Home › Logistics › Rail Freight

Rail Freight Identity

Two Legal Regimes. One Identity.

A consignment note is signed in Frankfurt under CIM (COTIF). The same shipment crosses the Polish-Belarusian border at Małaszewicze and reconsigns under SMGS. Two regimes, two consignment notes, one shipment, one driver — but in the digital ecosystem, two separate identities. Identity needs to span both.

CIM · COTIF · 50 countries

The consignment note is signed in Frankfurt.

Western European rail uses the CIM convention administered by OTIF. Digital consignment notes (eCIM) are progressing — but identity authentication of the signatory remains paper-bound at most handover points.

→ EU + UK + Switzerland + Norway + Türkiye + Maghreb

SMGS · OSJD · 27 countries

The same shipment hands over at Małaszewicze.

Eastern Europe, CIS, and China use SMGS administered by OSJD. Different document, different language, different cryptographic stamp practices — the same physical cargo, the same human signing.

→ Russia · Belarus · Kazakhstan · China · Mongolia · CIS

The Corridor

6,000 km. 5 Countries. 2 Legal Regimes. Zero Digital Identity.

A typical China–Europe freight train. Each border is also an identity gap.

Yiwu → Madrid · 17 days · 5+ countries

🇨🇳

Yiwu

SMGS

🇰🇿

Khorgos

SMGS

🇧🇾

Brest

SMGS → CIM

🇵🇱

Małaszewicze

CIM begins

🇪🇸

Madrid

CIM

17 days

avg transit

jurisdictions

legal regimes

10+

handover signatures

Three Problems

What makes rail freight identity unique

The reconsignment problem

At every CIM↔SMGS handover, a new consignment note is generated. The driver is the same. The cargo is the same. But the document chain breaks. Cross-regime identity portability is the layer that connects the two.

The Belt and Road challenge

China–Europe rail volumes are growing. Most operators along the route — Chinese, Kazakh, Russian, Belarusian — won't ever receive an EU digital wallet. NFC biometric passport for 179 ICAO 9303 countries, document + face match for the rest. Identity that crosses the ICAO 9303 line.

The wagon identity gap

500,000+ freight wagons in Europe. Each will need digital identity as DAC (Digital Automatic Coupling) standardizes. Wagons need verifiable identity. Operators need verified identity. Both layers, one architecture.

The DAC Transition

500,000

Wagons are going digital. Every one needs an identity.

Europe's rail freight industry is migrating to Digital Automatic Coupling (DAC) — replacing screw couplers that have been in service since the 1860s with electrified, data-linked couplings. The EU's DAC4EU programme aims for full deployment by the early 2030s.

DAC means every wagon becomes a connected device. Real-time braking data, load monitoring, position reporting, cargo telemetry. Each wagon needs a verifiable identity to authenticate to the network. Each operator needs verified credentials to interact with the wagon's data layer.

Today's reality

Wagon identity by paint and stencil

UIC numbers stenciled on the chassis. Maintenance records in operator databases. Ownership traced through paper registries. None of it cryptographically verifiable.

Tomorrow's requirement

Wagon identity by cryptographic credential

Each wagon carries a verifiable digital identity. Operators authenticate to wagons via standardized credentials. Cargo telemetry is signed and authenticated end-to-end.

The Solution

Identity that crosses regimes, borders, and transport modes

From CIM to SMGS to road handover — what your platform needs today, and what's already deployable for tomorrow.

🛂

Cross-Regime Identity

Identity Verification · Multi Signatures

One driver, one biometric identity, valid in both CIM and SMGS document chains. NFC chip read for 179 ICAO 9303 countries (HIGH-equivalent), document + face match elsewhere (SUBSTANTIAL-equivalent). No retraining at every handover.

🚂

Operator & Wagon Verification

Company Identity · Authentication

Verify the rail operating company. Verify the locomotive driver. As DAC rolls out — verify the wagon's cryptographic identity. Three layers, one infrastructure.

📋

Reconsignment Signing

Multi Signatures · Timestamps · AdES

At every CIM↔SMGS handover, signatures are cryptographically chained. The Frankfurt eCIM signature flows into the Małaszewicze SMGS signature without breaking the audit trail.

⏱️

eFTI Compliance

eFTI · Authentication · Evidence Layer

eFTI mandatory July 2027 covers rail. Authority access requires authenticated identity. We provide the identity layer — your platform provides the eFTI document infrastructure.

🔐

Zero-Knowledge Compliance

Privacy · Cross-jurisdiction · GDPR

Our Dual Key architecture natively supports zero-knowledge proofs. Prove operator certification across jurisdictions without exposing personal data. CIM and SMGS verifications without cross-border data leaks.

✦ Deployable today — waiting for industry adoption

🌐

Wagon Identity Layer

Identity of Things · DAC-ready

As DAC deployment accelerates, wagons need cryptographic identity. Our Identity of Things infrastructure handles physical assets — locomotives, wagons, containers, IoT devices — under the same verification model as humans.

✦ Deployable today — waiting for industry adoption

Anatomy of a cross-regime rail signature

eIDAS AdES · ETSI EN 319 122 · CIM + SMGS valid

A China–Europe freight train crosses up to 5 countries and switches between CIM and SMGS at the handover. The same driver, the same cargo, the same shipment — but historically, each handover broke the document chain. An IdentiGate signature carries cryptographic evidence across both legal regimes, with optional company-level eSeal for institutional accountability. Here's exactly what each signature contains:

🛂

Signatory identity

Identity Verification

Verified name + biometric face match at signing event + cryptographic hash of NFC chip data (when read) or document + face match payload. Identical proof whether the operator is from Belgium, Belarus, Kazakhstan, or China.

🔒

Document hash

Cryptographic integrity

SHA-256 hash of the exact CIM consignment note or SMGS document at the moment of signing. The same hash mechanism applies to both regimes — the legal framework differs, the cryptography does not.

⏱️

Timestamp

RFC 3161 · Qualified TSA

Independent cryptographic timestamp from a Qualified Trust Service Provider. Critical for reconsignment events, customs declarations at gauge changes, and demurrage disputes between CIM and SMGS operators.

📍

Location

GPS coordinates · Geo-anchored

GPS coordinates captured at the moment of signing — proves where the signature was made (Brest handover, Małaszewicze gauge change, Khorgos border, Madrid arrival). Decisive for jurisdiction-of-signing in cross-regime disputes.

📄

Signing context

CIM / SMGS · Phase

Which regime is in force (CIM under COTIF, SMGS under OSJD), which document role (sender, carrier, receiver, customs), and which logistics phase (loading, handover, reconsignment, delivery). Same signature object — works in both legal frameworks.

🔐

Cryptographic signature

X.509 · Dual Key · FIPS 140-2 L3

RSA/ECDSA signature using the user's Dual Key — half on device Secure Enclave, half in our FIPS 140-2 Level 3 HSM. X.509 certificate chain attached for verification. Identical mechanism whether validated under EU eIDAS or examined by an OSJD member state authority.

🧾

Audit trail link

Evidence Layer ID · Cross-handover chain

Reference ID into our Digital Evidence Layer — append-only log that captures the full signing event chain across handovers. The Frankfurt eCIM signature and the Małaszewicze SMGS signature are linked in the same evidence chain.

🏢

Company eSealOptional

eIDAS Qualified eSeal · QSCD-issued

Where the rail operating company holds an eIDAS-issued Qualified eSeal, the individual signature can be wrapped with the company's institutional cryptographic seal. Both the operator and the legal entity are bound to the consignment note — institutional accountability across regimes.

Why this matters for cross-regime rail freight: CIM and SMGS use different documents, different languages, and different legal frameworks. EU Regulation 910/2014 (eIDAS) recognises AdES signatures as legally valid. Our cryptographic evidence package is regime-agnostic — the same signature object satisfies CIM, SMGS, and eFTI requirements simultaneously, without re-signing at every handover.

From the blog.

2026-04-01 · Gustav Poola

eFTI 2027 Compliance Checklist: 10 Steps for Freight Ops

From July 2027, EU authorities must accept digital freight data. Here's a step-by-step checklist to get your logistics operation ready — starting now.

2026-04-03 · Gustav Poola

eFTI Article 5: Identity Verification for Freight Platforms

From July 2027, every eFTI platform must verify the identity of every business user. Here is what Article 5 actually requires — and why most platforms are not ready.

2026-02-17 · Gustav Poola

Digital Identity in European Freight: eCMR, eFTI, Cross-Border

Everything logistics leaders need to know about digital identity for freight — from eFTI compliance and signature levels to the non-EU identity gap.

Building rail freight identity?

Whether you're a CIM-aligned platform, an SMGS operator, a 1520mm-gauge rail company, or an intermodal operator handing cargo from rail to road — let us show you the identity layer that spans both regimes.

Book a Demo Read the eFTI Guide