Why Europe’s Digital Identity Wallet and the AI Governance Debate Both Need the Same Missing Layer

In 1458, a Ragusan merchant named Benedetto Cotrugli completed the world’s first known treatise on double-entry bookkeeping — Della Mercatura et del Mercante Perfetto (“The Book of the Art of Trade”). Thirty-six years before Luca Pacioli would publish his more famous Summa de Arithmeticaand receive most of the historical credit, Cotrugli articulated something more profound than an accounting method. He articulated a philosophy of trust.

For Cotrugli, the honest merchant was not merely an economic actor. He was a moral architect. The ledger was not just a record of transactions — it was a testament of character, a public commitment to the idea that every exchange carries meaning, that every obligation must be traceable, and that trust, once lost, cannot be recovered by force. His merchant was a person of fede — faith — in the deepest sense: a keeper of his word, whose word was legible to any party who might need to verify it.

Five hundred and sixty-eight years later, we are building the most consequential commercial and governance infrastructure in human history — AI-driven digital identity systems, cross-border credential networks, and autonomous agent economies.

We are making the same mistake that would have appalled Cotrugli.

We are building systems that can exchange information, but cannot understand it.

We have the ledger. We are missing the meaning.

Two Conversations, One Problem

This week, two seemingly unrelated events exposed the same fundamental gap in our digital future.

In Brussels, technical experts warned that the EU Digital Identity Wallet — Europe’s flagship digital identity infrastructure — is being implemented with a fatal flaw. While the draft Implementing Regulations support basic data exchange (SD-JWT VC, mdoc), they leave out the semantic layer (JSON-LD W3C-VC) required for machines to understand what they’re reading across borders.

A professional qualification issued in Spain cannot be automatically understood by the German system. An educational credential cannot carry meaning across institutions. A company providing regulatory compliance for cross-border procurement cannot provide attestations that machines can reason over.

Europe is building an identity infrastructure that allows machines to read but not understand.

In New Delhi, the world’s AI leaders gathered for the India AI Impact Summit 2026. Sam Altman, Sundar Pichai, Dario Amodei, and Brad Smith stood alongside Prime Minister Narendra Modi, representing more than $10 trillion in market capitalization.

But the headlines weren’t about innovation. They were about a fundamental shift in tone.

Altman called for a global AI regulatory framework akin to the International Atomic Energy Agency. Macron declared Europe a “safe space” for regulated AI. Guterres warned that “no child should be a test subject for unregulated AI.” Modi stressed that AI must be democratized — shared, open source, accessible.

Innovation and governance, they all agreed, must go hand in hand.

Yet between these two conversations lies a chasm. The technologists building digital infrastructure are focused on syntactic interoperability — can machines exchange data? The policymakers governing AI are focused on principles — should AI be regulated?

No one is building the layer that connects them.

Why We Need the NCTE Layer

Because AI agents are now executing transactions at machine speed.

By the time a human notices the records don’t match, a thousand more decisions have already been made on top of the error.

What used to be an annoying reconciliation problem becomes a systemic risk.

This is what we call contextual drift: autonomous actors compounding divergent versions of reality faster than governance can converge them.

Month-end reconciliation was designed for human-paced commerce. It cannot govern machine-speed execution.

So What Do We Do?

We do what Cotrugli did. We are creating a shared layer of truth — but this time, one that machines can read, sign, and enforce automatically.

This is NCTE: NEO Cotruglian Triple Entry.

Where Cotrugli added a second perspective to every transaction, NCTE adds a third: a jointly recognised event-object that neither party controls unilaterally. Party A has its books. Party B has its books. The NCTE object — what we call a PAC-RO (Policy-Aware Co-signed Receipt Object) — is the shared reality both parties sign at the moment the event happens.

The receipt IS the transaction. Not a record of something that happened elsewhere — the signing is the event.

Once signed, it is anchored in the Minimal Truth Layer (MTL) — a permanent, tamper-proof store that no single party can alter or delete.

Think of it as a digital notary that is always present, always instant, and costs essentially nothing.

What Goes Into a Receipt?

Four things, inseparably bound together at signing time:

Facts — the minimal canonical data: who, what, how much, when.

Evidence — structured proof: sensor data, delivery confirmations, AI decision traces, identity credentials. Not an attachment you can delete later. Embedded in the object.

Signature policy — the rules governing who must sign, in what role, above what threshold. Governance baked into the record, not referenced from an external document that someone can change.

Exception semantics — disputes, overrides, and partial acceptances are first-class citizens. They don’t disappear into email threads. They attach to the original receipt and become part of the permanent record.

Identity: The Digital Seal

We use the EU standard for decentralised identity — DiD (Decentralised Identifier) — as the digital seal for every signing party. Think of it as a cryptographic version of Cotrugli’s merchant seal: unforgeable, portable across borders, and verifiable by any authorised system without a central authority granting permission.

A Spanish professional qualification signed with a DiD can be automatically recognized by the German system. A supplier in Beijing can prove compliance to a buyer in Vienna without a phone call, a PDF, or a three-week audit.

The Report Card: Knowing Who to Trust

The system automatically scores every participant based on their actual behaviour — not their claims, their certifications, or their reputation. Two scores matter:

The Cotrugli Score checks technical honesty: Are you signing your receipts correctly? Are your formats compliant? Do you anchor your records on time? This is the machine asking: Can I trust your data?

The Vanguard Score checks commercial integrity: Do you pay on time? When disputes arise, do you resolve them fairly and quickly? This is the network asking: Can I trust your word?

Together they form a Composite Trust Score — a mathematically derived grade that any potential counterparty can query before deciding whether to do business with you.

Cotrugli understood this instinctively. His merchant’s reputation was not what he claimed. It was what his ledger proved.

Keeping AI Safe: The Digital Fence

When AI agents execute transactions on your behalf, you give them Boundary Credentials — a digital fence defining exactly what they are authorised to do:

• Spend limits (execute up to €1,000; blocked at €10,000)
• Approved counterparty lists
• Permitted transaction types
• Hard time windows

Every AI action must produce a Decision Receipt — a structured, verifiable trace of what the agent decided, why, and under what constraints. This is not a log file. It is evidence, bound into the transaction receipt and signed into the permanent record.

And if the agent breaches its boundaries? Automatic degradation. The system drops the agent’s autonomy level instantly — or hands control back to a human — without waiting for someone to notice.

This is not a kill switch bolted on as an afterthought. It is governance by design.

The Math Behind Trust

Here is why this works at a civilisational level, not just an operational one.

As the network grows, a simple equation holds:

P(fraud detection) × Cost(reputation damage) > Gain(from cheating)

In a mature NCTE network, the probability of detection approaches certainty — because every counterparty independently co-signs and verifies. The cost of a damaged Composite Trust Score is exclusion from network commerce. The gain from fraud is bounded and temporary.

Honest behaviour becomes the dominant rational strategy. Not because participants are virtuous. Because the architecture makes dishonesty economically irrational.

Cotrugli articulated this moral logic in 1458. John Nash formalised it mathematically in 1950. We are building the infrastructure that makes it automatic.

Why Does Any of This Matter Right Now?

The EU is finalising the Digital Identity Wallet regulations. The AI Act is entering implementation. The Digital Euro is coming.

All three depend on a layer of infrastructure that does not yet exist: a way for machines to not just exchange information, but understand it — and for every exchange to generate a verifiable, replayable, policy-bound receipt that regulators, auditors, and counterparties can inspect years later.

Without it, we are building the most consequential commercial infrastructure in history on a foundation of two separate spreadsheets that someone reconciles at month-end.

We are building a simulacrum of governance. The appearance of the thing without its substance.

The Practical Upshot

For businesses: eliminate the Audit Tax — the days or weeks spent reconstructing what happened, who agreed to what, and why the records don’t match. The receipt proves it instantly.

For regulators: every AI decision is traceable, replayable, and policy-bound from the moment it was made.

For the Digital Single Market: a shared semantic layer where trust crosses borders automatically, the way Cotrugli’s letters of credit crossed the Mediterranean — because the meaning travels with the record.

The Question Cotrugli Asked

Cotrugli asked the merchants of Ragusa a simple question in 1458.

Will you build a system worthy of trust? Or merely a system that looks like one?

We are asking it again — this time of the architects of Europe’s and the world’s digital future.

The infrastructure we build this decade will last for generations.

Let’s build it worthy of trust.

HashNet — Building the Semantic Governance Layer for the AI Age