For Cities

Keep the trust layer for AI in public hands.Privacy-blind, sovereign, open. Anchor the trust for the whole economy — run an Authority Server only for the city's own.

AI agents are starting to act for businesses and the administration — spending, sending, deciding. The moment software acts on your behalf, every action raises the same question: who authorized it, within what limits, and can anyone verify it afterward? Answering that across an economy takes a shared trust layer — and that layer will belong to someone. A city can be the one that holds it — public infrastructure, not a private platform.

Cities already run the registers everyone trusts — of people, of companies, of property. Neutral public records of what's real. The trust layer for AI is the same kind of thing: it certifies who may act, and lets anyone verify what was authorized.

The opportunity

Cities as the trust root of the AI economy.

A city doesn't write AI law — that's set in Brussels and the member states. But it can do something law can't: provide the trust layer AI actually runs on. Regulation says what's allowed on paper; infrastructure decides what happens in practice. As the trust root, a city shapes adoption from the inside — anchoring the trust everyone relies on, and running its own Authority Server for its administration. For a city, that means:

  • a neutral local trust anchor
  • SMEs adopting AI safely, under their own authority
  • accountable public-sector automation on the city's own Authority Server
  • stronger digital sovereignty
  • AI deployment aligned with Digital Humanist principles

For public administration

  • accountable autonomous services
  • human oversight by design
  • verifiable receipts
  • its own Authority Server

For local businesses

  • deploy AI under their own authority
  • no infrastructure to build — a vertical Authority Server for their sector
  • anchored to the city's trust root
  • interoperable through the open protocol
The model

Anchor trust for all. Operate only your own.

Trust root — for everyone

The city maintains a registry of recognized authority holders — people, departments, companies — and certifies the operators that issue receipts, against an open standard. Just as a commercial register's object is the company, not its certificate, this registry's object is who may hold authority; cryptographic keys are only how that trust is exercised. The city never signs, nor sees, a private action.

Authority Server — for the city's own

The city also runs its own Authority Server for its agents — administrative workflows, citizen-facing services, procurement — proving human oversight by design: no receipt, no execution; revocation; auditability. It operates for itself, not for the private economy. This is also how a city earns the root: by first running it for its own.

Not a passive registry that only keeps records, and not a platform that stands behind every action — the city holds the balance: it anchors trust, others act under it.

The city doesn't build a new directory of everyone. It registers its own entities and the operators it certifies — and recognizes everyone else by anchoring to sources that already exist: EUDI for identity, the commercial register for companies, professional bodies for credentials. EUDI proves who you are; the city's registry records what authority you're recognized to hold.

Who runs the Authority Servers

Under the city's root, anyone can operate an Authority Server: the city for its own agents; vertical operators per sector — the path for SMEs; general providers like Suveren; and large businesses that want to run their own. All certified against the same open standard.

How a verifier checks a receipt

A receipt is signed by a business's Authority Server
Its key is certified by the city's registry
The person or business behind it is proven through EUDI/eIDAS
Any verifier trusts the whole chain

Identity rails (EUDI/eIDAS) prove who you are. They don't cover which agent may act for you, within which limits, with a receipt. That authority layer is what the city anchors — on top of European identity, not duplicating it.

Accountability

Trust anyone can check.

Rule-based, not discretionary

Certification is published and appealable: any operator meeting the open conformance standard can be certified; misconduct is grounds for revocation. A register that admits on rules — not a gatekeeper that picks winners.

Bounded responsibility

The city stands behind its certification process and the actions of its own Authority Server — not behind every private action. Its liability is governance, not transactions.

The path

From pilot to public trust root.

The city's own Authority Server goes from pilot to production and stays. The registry role is additive — the city runs both: operator for itself, root for everyone.

  1. Pilot

    The city stands up an Authority Server for a few of its own AI-agent workflows and trusted partners — proving oversight by design.

  2. Production

    That becomes real infrastructure: the city runs its own Authority Server for administrative AI — citizen services, procurement, internal agents — permanently, at scale.

  3. Registry / root

    On top of operating for itself, the city registers recognized authority holders and certifies the Authority-Server operators, so businesses and departments can issue trusted receipts too.

  4. Ecosystem

    Vertical operators, providers, and departments issue receipts under city-recognized trust chains.

  5. Federation

    City roots interoperate with other cities, Austria-wide trust lists, and EUDI/eIDAS rails.

Where Suveren fits

Open protocol, open market.

The protocol (HAP) and its conformance suite are open. Suveren is its reference implementation — a city can run its own Authority Server and registry on Suveren, and businesses can choose Suveren, a sector operator, or any certified provider. The city anchors trust; an open market provides the operators. No vendor lock-in is required to start.

The principle

Digital Humanism, made infrastructure.

It's the principle — born in Vienna — that decisions with real consequences must stay with accountable people, even as software takes on more of the work. Anchoring the public trust root is how a city turns it into infrastructure: when an agent acts, a named human still stands behind it.

Read more about Digital Humanism →