You Are Not a Trust Score
- Joeri Torfs

- Jun 30
- 5 min read

Verification can prove who you are. It can't show whether you can be relied on.
You can do everything the system asks and still not be trusted. Verified, credentialed, licensed, screened, background-checked, your identity proven beyond reasonable doubt. And still the person on the other side, the one deciding whether to hand you the contract or the keys or the responsibility, does not actually know the thing they need to know. None of what was verified answers it. They know who you are. They do not know whether, when the work gets hard or the stakes turn real, you will carry it through.
This is the half of the trust crisis that the reusable-credential answer doesn't touch. A better way to prove attributes, portable and private and verified, is real progress, and it solves a real problem. But proving an attribute and earning reliance are different acts, and the emerging identity industry keeps treating the first as though it were the second.
The quiet leap
The trust-bureau model makes a quiet, consequential leap. It takes "this claim is valid" and converts it into "this person is acceptable." Those are not the same statement, and the gap between them is where trust actually lives.
A credential can prove you hold a license; it can't prove you are careful with it. A background check can show that no disqualifying event appears in the record; it can't show that you carry responsibility well. A verified résumé can prove a real human submitted it; it can't prove that human shows up when the work stops being easy. This is not a flaw in credentials. It is their boundary. A credential is built to verify a claim. It was never built to contain a life.
Everyone wants compression
The trouble starts when a verified claim becomes a portable proxy for the whole person, and it starts because everyone in the system wants the same thing: compression. The company wants a signal, not a history. The employer wants a threshold, not a story. The user wants portability, not to repeat the process for the hundredth time. So the industry's answer compresses a person into a reusable object, and increasingly into a single number, a trust score that travels.
But compression into one universal figure is precisely where a person gets distorted. The more general the trust object, the more context it erases. A safe driver, a reliable treasurer, a careful caregiver, a competent builder, and a responsible steward of something shared are not the same claim. They carry different risks, answer to different witnesses, rest on different evidence, and produce different consequences when they fail. A universal score flattens all of it onto one axis.
We have run this experiment already. Credit scoring took financial behavior, compressed it into a number, and then let unrelated institutions import that number as though context didn't matter: landlords, employers, and insurers all reading one figure that was built for something else entirely. A single trust score for human reliability repeats the move across the rest of life. Efficiency is not legitimacy. A person becomes legible because they have been scored; a company feels safe because it checked the score; the score travels because it is portable. And if that score becomes the entry ticket, losing it becomes a form of economic exile, decided by whoever administers the number. A smoother gate is still a gate. A portable gate is worse.
What a credential can't carry
The missing layer is not another credential, and it is emphatically not a better score. It is a record of consequence: what an actor committed to, what actually happened afterward, who witnessed it, what value came back, what responsibility was carried or left open, and what was fulfilled over time.
That is a different kind of object than a credential, and the difference changes the architecture. A credential says a claim was issued; a record of consequence says a commitment was carried. One verifies status; the other evidences follow-through. One can be issued in a moment; the other can only accumulate through duration. A credential can certify that someone is permitted to steward an asset. Only a record of what they actually did can show whether they stewarded one well. This is the Ledger of Consequence, and it is the thing a trust score was standing in for all along, badly, by flattening it into a number.
A reading, not a verdict
None of this makes scoring the enemy. Compression is often necessary and entirely legitimate. An insurer has to price risk. A lender has to decide. A counterparty has to choose. Each of them will reduce what they know about you to something they can act on, and each of them should. The question was never whether anyone compresses you. It is what the compression is, and whether you can walk away from it.
There is a world of difference between a reading and a verdict. An insurer that computes its own score from your record of consequence is making a reading: built for one purpose, derived from evidence that still exists beneath it, and binding on no one else. If you do not like how that insurer reads you, the same record is there for a competitor to read differently. The score is something a party does with your record. It is not something you become. And because the record itself belongs to no one, no scorer can hold it hostage. The moment one tries to make its reading the only reading, you are free to be read elsewhere.
A universal trust score is the opposite on every count. It detaches from the record and becomes the thing itself. It is computed once and imported everywhere by parties who never look beneath it. There is no second opinion to seek, because the entire point was that everyone reads the same number. That is when a reading hardens into a verdict, and a service becomes a gate.
So the test is the one that separates a custodian from a gatekeeper: can you leave? A scorer you can leave is a service. A score you cannot leave is what you become.
Agents need this more, not less
If this matters for people, it matters for agents even more. An agent can be verified, credentialed, and provably continuous across deployments, and still leave unanswered the question that matters: what did it do, under whose constraints, and what changed because it acted? A reusable identity tells you which agent acted. A record of consequence tells you whether to let it near anything that matters again.
The half a score can't hold
Verification is going to get better. The data will move less, the proofs will get cleaner, and proving an attribute without surrendering yourself will become ordinary infrastructure. That is worth having, and it is coming. But none of it reaches the question that decides whether trust is warranted. Proving who someone is, is only ever the beginning of seeing what they have done.
The honest version of this is unfinished. The verifiable-identity stack exists today; a record of consequence that resists being turned back into surveillance is the harder, less-built thing: the frontier, not a finished product. Saying so is the point. The work is real and not yet done.
What it changes, when it is done, is the nature of the thing itself. A score is handed to you by a bureau and can be switched off by one. A record of consequence is built by what you do, witnessed as it happens, and owned by no one, including you. It is the half of identity that no issuer can grant and no intermediary can revoke, because it was never administered in the first place. It was earned.
You are not a trust score. You are the record of what you have carried, and that is the part worth building.


