Concordium's protocol-level identity delivers privacy by default. But when a Swiss court order demands accountability, Concordium's multi-party disclosure process traces an account, whether human or AI agent, back to a named, verified individual.
The previous articles in this series explained where identity lives, how that knowledge is split across independent parties, and how zero-knowledge proofs let users and their agents verify attributes without exposing personal data. All three share a common thread: the system is designed so that no single party holds enough to abuse.
This article is about what happens when the system is asked to open.
Concordium Is Not an Anonymity Network
It was never designed to be one. The founding premise is that privacy and accountability are not opposites: they are both properties a trustworthy financial system needs to maintain, and the architecture has to support both.
The Identity Disclosure Process is how Concordium honours that commitment. It defines the exact conditions under which a user's real-world identity can be linked to their on-chain activity, and the exact steps that must be followed before that happens.
The Entry Condition: A Court Order
No disclosure begins without a court order issued by a Swiss court. Not a government request. Not a regulatory demand. Not an intelligence agency inquiry. A court order, issued under Swiss jurisdiction, one of the strongest privacy regimes in the world.
This is a deliberate choice. Switzerland is not a member of the Five Eyes, Nine Eyes, or Fourteen Eyes intelligence-sharing alliances. It has no obligation to share surveillance data with foreign governments. Swiss privacy law treats personal data protection as a constitutional right, not a policy preference. The bar for compelling disclosure is structurally higher than in virtually any other jurisdiction.
The Authority, the legal body responsible for coordinating disclosure, cannot act on its own initiative. It must obtain appropriate court orders in the relevant Swiss jurisdiction before approaching any other party. The process does not begin with suspicion. It does not begin with a government letter. It begins with a judge.
Scenario 1: The Investigation Starts On-Chain
On April 1, 2026, attackers drained $285 million from Drift Protocol on Solana in roughly 12 minutes. They had spent weeks staging the attack: manufacturing a fictitious token, manipulating oracles into treating it as legitimate collateral, and socially engineering multisig signers into pre-signing hidden authorisations. The vulnerability was not broken code. It was the absence of verified identity at the protocol level. No one knew who the signers were actually dealing with.
On Concordium, an investigation follows a defined path. An account is flagged. Investigators have a wallet address and need to know who is behind it. A Swiss court order is obtained by The Authority.
The Authority presents the court order to the Privacy Guardians, along with the encrypted public holder identifier associated with the account. Each PG decrypts its share. Once the required threshold is met, currently 2 out of 3, the Authority reconstructs the full identifier. That identifier goes to the Identity Provider, who matches it against their records and returns the corresponding identity.
The pseudonymous account becomes a named individual.
Scenario 2: The Investigation Starts Off-Chain
In March 2026, the US Treasury sanctioned six individuals and two companies for laundering $800 million in cryptocurrency for North Korea's weapons programme. Investigators already knew the names. The challenge was finding the wallets. It took months of forensic blockchain analysis across multiple chains, cross-referencing exchange records, DeFi activity, and bridge transactions to identify 21 wallet addresses. Without protocol-level identity, that is the only path: piece the trail together from whoever happens to cooperate.
On Concordium, the direction reverses cleanly. A Swiss court order is obtained. The Authority presents the order and identifying information to the relevant IDPs. The IDPs search their databases, find matching entries, and return records containing encrypted linking keys. Those keys, accompanied by the court order, go to the Privacy Guardians. The PGs decrypt their shares, again at the 2-out-of-3 threshold. The Authority uses the reconstructed keys to retrieve the full list of accounts associated with that individual.
The known person becomes traceable on-chain.
Scenario 3: The Investigation Starts With an AI Agent
A transaction is flagged, but it wasn't executed by a human. An AI agent, operating autonomously within its registered scope, made a payment or placed an order that triggered an investigation.
The process follows the same path. A court order is obtained. The Privacy Guardians decrypt their shares at the required threshold. The Authority reconstructs the identifier and traces it to the Identity Provider.
But the AI Agent Registry introduces something that doesn't exist in a human-only investigation, and doesn't exist on any other chain: protocol-level enforcement of AI agent boundaries. Concordium doesn't just record what an AI agent was permitted to do. It enforces it. Spending limits, permitted asset classes, jurisdiction, and risk thresholds are not application-layer policies. They are protocol-level constraints. The AI agent cannot exceed them any more than a transaction can exceed an account's balance.
This changes what an investigation can prove. Forensics show more than what the AI agent was authorised to do and whether the flagged activity fell inside or outside those boundaries. They show that the protocol itself would have prevented actions beyond the AI agent's scope. If a transaction happened, it was permitted. If it wasn't permitted, it didn't happen. That is a fundamentally different assurance than a log file from an application claiming the same thing.
The autonomous transaction becomes traceable to a named, accountable human. The full authorisation chain is surfaced through due process. Privacy remains intact otherwise.
How the Separation of Powers Holds Under Disclosure
No single party acts alone. IDPs and Privacy Guardians never communicate directly; all coordination routes through the Authority. The threshold requirement means a single compromised or coerced PG cannot unlock anything. And the court order requirement means the process cannot be initiated without external legal validation.
The separation of powers described in the second article in this series is not suspended when disclosure is required. It is precisely what makes disclosure trustworthy when it does happen. That holds whether the account in question was operated by a person or by an AI agent acting on their behalf. AI agents add a layer of autonomy. They do not remove a layer of accountability.
The Identity Disclosure Process Is the Proof
The Identity Disclosure Process is what allows Concordium to make a credible claim to regulatory-aware industries and institutional partners: the network is not a venue for unchecked activity.
That claim carries more weight as AI agents enter the picture. When autonomous AI agents can transact, settle payments, and execute contracts without a human in the loop, the question regulators and enterprises ask is not whether privacy exists, but whether accountability survives when it needs to. Concordium's answer is structural. The same multi-party, court-ordered, threshold-encrypted process that applies to human users applies to AI agent activity. No shortcuts. No separate rules.
Privacy is structurally protected. Accountability is structurally available. Neither compromises the other, because the architecture was designed from the start to hold both.
What comes next is built on that foundation. x402 integration brings Concordium's verified identity into AI-native payment flows. The MCP server will expose identity and settlement capabilities to any AI agent framework, from Claude to LangChain. A2A will make Concordium's infrastructure discoverable and usable by autonomous AI agents without human intermediation. AI agent marketplaces including Fetch.ai, Virtuals Protocol, and Olas are where existing AI agents come to add Concordium's identity and payment security layer when their use case demands it.
Every agent framework, every payment rail, every marketplace that builds on Concordium will inherit the same guarantee: Privacy is the default, accountability by design, and neither depends on trusting a single party to do the right thing.