Auditable Evidence
of Where Energy Goes
EnergyTag Granular Certificates established the temporal layer, that is their intentional scope. DeliveryTag adds the spatial layer on top: an open protocol that pairs the certificate with hardware-signed PIN attestations and PTDF-based corridor inference, designed to be verified by an ISAE 3000 accredited signer.
7
Sensor layers
Near-complete
Coverage across modeled hours
Two-mode
Tariff structure (rate TBD)
Target verifier path: ISAE 3000 accredited signers · ISO 14065 / IAF-MLA validation bodies
Infrastructure: Hedera Hashgraph · CRYSTALS-Dilithium (NIST PQC)
Why Hedera for an Audit-Committee-Grade Protocol
DeliveryTag anchors every PIN reading, enrichment event, attestation, and token lifecycle transaction on the public Hedera ledger. The choice is driven by properties an auditor can write into an ISAE 3000 control environment, not by token economics. Deterministic finality under three seconds, fixed USD-denominated fees, Hedera Council governance over consensus nodes, and native compatibility with post-quantum payload signatures combine to make Hedera a defensible substrate for regulated climate-MRV at grid scale.
HCS
Consensus Service
Every Dilithium-signed PIN reading, every Guardian policy event, every Tier 1/2/3 cancellation is submitted to an HCS topic and ordered by Hedera consensus. Public mirror access, no credentials.
HTS
Token Service
Each hourly node-attestation mints a native HTS token representing one certified node-hour. Transfer, burn, and custom-fee semantics without a Solidity contract. Retirement and trader-cascade lifecycle anchor natively.
DID
Decentralized Identifiers
PINs, accredited signers, and validation bodies each hold a Hedera DID. Every signed reading and every countersignature resolves to an on-chain identity document the auditor can verify independently.
Guardian
Policy Engine
The DeliveryTag Guardian policy (v1.7.1) enforces dual-PIN attestation, Tier 1/2/3 cancellation, and a PTDF-anchored node-hour issuance cap. Policy is publicly queryable on Hedera testnet; Managed Guardian Service instance runs in parallel.
- Finality
- Deterministic, < 3 seconds
- Fee predictability
- Fixed USD schedule, no gas volatility
- Throughput
- 10,000+ TPS sustained
- Governance
- Hedera Council, permissioned consensus nodes
- Trust assumptions
- Layer-1, no bridges, no L2
- Post-quantum
- CRYSTALS-Dilithium at payload layer
Verify without credentials
Public mirror, live today
Any third party can fetch the DeliveryTag v1.7.1 policy instance, read the signed event stream, and validate Dilithium signatures against PIN DIDs. No account, no API key.
Policy topic
0.0.8739232
Mirror query
testnet.mirrornode.hedera.com/api/v1/topics/0.0.8739232/messages
The Integrity Gap in Clean Energy
$29B+
Annual congestion costs across US RTOs and EU TSOs (industry estimates).
Spatial gap
Current certificate systems generally do not verify nodal physical deliverability.
+ Spatial
High-integrity 24/7 CFE claims increasingly require spatial and grid-aware proof, not just temporal matching.
EnergyTag Granular Certificates established the temporal layer of clean-energy claims, that is their intentional scope. DeliveryTag adds the spatial layer on top: evidence that the certified MWh was physically deliverable to the buyer's node under the grid topology of that hour. Together, the two cover both dimensions an auditor needs.
DeliveryTag extends the EnergyTag Granular Certificate with nodal attribution and physical verification. It is a complement, not a competitor. Products like Constellation's EFECs become node-verified when paired with DeliveryTag.
From Generation to Proof
Step 01 · Sense
7-layer Hepta-Validation sensor stack captures electrical, thermal, magnetic, acoustic, spatial, emissions, and economic signals at the node.
Step 02 · Sign
Physical Integrity Node (PIN) signs the measurement bundle with CRYSTALS-Dilithium post-quantum cryptography. Tamper-proof from creation.
Step 03 · Anchor
Signed proof anchored on Hedera's public ledger (HCS + HTS), designed so an auditor, regulator, or buyer can independently verify the proof chain. Roadmap: designed for interoperability with future GC marketplace infrastructure.
Two operating modes for continuous hourly coverage: see details →
A layered framework, what each layer covers
DeliveryTag is built as an extension on top of EnergyTag Granular Certificates, not a replacement. The temporal layer EnergyTag established remains intact; DeliveryTag adds the spatial and hardware-attestation layers on top of the same certificate.
| Annual REC | EnergyTag GC | DeliveryTag (extension) | |
|---|---|---|---|
| Temporal granularity | Annual | Hourly (or finer) | Inherits hourly, supports 15-min where the TSO publishes it |
| Spatial scope | Any geography | Bidding zone (by design) | PTDF node attribution added on top |
| Physical-delivery evidence | Out of scope | Out of scope (by design) | Sensor + PTDF path attestation, added |
| Congestion treatment | Out of scope | Out of scope (by design) | Flex-load curtailment witness, added |
| Double-allocation control | Registry-based | Registry-based | Same registry + HTS atomic-token settlement |
How DeliveryTag Connects to the Market
From physical sensor to trading terminal. Four steps, zero proprietary lock-in.
Step 1
Sensors
At the asset
Step 2
Hedera
Proof layer
Step 3
Registry
M-RETS, AIB
Step 4 · Roadmap
GC Marketplace Infrastructure
Marketplace integration (2027 target)
Option 1
Metadata Extension
One field (dt_proof_id) added to the GC schema. Points to the full Hedera proof bundle. Minimal change for registries.
1 schema field · 0 engine changes
Option 2
API Bridge
DeliveryTag API returns verification status for any proof ID. GCs get a "DT Verified" badge in the order book.
1 API endpoint · real-time status
Option 3
ICE Connect Feed
Institutional data feed alongside price data. Banks and utilities see verification status, sensor scores, and PTDF attribution in trading terminals.
Terminal integration · institutional grade
Explore the Protocol
Hepta-Validation
7-layer forensic sensor stack grounded in physics
Explore →Mode A & Mode B
Two operating modes, continuous hourly coverage
Explore →Opportunity Cost Oracle
Economic sacrifice proof, the final gatekeeper
Explore →PIN Hardware + PQC
Post-quantum signing at the edge
Explore →Cross-cutting Layer
PPA Integrity: Exclusive allocation proof for EU and US markets
Built for Every Stakeholder
CFE Buyers & Data Centers
Prove 24/7 delivery to auditors and regulators
Learn more → electrical_servicesTSOs & Grid Operators
Replace peaker dispatch with verified flex curtailment
Learn more → swap_horizEnergy Traders
Prove exclusive PPA allocation and physical delivery in every market
Learn more →Why DeliveryTag Is Difficult to Replicate
DeliveryTag combines several non-trivial pieces. While individual components exist in adjacent domains, integrating them into a scalable, certifiable system represents a significant technical and operational challenge.
Grid-level physical modeling
PTDF matrices, dispatch logs, and network-flow physics integrated into the verification layer.
Congestion-aware deliverability validation
Mode A (uncongested) and Mode B (congested) handling under modeled grid conditions, not just hourly timestamps.
Integration with certificate systems
Native compatibility with EnergyTag Granular Certificates and existing GO / REC registries; nothing in the upstream framework is displaced.
Audit-ready verification framework
Hardware-signed (PIN) telemetry, post-quantum signatures, and Hedera anchoring designed for ISAE 3000 attestation by an Accredited Signer.
Patents filed
USPTO 64/023,803 + 64/023,364. FRAND licensing for open access.
Hardware footprint
Physical Integrity Node (PIN) at the consuming node, tamper-evident.
Swiss Foundation governance
Neutral, non-profit custodian. Stiftung formation in progress.
Integrity Protocol Foundation · Correspondence: Baarerstrasse 135, 6300 Zug, Switzerland · Stiftung formation in progress