Roadmap — Phase 1 of 2 live

Governance

HSK Passport uses an OpenZeppelin TimelockController with a 48-hour delay on parameter changes, deployed and operational on testnet. Multi-sig proposer migration (3-of-5 Safe) is scheduled but not yet live — protocol ownership currently rests with the deployer wallet, tracked publicly on-chain.

Current status: Timelock deployed and operational. Multi-sig handoff and full parameter-change enforcement are part of the mainnet roadmap.

Architecture

┌──────────────┐         ┌─────────────────┐         ┌──────────────┐
│ 3-of-5 Safe  │ propose │   Timelock      │ execute │   Protocol   │
│ (proposers)  │────────>│   48h delay     │────────>│   contracts  │
└──────────────┘         └─────────────────┘         └──────────────┘
                                  │
                                  │ (anyone can execute after delay)
                                  v
                         Public transparency:
                         - scheduled() events
                         - 48h review window
                         - revocation via Safe during window

Deployed Governance Contracts

HSKPassportTimelock
OpenZeppelin TimelockController with 48h MIN_DELAY
0xb07Bc785...863D8A
IssuerRegistrymainnet
Staking + slashing (mainnet, chain 177)
0xf109cBe3...5868e9
HSKPassportmainnetsafe-mode
Deployed inert on chain 177 (0 groups, deployer-only issuer) — activates after third-party audit
0x5E99a3a1...320A9e
Mainnet Timelockmainnet
OpenZeppelin TimelockController on chain 177 — holds slashingAuthority on IssuerRegistry, 48h MIN_DELAY
0xd09e8Aec...34CFE9
Safe
3-of-5 multi-sig (to be deployed on mainnet)
Q2 2026

Issuer Staking Tiers

Community
Tier 1
0 HSK

No stake required. Limited to community credential groups (not regulated KYC).

KYC Provider
Tier 2
1,000 HSK

Can issue KYC credentials. Subject to reputation tracking and slashing for misissuance.

Institutional
Tier 3
10,000 HSK

Full protocol permissions: accredited investor, institutional credentials, custom groups.

What's Governable

Issuer approvals
Adding new Tier 1/2/3 issuers to the registry
Credential schemas
Registering new credential types with JSON-LD schemas
Validity periods
How long credentials remain valid before re-verification
Reputation points
How many points each credential type is worth
Stake thresholds
HSK required for each issuer tier
Slashing
Slashing issuers who misbehave (via governance vote)
Timelock delay
Minimum delay for parameter changes
Protocol ownership
Transfer ownership (e.g., to DAO in Q4 2026)

Migration to DAO

Q2 2026: 3-of-5 Safe with core contributors as signers

Q3 2026: Expand to 5-of-9 with ecosystem representatives

Q4 2026: Migrate to on-chain Governor with token-weighted voting

2027: Full DAO with treasury and protocol upgradeability under governance