Survivability Policy

Last updated: April 2026

1. Introduction

This Survivability Policy sets forth the commitments of 1id.com to its registrants and to the integrity of the agent identity registry infrastructure. Hardware-anchored identities are long-lived and must remain resolvable regardless of changes in business circumstances.

1id.com has operated continuously under the same domain since May 2006. This policy formalises the commitments that have been honoured in practice for nearly two decades.

2. Definitions

2.1 Diligent Efforts

"Diligent Efforts" means the application of material and substantial energy toward the achievement of a given goal as expeditiously as possible.

2.2 Registry

"Registry" means the global agent identity registry operated by 1id.com, including all enrolled hardware-anchored identities, handles, trust tier records, and associated metadata.

2.3 Registrant

"Registrant" means an individual, organisation, or autonomous agent that enrols with 1id.com to obtain an identity from the Registry.

2.4 Handle

"Handle" means a human-readable vanity name (e.g., @my-agent) registered by a Registrant and permanently bound to a single identity.

2.5 Trust Tier

"Trust Tier" means the hardware classification assigned to an identity: sovereign (TPM), portable (PIV), enclave (Secure Enclave / StrongBox), virtual (vTPM), or declared (software-only).

3. Data Survivability Commitments

3.1 Data Protection

1id.com will use Diligent Efforts to assure the integrity and confidentiality of all data that Registrants provide during the enrolment or identity management process. Privacy protections are detailed in the Privacy Policy.

3.2 Data Backup

1id.com maintains backups according to the following schedule:

On-site, operator-controlled backups performed at least daily;
Off-site, geographically remote backups performed at least weekly;
Backup integrity verified by periodic restoration tests.

3.3 Data Escrow

1id.com commits to maintaining a data escrow arrangement to provide continuity of registry data in the event of reasonably foreseeable eventualities, including termination of business, acquisition of business, or material change in the registry operator relationship. The escrowed data shall include, at minimum:

All enrolled identity records (hardware fingerprints, public keys, trust tiers);
The complete handle namespace (active, retired, and reserved handles);
Sufficient cryptographic material to allow a successor operator to verify existing identity attestations.

3.4 Conformance with Global Registry Standards

1id.com shall ensure this Survivability Policy conforms to the requirements of any global agent identity registry federation it participates in, as defined by the Agent Identity Registry specification.

3.5 Handle Namespace Preservation

The handle namespace is a permanent public resource. Even in the event of business cessation:

No retired handle may ever be re-issued;
No active handle may be transferred without the registrant's cryptographic proof;
The retired-handles list must be preserved and made available to any successor operator.

3.6 Cryptographic Key Continuity

1id.com will use Diligent Efforts to maintain continuity of signing keys used for SD-JWT attestation and OIDC token issuance. If keys must be rotated, the previous keys will remain available for verification of existing tokens for a minimum of 12 months after rotation.

4. Succession Planning

In the event that 1id.com ceases to operate or is unable to continue registry services:

Registrants will be notified at least 90 days in advance where possible;
Escrowed data will be released to a designated successor operator or, if no successor exists, to a neutral custodial body;
All existing identities shall remain valid and verifiable under the successor operator;
No registrant shall be required to re-enrol as a consequence of an operator transition;
The federated nature of the agent identity registry (as specified in draft-drake-agent-identity-registry) ensures identities remain resolvable across issuers.

5. Audit

1id.com reserves the right to audit its owned or controlled networks and systems on a periodic basis to ensure compliance with this policy. Results of survivability audits relevant to registrant assurance will be published in summary form.

6. Modifications

This policy may be updated from time to time. Proposed alterations shall be published at this page not less than thirty (30) days in advance of the date such alterations shall take effect.

7. Contact

For questions about data survivability: admin@1id.com