Certificates that verify themselves
Neural VCP replaces forgeable PDF certificates with tamper-proof, ledger-anchored digital credentials. Built for ministries, universities and awarding bodies who need every certificate to stay provable — for life, wherever it travels.
One platform, four vantage points
Verification anyone can run, in seconds
Scan the QR code or type in the verification code — no account required. The portal checks the cryptographic signature, the integrity hash and the live status, then shows exactly what was attested, by whom, and when.

Issuance and verification, at a glance
Track issuance volumes, verification activity and SLA usage in one view — alongside a live registry-integrity check that proves the entire trust chain is intact every time someone looks at it.

Every credential, fully accountable
Each certificate carries its complete trust-registry history, a printable QR verification page, certificate PDF and SD-JWT exports — plus one-click lifecycle actions that always require an audited reason.

Compliance reporting that reconciles itself
See SLA usage against the annual allowance, issuance trends by month and per-institution breakdowns — then export a one-click compliance report that's reconciled against the ledger.

Four layers behind every unforgeable certificate
Neural VCP keeps what a credential says separate from how it's trusted. Personal data never touches the ledger — instead, a tamper-evident trust registry anchors every credential's authenticity and status, checkable by anyone, indefinitely.
A record nobody can quietly edit
Every issuance, suspension, revocation and reissue is written to an append-only, hash-chained trust registry, designed to sync onto a permissioned Hyperledger Fabric ledger. Any retroactive edit, deletion or relink is immediately detectable — verifiers confirm authenticity on their own, without ever contacting the issuer.
- Append-only, hash-chained anchor for every lifecycle event
- Chain verification proves the registry has never been altered
- Blockchain-sync-ready, built for permissioned Hyperledger Fabric
- No personal data at the trust layer — salted hashes, IDs and status only
Verifiable across the EU, for life
Certificates are issued as W3C Verifiable Credentials, signed with Ed25519 over canonicalised JSON, and aligned to eIDAS 2.0, the EUDI Wallet and the European Digital Credentials for Learning framework — so a credential issued today stays verifiable across Europe for the holder's lifetime.
- W3C Verifiable Credentials with Ed25519 signatures (eddsa-jcs-2022)
- Aligned to eIDAS 2.0, the EUDI Wallet and EDC for Learning
- Dual output: human-readable certificate PDF plus machine-readable VC
- Published issuer trust list for independent key verification
Trust, confirmed in under a second
Employers, universities and authorities can verify any certificate — by QR code, verification code, URL or REST API — free of charge and without registering. Every check validates the integrity hash, the issuer's signature and the live lifecycle status against the trust registry.
- QR code, short code, URL and API verification paths
- Checks signature, integrity hash, status and validity window
- Sub-second responses — p95 of 54ms under concurrent load
- Every verification logged for analytics and audit
Living records, not static files
Suspend, reinstate or revoke a credential with a mandatory reason, or revoke-and-reissue a corrected certificate with a two-way supersession link — every action anchored to the registry and visible to verifiers in real time.
- Suspend, reinstate or revoke — always with an audited reason
- Revoke-and-reissue with linked supersession history
- Template-driven validity windows and expiry
- Hash-chained audit log of every administrative action
Everything a national-scale credentialing operation needs
Beyond the trust layer, Neural VCP is a complete operational platform — bulk issuance, holder self-service, institutional governance, integrations, reporting and defence-grade security.
Bulk & API issuance
Template-based single issuance, CSV batches with row-level error isolation — proven at 30,000 credentials per batch — and REST API issuance from student-information systems.
Holder self-service portal
Students and staff view, print and download their credentials, and share them via expiring, view-limited links with selective disclosure — web, mobile and EUDI Wallet ready.
Multi-institution issuing
Ministries, universities and colleges each operate with their own signing keys, templates and staff. Suspending an organisation blocks issuance across the network instantly.
RBAC, MFA & key management
A six-role capability matrix, TOTP two-factor authentication, account lockout and issuer key rotation — retired keys still verify past credentials, compromised keys are hard-refused.
REST API & webhooks
Scoped API keys for verify, issue, revoke and reporting, plus HMAC-signed webhooks with retry — pre-wired for student-information and HR system integrations.
GDPR by design
No personal data at the trust layer. Subject export (Art. 15/20) and right-to-erasure (Art. 17) are built in — data is erased while proof-of-issuance hashes remain valid.
Reporting & SLA analytics
Dashboards for issuance and verification volumes, per-institution and per-template breakdowns, SLA usage metering, and CSV/JSON compliance exports.
Tamper-evident audit
A second hash-chained log records every administrative and security action, browsable in the portal and reconcilable against the trust registry.
Pseudonymous identity binding
Credentials bind to holders through salted HMACs of the national eID number — strong subject binding with no raw identifiers stored in the credential itself.
Hardened security posture
Strict CSP, CSRF protection, rate limiting, encrypted keys at rest (HSM-ready), hashed session and API tokens, and defence-grade engineering throughout.
Multilingual & accessible
English and Maltese across every public and certificate surface, with semantic, keyboard-first, WCAG-conscious interfaces.
Sovereign deployment
Cloud-native and containerised for government cloud hosting, with high availability and disaster recovery built for national-scale public infrastructure.
From results day to a lifetime of proof
Template
Define credential templates — degrees, certificates, transcripts, warrants — with schemas, validity rules and signing keys per institution.
Issue
Issue one at a time, in bulk from a CSV, or via API straight from your student-information system. Every credential is signed and anchored to the trust registry.
Hold & share
Holders access their credentials through the self-service portal — print with a QR code, download the signed credential, or share selectively via an expiring link.
Verify
Employers and institutions verify instantly and for free — signature, integrity and live status checked against the registry, with every check logged.
Issuers whose certificates can't afford doubt
Neural VCP is built for issuers whose documents carry lifelong value — and lifelong exposure to fraud.
Ministries of Education
National-scale issuance of state examination certificates, teacher warrants and qualifications — 30,000+ credentials a year, fully audited.
Universities & higher education
Degrees, diplomas and transcripts issued as verifiable credentials, instantly checkable by employers and admissions offices worldwide.
Vocational & further education
Course completions, skill cards and trade certifications, with template-driven expiry and renewal workflows.
Professional & awarding bodies
Licences, warrants and professional registrations, with real-time suspension and revocation visible to every verifier.
Training providers
High-volume certificates for short courses and CPD programmes, issued in bulk and shared by holders in one click.
Government registries
Any registry issuing attestations that citizens must prove elsewhere — built on the same pattern as Malta's national Fabric platforms.
Ready to make your certificates unforgeable?
Book a walkthrough using your own certificate templates, and see how Neural VCP fits your identity, hosting and compliance requirements.