Coalition operations, defence supply chains, multinational exercises, base access control — each depends on knowing which verified individuals are operating on which national authority. IdentiGate provides the identity layer that makes this knowable across borders, from a single cryptographic architecture with sovereign deployment options.
Digital identity and electronic signature infrastructure delivered as a cryptographic layer. We are not a systems integrator, a consultancy, or a national champion — we build the primitive that other defence systems consume via API.
Our company is based in Estonia — a member of the European Union and NATO with two decades of operational experience running a national digital identity infrastructure. Our deployment options extend across EU, national-sovereign, and air-gapped environments.
Cryptographic architecture built on eIDAS-grade primitives. No third-party access to customer identity data. Independent governance with no foreign ownership stake. Open, verifiable standards — not proprietary trust assertions.
The post-Ukraine era has reshaped European defence spending, alliance interoperability requirements, and supply chain scrutiny. Three signals in 2025–2026 make federated, cross-national identity a named capability gap — and no commercial product currently fills it at passport-anchored scale.
NATO's Data Strategy for the Alliance (May 2025) and Digital Transformation Implementation Strategy (2024) both call for common identity management across allies, supporting the Alliance Data Sharing Ecosystem (ADSE) and Federated Mission Networking (FMN).
The European Defence Fund 2026 programme allocates €1 billion across 31 topics, with dedicated support for supply chain resilience, AI-enabled situational awareness, and SME-led disruptive technologies.
NIS2 Article 21 obliges critical entities — including defence-related organisations — to manage supplier cybersecurity risk. Individual-level identity verification through the supply chain is now a documentable requirement.
Each use case below describes a real operational gap, not a future capability. The underlying architecture is the same — a passport-anchored, Dual Key identity issued in 90 seconds from any country.
A defence prime with Tier-2 and Tier-3 suppliers across 15 countries cannot manually verify the identity of every engineer, technician, or courier touching sensitive components. Today, most sub-tier verification is document-based, paper-based, or simply implicit.
IdentiGate issues passport-anchored identities to individual contractors worldwide (179 NFC countries plus document route), with every access event and handover signed at eIDAS AdES level — creating an audit chain that satisfies NIS2 Article 21 supplier obligations and provides defensible evidence for export-control reviews.
EU Military Mobility 2.0 accelerates the movement of forces and materiel across Europe — but the underlying logistics layer still relies on fragmented national identity regimes for drivers, escorts, and cargo handlers. Non-EU allies (UK, Turkey, Norway) fall outside the EUDI wallet entirely.
IdentiGate's identity layer extends natively to defence convoys, dangerous-goods escorts, and equipment transport. One API, every transport mode, worldwide coverage — 179 NFC countries including every NATO partner.
NATO PKI serves NATO-internal systems. National eIDs serve their own citizens. Between them lies the operational reality: multinational task forces, liaison officers, exchange personnel, partner-nation observers — each currently verified through ad-hoc bilateral arrangements.
IdentiGate provides a passport-anchored layer that works for every NATO member, every partner nation, and every coalition non-member — without replacing existing national systems. Complementary to NATO PKI, compatible with Federated Mission Networking standards, deployable in sovereign environments.
A forward-deployed base hosts visiting allies, local support staff, rotating contingents, third-country contractors, and official visitors. The guard at the gate cannot reasonably be expected to read every national ID, detect every forged document, or trust every paper visitor list.
IdentiGate replaces visual ID checks with NFC passport verification and biometric liveness — a guard's tablet reads the chip from any of 179 countries, the visitor confirms identity with PIN, and every entry is signed, timestamped, and logged to a tamper-evident evidence chain.
In defence contexts, the difference between a policy and an architecture is the difference between trust and verification. Each of the following is a structural property of how IdentiGate is built — not a setting that can be reconfigured or bypassed.
The NFC chip in every ICAO 9303 passport carries nation-signed data (Passive Authentication), a non-extractable private key (Active Authentication), and PACE protocol requiring physical possession. A deepfake can forge a face. It cannot forge a national signature.
Every signature and authentication requires two key custodians in cooperation: one in the user's device Secure Enclave, one on IdentiGate's servers. Neither side can act alone. The verified human is structurally part of every cryptographic event — impossible to compromise from a single point, impossible to execute without active human participation.
Your operational system receives proof, not personal data. IdentiGate verifies the identity and issues a signed cryptographic attestation — your systems get confirmation, never raw passport data, biometric templates, or personal identifiers.
Most identity vendors cover a region, an alliance, or a document type. IdentiGate covers both routes — highest assurance where NFC is available across the 179 ICAO 9303 countries, globally deployable document route for the rest of the world. Every verification returns a signed X.509 certificate. Not a pass/fail verdict — cryptographic evidence your operational systems can act on, audit, and defend.
For the 179 countries that issue ICAO 9303 biometric passports — every NATO member, every partner nation.
Use when: personnel, contractors, or coalition partners hold biometric passports. Security-critical access. Classified environments.
For every country outside NFC coverage — third-country contractors, host-nation support, coalition partners without NFC systems.
Use when: personnel outside the 179 NFC countries. Worldwide coverage. No ally left uncovered.
In defence operations, evidence of who did what, when, and under whose authority is not a feature — it is the difference between audit-ready operations and contested ones. IdentiGate's evidence layer produces this record as a consequence of how the system works.
Passport-verified, biometrically bound individual. No shared accounts, no anonymous tokens, no implicit trust.
Every access event, signature, and authorised action signed at eIDAS AdES level. Timestamped to the second.
Tamper-evident sequence linking each event to the preceding one. Cryptographically verifiable from passport to platform.
No proprietary protocols, no vendor lock-in. Every identity and signature produced by IdentiGate rests on standards recognised across EU regulation, US trust services, and NATO interoperability work.
International civil aviation standard for biometric passports. Operational in 179 countries.
Advanced Electronic Signatures, recognised across 27 EU member states under Regulation (EU) 910/2014.
IdentiGate signatures are legally recognised under US federal and state electronic transaction law.
Designed for integration with NATO Federated Mission Networking. Sovereign deployment options.
Global Legal Entity Identifier standard — supported for verifiable company identity across jurisdictions.
Certification in progress — control framework alignment in place, meeting NIS2 cybersecurity directive requirements.
Defence procurement turns, fundamentally, on trust — not just on capability. The principles below define how we work, and what we will not compromise on, across every programme we engage with.
Our architecture supports deployment in EU-hosted, national-sovereign, or air-gapped environments. Choice of jurisdiction and control sits with the programme, not with us. Customer identity data does not cross jurisdictional lines without explicit programme authority.
No foreign ownership stake in the company. No operational dependency on any single nation's industrial base. No obligation to disclose programme-sensitive information to any third party beyond what law explicitly requires.
Our identity layer is designed to interoperate with allied frameworks (FMN, STANAG alignment where applicable) without being tied to NATO procurement, NATO certification, or NATO endorsement. It works in coalition operations that include non-NATO partners equally well.
Built on eIDAS-grade cryptographic primitives, ICAO 9303 chip verification, X.509 certificate infrastructure. Every identity assertion is a signed cryptographic object the programme can independently verify — not a trust claim against a black-box vendor API.
Signed attestations, timestamps, and audit chains are exportable as standard cryptographic artefacts. A programme that migrates away from IdentiGate retains verifiable historical evidence. We do not hold programme evidence hostage to continued subscription.
Programme names, deployment details, and operational specifics are not used in public marketing without explicit written permission. References, case studies, and logos appear only when a programme has authorised them. Silence is our default posture.
IdentiGate is built in Tallinn — the host city of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE), NATO's largest Centre of Excellence and the organiser of Locked Shields, the world's largest live-fire cyber defence exercise.
Our founding team comes from the institutions that built Estonia's national digital infrastructure — Information System Authority (RIA) for state PKI and digital identity, Guardtime for NATO blockchain integration, SEB for banking-grade security, and Kuehne+Nagel for global defence logistics.
Estonia issued the world's first national digital identity in 2002 and is the birthplace of Skype, Wise, and Bolt. Digital identity is not a product category we entered. It is the environment we came from.
Each capability below addresses a different surface in the allied identity problem — from the first contractor entering a base, through multi-national coalition operations, to the autonomous systems that will increasingly carry out defence logistics. Deployable today, built on our existing products.
An allied command manages personnel from eight different nations participating in a joint operation. Each national military has its own ID card standard — none of them verifiable by the others without bilateral trust agreements. A passport-anchored identity does not replace national IDs; it creates one layer every coalition system can verify, sitting alongside the national standards, not competing with them.
A prime contractor's programme relies on 200+ Tier-1, Tier-2, and Tier-3 suppliers across 12 countries. A NIS2 Article 21 auditor asks for verified identity evidence across the entire supply chain. Cryptographic company identity, linked to verifiable authorised representatives at each tier, produces the evidence as a structural artefact — not a manual collection project that takes a quarter to complete.
A guard at a base gate in Poland has minutes to decide whether the person in front of them — carrying a passport from one of 14 different nationalities represented in today's exercise — is authorised to enter. A tablet-based NFC scan turns "guard assesses paperwork" into "system verifies cryptographic signature". Every gate event, every authorisation, every denial — signed into a tamper-evident log.
A materiel handover document crosses three national jurisdictions before it reaches its destination. Each jurisdiction has its own electronic signature standard, its own legal requirements, its own dispute-resolution framework. An AdES signature, cryptographically anchored to a verified passport identity and recognised under both eIDAS (EU) and ESIGN/UETA (US), produces one signature valid in all three — not three separate signings.
An after-action review of a sensitive operation requires an evidence chain — every access granted, every signature applied, every handover completed — that is both forensically admissible and compatible with cross-national disclosure constraints. A cryptographic audit chain stores signed attestations rather than raw personal data; the fact of the event is verifiable without re-disclosing the underlying identity across national lines.
A contingency response requires simultaneous authorisation for convoys moving out of four different staging areas across allied territory. Each movement needs drivers verified, manifests signed, and border authorities notified — at a speed manual workflows cannot match. Batch operations orchestrate the entire response in one API call, each individual identity and signature still cryptographically anchored, but executed at operational tempo.
The alliance isn't here yet. Our architecture already is.
The next decade of allied defence will see more autonomous systems — drones, ground vehicles, AI-enabled decision support — than ever before. Each will take actions with operational consequences. The question "who commanded this action" must survive after-action review, accountability boards, and political scrutiny. Cryptographic delegation from a verified human commander makes that question answerable, not speculative.
A coalition activity needs to verify that participants hold the requisite clearance — but sharing specific clearance levels, issuing authorities, or nationality details across coalition partners is itself a disclosure concern. A zero-knowledge proof confirms the clearance without disclosing the underlying attributes. Selective disclosure becomes the baseline, not the exception.
An allied officer rotates through four different coalition postings in five years. Today, that officer's identity is re-verified, re-vetted, and re-issued at each rotation — a process that wastes both the officer's time and the coalition's administrative capacity. A portable coalition identity travels with the officer: new credentials issue, old ones revoke, but the verified identity persists across every allied system.
Whether the identity holder is a defence contractor, a rotating coalition officer, a host-nation support worker, or a base visitor — the enrolment path is the same. One NFC passport scan. One biometric confirmation. Valid until the document expires.
NFC chip read via any ICAO 9303-compliant smartphone. Works with passports from every NATO member, every partner nation, and every coalition non-member.
Biometric face match against the chip photo. Real-time liveness detection. Anti-spoofing by architecture — the chip's cryptographic signature cannot be forged.
Dual Key generated — one key custodian in the user's Secure Enclave, one on IdentiGate's servers. Neither side can act alone. Reusable across every IdentiGate-powered system, civil or defence.
Every future action confirmed with PIN + biometrics. Every event signed at eIDAS AdES level. Every record chained into tamper-evident audit.
Defence procurement does not fit cloud-first SaaS. Identity infrastructure for allied operations must respect national sovereignty, security classifications, and coalition data-sharing rules. IdentiGate offers three deployment models — each built on the same cryptographic core.
For dual-use pilots, commercial testing, and non-classified operations.
Best for: commercial validation, logistics corridors, civilian supply-chain pilots, EDF consortium prototyping.
For national defence programmes and prime contractor environments.
Best for: defence primes, MoD digital programmes, national critical infrastructure, coalition task-force operations.
For classified environments, air-gapped networks, and national security systems.
Best for: SECRET-classified environments, air-gapped networks, base access systems, coalition C2 integration.
* SECRET-level deployments require parallel accreditation with the customer's national security authority. IdentiGate provides architectural alignment; classification accreditation is a customer-led process.
The same API that verifies a driver at the Turkish border verifies a defence subcontractor in France. The same cryptographic rails that sign an eCMR for commercial freight sign a materiel handover for military logistics.
Dual-use is not a marketing position — it is how IdentiGate is built. One platform, civilian volume driving defence economics, defence requirements driving civilian security. Each side strengthens the other.
For EDF consortium leads and defence prime PMs, this matters operationally: you are not procuring a bespoke defence system, you are procuring a production-grade platform with an active commercial deployment base — the path from prototype to scale is already built.
For defence primes, MoD digital teams, EDF consortium leads, and coalition programme offices: a private technical briefing covering architecture, sovereign deployment options, and integration paths for your specific programme. No sales pitch — a working session with our technical team.
Remote or in-person — wherever suits your team. Classified-environment briefings available on request, subject to the customer's national security authority accreditation process.
Pay per transaction. No setup fees, no minimum commitments, no license costs. Integration fee scoped per engagement. Full pricing on each product page.