Publish your software evidence posture publicly
Buyers are asking for software provenance and liability clarity. ECZ-ID gives you resolver-verifiable software trust objects — supply chain, cyber resilience, and product posture — so you become easier to evaluate in security review and procurement before a question becomes a blocker.
The SBOM essentials path — at a glance
Why software liability posture is becoming a procurement requirement
The question is no longer whether buyers will ask about software provenance. It is whether your answer is already documented and independently verifiable.
Procurement is asking about software provenance
Enterprise buyers, government procurement, and security-sensitive platforms increasingly require software vendors to document provenance, supply chain integrity, and liability posture. SBOM requests — once rare — are becoming standard due diligence in security and procurement review.
Ambiguity creates friction — and risk
Software liability ambiguity slows procurement cycles. Buyers facing unclear provenance escalate to additional review, delay sign-off, or disqualify vendors entirely. ECZ-ID removes that ambiguity by making your software evidence posture publicly verifiable through Resolver — before a question becomes a blocker.
Proof you control the narrative
With resolver-verifiable software trust objects, you publish your own posture on your own terms. Buyers verify through Resolver; you do not need to produce custom documentation for every procurement context. One authoritative surface. Independently verifiable. Always current.
The SBOM Essentials Path
A complete, practical route from identification to deployed software evidence posture.
What you acquire on the SBOM / software liability path
SBOM Essentials is the primary path. Related packs extend your posture for governance and AI-specific provenance requirements.
Software Supply Chain Passport
Documents your software supply chain integrity. Records components, dependencies, and provenance lineage. The primary trust object for SBOM-adjacent proof in procurement and security review.
Cyber Resilience Passport
Documents your cyber resilience posture. Required for buyers applying EU Cyber Resilience Act standards or security procurement frameworks. Independently resolver-verifiable.
Product Passport
Resolver-verifiable product identity. Extends SBOM proof to cover the product itself — what you ship, under what conditions, and with what attributable provenance chain.
Cyber Governance Pack
For vendors operating in DORA-adjacent or regulated cyber governance contexts. Extends SBOM Essentials posture with risk policy and identity continuity for governance-sensitive buyers.
AI Provenance Pack
For software vendors with AI components. Adds AI model and dataset provenance to your evidence posture. Relevant for buyers assessing AI liability, model provenance, and training data integrity.
Package: SBOM Essentials
Bundles Software Supply Chain, Cyber Resilience, Product Passport, and IoT Device Credential. Primary path for software vendors. Provisioned through TrustOps.
Acquire in TrustOpsSBOM coverage tier structure
Three tiers for different scales of SBOM obligation. Essentials is the current live, self-service baseline. Managed and Enterprise are guided engagement pathways for organisations with deeper or multi-product requirements.
Baseline credentialing package — software supply chain provenance, cyber resilience, product evidence record, and IoT device posture. Acquired through TrustOps.
£269.96 / month
Managed credential lifecycle across product releases. Provenance refresh coordination on patch cycles. Structured output for regulated buyer SBOM disclosure requirements. Delivered via TrustOps onboarding.
Contact TrustOps for guided onboarding
Portfolio-level credential management for large-scale or multi-product SBOM obligations. Bespoke format integration. Dedicated evidence infrastructure for enterprise supply chains.
Enterprise contact via TrustOps
Discover here. Acquire in TrustOps. Verify through Resolver.
This Developer Gateway is where you understand the path and prepare. TrustOps is where you acquire and manage credentials. Resolver is where buyers and security teams verify them.
Developer Gateway
Discover the software trust path. Understand trust objects. Prepare your credentialing plan.
TrustOps
Acquire your passports and credentials. Manage lifecycle and renewals. Handle all provisioning and pricing.
trustops.ecocitizenz.com/startResolver
Buyers and security teams verify your software evidence posture here. Public, independent, no account required.
resolver.ecocitizenz.orgWhat resolver-verifiable software trust credentials make possible
Security questionnaire response
Replace lengthy manual questionnaire responses with a single Resolver link. Buyers verify your software evidence posture independently — no custom documentation per buyer.
Software procurement eligibility
Demonstrate documented software provenance and liability posture as a condition of enterprise procurement. Reduce friction in security review stages.
SBOM-adjacent proof in tenders
Include Resolver-verifiable software supply chain proof in tender responses and RFQ submissions where SBOM or software integrity documentation is required.
EU Cyber Resilience Act readiness
Cyber Resilience Passport supports alignment with emerging EU CRA requirements for software vendors placing products with digital elements into the EU market.
AI component liability clarity
AI Provenance Pack extends your posture to cover AI model and dataset provenance — relevant for buyers assessing AI liability and training data integrity.
Public software trust surface
Your Resolver profile is a permanent, always-current public surface. Share once; reuse across every procurement context, security audit, and partner evaluation.
What the software & SBOM essentials path delivers
What you start with
A mapped software trust surface, with SBOM Essentials as your primary acquisition target through TrustOps.
What TrustOps returns
Business Passport, Software Supply Chain Passport, Cyber Resilience Passport, Product Passport, and a live resolver-verifiable software trust profile.
What you can show publicly
A Resolver profile documenting your software provenance, supply chain integrity, and cyber resilience posture — shareable in procurement, security review, and tenders.
What your counterparty can verify
Software supply chain integrity, cyber resilience posture, product provenance, and liability attribution — through Resolver, without requesting documentation.
Related onboarding paths
ECZ-ID System
Adjacent trust areas you may also need
Software trust often extends into API identity, product posture, and platform liability. These adjacent surfaces are all native to ECZ-ID.
APIs, AI Data & Software
Identity and provenance for APIs, AI training data, and data products. Relevant for platforms, AI providers, and data vendors.
Products, Custody & Risk
Product identity and risk posture at the item level. Bridges software trust with physical product provenance in regulated workflows.
Platforms, Marketplaces & Control Overlays
Trust infrastructure for platforms and marketplaces hosting software products, AI services, or managed technology.
See all ECZ-ID trust domains → Domains overview
Ready to establish software evidence posture?
Acquire your SBOM Essentials through TrustOps. Your software trust credentials are provisioned once and remain verifiable through Resolver for any buyer or security team.