This document defines requirements and use cases for a Verifiable Supply Chain (VSC) Critical Minerals Profile: the application of the VSC framework — built on [[VC-DATA-MODEL]], [[DID-CORE]], and [[EPCIS20]] — to the traceability, ESG due diligence, and regulatory compliance of critical and strategic minerals supply chains.

Critical minerals are designated by governments worldwide as essential to the clean energy transition, digital infrastructure, and national security, yet their supply chains are among the most opaque, geographically concentrated, and fraud-prone in global trade. This document identifies the problem space, defines a domain-specific vocabulary, and specifies the functional and non-functional requirements for a VSC credential profile covering mine-to-market traceability of minerals including lithium cobalt nickel rare earth elements graphite manganese and all materials listed in [[CRMA]] and [[USGS-2025]].

This is a requirements and use cases document, not a technical specification. It is a deliverable of the W3C Verifiable Supply Chain Community Group, which lists Critical Minerals as a priority vertical alongside Pharmaceuticals. The document is grounded in and references [[CRMA]], [[EU-BATTERY-REG]], [[EU-DPP]], [[EU-CSDDD]], [[OECD-DD]], [[OECD-TRACEABILITY]], [[RMI-RMAP]], [[GBA-BATTERY-PASSPORT]], and [[SEC-CONFLICT]]. Methodology follows established W3C patterns including [[SHACL-UCR]] and [[DWBP-UCR]].

This document is a Community Group Draft produced by the Verifiable Supply Chain Community Group, launched on 21 February 2026. It is not a W3C Standard and is not on the W3C Standards Track. It may be updated, replaced, or made obsolete at any time.

This specification is a vertical profile of the VSC base requirements document [[VSC-REQUIREMENTS]]. It inherits and specializes all base requirements; requirements defined here are additional to, not replacements for, those in [[VSC-REQUIREMENTS]].

Feedback is welcome via the GitHub issue tracker. See for contribution guidelines.

Introduction

This section is non-normative.

Why Critical Minerals?

Critical and strategic minerals underpin the clean energy transition, digital infrastructure, and advanced manufacturing. The [[CRMA]] (Regulation (EU) 2024/1252, in force May 2024) defines 34 critical raw materials (CRMs) and 17 strategic raw materials (SRMs), including lithium, cobalt, nickel, rare earth elements, and graphite, setting binding 2030 targets for domestic extraction, processing, and recycling. The [[USGS-2025]] Critical Minerals List identifies 50 minerals essential to U.S. economic and national security.

These supply chains share four structural characteristics that make them uniquely difficult to govern with existing tools:

Extreme geographic concentration
China processes over 85% of rare earth elements and 90% of graphite. The Democratic Republic of Congo produces 63% of global cobalt, much of it from artisanal and small-scale mines (ASM). This concentration creates systemic geopolitical risk and makes supply-chain fraud difficult to detect through conventional means.
Multi-tier opacity
A lithium-ion battery cell may draw on minerals from a dozen countries, processed through smelters, refiners, precursor chemical producers, and cathode active material manufacturers before reaching a cell manufacturer. Each tier transition involves a new legal entity and typically a break in the data trail. Existing EPCIS deployments cover Tier-1 logistics well, but ASM mine-site data is rarely digitized.
Blending and transformation loss of identity
Unlike discrete manufactured goods, minerals are dissolved, alloyed, and blended at refineries. A kilogram of cobalt sulfate leaving a refinery may be derived from dozens of distinct mine-site lots. Traceability standards must accommodate mass-balance and chain-of-custody methodologies, not just serial-item tracking.
Converging regulatory requirements
The [[EU-BATTERY-REG]] (Digital Product Passport mandatory for EV batteries by February 2027), [[CRMA]], [[EU-CSDDD]], [[CBAM]], [[OECD-DD]], [[SEC-CONFLICT]], and the IEA–OECD [[OECD-TRACEABILITY]] framework all impose overlapping but non-identical traceability, due diligence, and disclosure obligations on supply chain participants.

How VSC Addresses These Challenges

The VSC Critical Minerals Profile extends [[VSC-REQUIREMENTS]] with domain-specific credential schemas, vocabulary extensions, and traceability methodologies suited to the minerals sector:

Regulatory Landscape Summary

This section is non-normative.

Regulation / Framework Jurisdiction Key traceability obligation In-force / deadline
[[CRMA]] (Reg. EU 2024/1252) European Union Supply chain traceability, diversification, and sustainability for 34 CRMs and 17 SRMs In force May 2024; 2030 binding targets
[[EU-BATTERY-REG]] (Reg. EU 2023/1542) European Union Digital Product Passport for EV, industrial, and LMT batteries; due diligence on cobalt, lithium, nickel, natural graphite DPP mandatory February 2027
[[EU-CSDDD]] (Dir. 2024/1760) European Union Human rights and environmental due diligence across the supply chain for companies above threshold Transposition by 2026; phased application 2027–2029
[[CBAM]] (Reg. EU 2023/956) European Union Embedded carbon reporting for iron, steel, aluminium, and select materials; will extend to more CRMs Transitional phase ended Dec 2025; full implementation 2026
[[OECD-DD]] (3rd edition) OECD member states (and beyond) Five-step due diligence framework for minerals from conflict-affected and high-risk areas (CAHRAs) Policy standard; referenced in EU and US regulations
[[SEC-CONFLICT]] (Rule 13p-1) United States Annual disclosure for companies using 3TG minerals (tantalum, tin, tungsten, gold) in products Annual reporting since 2014
[[USGS-2025]] Critical Minerals List United States 50 minerals designated as critical; basis for domestic security and supply chain resilience policy 2025 list in effect
[[RMI-RMAP]] RMAP 2.0 Industry standard Third-party audit standard for responsible sourcing of cobalt, tin, tantalum, tungsten, gold, and mica RMAP 2.0 in public consultation 2024–2025
[[GBA-BATTERY-PASSPORT]] Industry standard Battery Passport specification covering provenance, ESG, and circularity data; aligned with [[EU-BATTERY-REG]] 2024 pilots; full deployment 2027

Relationship to VSC Base Specification

This document is a vertical profile of [[VSC-REQUIREMENTS]]. All base requirements (REQ-F1 through REQ-F9 and REQ-NF1 through REQ-NF5 in [[VSC-REQUIREMENTS]]) apply to VSC Critical Minerals Profile implementations in full. This document adds:

Document Structure

The key words MUST, MUST NOT, REQUIRED, SHALL, SHALL NOT, SHOULD, SHOULD NOT, RECOMMENDED, NOT RECOMMENDED, MAY, and OPTIONAL are to be interpreted as described in [[RFC2119]] and [[RFC8174]] when, and only when, they appear in all capitals.

All examples, diagrams, and sections marked as non-normative are informative only. Everything else is normative. This profile MUST be read in conjunction with [[VSC-REQUIREMENTS]]; all normative requirements of that document apply to conformant implementations of this profile.

Scope

In Scope

Out of Scope

Terminology

Terms defined in [[VSC-REQUIREMENTS]], [[VC-DATA-MODEL]], [[DID-CORE]], and [[EPCIS20]] retain their meanings. The following additional terms are defined for this profile.

Critical Mineral
A mineral or material designated as critical or strategic by a recognized government or intergovernmental body owing to its economic importance and supply risk. This profile covers all materials on the [[CRMA]] Annex I/II lists and the [[USGS-2025]] Critical Minerals List. Examples include lithium, cobalt, nickel, rare earth elements, natural graphite, manganese, gallium, and tantalum.
Mineral Lot
A quantity of one or more [=Critical Mineral=]s with a defined mass or volume, originating from a specific source (mine site, smelter, or refinery), identified by a unique lot number, and characterized by composition, grade, and provenance attributes. A [=Mineral Lot=] is the primary subject of VSC Critical Minerals credentials. Where [[GS1-DIGITALLINK]] identifiers exist for the commodity type, they SHOULD be used.
Mine Site
A physical location where [=Critical Mineral=]s are extracted from the earth, including both industrial-scale and artisanal and small-scale mining (ASM) operations. Each [=Mine Site=] MUST be identified by a [[DID-CORE]] identifier for the purposes of this profile.
Processing Facility
An installation that transforms extracted mineral ore or concentrate into an intermediate or refined form, including concentrators, smelters, refineries, and precursor chemical plants. Each [=Processing Facility=] MUST be identified by a [[DID-CORE]] identifier.
Mass-Balance Attribution
A traceability methodology in which the quantity of material attributed to a specific source (e.g., a responsible mine) is tracked as a proportion of the total mass of blended output from a [=Processing Facility=], rather than by maintaining physical segregation of individual batches. Mass-balance attribution is the standard methodology endorsed by [[RMI-RMAP]] and [[GBA-BATTERY-PASSPORT]] for refined mineral commodities.
Chain-of-Custody
A traceability methodology in which physically distinct material lots are maintained separate throughout the supply chain. The VSC [=Event Chain=] mechanism (defined in [[VSC-REQUIREMENTS]]) supports full chain-of-custody where physical segregation is practiced.
ESG Attribute Credential
A [=Verifiable Credential=] asserting one or more environmental, social, and governance (ESG) claims about a [=Mineral Lot=] or [=Mine Site=], such as carbon footprint (CO₂e per tonne), water consumption, conflict-free status, or human rights due diligence compliance. An [=ESG Attribute Credential=] is issued by an authorized [=Third-Party Auditor=] or, where self-declaration is permissible under the applicable framework, by the [=Mine Site=] or [=Processing Facility=] operator.
Third-Party Auditor
An independent organization authorized under an applicable [=Trust Framework=] (e.g., [[RMI-RMAP]], [[ICMM-FRAMEWORK]]) to conduct on-site audits of [=Mine Site=]s or [=Processing Facility=]s and issue [=ESG Attribute Credential=]s. Each [=Third-Party Auditor=] MUST be identified by a [[DID-CORE]] identifier registered in the applicable trust framework.
Conflict-Affected and High-Risk Area (CAHRA)
A geographic area as defined in [[OECD-DD]] Annex II, characterized by armed conflict, widespread violence, or fragile post-conflict conditions, in which mineral extraction may contribute to or be associated with human rights abuses. Credentials asserting conflict-free status for minerals sourced from or transiting through a CAHRA MUST reference an applicable audit standard and a [[DID-CORE]]-identified [=Third-Party Auditor=].
Artisanal and Small-Scale Mining (ASM) Actor
An individual miner, cooperative, or small enterprise engaged in informal or semi-formal mineral extraction, typically with limited capital and technology. ASM actors represent a significant share of cobalt and some rare earth production. This profile requires that ASM-compatible credential issuance pathways exist, including support for lightweight [[DID-CORE]] methods operable from mobile devices with intermittent connectivity.
Battery Passport
A digital product passport for a battery product, as required by [[EU-BATTERY-REG]] from February 2027, containing data on mineral provenance, carbon footprint, recycled content, and supply chain ESG performance. A [=Battery Passport=] is realized as a [=Verifiable Presentation=] composed of VSC Critical Minerals Profile credentials assembled from upstream tiers. The format aligns with [[GBA-BATTERY-PASSPORT]].
Carbon Border Adjustment Credential
A [=Verifiable Credential=] asserting the verified embedded carbon content (direct and indirect emissions) of a [=Mineral Lot=] or processed material, issued or endorsed by a [[DID-CORE]]-identified verifier. Such credentials support [[CBAM]] reporting obligations.

Conceptual Architecture

This section is non-normative.

Critical Minerals Value Chain Stages

VSC Critical Minerals credentials span the following value chain stages, each of which may involve distinct legal entities, geographic jurisdictions, and applicable regulatory frameworks:

Stage Description Primary EPCIS 2.0 event type(s) Primary credential type(s)
Extraction Mining of ore or concentrate at a [=Mine Site=] ObjectEvent (commissioning) Mine-site declaration, ASM cooperative credential, audit certificate
Primary processing Concentrating, smelting, or initial chemical processing TransformationEvent Smelter/refiner declaration, mass-balance attestation
Refining Production of battery-grade or specification-grade material TransformationEvent Refined lot credential, [[CBAM]] carbon credential
Precursor / cathode production Chemical synthesis of battery precursor and active materials TransformationEvent Precursor lot credential linking input refined materials
Cell / product manufacturing Incorporation of critical minerals into cells, magnets, or components TransformationEvent, TransactionEvent DPP assembly credential, [[EU-BATTERY-REG]] Battery Passport
Transport / logistics Cross-border and domestic transport at each stage ObjectEvent, TransactionEvent Custody transfer credential, customs compliance credential
Recycling Recovery of critical minerals from end-of-life products TransformationEvent Recycled content attestation, secondary material lot credential

Trust Framework Structure for Critical Minerals

The [[VSC-REQUIREMENTS]] concept of a [=Trust Framework=] is essential in the minerals sector, where regulatory bodies and industry standards organizations play key authorization roles. The expected layered trust structure is:

  1. Root anchors: Sector bodies such as [[RMI-RMAP]], [[ICMM-FRAMEWORK]], and [[GBA-BATTERY-PASSPORT]] publish lists of authorized smelters, refiners, and auditors as DID registries.
  2. Authorized issuers: Mines, smelters, refiners, and auditors hold [[DID-CORE]] identifiers registered in one or more root anchors.
  3. Credential issuance: Authorized issuers sign lot credentials and ESG attribute credentials using [[VC-DI]].
  4. Downstream verification: Battery manufacturers, customs authorities, and market surveillance bodies verify credentials against the root anchor registries.

Use Cases

This section is non-normative. Use cases motivate the requirements in . Each use case follows the structured template established in [[SHACL-UCR]] and [[DWBP-UCR]].

UC-CM-1: Mine-Site to Refinery Provenance for OECD Due Diligence

GoalA cobalt refiner verifies that incoming concentrate lots originated from mine sites that have been audited under [[RMI-RMAP]] and are not associated with [=Conflict-Affected and High-Risk Area (CAHRA)=] human rights risks, satisfying [[OECD-DD]] and [[EU-BATTERY-REG]] due diligence obligations.
Actors
  • Industrial mine operator — issuer of mine-site declaration credentials.
  • ASM cooperative — issuer of cooperative-level declaration credentials.
  • RMI-accredited third-party auditor — issuer of [[RMI-RMAP]] audit credentials.
  • Cobalt refiner — holder and verifier.
  • EU Battery Regulation compliance body — downstream verifier.
Regulatory context[[OECD-DD]] five-step due diligence; [[EU-BATTERY-REG]] Art. 52–54 requiring cobalt, lithium, nickel, and natural graphite due diligence; [[EU-CSDDD]] human rights obligations.
Preconditions
  • Industrial mines and ASM cooperatives hold [[DID-CORE]] identifiers registered in the RMI Responsible Minerals Assurance Process (RMAP) registry.
  • The [[RMI-RMAP]] accredited auditor holds a [[DID-CORE]] identifier in the same registry.
  • The cobalt refiner has defined a verification policy specifying accepted audit standards (RMAP, ICMM), CAHRA-risk thresholds, and minimum audit recency.
  • The refiner's system can resolve DIDs and validate [[VC-DI]] proofs.
Normal flow
  1. For each [=Mineral Lot=] (concentrate batch), the mine operator issues an ObjectEvent credential (bizStep: commissioning) containing: mine-site DID, GPS coordinates, extraction date range, mineral type and grade, lot mass (wet and dry), and lot identifier.
  2. The [[RMI-RMAP]] auditor issues an ObjectEvent audit credential referencing the mine-site DID, audit date, scope (RMAP standard version), outcome (conformant / conditionally conformant / non-conformant), and audit report hash. The credential includes an expiryDate of 12 months from audit date.
  3. If the mine-site lot is sourced from an ASM cooperative, the cooperative issues a cooperative-level declaration credential (lightweight ObjectEvent) referencing member miner identifiers where digitally available.
  4. The mine operator assembles a [=Verifiable Presentation=] containing the lot credential and the current audit credential and submits it to the refiner alongside the physical shipment.
  5. The refiner's system verifies: DID resolution, proof validity, audit credential not expired, auditor DID registered in RMAP registry, no CAHRA flags in OECD country risk data (accessed via policy engine).
  6. On successful verification, the refiner accepts the lot and stores the presentation as OECD Step 3 due-diligence documentation.
Alternative flows
  • Expired audit credential: Verifier detects expiryDate has passed. Returns error AUDIT_EXPIRED; refiner initiates re-audit request with supplier.
  • CAHRA risk flag: Mine GPS coordinates fall within an [[OECD-DD]] Annex II CAHRA. Refiner escalates to enhanced due diligence procedure; lot is quarantined pending outcome.
  • ASM mobile issuance: ASM cooperative uses a mobile-compatible lightweight DID method and issues credentials offline, syncing when connectivity is available. Verifier checks credential timestamp and DID document version.
  • Blended concentrate: Smelter input is blended from multiple mine-site lots. The smelter issues a TransformationEvent credential listing all input lot credentials and their respective mass fractions.
Postconditions
  • Refiner holds machine-verifiable OECD Step 3 documentation for each accepted lot.
  • Evidence package is sufficient for [[EU-BATTERY-REG]] Art. 52 cobalt/lithium due diligence reporting and [[EU-CSDDD]] audit trail.
Failure modesFabricated GPS coordinates; audit credential issued by auditor not in RMAP registry; mass discrepancy between credential and physical lot; lot identity switched at port of entry.
Derived requirementsREQ-CM-F1, REQ-CM-F2, REQ-CM-F3, REQ-CM-F4, REQ-CM-F5, REQ-CM-F7, REQ-CM-NF1, REQ-CM-NF2

UC-CM-2: Mass-Balance Attribution at a Blending Refinery

GoalA nickel sulfate refinery that receives ore concentrates from multiple sources — some certified responsible, some uncertified — issues verifiable mass-balance attribution credentials for its output lots, enabling downstream battery manufacturers to claim a specific percentage of responsibly-sourced input material in their [[EU-BATTERY-REG]] Battery Passport.
Actors Nickel refinery (issuer of mass-balance credentials); responsible mine operators (issuers of input lot credentials); battery manufacturer (verifier and downstream holder).
Regulatory context[[EU-BATTERY-REG]] Art. 8 (recycled content) and Art. 52–54 (due diligence); [[RMI-RMAP]] mass-balance methodology; [[GBA-BATTERY-PASSPORT]] data requirements.
Preconditions
  • The refinery holds a [[DID-CORE]] identifier registered in the [[RMI-RMAP]] Responsible Nickel pathway.
  • Responsible input lots are accompanied by [[VSC-REQUIREMENTS]]-conformant lot credentials with valid audit credentials.
  • The refinery has calculated the mass-balance attribution ratio for the period covering the output lot, following [[RMI-RMAP]] methodology.
Normal flow
  1. The refinery receives input concentrate from multiple sources over a defined period (e.g., one calendar month). For each responsible-certified input lot, it holds a verified input credential.
  2. At the end of the period, the refinery calculates the total responsible-attributed input mass as a percentage of total input mass.
  3. For each output lot shipped to battery manufacturers, the refinery issues a TransformationEvent credential with a massBalanceAttestation extension containing: responsible-attributed percentage, calculation methodology URI (pointing to [[RMI-RMAP]] mass-balance standard), evidence period (start/end date), and a list of input lot credential identifiers with individual mass fractions.
  4. The battery manufacturer verifies the mass-balance credential: DID resolution, proof validity, auditor status, methodology URI recognized in the manufacturer's trust framework.
  5. The manufacturer uses the verified percentage as the responsibly-sourced nickel input figure in its [[EU-BATTERY-REG]] Battery Passport assembly.
Alternative flows
  • 100% chain-of-custody available: Where the refinery practices full physical segregation, the TransformationEvent credential references input lots directly without a mass-balance calculation, and the attributed percentage is 100%.
  • Recycled content inclusion: Recycled nickel input lots are issued a secondary material lot credential with a recycledContent: true flag. The mass-balance credential separately attributes responsible primary and recycled input fractions, enabling [[EU-BATTERY-REG]] Art. 8 recycled content disclosure.
Postconditions Battery manufacturer holds a verifiable mass-balance attribution figure for each nickel sulfate input lot, sufficient for [[EU-BATTERY-REG]] Art. 52 disclosure and [[GBA-BATTERY-PASSPORT]] provenance data fields.
Failure modesOver-attribution (responsible percentage exceeds verified responsible input mass); falsified input lot credentials used to inflate attribution; methodology URI pointing to a non-standard calculation.
Derived requirementsREQ-CM-F1, REQ-CM-F3, REQ-CM-F4, REQ-CM-F6, REQ-CM-F7, REQ-CM-NF1

UC-CM-3: EU Battery Regulation Digital Product Passport Assembly

GoalA battery cell manufacturer assembles a [[EU-BATTERY-REG]]-compliant [=Battery Passport=] for an EV battery module by composing verifiable credentials from upstream mineral suppliers, refiners, and precursor producers, and submits it to an EU market surveillance authority.
Actors Mine operators, ASM cooperatives, smelters, refiners, and precursor producers (upstream issuers); cell manufacturer (holder and DPP assembler); EU type-approval / market surveillance authority (verifier); end customer / OEM (downstream holder).
Regulatory context[[EU-BATTERY-REG]] Art. 13 (DPP via QR code, mandatory February 2027 for EV batteries); [[EU-DPP]] (ESPR Regulation 2024/1781); [[GBA-BATTERY-PASSPORT]] data specification.
Preconditions
  • All upstream suppliers have issued VSC Critical Minerals Profile credentials for their respective outputs (mine-site lot, smelter output, refined lot, precursor lot).
  • All issuers hold [[DID-CORE]] identifiers recognized in applicable trust frameworks.
  • The battery module is identified by a GS1 GTIN expressible as a [[GS1-DIGITALLINK]] URI.
  • The manufacturer's system can resolve all upstream credential chains.
Normal flow
  1. The manufacturer collects upstream credentials for each critical mineral input (cobalt, lithium, nickel, natural graphite) covering all value chain stages from mine to precursor.
  2. Using selective disclosure, the manufacturer filters commercially sensitive fields (supplier pricing, proprietary refinery process details) from each credential while retaining all fields required by [[EU-BATTERY-REG]] Annex XIII.
  3. The manufacturer issues a TransformationEvent credential for the cell manufacturing event, listing all precursor input lot credentials and the output cell GTIN. This credential includes the verified carbon footprint of the cell (CO₂e/kWh) calculated from upstream [[Carbon Border Adjustment Credential=]]s.
  4. The manufacturer assembles a [=Battery Passport=] as a [=Verifiable Presentation=] containing all upstream credentials and the cell manufacturing credential, bound to the GTIN via [[GS1-DIGITALLINK]].
  5. The presentation is registered in the EU Digital Product Passport registry (accessible via QR code on the physical battery).
  6. The market surveillance authority's automated system verifies the complete credential chain, checks all issuer DIDs, validates audit credential currency, and evaluates the assembled data against [[EU-BATTERY-REG]] Annex XIII completeness requirements.
Alternative flows
  • Missing Tier-2 credential: A precursor producer cannot supply mine-level credentials for one mineral input. The manufacturer applies a [[RMI-RMAP]] mass-balance credential at the refiner level as the deepest available verifiable evidence, disclosing the gap in the DPP metadata.
  • Recycled content: A portion of lithium input is recovered from end-of-life batteries. The recycling operator issues a secondary lot credential with recycledContent: true. The DPP correctly attributes primary and recycled fractions under [[EU-BATTERY-REG]] Art. 8.
Postconditions
  • A machine-verifiable [[EU-BATTERY-REG]]-compliant DPP exists, accessible via QR code.
  • Market surveillance authority can independently verify the upstream mineral provenance chain and carbon footprint claim.
Failure modesMissing credential for a required [[EU-BATTERY-REG]] Annex XIII field; carbon footprint credential based on unverified upstream data; DPP QR code pointing to revoked presentation.
Derived requirementsREQ-CM-F1, REQ-CM-F2, REQ-CM-F3, REQ-CM-F4, REQ-CM-F5, REQ-CM-F6, REQ-CM-F7, REQ-CM-F8, REQ-CM-NF2, REQ-CM-NF3

UC-CM-4: CBAM Embedded Carbon Reporting for Refined Minerals

GoalAn EU importer of refined nickel demonstrates to customs authorities that the declared embedded carbon content of each shipment is verifiable, satisfying [[CBAM]] reporting obligations and avoiding re-declaration by customs.
Actors Non-EU refinery (issuer of [[Carbon Border Adjustment Credential=]]s); accredited verifier (issuer of carbon verification credential); EU importer (holder); EU customs / CBAM authority (verifier).
Regulatory context[[CBAM]] (Reg. EU 2023/956), full implementation from 2026; requires importers to declare verified embedded direct and indirect emissions of covered goods.
Preconditions
  • The non-EU refinery holds a [[DID-CORE]] identifier and has completed a third-party carbon verification audit.
  • The accredited verifier holds a [[DID-CORE]] identifier recognized in the EU CBAM accredited verifier registry.
  • The shipment lot is identified by combined TARIC code and lot number.
Normal flow
  1. For each refined metal lot, the refinery issues an ObjectEvent [=Carbon Border Adjustment Credential=] containing: lot identifier, TARIC commodity code, direct emission factor (tCO₂e per tonne), indirect emission factor, calculation boundary (Scope 1 / Scope 2), calculation methodology reference, and reporting period.
  2. The accredited verifier issues a carbon verification credential referencing the refinery's credential, confirming the calculation was independently verified under the applicable [[CBAM]] verification standard, and providing the verifier's DID and accreditation certificate reference.
  3. The EU importer assembles a CBAM reporting presentation containing both credentials and submits it via the EU CBAM registry API alongside the customs import declaration.
  4. The CBAM authority verifies: refinery DID, verifier DID (in EU accreditation registry), proof validity, emission factor within plausible range for the commodity and production process.
  5. CBAM certificates are calculated automatically from the verified emission factor; manual re-declaration is not required.
Alternative flows
  • Default value fallback: No verified carbon credential is available for a lot. The CBAM authority applies the EU default emission factor for the commodity (typically the 75th percentile of installations in third countries), which is significantly higher than actual. This creates a financial incentive for importers to obtain VSC credentials.
  • Verification credential expired: The carbon verification is more than 12 months old. CBAM authority rejects the credential and applies the default value for that lot.
Postconditions Importer has fulfilled [[CBAM]] Art. 6 declaration obligation for the shipment with verified emission data; CBAM certificate cost reflects actual embedded emissions.
Failure modesFabricated emission factors; verifier DID not in EU accreditation registry; credential replay from a prior shipment with different emission profile.
Derived requirementsREQ-CM-F1, REQ-CM-F3, REQ-CM-F5, REQ-CM-F7, REQ-CM-F8, REQ-CM-NF2, REQ-CM-NF3

UC-CM-5: ASM Cooperative Inclusion in Responsible Sourcing Programs

GoalAn artisanal and small-scale mining (ASM) cooperative in the Democratic Republic of Congo enables its member miners to issue verifiable mine-site declaration credentials using a mobile-compatible, low-bandwidth [[DID-CORE]] method, so that their cobalt lots can enter a responsible sourcing program and command a premium from a European buyer.
Actors Individual ASM miners (leaf issuers of miner-level declarations); ASM cooperative (aggregating issuer of cooperative-level lot credentials); NGO field auditor (issuer of cooperative audit credential); European cobalt buyer (verifier).
Regulatory context[[OECD-DD]] Annex II (CAHRA due diligence); [[EU-BATTERY-REG]] Art. 52 (cobalt due diligence); [[RMI-RMAP]] ASM pathway; ICMM ASM guidance ([[ICMM-FRAMEWORK]]).
Preconditions
  • Each miner in the cooperative has been registered in a mobile-accessible DID registry and issued a personal [[DID-CORE]] identifier via the cooperative onboarding program.
  • The cooperative holds a [[DID-CORE]] identifier registered in the [[RMI-RMAP]] ASM pathway registry.
  • The NGO field auditor holds a [[DID-CORE]] identifier in the same registry.
  • The cooperative's mobile coordinator app supports offline credential signing with sync on reconnection.
Normal flow
  1. Each miner tags their daily output with a unique lot tag (QR code, RFID, or handwritten serial). Using the cooperative mobile app, the miner's personal DID signs an ObjectEvent declaration credential for that daily output lot: miner DID, location (GPS or approximate site name), mineral type, estimated mass, date.
  2. The cooperative coordinator collects individual miner credentials and aggregates daily outputs into a weekly collective lot. The cooperative issues an AggregationEvent credential listing input miner-lot credentials and total mass.
  3. The NGO field auditor makes quarterly site visits and issues an audit credential for the cooperative covering: site safety compliance, child labour checks, chain-of-custody procedure adherence, and [[OECD-DD]] Step 3 assessment outcome.
  4. At sale, the cooperative assembles a [=Verifiable Presentation=] containing the collective lot credential and the current audit credential and presents it to the European buyer's procurement system.
  5. The buyer verifies: cooperative DID in RMAP ASM registry, auditor DID authorized, audit not expired, lot mass plausible against historical baseline.
  6. On successful verification, the buyer pays a responsible sourcing premium and logs the presentation as [[EU-BATTERY-REG]] due diligence documentation.
Alternative flows
  • Offline operation: A miner in a remote area has no connectivity for three days. Credentials are queued locally, signed with a time-locked DID key, and synced to the cooperative server on reconnection. The verifier checks that the credential's validFrom timestamp precedes the sync timestamp.
  • Lost or stolen DID device: A miner reports their device lost. The cooperative rotates the miner's DID key. All previously valid credentials remain valid (signed under the prior key, valid at issuance time). The verifier's policy accepts credentials signed by keys valid at issuance.
  • New cooperative joining: A new cooperative applies to join the [[RMI-RMAP]] ASM pathway. Until registered, its credentials cannot be verified against the RMAP trust framework. The buyer's policy applies a provisional category with additional manual due diligence during the onboarding window.
Postconditions
  • ASM cooperative lot has a verifiable, timestamped credential chain from individual miner output to aggregate lot.
  • European buyer holds OECD Step 3 due diligence documentation sufficient for [[EU-BATTERY-REG]] Art. 52 cobalt compliance.
  • ASM miners receive a responsible sourcing premium, creating economic incentive for continued participation.
Failure modesMass inflation (cooperative claims more output than verifiable individual miner lots support); miner DID key compromised; cooperative not yet registered in RMAP registry; audit credential issued by NGO not authorized in applicable trust framework.
Derived requirementsREQ-CM-F1, REQ-CM-F2, REQ-CM-F3, REQ-CM-F4, REQ-CM-F9, REQ-CM-NF1, REQ-CM-NF2, REQ-CM-NF3

Requirements

All base requirements from [[VSC-REQUIREMENTS]] (REQ-F1 through REQ-F9 and REQ-NF1 through REQ-NF5) apply in full to VSC Critical Minerals Profile implementations. The requirements below are additional to those base requirements, identified by the prefix REQ-CM-. Each requirement carries a unique identifier to support traceability to use cases (see ) and to future conformance tests.

Functional Requirements

REQ-CM-F1 — Mine-Site Declaration Credential Schema

VSC Critical Minerals Profile implementations MUST define a normative credential schema for mine-site declaration credentials, extending the ObjectEvent [[EPCIS20]] mapping with the following fields:

  • mineSiteId: [[DID-CORE]] URI of the [=Mine Site=].
  • commodityType: [[CRMA]]- or [[USGS-2025]]-registered mineral identifier.
  • extractionLocationGeoJSON: GeoJSON polygon (not just a point) representing the mine-site boundary, enabling [[OECD-DD]] CAHRA geographic checks.
  • extractionStartDate / extractionEndDate: Date range for the lot, as xsd:date.
  • lotMassKg: Declared dry mass in kilograms.
  • gradePercent: Assay grade as percentage (MAY be disclosed selectively).
  • miningMethodCode: Controlled vocabulary value (e.g., underground, open_pit, asm).
  • auditCredentialRef: Reference to a current, valid audit credential (SHOULD).

Testability: A conformance test MUST verify that a credential schema instance validates against the normative JSON Schema and that all required fields produce non-null values.

REQ-CM-F2 — ESG Attribute Credential Schema

VSC Critical Minerals Profile implementations MUST define a normative schema for [=ESG Attribute Credential=]s. An [=ESG Attribute Credential=] MUST include:

  • subjectLotId: Identifier of the [=Mineral Lot=] or [=Mine Site=] to which the ESG claim applies.
  • esgDimension: Controlled vocabulary entry from a defined list (e.g., carbonFootprint, humanRightsDueDiligence, conflictFree, waterUsage, childLabourCompliance).
  • assessmentStandard: URI of the applicable standard (e.g., [[OECD-DD]], [[RMI-RMAP]], ISO 14064).
  • assessmentOutcome: Controlled vocabulary outcome (e.g., conformant, conditionallyConformant, nonConformant).
  • assessmentDate: Date of assessment or verification.
  • validUntil: Expiry date of the credential (MUST).
  • auditorDid: [[DID-CORE]] URI of the [=Third-Party Auditor=] (MUST where third-party verification is required; SHOULD for self-declaration).

Testability: A conformance test MUST verify that an [=ESG Attribute Credential=] with a past validUntil date fails verification.

REQ-CM-F3 — Transformation Credential for Blending and Refining

VSC Critical Minerals Profile implementations MUST define a normative TransformationEvent credential schema for smelter and refinery operations. This schema MUST support:

  • Multiple input lot credentials (each with lot ID, mass fraction, and credential reference), supporting blending from N source lots.
  • Multiple output lot credentials, supporting split-output refinery products (e.g., cobalt sulfate and cobalt hydroxide from one input).
  • A traceabilityMethodCode field with values chainOfCustody or massBalance.
  • Where massBalance is declared: a massBalanceAttribution sub-object containing responsible mass percentage, calculation period, and methodology URI.
  • A processingFacilityDid field (MUST) referencing the [[DID-CORE]] identifier of the [=Processing Facility=].
REQ-CM-F4 — OECD CAHRA Geographic Binding

Mine-site declaration credentials (see REQ-CM-F1) MUST include a GeoJSON polygon for the mine-site boundary. VSC Critical Minerals Profile verifiers SHOULD implement or integrate a geographic policy check that evaluates mine-site polygon coordinates against the current [[OECD-DD]] Annex II CAHRA list and surfaces a specific CAHRA-risk flag (not a generic verification failure) when a coordinate intersection is detected. The CAHRA check MUST NOT cause automatic rejection; it MUST trigger an enhanced due-diligence workflow in the verifier's policy engine.

REQ-CM-F5 — Third-Party Audit Credential Integration

VSC Critical Minerals Profile implementations MUST support referencing one or more [=ESG Attribute Credential=]s from within a mine-site declaration credential or transformation credential via a auditCredentialRef property. Verifiers MUST resolve and validate referenced audit credentials as part of the verification flow for the parent credential. A parent credential whose referenced audit credential is expired or revoked MUST be treated as unverified with respect to the ESG dimensions covered by that audit.

REQ-CM-F6 — Carbon Footprint Credential Schema

VSC Critical Minerals Profile implementations MUST define a [=Carbon Border Adjustment Credential=] schema aligned with [[CBAM]] Art. 7 reporting requirements. This schema MUST include: TARIC commodity code; direct emission factor (tCO₂e per tonne of output); indirect emission factor; Scope 1 / Scope 2 boundary declaration; calculation methodology URI; reporting period; and a reference to a third-party carbon verification credential. The credential MUST include a validUntil of no more than 12 months from the verification date.

REQ-CM-F7 — Battery Passport Composition Alignment

VSC Critical Minerals Profile credential schemas MUST be designed so that their field values can be directly mapped to [[GBA-BATTERY-PASSPORT]] and [[EU-BATTERY-REG]] Annex XIII data fields without loss of required data. The VSC Community Group SHOULD publish and maintain a normative mapping table from VSC Critical Minerals credential fields to [[EU-BATTERY-REG]] Annex XIII fields. Battery Passport assemblies MUST be realizable as [[VSC-REQUIREMENTS]] [=Verifiable Presentation=]s.

REQ-CM-F8 — Recycled Content Credential

VSC Critical Minerals Profile implementations MUST support a recycled content declaration as a normative extension to the ObjectEvent credential schema for secondary mineral lots. This extension MUST include: recycledContent: true; recyclingOperatorDid (the [[DID-CORE]] identifier of the recycling facility); feedstockType (controlled vocabulary: e.g., endOfLifeBattery, industrialScrap, miningWaste); and a reference to a third-party verification credential where required by [[EU-BATTERY-REG]] Art. 8.

REQ-CM-F9 — ASM-Compatible Credential Issuance

VSC Critical Minerals Profile implementations MUST NOT require credential issuance mechanisms that are incompatible with mobile-only, intermittent-connectivity environments. Specifically:

  • The DID method(s) used for [=ASM Actor=] identifiers MUST be operable from a mobile device with a 2G or better connection for DID registration and key publication.
  • Credential signing MUST be possible offline (with sync-on-reconnect), using time-locked key material where the DID document supports versioning.
  • The credential schema for ASM miner-level declarations (see REQ-CM-F1, miningMethodCode: asm) MAY omit assay grade (gradePercent) and precise GPS polygon fields where the ASM actor can only supply an approximate site identifier; such omissions MUST be flagged in the credential's credentialStatus extension for downstream verifier awareness.

Non-Functional Requirements

REQ-CM-NF1 — Multi-Tier Chain Support at Scale

VSC Critical Minerals Profile implementations MUST support event chains spanning at minimum seven distinct value chain tiers (mine → concentrator → smelter → refiner → precursor producer → cathode manufacturer → cell manufacturer) without degradation of verification performance. Total chain verification time (resolving all DIDs, validating all proofs, checking all revocation statuses) for a seven-tier chain SHOULD complete in under 10 seconds on commodity hardware with reasonable network latency.

REQ-CM-NF2 — Commercially Sensitive Data Protection

VSC Critical Minerals Profile credential schemas MUST be designed so that each commercially sensitive field (supplier identity, pricing, assay grade, processing yields, and trading relationships) can be independently omitted via selective disclosure without invalidating the proof over disclosed fields. Verifier policies published under applicable regulatory frameworks (e.g., [[EU-BATTERY-REG]] Annex XIII) SHOULD specify the minimum field set required for compliance, and implementations MUST NOT require disclosure of fields beyond that minimum.

REQ-CM-NF3 — Regulatory Completeness Checking

VSC Critical Minerals Profile verifier implementations SHOULD provide a structured, machine-readable compliance report when verifying a [=Battery Passport=] presentation, identifying for each [[EU-BATTERY-REG]] Annex XIII required field: whether a credential providing that field was present, verified, and non-expired. The report MUST distinguish between missing credential (not provided), unverifiable credential (present but proof or DID resolution failed), and expired credential (present and verifiable but past validUntil).

Requirements Traceability

The matrix below maps each critical-minerals use case to the additional requirements (REQ-CM-*) it motivates. Base VSC requirements (REQ-F* and REQ-NF* from [[VSC-REQUIREMENTS]]) apply to all use cases and are not repeated here.

Requirement UC-CM-1 UC-CM-2 UC-CM-3 UC-CM-4 UC-CM-5
REQ-CM-F1
REQ-CM-F2
REQ-CM-F3
REQ-CM-F4
REQ-CM-F5
REQ-CM-F6
REQ-CM-F7
REQ-CM-F8
REQ-CM-F9
REQ-CM-NF1
REQ-CM-NF2
REQ-CM-NF3

Security Considerations

All security considerations in [[VSC-REQUIREMENTS]] and [[VC-DATA-MODEL]] apply. The following additional threats are specific to critical minerals supply chains, assessed using the [[STRIDE]] framework and [[NIST-800-30]] severity methodology.

ID Threat STRIDE Severity Mitigation Req.
T-CM-1 Geographic spoofing: An attacker provides false GPS coordinates in a mine-site credential, placing a CAHRA-located mine outside the risk zone, or attributing material to a compliant mine they do not operate. Spoofing / Tampering Critical Mine-site DID documents SHOULD include a serviceEndpoint for satellite imagery verification (e.g., integration with public remote sensing APIs) so verifiers can cross-check the declared polygon against publicly available land-use data. Audit credentials (REQ-CM-F5) MUST include physical verification of the mine boundary. CAHRA geographic checks (REQ-CM-F4) MUST be run on every mine-site credential. REQ-CM-F1, REQ-CM-F4, REQ-CM-F5
T-CM-2 Mass inflation / over-attribution: A refinery or cooperative claims to have received more responsible-attributed mass than the verified input credentials can account for, inflating the responsible percentage for downstream buyers. Tampering High Transformation credential schemas (REQ-CM-F3) MUST enforce a conservation-of-mass constraint: the sum of declared input masses MUST be ≥ the declared output mass (accounting for processing losses stated in the methodology URI). Verifiers SHOULD implement a mass-balance audit function that checks this constraint across all input lot credentials in a transformation event. REQ-CM-F3, REQ-CM-NF1
T-CM-3 Laundering through non-RMAP smelters: Material from a non-compliant mine is routed through a compliant smelter and mixed with legitimate lots. The smelter's mass-balance credential masks the non-compliant origin. Elevation of privilege High Transformation credentials MUST list all input lot credential references, not just responsible-certified lots. Verifiers MUST distinguish "responsible-attributed percentage" from "all inputs verified." A smelter that omits uncertified input lots from its transformation credential is committing a fraudulent attestation, detectable by cross-referencing total declared input mass against the verified responsible input mass sum. REQ-CM-F3, REQ-CM-F5
T-CM-4 Audit credential forgery: A fraudulent actor creates a fake audit credential purportedly issued by an [[RMI-RMAP]]-accredited auditor, using a DID that is not actually registered in the RMAP trust framework. Spoofing High Verifiers MUST check the auditor DID against the authoritative [[RMI-RMAP]] / [[ICMM-FRAMEWORK]] trust framework registry before accepting any audit credential (REQ-CM-F5). Trust framework registries SHOULD be hosted as publicly resolvable DID documents or Verifiable Data Registries to enable automated, real-time lookup. REQ-CM-F2, REQ-CM-F5
T-CM-5 Carbon factor manipulation: A refinery inflates its declared direct emission factors or manipulates the calculation boundary to reduce [[CBAM]] certificate costs for importers. Tampering Medium Carbon footprint credentials (REQ-CM-F6) MUST include a reference to a third-party carbon verification credential signed by a verifier registered in the EU CBAM accredited verifier registry. CBAM verifiers SHOULD apply an anomaly detection check: emission factors outside the interquartile range for the commodity and production process type SHOULD trigger escalation. REQ-CM-F6, REQ-CM-NF3
T-CM-6 ASM device compromise: A miner's mobile device or DID key material is stolen or cloned, enabling fraudulent credential issuance in the miner's name. Spoofing Medium ASM DID methods SHOULD support key rotation, with cooperative coordinators acting as key-recovery guardians. The cooperative's verification system SHOULD flag credentials signed after a reported key compromise. Time-locked offline signing SHOULD include a device attestation or biometric binding where the mobile platform supports it (optional; SHOULD NOT be a hard requirement that excludes low-cost devices). REQ-CM-F9
T-CM-7 Supply chain data correlation: Adversaries monitoring credential presentations correlate mineral supply relationships, quantities, and trading partner identities across competing enterprises. Information disclosure Medium Selective disclosure (REQ-CM-NF2) MUST be applied to conceal commercially sensitive fields in each presentation. Pairwise [[DID-CORE]] identifiers SHOULD be used for bilateral trading relationships. Verifiers SHOULD NOT log full credential content beyond what is required for the specific compliance purpose. REQ-CM-NF2

Privacy Considerations

All privacy considerations in [[VSC-REQUIREMENTS]] and [[VC-DATA-MODEL]] apply. The following additional considerations apply specifically to the critical minerals domain:

Future Work

This section is non-normative.

VSC Critical Minerals Core Data Model
Normative JSON-LD context documents and JSON Schema definitions for all credential types defined in this profile, including mine-site declaration, ESG attribute, mass-balance transformation, carbon footprint, and recycled content schemas.
CRMA / EU Battery Regulation Annex XIII Mapping Table
A normative, field-by-field mapping from VSC Critical Minerals credential properties to [[EU-BATTERY-REG]] Annex XIII required data elements and [[GBA-BATTERY-PASSPORT]] data categories, enabling automated compliance checking (REQ-CM-NF3).
OECD CAHRA Integration Specification
Technical guidance on integrating [[OECD-DD]] Annex II CAHRA geographic data with mine-site credential GeoJSON polygon verification, including a recommended API contract for CAHRA-check service providers.
ASM Credential Issuance Profile
A specification for lightweight [[DID-CORE]] method selection, mobile wallet integration, and offline signing for [=ASM Actor=]s, addressing REQ-CM-F9 in detail with reference implementations.
VSC Critical Minerals Interoperability Test Suite
Conformance tests covering all REQ-CM-F* and REQ-CM-NF* requirements, including mass-conservation checks, CAHRA geographic intersection tests, and [[EU-BATTERY-REG]] Annex XIII completeness evaluation.
Liaison with Global Battery Alliance (GBA)
Formal coordination with the [[GBA-BATTERY-PASSPORT]] technical working group to align VSC Critical Minerals credential schemas with the GBA Battery Passport data specification and ensure mutual recognition in EU type-approval workflows.

Contributing to this Document

This section is non-normative.

All contributions welcome — here is how to get started.

You do not need to be a W3C Member to contribute. The VSC Community Group is open to all. Join at w3.org/community/vsc/join and accept the W3C Community CLA.

Priority Contribution Areas

The VSC Community Group is actively seeking contributions in the following areas for the Critical Minerals profile:

Filing Issues

Open an issue at github.com/w3c-cg/vsc/issues. Please:

Pull Requests

Meetings

The VSC Community Group meets bi-weekly. Agendas and minutes are published to the public-vsc mailing list and the GitHub repository's meetings folder. The Critical Minerals sub-group may schedule additional focused calls; announcements will be made on the same mailing list.

Acknowledgments

The editors thank the participants of the Verifiable Supply Chain Community Group for their contributions and review. This document draws on regulatory text from [[CRMA]], [[EU-BATTERY-REG]], [[EU-CSDDD]], [[CBAM]], and [[OECD-DD]]; industry frameworks from [[RMI-RMAP]], [[GBA-BATTERY-PASSPORT]], and [[ICMM-FRAMEWORK]]; and the IEA–OECD [[OECD-TRACEABILITY]] report. W3C specification methodology is informed by [[SHACL-UCR]] and [[DWBP-UCR]]. The ASM-inclusive design in UC-CM-5 and REQ-CM-F9 was informed by analysis of OECD Forum on Responsible Mineral Supply Chains proceedings (2024–2025).