The Traceability Matrix cross-references requirements and use cases.

Use Cases