Digital sovereignty needs more than a framework. It needs components that work.

Gaia-X / T-Systems — Personal Credential Manager.

A company wants to show a partner only the data that is needed for a specific transaction, nothing more, with the ability to revoke access at any time, without having to build a trust relationship with a central provider. This requirement sounds precise. The technical answer to it has long been missing. Gaia-X is Europe's attempt to provide one.

From concept to infrastructure.

Gaia-X alone does not build anything. The framework defines how participants should interact with one another, according to which rules and on which technical foundation. What it does not include are the components that make this operation possible in the first place.

That is why the Gaia-X Federation Services were created, GXFS for short: a project funded by the Federal Ministry for Economic Affairs that develops open-source software components for the real-world operation of a Gaia-X-compliant ecosystem. Reference implementations that show how compliance is not just defined, but put into practice.

One of these components is the Personal Credential Manager (PCM). It is the tool that individuals need to be able to act within the Gaia-X ecosystem. Not as passive participants leaving data behind. But as actors who decide which Verifiable Credentials, digitally issued and cryptographically verifiable proofs, they present to whom.

Building the PCM means building the gateway to the ecosystem.

As part of the Gaia-X Federation Services Project, esatus supported T-Systems on two lots.

The Personal Credential Manager Cloud provides the server-based infrastructure. Users can manage their credentials with it without operating their own wallet infrastructure. For companies that want to integrate employees or partners into the Gaia-X ecosystem without first building their own systems, this is the direct entry point.

The Personal Credential Manager Extension 1 extends this core. It delivers the functionality required for Gaia-X compliance and integration into existing systems. Without it, the PCM remains a container. With it, it becomes part of the trust architecture.

Both lots are open source. Both are reference implementations. That means other federation participants build on top of them.

Compliance is not a feature. It is a prerequisite.

The PCM must be compatible with W3C standards for decentralized identities, compliant with the Gaia-X Trust Framework, and at the same time built in a way that allows it to be used in real system landscapes, not just in demonstrators.

esatus brought to this project experience from national pilots, EU-funded projects, and live deployments. Decentralized identities are not a new field. What was new was the scale: developing a component that not only works, but serves as a standard.

A framework defines what is possible. A reference implementation shows what holds up.

What this work means for anyone who wants to share data but retain control.

Gaia-X does not live by its architecture. It lives by companies actually participating. By their being able to issue, verify, and accept credentials without giving up control over their data. The PCM is one of the fundamental prerequisites for this.

The question that Gaia-X poses is one that many organizations are asking today without even knowing the name Gaia-X: how do I share data with a partner in a controlled, revocable way and without a central intermediary? Wherever that question remains open, the Personal Credential Manager shows what the answer looks like as running software.