Here's the scoop: Local governments are finally getting the opportunity to launch some blockchain pilot projects that could actually make a difference. Thanks to some cool advancements in digital identity standards coming in 2024 and 2025, plus cheaper Layer 2 transactions and some great success stories from other cities and states, there's a lot to look forward to! This guide is your go-to resource for decision-makers looking to get all the details right. We'll walk you through the process of designing a pilot program, picking the right architecture, and finding the perfect consultant to fit your needs. Let’s jump right into the success metrics, tackle some important procurement questions, and map out a solid 90-day timeline.

Blockchain for Local Government: How to Scope a Pilot with the Right Consultant

Decision-makers seem to always have one burning question on their minds: What’s actually different since the last hype cycle? Well, here’s the short and sweet answer: things have really started to mature. Standards have improved, prices have dropped, and we’re finally witnessing some legit public sector pilots popping up at both the city and state levels. It's pretty exciting to see these developments taking shape!

So, on March 13, 2024, Ethereum launched its Dencun upgrade, marking the debut of EIP-4844, also known as the "blobs." "This change really slashed data costs for rollups, which is great news for governments looking to use fully functional Layer 2 solutions. Now, it’s way more feasible for them to jump in and take advantage of these technologies." (ethereum.org).

Jump ahead to May 15, 2025, and guess what? The W3C gave the stamp of approval for Verifiable Credentials 2! 0 family as Recommendations. This means we’ve got a really good setup now for keeping our digital credentials--like IDs, permits, and benefits--private and secure. (w3.org).

So, on February 26, 2024, NIST rolled out Cybersecurity Framework 2. This really shines a light on the importance of governance and the risks that come with supply chains. This update provides agencies with a fresh control framework to help them align their blockchain pilot projects. (nist.gov).

You won’t believe this! Real governments are stepping into the game too. In 2024, California's DMV decided to jump on the bandwagon and tokenized an impressive 42 million vehicle titles using Avalanche. How cool is that? In the meantime, Buenos Aires has been busy too! They've added zero-knowledge proofs to their city app with the help of QuarkID on zkSync Era, which means you can now share only the info you want to. Pretty cool, right? (reuters.com).

We've put together a super useful playbook here at 7Block Labs to help you kick off a blockchain pilot in the public sector. Check it out! This guide is here to help you keep your project on track, stick to your budget, and ultimately get it off the ground.

1) Start with problems blockchain is uniquely good at (with fresh examples)

Match High-Friction Civic Workflows to Blockchain Primitives

Blockchain technology has so much potential to really simplify those annoying civic processes that usually drag things out. Let’s jump right into how we can connect those tricky workflows with some of the essential building blocks of blockchain.

Civic Workflow Challenges

We all get it--dealing with public services can often feel like trying to run through thick molasses. Let’s dive into a few common problems you might run into:

Bureaucracy Overload: You know how it goes--waiting forever and drowning in a mountain of paperwork. It's such a hassle!
Lack of Transparency: Sometimes, it's tough to find the information we need, which can leave us feeling a bit lost.
Data Silos: It’s frustrating when key information gets trapped in different systems, making it tricky to share with others.

Blockchain Primitives to the Rescue

Alright, let’s dive into how some cool features of blockchain can help us address these challenges.

1. Smart Contracts

Just picture this: what if you could swap out all that tedious paperwork for automated processes using code? How much easier would that make things? Smart contracts allow you to lay out some terms and conditions that will kick in and run themselves as soon as those conditions are met. It’s like having a little digital helper that takes care of everything for you! This could streamline:.

Licensing and permits
Citizen engagement processes
Public procurement

2. Decentralization

When we share data across a network, we can finally say goodbye to those annoying silos that hold us back. Basically, this means that everyone, whether you’re a regular citizen or part of a government agency, can tap into the same up-to-date information. It’s great for:.

Community voting systems
Public resource allocation
Transparency in spending

3. Immutability

Once something gets added to the blockchain, it sticks around forever. This feature is just right for:

Making sure there's a safe and accessible public record of property deeds.
Checking identities to cut down on fraud.
Building a reliable voting history.

4. Tokenization

Transforming assets into digital tokens can really make a difference in how we handle community resources. It’s a great way to boost efficiency! So, for instance, we could totally use tokens for:

Get rewarded for being active in your community!
Getting access to city services or funding.
Helping local businesses get the word out about their promotions.

Putting It All Together

You know, making those complicated, high-friction workflows work with blockchain isn't just some pipe dream. It's totally possible! Using these technologies, we can really make civic processes smoother, more transparent, and way more efficient--ultimately, they’ll work much better for the community.

Let’s dive in and check out this awesome intersection!

Tamper-proof records where lots of people can see what's going on, but only a few can make changes.
Let’s talk about those digital car titles from the California DMV, for instance. They’ve set up about 42 million tokens to tackle lien fraud, making mobile title transfers a breeze. Instead of taking weeks like it used to, these transfers can now be done in just minutes! Pretty impressive, right? If you want to dive deeper into this topic, take a look at this article here: Reuters.
Verified credentials and choosing what to share. So, in Buenos Aires, there's this awesome app called miBA. It’s a neat little tool that lets people prove they're “over 18” or share documents without having to spill all their personal details. It uses ZK proofs, which is pretty fancy tech that keeps your info safe and sound. Isn’t that cool? You can check out more about it right here: (coindesk.com).
Regulated supply‑chain transparency
Hey there! Just a heads up: starting on February 18, 2027, the EU is rolling out a new requirement for “battery passports.” So, if you’re in the battery game, you’ll need to get on board with this! Volvo has already hopped on the trend by launching their EX90 a bit early. It’s priced at around $10 per vehicle and includes on-chain traceability. Pretty cool, right? Hey, just a heads up--this is definitely something worth paying attention to since it could impact recycling and the way your city handles fleet purchases as well. If you want to dive deeper into the regulations, you can check them out here: (eur-lex.europa.eu).
Using crypto for payments and revenue collection (optional). Hey there! So, guess what? The City of Lugano is stepping up its game by letting folks pay their municipal bills and taxes with Bitcoin and USDT! They’ve made it super easy, too, by incorporating QR codes. How cool is that? They’re not getting rid of the usual payment methods; they’re just throwing in this new option for good measure. Check out all the details right here: (lugano.ch).

Hey, if you don't actually need things like multiparty auditability, user-controlled credentials, or automated compliance checks for what you’re working on, then there's really no reason to force blockchain into the mix.

2) Define crisp, measurable success criteria

Write success before you write code

Before you start coding, it’s super important to figure out what success means for you. A good set of pilot KPIs should be practical, easy to track, and have specific timeframes.

Operational: It's super important to connect your KPIs directly to what your project aims to achieve and the everyday tasks you handle. They’ll help you track how well things are working right on the spot.
Auditable: It's super important that your KPIs are easy to understand and keep tabs on. This way, you can easily check in and see how you're stacking up against your benchmarks.
Time-bound: Make sure to set clear deadlines for your KPIs. Having a timeline helps keep everything on track! Deadlines are super helpful for keeping everything organized and making sure you're hitting your goals on time. They really help keep you focused and moving in the right direction!
Throughput and Cost: The goal is to roll out 5,000 verifiable building-permit credentials in just two months, keeping the average fees below $0. It’s $0.05 for each issuance following Dencun. ” (ethereum.org).
Cycle Time: The goal is to speed up the title-transfer process from taking 10 business days to under 30 minutes for 90% of the transactions, just like the benchmarks the DMV has established. (coindesk.com).
Privacy: We're rolling out an age-gating system that keeps your birthday completely private--no dates of birth will be shown. This will start at two pilot locations, and we're aiming for at least 99% uptime on verification. ” (coindesk.com).
Compliance: Don’t forget to align the pilot controls with the NIST CSF 2. You’ve got a solid framework in place for governing, identifying, and protecting, which is great! Just make sure to pass that internal security review. ” (nist.gov).

Lock KPIs into Your SOW

When you're teaming up with a consultant, it's really crucial to get those KPIs sorted out in your Statement of Work (SOW). Trust me, it makes a world of difference! Be sure they outline a straightforward plan for how they'll set up the instruments, keep you updated on their progress, and eventually pass over the dashboards. It’ll make things a lot smoother!

3) Pick an architecture you can operate

Take a look at this super helpful decision tree that can guide you in choosing a starting pattern!

Are you on the hunt for citizen-facing credentials like IDs, permits, or benefits?

Let's roll with: W3C VC 2. You got a score of 0 for Data Integrity or the JOSE/COSE cryptosuites. You can totally set up a wallet experience that allows you to revoke access through a Bitstring Status List. Plus, you can keep all your schemas and issuers neatly organized on an on-chain registry. It’s a pretty smart way to manage everything! (w3.org).

Are you in need of a secure shared ledger for keeping track of inter-agency records that include personally identifiable information (PII)?

I’d go with Permissioned Ethereum using Hyperledger Besu. It offers cool features like node and account permissioning, plus you can create privacy groups to keep your data under wraps. You can also tie the state to a public L1 or L2 every now and then for a bit of auditing fun! (besu.hyperledger.org).
Looking for a dedicated chain that really aligns with your policies? Think geofenced validators, custom fees, or maybe even specific compliance requirements? You’ve got a couple of cool options here! You could go for an Avalanche Subnet if you want the flexibility of customizing your validator set and need those private subnets. Or, if your team is ready to dive into some EVM fun, a Besu consortium network could be the way to go. It all depends on what fits your needs better! (beiion.com).

Are you on the hunt for low fees and a broad ecosystem, while still wanting to keep things on public networks? If you're looking for options, you might want to check out an Ethereum Layer 2 solution like Optimism, Arbitrum, Base, or Polygon. They all have their unique features and benefits! You'll definitely appreciate how EIP-4844 blobs help keep your costs under control. (ethereum.org).

Here’s a little tip: try mixing off-chain personally identifiable information (PII) with your on-chain commitments. Storing things like credential hashes, revocation registries, and audit anchors on-chain is definitely a smart play. At the same time, it makes sense to keep personal data safe and sound in citizen wallets or agency systems with really strong access controls. Just a good way to balance security and privacy, right?

4) Identity and wallets: what “good” looks like in 2025

With VC 2. Since everything is standardized, it’s a smart move to make sure your pilot lines up with these practices:

Use VC 2. When it comes to data integrity, think about using EdDSA or ECDSA cryptosuites for signing. You might also want to consider JOSE or COSE for those signature needs. And don’t forget to publish your DID and issuer metadata along with some clear procedures for rotating them. It’s all about keeping things secure and up to date! (w3.org).
Make sure to build privacy into your design from the get-go. Think about things like selective disclosure (like just sharing that someone is over 18) and making it so that different pieces of info can’t be linked together. A great example of this at a city level is the QuarkID model from Buenos Aires. (coindesk.com).
So, let's think about how we can recover your account if you lose your phone. We could either go for account abstraction or set up a social recovery system. It’s basically a way to get back into your account easily. Plus, we can suspend credentials using the Bitstring Status List v1, just to keep things secure.

0. (w3.org).

Keeping in mind cross-border harmony: If you're working with companies in the EU, make sure to stay updated on eIDAS 2. So, the EUDI Wallet specs and the rules for putting it into action are set to roll out between 2024 and 2025. And guess what? This applies to everyone, including folks in the U.S. This is all about using a common language for interoperability and procurement. (consilium.europa.eu).

5) Security, privacy, and compliance guardrails (mapped to NIST CSF 2.0)

Map Pilot Controls to CSF 2.0’s Six Functions--Especially the New Govern Function

So, when we're talking about getting those pilot controls to line up with CSF 2, it's all about making sure everything is in sync. You want to ensure that the controls feel just right and work smoothly with the system. It’s like tuning an instrument--once everything’s aligned, the whole operation runs a lot better! To really grasp the six key functions of 0, it’s important to see how each one contributes to the bigger picture--especially now that we’ve got the new Govern function on board. Let me break it down for you in a way that's a little easier to understand:

1. Identify: This step focuses on spotting any weaknesses and getting a good grasp of your surroundings. Consider this as your starting point--it's all about figuring out what potential risks might be hanging around.

2. Protect: Now that you've spotted some potential threats, it's time to strengthen your defenses. This role is all about putting in place protective measures to keep our essential assets safe.

3. Detect: This is your spot to stay on top of everything. You're setting up ways to catch when things start to go off track. Staying aware and in the loop is key.

4. Respond: Alright, so now that you’ve set up your detection systems, it's go time! Let’s get moving. This function lays out how to handle incidents when they pop up. Quick reactions can really change the game!

5. Recover: Once something happens, it’s important to regroup and get everything back on track. Here, we’re focusing on recovery plans and figuring out how to get everything back on track without a hitch.

6. Govern: And last but definitely not least, let’s talk about the new kid on the block--Govern! This role is all about keeping an eye on your cybersecurity game and making sure everything’s up to snuff with your compliance strategies. It really pulls everything together by making sure that everyone sticks to the policies and practices in place.

When you really get how pilot controls work with each of these functions, you can build a much smoother and more effective cybersecurity strategy.

Govern: First off, it's really important to appoint a senior risk owner who will take responsibility for this. You should also clearly outline your data categories, distinguishing between things like personally identifiable information (PII) and public records. Don’t forget to map out your breach notification procedures too! For more info, head over to the NIST website. There's a lot more to explore there!
Identify: Let’s dive into the details of threat modeling when it comes to smart contracts, wallets, and APIs. We’ll break it down and really explore what’s going on under the hood. Hey, just a quick reminder to make sure you jot down any potential risks from third parties. This includes things like RPC, custody issues, and the mobile operating systems. It's super important to keep track of those! If you're looking for more info, check out this NIST article. It’ll give you a deeper understanding of what’s going on!
Protect: Always go for the least-privilege access principle. It helps keep things secure by only giving people the permissions they really need. When you’re working with permissioned ledgers, it’s a good idea to create node or account allowlists in Besu. And don't forget to jot down your emergency revocation runbooks. It’ll save you a ton of headache down the road!
Check out this super handy guide on Besu. It’s a great way to get the lowdown on using local permissioning, and I think you’ll find it really useful. Dive in!
Detect/Respond/Recover: Set up some on-chain monitoring--like keeping an eye on event logs and getting alerts for any weird stuff that pops up. Oh, and don’t forget to have some backup RPC endpoints on standby, just in case! Hey, just a quick reminder about those disaster recovery exercises! When it comes to your credential systems, it’s a good idea to run a simulation for key rotation and revocation at least once during the pilot phase. Trust me, it’ll help you catch any issues early on!

Don't forget to add a quick note about data protection in your RFP! You could say something like, “We ensure that we don’t keep any personally identifiable information (PII) on the blockchain. All personal data is kept safe and sound off-chain, whether it's in citizen wallets or agency systems.” It's an important point to highlight! The on-chain data is kind of restricted to just non-reversible hashes and revocation lists. ”.

6) Reference architectures you can copy

A) Digital Permits and Licenses (VC 2) 0 + L2 Anchor).

So here’s the deal: there’s this agency that connects with a VC and hands over a 2. You've got zero credentials for a citizen wallet. After that, the verifier apps dive into the issuer's DID to see if there are any revocations in play. We've got the revocation list saved on an Ethereum Layer 2, and we're using EIP-4844 to help keep those costs nice and low. (ethereum.org). Here’s the scoop on why this approach is effective: Selective disclosure is a smart way to keep personal information in check, which is super important. Plus, the offline-first verification process is totally manageable. On top of that, the whole operation is pretty simple for the city to handle.

B) Asset and Title Registries (Dedicated Chain plus a Public Anchor).

So, the consortium ledger, whether it’s running on Besu or an Avalanche Subnet, is in charge of keeping tabs on the title state. It regularly connects hashes to either Ethereum or the Avalanche C-Chain. The citizen app is all about showcasing evidence, and you know what? Those DMV-style workflows really work well in this setup. California's testing really shows that it can work and hit those performance goals. (reuters.com).

C) Battery Passport / Regulatory Data Exchange (Supply-Chain Traceability)

Okay, so here’s how it works: Manufacturers and recyclers share their verified info in a passport registry. The city then steps in to ensure that the procurement rules are being followed and keeps tabs on how the municipal fleet is doing in terms of compliance. Plus, you've got GBA pilots and EU regulations that lay out the rules and specify the data fields we need to keep everything running smoothly. (globalbattery.org).

D) City Wallet and Service Access (ZK Privacy).

Flow: The city app gives out digital IDs and benefits to residents while allowing them to privately confirm their eligibility, like showing proof of income or where they live, all thanks to zero-knowledge proofs. Right now, miBA in Buenos Aires is pretty much the best example we have of this happening across an entire city. (coindesk.com).

7) Budgeting and a realistic 90‑day pilot plan

Based on what we've observed, a typical civic pilot usually runs anywhere from around $180,000 to $450,000. The cost can really vary based on a few things. It all comes down to how complicated the identity setup is, what kind of integrations you’re looking for--like if you need a CRM or case management system--and how you want the mobile user experience to feel. Alright, here’s a simple yet effective 90-day plan to kick things off!

Weeks 1-2: Getting to Know Each Other and Making Sure We’re Together on the Rules. First things first, let’s confirm those KPIs! Take some time to map out the different data categories you’re working with. Once you've got that down, choose a chain pattern that really suits your needs. After that, it’s all about drafting a threat model to keep everything secure. Finally, tie it all together by wrapping up the Statement of Work (SOW) with some solid acceptance tests that are linked to those KPIs. Let’s make sure everything's covered!
Weeks 3-4: Getting Into Identity and Schema. Alright, so first off, we need to nail down the credential schemas. Then, we’ll get the issuers registered and put together a status list. After that, we should decide on a wallet user experience and figure out some recovery flows that align with VC 2. Sounds good? 0 cryptosuites. Take a look at this link: (w3.org). It's pretty interesting!
Weeks 5-6: Diving into Chains and Integrations. Alright, let’s get rolling on setting up the L2/consortium network! We need to tackle a few things, like setting up our continuous integration and delivery (CI/CD) systems. Plus, let’s make sure we implement revocation and anchoring. We also need to link the pilot database to the issuance service. And hey, let’s not overlook the importance of observability and keeping those audit logs in check! This is going to be great.
Weeks 7-8: Getting Started with Pilot Users and Training.

During these weeks, we'll be bringing in our pilot users and rolling out some training sessions. It's a chance for us to see how everything’s working in real-world scenarios and to help our users get comfortable with the new system. Alright, it’s time to gear up! You’ll want to bring in anywhere from 100 to 500 participants. Don’t forget to launch those verifier apps or web components. And let's not overlook running a tabletop security exercise to see just how ready everyone is!

Weeks 9-10: Time to Measure and Strengthen. Alright, let's keep our eyes on those throughput and cost KPIs--don't forget to grab that fee data after the Dencun updates! Also, let’s make sure we load-test everything thoroughly and run some simulations for key rotation and revocation too. More info here: (ethereum.org).
Weeks 11-12: Wrap-Up and Move Forward.
And finally, it's time to roll out the CSF 2! We've got a clean slate with zero control mappings, playbooks, and a solid plan for what's next--whether we decide to ramp things up or wind down the project. If you want to dive deeper into this, take a look here: (nist.gov). Happy reading!

8) How to choose the right consultant (what to put in your RFP)

When evaluating vendors, it’s best to judge them based on real evidence rather than just their sales pitch. Don't forget to grab these artifacts right from the get-go!

Public Sector References: Try to find active systems that are a lot like your pilot project. This could be anything from DMV-style registries to city-wide VC issuance, or really any system that involves regulated traceability.
Standards Check: Make sure to have a good look at VC 2. I don’t have any hands-on experience with DID methods or any implementations to share. It’s really useful to check out some examples of the credential schemas and revocation registries they’ve provided. If you want to dive deeper into this, just check out w3.org. They've got all the details you need!
Security and Compliance: Make sure they know how to align their tasks with the NIST Cybersecurity Framework Version 2. 0 framework. Check out some example threat models and see if there’s any solid proof that they’ve successfully run permissioned networks. You might want to look into things like Besu node or account allowlisting runbooks for some real-world insights. For more info, check out besu.hyperledger.org. It’s got all the details you need!
Chain Pragmatism: It’s important for them to break down their reasoning behind picking L2, permissioned, or subnet options, especially when factoring in the overall cost of ownership. Also, it's really important for them to understand how EIP-4844 affects fees and data retention. If you’re looking to dive deeper, I recommend checking out ethereum.org. It's got some great info!
Exit Strategy: It's super important to chat about how you'll handle data exports--what formats will they use? Plus, you definitely want to have a solid plan for migration down the line. And don't forget to get a feel for their licensing approach--opting for open standards can really save you from being stuck in a tough spot later on!

Copy/Paste RFP Questions

When you’re working on your RFP, here are a few questions you might want to think about:

General Information

1. Can you share what your organization's mission and vision are? 2. Sure! Let me give you a quick rundown of our organization’s history. We’ve come a long way since we first started. It all began back in the early days when a small group of passionate individuals came together with a shared vision. They faced a lot of challenges, but their dedication and hard work really paid off. Over the years, we’ve grown and evolved, adapting to the times and expanding our reach. Now, we’re proud to be a recognized name in our field, with a clear mission and a fantastic team that’s all about making a difference. Exciting times ahead! 3. So, who are the main players in this project?

Project Scope

1. So, what are the main goals we’re trying to achieve with this project? 2. What specific outcomes are you hoping to achieve with this project? 3. Can you give me an idea of when we’re looking to wrap up this project?

Budget

1. So, what kind of budget are you looking at for this project? 2. Are there any financial limitations we should keep in mind?

Proposal Requirements

1. In what format do you want us to submit the proposals? 2. Are there certain criteria you’ll be looking at to evaluate the proposals? 3. Hey! When's the cutoff for sending in proposals?

Communication

1. What's the best way for us to chat with your team while we're working on the proposal? 2. Who should we reach out to as our main contact during this whole process?

Don't hesitate to tweak these questions if you want! I'm excited to see what you come up with!

"Alright, let’s dive right in with a live demo to show you how VC 2. 0 is all about handling issuance, verification, and revocation, and it does this through the Bitstring Status List. Plus, it gives some insight into how key rotation works too! ”. Hey there! Could you put together a one-page architecture decision record (ADR) for me? I’d love to see a comparison of Ethereum L2, Besu consortium, and Avalanche Subnet. Let’s make sure it really hones in on our specific use case and wraps in a 12-month total cost of ownership (TCO) as well. Thanks a bunch! ”. Hey there! It would be awesome if you could whip up a NIST CSF 2.0. Here’s a control matrix for the pilot we’re thinking about. Don't forget to throw in the Govern function artifacts along with a tabletop incident-response plan. It'll really help cover all your bases! ” (nist.gov). Hey there! Can you show me how node and account permissioning, like allowlists, actually works? Also, I'd love to see how we can manage emergency revocation on Besu or something along those lines. Thanks! ” (besu.hyperledger.org).

Red Flags:

Chain maximalism, it’s all about the belief that there’s one platform that can do it all. ”.

Making sure we keep personal information, like your name and address, safe and organized on the blockchain. Right now, there isn’t much of a plan in place for things like revocation, key rotation, or helping citizens get their accounts back.

9) Procurement and policy considerations you’ll be asked about

Public records and privacy: Make sure to only keep non-reversible hashes or cryptographic commitments on the blockchain. Make sure to keep any personal info away from the blockchain. You want to show that you can share just the minimal amount of necessary data while using zero-knowledge (ZK) proofs. Buenos Aires is really leading the way with this approach. (coindesk.com).
Open standards and interoperability: Don't forget to check that you're in line with W3C VC 2. It’s super important! You’re all set with data up until October 2023, and don’t forget to check out the EU eIDAS 2 for reference. The EUDI Wallet is a great option when you need cross-border services. (w3.org).
Security baseline: Stick with the NIST Cybersecurity Framework (CSF) version 2. Think of it as your trusty roadmap. Alright, let’s dive into how to handle Besu permissioning and privacy groups in permissioned networks.

First off, when we talk about permissioning, it's all about controlling who can join the network and what they can do. So, you'll want to set up a solid strategy right from the start. Begin by defining the roles and permissions for all participants. This means deciding who can read, write, or make changes to the network. It’s key to ensure everyone has the right level of access according to their needs.

Next, let’s talk about privacy groups. These are super useful for keeping certain transactions private among selected participants. To set this up, you’ll need to create privacy groups carefully and assign members based on the business requirements. Make sure the groups align with your trust structure, as this helps maintain confidentiality where it’s needed most.

Remember, it’s crucial to keep an eye on these permissions and privacy settings as the network evolves. Regularly review and adjust them based on any changes in team members or project focus.

In short, by defining clear roles and maintaining privacy through groups, you can create a well-functioning permissioned network using Besu. This way, you’ll be fostering a collaborative environment while also keeping sensitive information secure. Hope that helps! If you’re diving into Layer 2 solutions, make sure to take some notes on your post-Dencun data blobs and figure out how you’re going to manage retention. It’ll definitely help you stay organized! (nist.gov).

Sustainability: If someone brings up your energy consumption, just remind them about the PoS consensus model and throw in a few examples from different cities. That should clear things up! For example, in Lugano, they’ve smoothly integrated crypto payments with the traditional financial systems, all without the need for those energy-hungry mining processes. (lugano.ch).
Regional pilots: Looking to show off your skills in creating an "innovation city"? You should definitely check out Busan’s blockchain citizen platform, which is set to launch in 2024. Plus, don’t miss other cool public-sector blockchain projects, like the battery passport initiative that’s coming in 2025! These can really give you a strong foundation for your own citizen services and compliance pilot projects. (smartcity.go.kr).

10) Two detailed, copy‑ready pilot briefs

Pilot 1: Digital Contractor Permits with VC 2.0 and ZK Age/Licensing Checks

In this pilot program, we're excited to introduce digital contractor permits with VC 2! You’re all set with zero-knowledge (ZK) checks for age and licensing--super handy stuff! The goal here is to make the permitting process smoother while still following all the rules and keeping everyone's privacy intact.

What’s the Plan?

Digital Permits: We’re moving to a completely digital permitting system that’s not only super efficient but also really easy to use!
**VC 2. This new and improved version of Verifiable Credentials (VC) really takes things up a notch when it comes to checking information. It makes the whole process faster and a lot more secure!
ZK Checks: Thanks to zero-knowledge proofs, we can confirm someone's age and licenses without having to share a ton of personal info. Pretty neat, right? Basically, you're able to gather all the info you need without spilling any sensitive details.

Why This Matters

1. Efficiency: Going digital really helps contractors and agencies get things done faster. 2. Security: VC 2. Zero-knowledge tech adds an extra level of security, making sure that everyone’s information remains private and safe. 3. User Experience: We're simplifying the permit process for contractors, cutting out all the unnecessary hassle.

What’s Next?

Implementation Timeline: Stay tuned for updates! We’ll be rolling things out in phases, so keep an eye on any news as it comes.
Feedback Loop: We really want to hear from all of you! Your thoughts and opinions matter to us. We really appreciate your feedback--it’s super helpful for smoothing out any rough edges in the process.

Keep an eye out for more updates coming your way!

What's Happening: We're excited to announce that we're kicking off the use of contractor permits with VC 2!

0. City inspectors and job site monitors can easily scan a QR code to quickly verify the validity and status of permits. It's a handy way to make sure everything's in order! Oh, and by the way, you can also use ZK proofs for things like workforce certifications, including OSHA. Pretty neat, right?

Tech:
Issuance: We're all about keeping our data reliable with VC 2. You’ve got the EdDSA algorithm and a Bitstring Status List on your plate.
(w3.org).
Registry: We're going to create a credential schema along with an issuer DID, and we'll make sure to anchor it to an Ethereum Layer 2 every week. Using blobs is a great way to save some cash. (ethereum.org).
Wallet: Imagine having a mobile wallet that not only keeps your funds safe but also comes with cool social recovery features. Plus, there's a handy web widget for verifiers to make things even easier!
KPIs: Our goal is to keep issuance costs at $0, or less if we can swing it. You’ll get each verification done in under 2 seconds. How cool is that? Revocation should be done in under a minute, and we should make sure that status updates are shared right away. (ethereum.org).
Risks and Solutions: Worried about phishing? No sweat--we'll connect the verifier interface directly to the issuer's DID for added security. So, what happens if you misplace your phone? Don’t worry, we’ve got a recovery system in place to help you out! When it comes to public records, we're taking extra care to ensure that there’s no personally identifiable information (PII) on the chain. We’ll only include revocation entries, keeping everything nice and secure!

Pilot 2: Vehicle/Title Mini-Registry for Fleet Auctions

We're excited to kick off a pilot program where we're rolling out a mini-registry tailored just for fleet auctions! This initiative is all about simplifying the buying and selling of vehicles in bulk. We want to make things smoother for everyone involved in the process.

Key Features

Easier Title Management: Say goodbye to the headache of paperwork! The mini-registry is here to take care of vehicle titles, so you can zero in on the auction without any distractions.
Easy Registration: Get your vehicles registered in no time, so you can hit the auction without any holdups.
Better Transparency: You can check out the vehicle's history right in the registry, so it’s super easy to know what you’re getting into before you place your bid.

Benefits

Smooth Transactions: Let’s make buying and selling a breeze! This is a total win for both fleet managers and auction houses.
Cut Down on Admin Costs: By simplifying your processes, you'll not only save time but also cut costs when it comes to managing your fleet.
Better Data Accuracy: With our neat and tidy registry, you can lower the chances of making mistakes.

How It Works

1. Register Your Fleet: Just hop onto our easy-to-use platform and enter the details of your vehicles. It's super straightforward! 2. Jump into Auctions: After you sign up, you can effortlessly dive into any upcoming fleet auctions. 3. Keep an Eye on Your Transactions: Stay updated on your sales and purchases with the handy mini-registry dashboard. It’s super easy to track everything in one place!

Get Started

Want to take your fleet auction game to the next level? Check out our mini-registry portal and dive in today! Hey there! Your first auction is coming up soon! Can you believe it?

Scope: We want to replicate a bunch of municipal fleet titles onto a permissioned EVM network. So, auction houses and lienholders will be able to check the title status whenever they need to. Plus, we’ll be linking hashes to a public chain, which makes it super easy to keep everything auditable.
Tech:
Ledger: So, we're going to go with a Besu consortium network. We'll set it up with some node and account allowlists to keep everything secure. Privacy groups will take care of the lien details, and we'll make sure to run nightly updates on the public chain. (Check it out here).
App: We're putting together a web portal that makes it super easy to handle title transfers. It's going to have some cool event-driven integrations with the classic DMV system, so you won’t have to deal with all the old hassles.
Benchmarks: We're aiming to get title transfers done in just a few minutes! We're also excited to implement automated lien checks, taking a cue from California's statewide initiative to make the process smoother and easier. If you want to dive deeper into this topic, check it out right here for all the details!
Risks/mitigations: Feeling anxious about getting stuck in governance gridlock? Don’t worry! We’ll set up some clear membership changes in advance to keep everything flowing smoothly. Worried about data leaks? No need to stress! We’ve got options like private transactions or even storing sensitive info off-chain to keep your data secure.

11) Lessons from recent government pilots

Rather than getting distracted by shiny coins, let’s focus on improving those workflows. Experiments like MiamiCoin have definitely sparked some serious conversations about governance and brought on a bit of volatility, but they haven't really tackled the city's main processes. Let's put our attention on registries, credentials, and compliance. These are the areas where we've already established some solid standards and have real case studies that we can draw insights from.
Instead of just celebrating the launch day, let’s focus on the whole life-cycle operations. That way, we can really make the most of our efforts! Take the California DMV, for instance. They’re really in the thick of it when it comes to digitizing millions of records. It’s a tough job! They're also focused on creating a smooth wallet experience, staying sharp on fraud alerts, and ensuring that everything works well with those older systems. It’s a balancing act for sure! Hey, just a quick reminder to carve out some time for data cleanliness and providing support for the community. It’s super important! (reuters.com).
Embrace the idea of taking things step by step. Buenos Aires has made a savvy move by incorporating ZK proofs into its current app, miBA. This upgrade enhances user privacy while keeping the existing services intact--something other cities could really learn from! (coindesk.com).

12) Pitfalls to avoid (and how)

When it comes to keeping private information on the blockchain, let’s just say it's a hard no. Definitely don’t do it. Stick to using hashes, and make sure they’re non-reversible. You might want to consider adding some salting or peppering in the backend if needed.

Don’t sweat the revocation stuff! Kick things off on the right foot with the Bitstring Status List v1. You got this! 0, right from the start. Don’t forget to give those suspension and unsuspension flows a try! Hey, take a look at this link: (w3.org). You might find it interesting!

Take your time figuring out which chain to go with--don't rush into it! It’s definitely a good idea to prototype on an L2 testnet first. That way, you can really get a sense of what those post-Dencun blob fees are going to look like. If you ever realize that you need to have more control over your validators in the future, no worries! You can easily transition to using Besu or even set up a Subnet with a planned anchor. More info here: (ethereum.org).

And hey, we can’t forget about governance! Don't forget to have an executive owner on board, along with a data-protection officer and someone to lead citizen support. It's really important to have these roles filled! The CSF 2. The 0's Govern function is really relying on that. If you're curious to dive deeper into the topic, check it out here: nist.gov. There's a lot of great info waiting for you!

13) Your next step (and how we’ll help)

Got a challenge you can sum up in three lines? Perfect! We're all set to launch a 90-day pilot that’ll bring you some real, measurable results. Let's get this ball rolling! At 7Block Labs, we do a few things that we're pretty passionate about.

Get together with your team to come up with your KPIs and make sure they line up with NIST CSF 2. 0;.
Launch VC 2. You have the option to issue something with the ability to revoke it or share only certain details if you want. Alright, so here’s the plan: let’s really fine-tune the chain layer, whether we’re talking about L2, Besu consortium, or Avalanche Subnet. It’s super important to back this up with some detailed Architecture Decision Records (ADRs) that break down the costs involved too.
Launch a pilot program that’s friendly and useful for both citizens and auditors alike.

Go ahead and send us your problem statement, and we'll whip up a one-page solution brief for you! Looking forward to helping out! I’ll put together all the details, including the architecture, key milestones, and budget. You can expect to have it in your inbox by the end of the week!

Appendix: “What changed in 2024-2025” quick facts you can cite internally

Hey everyone! Exciting news--Ethereum Dencun (also known as EIP-4844 blobs) officially launched on March 13, 2024! This awesome update really cuts down on Layer 2 data costs, bringing verification fees to less than a dollar. Pretty cool, right? In a lot of situations, that's definitely doable! Take a look at it on ethereum.org. You won’t want to miss it!

So, on May 15, 2025, the W3C went ahead and launched VC 2. So, you've got the 0, right? That covers a bunch of important stuff like the Data Model, Data Integrity, JOSE/COSE, and the Bitstring Status List. It's all pretty essential if you ask me! If you’re looking for more info, check out w3.org. There’s a ton of details there!

NIST CSF 2. On February 26, 2024, we rolled out a new Govern function that took things up a notch! We didn’t just stick to critical infrastructure anymore; we broadened our focus to include a whole lot more. If you’re looking for more details, you can hop over to nist.gov for all the info you need!

In 2024, the California DMV really stepped up their game with a major digital makeover. They managed to digitize an impressive 42 million titles on Avalanche! Not long after that, they introduced consumer wallets, which was a pretty cool move too. Check it out on reuters.com for the full scoop!

Buenos Aires is really stepping into the tech scene! In October 2024, they rolled out ZK proofs in their city app, making use of QuarkID on zkSync Era. How cool is that? This is a pretty awesome move for improving resident privacy! For more details on that, check out the full scoop over at coindesk.com. It’s definitely worth a read!

EU eIDAS 2. So, the whole thing got started officially in 2024, and we'll see the implementing acts coming into play from 2024 to 2025. These acts are going to help guide the launch of the EUDI Wallet, which is set to be up and running by 2026. Exciting times ahead! If you're looking for more info, check out the details on consilium.europa.eu. They’ve got everything laid out nicely for you!

Oh, and just a heads-up: the EU Battery Regulation 2023/1542 is coming into play! Starting February 18, 2027, we'll need to have battery passports in place. So, mark your calendars! Volvo really jumped the gun by rolling out one of its models early in 2024. If you’re looking for more details, check out eur-lex.europa.eu. They’ve got all the info you need!

That’s the foundation you’ll want to establish to get a solid, standards-aligned pilot rolling with the right partner--and to avoid the mistakes we stumbled into back in 2018.