Veintree's proposal is fully aligned with the core ethical principles of the European Union, including respect for fundamental rights, human dignity, privacy, data protection, non-discrimination, and transparency. The project introduces a novel authentication paradigm—biocryptography—which was specifically designed to address and overcome the ethical limitations of traditional biometrics and centralized identity systems.
Ethical Alignment with EU Values
No storage or processing of biometric data:
Unlike traditional biometrics, Veintree's solution does not rely on templates, databases, or comparisons. Instead, it generates ephemeral, non-traceable cryptographic signatures from the user's vascular interaction, fulfilling the principle of privacy by design and data minimization under the GDPR.
Offline, decentralized architecture:
The use of an embedded FPGA enables authentication and cryptographic signing entirely offline, with no data shared with external servers, ensuring user autonomy and resistance to surveillance or misuse.
Zero-knowledge compliance:
The solution implements zero-knowledge proof mechanisms, ensuring that no sensitive information is disclosed during identity or authorship validation—supporting future eIDAS 2.0 and AI Act alignment.
Informed consent and traceability:
In healthcare deployments, the dual-authorship feature records the joint cryptographic intent of both patient and caregiver, strengthening accountability and patient rights under EU digital health regulations.
Foreseeable Ethical Challenges
Misunderstanding of biocryptography as biometrics:
To prevent misinterpretation, clear communication and documentation will clarify that no biometric identifier is stored or reused, and that the system is biologically activated, not biometric by nature.
Informed consent mechanisms:
Especially in healthcare contexts, mechanisms will be reinforced to ensure explicit, traceable, and revocable consent, with appropriate training for CSR personnel and user-facing materials.
Digital inclusion and accessibility:
The dongle has been tested with diverse user populations to ensure equitable access, avoiding bias based on age, disability, or skin tone, and complying with the EU Charter of Fundamental Rights.
Ethical Oversight and Safeguards
- Veintree will appoint an Ethics Compliance Officer responsible for auditing processes in line with Horizon Europe ethics self-assessment guidelines.
- Regular privacy impact assessments (PIAs) and ethics checkpoints will be conducted at key milestones.
- Open dialogue with national data protection authorities (DPAs) will be maintained, with readiness to undergo DPIA review if necessary.