This page is optimized for AI. For the human-readable: ModiTrust - Blockchain Trust Layer for Swiss Mobility Data Sharing

ModiTrust - Blockchain Trust Layer for Swiss Mobility Data Sharing

Project Idea Metadata

Project Idea Description

Data Sharing for Smart Mobility Solutions

Introduction

Switzerland's Federal Council approved the MODIG draft law on 14 May 2025 to establish a national mobility data infrastructure (MODI). MODI comprises two sub-infrastructures: Transportation Network CH — a national geodata infrastructure operated by swisstopo for spatial referencing and linking, already under development — and NADIM (the National Data Networking Infrastructure for Mobility), designed to enable standardised data exchange between all public and private mobility actors. A new competence centre called KOMODA will develop, operate, and continuously improve MODI. Implementation is expected from 2028 in three four-year phases.

What MODI has defined but NOT solved yet:

What ModiTrust directly addresses:

The Core Principle

Raw data never moves. Ever. SBB data stays on SBB servers. PostAuto data stays on PostAuto servers. ModiTrust only stores cryptographic proofs, access control records, micropayment transactions, and metadata on the blockchain. The blockchain does not store Switzerland's mobility data.

Three-Layer Architecture Aligned With MODI and NADIM

ModiTrust — blockchain trust and incentive layer (what we will build):

Applications built on top (not ModiTrust): SBB Mobile, journey planners, city dashboards, KOMODA analytics tools, and research platforms query the ModiTrust API, pay a micropayment automatically, receive verified trusted data directly from the source, and build their own intelligence on top. ModiTrust supplies the NADIM trust layer — not the application logic.

Data sources (existing systems, unchanged): SBB servers, PostAuto servers, PubliBike systems, city IoT sensors, smartphones. Raw data stays here always. For public data sources, ModiTrust transparently proxies their existing APIs — adding a trust and payment layer without requiring any changes from the data provider. For restricted data, providers deploy a lightweight ModiTrust connector that verifies access permissions and routes authorised queries to their existing internal APIs — again requiring zero changes to existing systems. In both cases, raw data is never stored on the blockchain. Only cryptographic proofs, access logs, and payment records live on-chain.

MODI defines what needs to happen. NADIM is where it happens technically. ModiTrust is a concrete, working proposal for NADIM's two missing components: the trust mechanism and the economic incentive layer. ModiTrust is to MODI what HTTPS is to the internet — not the content, but the trust protocol that makes everything else possible.

Problem 1 — Data Fragmentation

Mobility data is scattered across dozens of isolated silos with no shared structure. NADIM's primary mandate is to solve this — but no technical solution exists yet.

Today — the fragmented reality:

ModiTrust — the NADIM-ready fix:

Concrete example — SBB + PostAuto + PubliBike fragmentation in practice:

A passenger travels from Zurich HB to their office via SBB train, PostAuto bus connection, and PubliBike for the final kilometre. Today: three separate apps, three separate accounts, no shared data between any of them. SBB does not know the passenger needs a bus connection. PostAuto does not know a PubliBike is available at the destination. PubliBike does not know train demand patterns to ensure bikes are available at busy arrival times.

With ModiTrust: all three publish verified oracle feeds to the NADIM coordination layer. A journey planning application built on top makes one authenticated API call, receives verified real-time data from all three sources directly, and pays a combined micropayment. Each provider earns their share automatically. No contracts. No negotiations. No manual coordination. The application does the journey intelligence — ModiTrust provides the NADIM trust foundation.

Problem 2 — Data Security and Trust

The core reason NADIM cannot rely on voluntary sharing alone. FOT's own publications state: "lack of trust between parties has hampered data exchange." NADIM is voluntary. Without a trust mechanism, voluntary means nobody shares.

Why no one shares today:

ModiTrust — ZKPs + tiered access:

Tier 1 — ZKP proofs: Publicly verifiable proofs generated from privately held data — the data itself remains with the provider and is never revealed. SBB can prove "corridor below 78% capacity" without disclosing any passenger numbers or revenue data. Each query pays a small micropayment to the provider, creating economic incentive to publish proofs continuously.

Tier 2 — Aggregated statistics: Verified organisations access anonymised aggregate data with a declared use case and token micropayment. Smart contracts verify the requester's identity and purpose automatically before granting access — for example, a city planning department querying weekly ridership aggregates from a transport operator for urban planning purposes.

Tier 3 — Raw data: Specific named parties access raw operational data under a formal on-chain agreement, matching NADIM's "restricted data" category. Both parties sign a smart contract encoding the terms — what data, how often, for what purpose, at what price — and all access is logged immutably with automatic payment settlement on every query.

ZKP Example — FOT Needs SBB Capacity Data For Billion-Franc Infrastructure Decision:

The Federal Office of Transport needs to confirm the Zurich–Bern corridor can absorb 15% more freight trains without disrupting passenger services. A critical national infrastructure decision worth hundreds of millions of francs.

Old way: FOT formally requests SBB occupancy data. SBB legal department refuses — commercially too sensitive. FOT escalates through political channels. SBB offers aggregated summaries that are too vague to be useful. Negotiations continue for 18 months. Infrastructure decision delayed by two years. A billion-franc investment sits on hold.

ModiTrust Tier 1 way: SBB's ZKP module generates a proof entirely on their own servers. The proof states only: "Average peak occupancy on Zurich–Bern is below 78% capacity threshold — TRUE." Published to blockchain. FOT queries it and pays a small micropayment to SBB automatically. Verification happens in seconds. Decision made in days. SBB reveals zero raw passenger numbers, zero revenue data, zero commercially sensitive information. Zero legal risk. SBB earns revenue. Both parties win.

Problem 3 — Data Collection and Quality (Future Vision — Innosuisse Phase)

This problem is not in the scope of the current prototype. It is included here as part of the broader ModiTrust vision and will be developed in a follow-on Innosuisse-funded phase, building on the trust and payment mechanisms proven in this pilot.

Strong in rail, critically absent everywhere else. The MODIG law relies on voluntary data provision. Without economic incentives, rural and last-mile data gaps will never be filled.

Today — critical data gaps:

Token bounty system — self-healing NADIM coverage:

Where does all the data come from?

80% already exists: SBB train timetables (live), PostAuto GPS positions, ASTRA highway sensors, PubliBike station data, city IoT pedestrian counters. Already collected daily. Never shared externally. Tokens incentivise publishing.

15% on devices already: Smartphone GPS traces, transport mode detection, connected vehicle data, road surface conditions, city IoT sensor feeds. ZKP anonymises on-device first. Only proof ever leaves the device. User earns tokens passively.

5% new data filled by bounties: Rural last-mile walking, e-scooter route patterns, cargo bike corridors, freight intermodal flows, informal rideshare data. 8x bounty for biggest gaps. Fills in weeks not years. Self-healing and continuous.

Concrete example — Inwil station halt on the Luzern–Zug corridor:

SBB is evaluating a new regional train halt at Inwil (LU). Critical question: how many people actually walk from Inwil village to Rotkreuz station today? Without this data the investment case cannot be made. Traditional survey: CHF 80,000 and six months minimum. The decision sits waiting.

ModiTrust detects the Inwil–Rotkreuz walking corridor has zero data coverage. Smart contract auto-posts an 8x token bounty — no human decision required. Within three weeks, 47 local commuters contribute GPS walking data passively via their phones. The ZKP module on each phone processes data locally — only the proof "walking trip occurred on this corridor" ever leaves the device. No identity, no precise timing, no personal data leaves any phone. Consensus mechanism validates all 47 contributions. SBB queries the ModiTrust API, pays one micropayment, receives real validated demand data. Decision made in three weeks at a fraction of traditional survey cost.

Problem 4 — Data Integration

Data exists but cannot be leveraged for planning, coordination, or user experience. NADIM requires standardised data exchange. But without an economic incentive to standardise, operators will continue using their own formats indefinitely.

Today — the integration nightmare:

Tokenised API marketplace — NADIM standardisation incentive:

Complete flow — SBB + PostAuto + PubliBike multimodal query with full payment distribution:

Scenario: A developer builds a multimodal journey feature needing SBB train data, PostAuto connections, and PubliBike availability at destination stations. Today: three contracts, three APIs, three authentication systems, 18 months minimum.

  1. Developer sends one authenticated query to ModiTrust API with declared use case and journey parameters — one call for everything
  2. Smart contract verifies developer credentials and declared purpose in milliseconds — access granted or denied automatically, no human involved
  3. Query forwarded simultaneously to SBB, PostAuto, and PubliBike servers — all three respond directly to the developer in parallel
  4. Raw data travels source to developer directly — never touches the blockchain at any point, perfectly aligned with MODI data sovereignty principle
  5. Total cost: a micropayment per source. Smart contract distributes payment to each provider automatically. If permitted under MODI's commercial-free framework, a small infrastructure maintenance fee (e.g. 5%) supports system operation; otherwise the full amount goes to providers.
  6. Transaction logged immutably on-chain: who accessed what, declared purpose, amount paid, timestamp. Legal compliance automatic. MODIG audit trail built in.
  7. Developer's application uses the verified trusted data to build journey intelligence — ModiTrust supplied the NADIM data layer, the application supplies the intelligence on top

No invoice. No contract. No billing department. No legal team. No 18-month negotiation. Days instead of years. Every data provider gets paid automatically.

Technology

The prototype will be built on an Ethereum Layer 2 network, using Solidity smart contracts for access control and payment settlement, and Circom or ZoKrates for ZKP circuit development. The API gateway will be a conventional Node.js or Go server handling query routing, blockchain interaction, and response formatting.

For production deployment, the architecture is designed to evolve toward a fully federated consortium chain (such as Hyperledger Besu or Fabric) where major Swiss transport operators (SBB, PostAuto, FOT, KOMODA) each run validator nodes — ensuring maximum Swiss digital sovereignty and alignment with MODI's neutrality principle. Alternative paths include an Ethereum Layer 2 solution or a private subnet within a major blockchain network (such as an Avalanche subnet). The optimal path will be evaluated based on pilot results and stakeholder governance preferences. The utility token (MTT) is a pure functional payment instrument classified under the Swiss DLT Act 2020.

Blockchain is used precisely where nothing else provides equivalent guarantees: trustless B2B agreement execution that no single party can alter, cross-organisation micropayment settlement at sub-cent levels without banking infrastructure, immutable compliance audit trails for MODIG that hold up cryptographically, sovereign trustless coordination that no single party can manipulate, and decentralised governance via DAO voting. Micropayments are batched — individual queries are tracked off-chain and settled periodically in a single on-chain transaction, keeping gas costs negligible relative to payment volume. The API gateway, data routing, and caching layers are conventional high-quality engineering — because that is engineering pragmatism. The blockchain is exactly as large as it needs to be — no more, no less.

The API gateway is designed as open-source, stateless infrastructure that any party can independently operate. Data providers cryptographically sign all responses, ensuring that gateway operators — including ModiTrust itself — cannot modify data in transit. In production, multiple gateway instances operated by different stakeholders (including KOMODA and transport operators themselves) prevent any single point of control or failure, fully aligned with MODI's decentralisation principle.

State of the Art

Existing blockchain-based data sharing initiatives — such as Dimo (vehicle data tokenisation), VINchain (car data marketplace with provider compensation), and Cardossier (immutable vehicle lifecycle records in Switzerland) — have demonstrated that blockchain can successfully incentivise data sharing through token rewards, automate compensation for data providers, and create trustworthy immutable records in mobility contexts. The Circularise project has further validated that Zero Knowledge Proofs can enable privacy-preserving data verification in B2B supply chains without requiring parties to trust each other.

ModiTrust addresses a fundamentally different and more complex problem: privacy-preserving data sharing across an entire national public transport infrastructure, within a regulated framework (MODIG), under a commercial-free principle, and with mandatory alignment to NADIM's national architecture. No existing platform combines ZKP trust guarantees, token micropayment incentives, tiered access control matching a national regulatory framework, and token bounties for automated data gap filling. ModiTrust brings together validated blockchain principles from these precedents and applies them — with critical new innovations — to Switzerland's specific NADIM challenge.

Sustainability and SDG Alignment

ModiTrust directly supports SDG 9 (Industry, Innovation and Infrastructure) by creating reusable digital infrastructure for mobility data exchange. It supports SDG 11 (Sustainable Cities and Communities) by enabling data-driven transport planning that optimises existing infrastructure utilisation — MODI documentation notes average public transport utilisation of only 30% and average car occupancy of 1.5 persons, indicating significant room for efficiency gains through better data sharing. In the Innosuisse follow-on phase, the token bounty system will further support SDG 3 (Good Health and Well-being) by incentivising data collection in underserved rural areas, improving transport accessibility for communities currently excluded from data-driven mobility improvements.

Confirmed Data Sources

The prototype connects to two real Swiss mobility data sources that are already publicly available — ensuring zero dependency on external partnerships (while transportation partners for later phases are currently being discussed with HSLU):

opentransportdata.swiss — Switzerland's official open transport data platform, providing real SBB and PostAuto timetables, real-time delay information, and regional operator data via standardised APIs (GTFS, OJP).

PubliBike open API — Real-time bike station availability across Swiss cities including Luzern, directly relevant to the last-mile multimodal use case on the pilot corridor.

These two sources are sufficient to demonstrate the complete ModiTrust mechanism end-to-end with real data — not synthetic or simulated. Formal partnerships for Tier 3 restricted data access will be pursued with potential transportation partners — a direction currently being discussed with HSLU.

Partners

Implementation Partner: TrustNoteD GmbH — a Switzerland-based company specialising in designing, integrating, and operating DLT-based solutions for identity management and tokenisation, internationally respected in the financial and government sector. The team delivers tailor-made solutions complying with international standards, with deep technical expertise in smart contract development, ZKP implementation, and decentralised systems architecture.

Research Partner: HSLU (Hochschule Luzern) — research team comprising Stefano Gioia, Associate Research Scientist, and Prof. Dr. Widar von Arx, Head of the Competence Center Mobility at HSLU's Institute for Tourism and Mobility (ITM) and board member of Basler Verkehrsbetriebe (BVB). The HSLU team provides academic validation of the technical approach, independent evaluation of ZKP privacy guarantees, and deep public-transport and mobility-management expertise — ensuring strategic alignment with the Swiss mobility ecosystem.

Industry Transportation Partners: To be confirmed.

ModiTrust's lean two-person engineering team is a deliberate choice. The team's deep blockchain expertise enables rapid development without external consultants.

Advisory and oversight:

Expected Outcomes

  1. Working smart contract suite deployed on Ethereum L2 network: tiered access control (Tier 1, 2, 3), B2B agreement templates, and micropayment distribution — verified and open source
  2. Functioning ZKP circuit demonstrating data quality proof — generated on provider side, verified on-chain, with measured generation and verification times
  3. API gateway connected to two real Swiss mobility data sources (opentransportdata.swiss + PubliBike Luzern), demonstrating full end-to-end query flow with blockchain permission check and automated micropayment
  4. Live demonstration: developer makes one query, full flow executes in real time — permission check, data returned from real source, micropayment distributed, access logged immutably
  5. Open-source codebase published on GitHub with developer documentation
  6. Innosuisse follow-on funding proposal for production pilot with industry partners

Implementation Plan (8 Months Development)

Phase 1 — Infrastructure Setup and Initial Development: Set up blockchain development environment and Ethereum L2 network infrastructure. Build initial ModiTrust API gateway server. Begin smart contract development for access control and micropayment logic. Implement basic ZKP circuit for data quality proof. Configure token wallet system for test parties. Connect to opentransportdata.swiss (real SBB and PostAuto public data). Deliverable: development environment operational, initial smart contracts and first ZKP proof generated from real Swiss mobility data.

Phase 2 — Core Feature Development: Build all three access tiers (Tier 1, 2, 3). Implement micropayment distribution logic with configurable provider/infrastructure fee split. Develop data quality verification mechanisms. Connect PubliBike Luzern as second real data source. Deploy complete smart contract suite to Ethereum L2 network. Deliverable: smart contracts deployed and tested, micropayments flowing between test wallets, ZKP proofs verified on-chain, both data sources operational.

Phase 3 — Integration and Testing: Full end-to-end integration testing across both data sources on Luzern corridor. Stress testing and edge case analysis. Security review of smart contracts. Build demo dashboard showing complete query flow. Collect performance metrics. Publish open-source codebase on GitHub with developer documentation. Deliverable: fully tested prototype with two real providers, real micropayments, real ZKP proofs, quantitative performance data, open-source release.

Budget Breakdown (CHF 25,000)

All costs comply with Innovation Booster funding restrictions: equipment and materials, operational costs, and professional services only. No salary payments. All development is performed by the TrustNoteD team — two engineers with deep expertise in blockchain technology and software development.

Phase Focus Amount
Phase 1 Infrastructure setup and initial development CHF 8,000
Phase 2 Core feature development CHF 10,000
Phase 3  Integration, testing, and documentation CHF 7,000
Total CHF 25,000

In-kind contributions: TrustNoteD GmbH contributes the full development effort of its engineering team and existing blockchain development infrastructure. HSLU contributes academic supervision and research validation.

Technical Risks and Mitigations

The main limitation stopping wider deployment after this pilot will be the regulatory timeline — MODIG enters force in 2028 at the earliest. This proof of concept is designed to be ready before the legal framework requires it, providing KOMODA with empirical evidence rather than theoretical proposals.

ZKP circuit complexity is managed by focusing on one specific, well-scoped proof type (data quality threshold) rather than attempting universal ZKP coverage. The prototype proves the mechanism works; production-grade circuits for additional use cases are developed in the Innosuisse phase.

Blockchain scalability is not a concern at pilot scale. Performance optimisations (permission caching, payment batching) are designed into the architecture from the start to ensure the approach scales to national NADIM deployment.

References

Research Partners: HSLU (Hochschule Luzern) — Stefano Gioia and Prof. Dr. Widar von Arx (confirmed)

Dissemination and Transfer of Results

Open source and developer ecosystem: Full codebase published on GitHub under an open-source licence, including smart contract templates, ZKP circuit code, API gateway implementation, and a developer SDK. Any operator, researcher, or startup can reuse, adapt, or extend the ModiTrust architecture without permission or payment — directly aligned with MODI's open-source principle.

Federal policy and KOMODA: Architecture recommendations and scaling cost model presented to KOMODA and FOT as a candidate reference implementation for NADIM's trust and incentive layer. Pilot results provide empirical evidence for NADIM's technical architecture decisions ahead of the 2028 rollout.

Academic research: A potential joint research with HSLU on ZKP-based trust mechanisms for national mobility data infrastructure is being explored. In parallel, TrustNoteD and HSLU are exploring Open Direct Mobility — a user-centric mobility access framework combining e-ID with Zero Knowledge Proofs — a research direction directly relevant to Problem 3's future vision of citizen-contributed, privacy-preserving mobility data.

Closing Statement

MODI defines what Switzerland's mobility data future must look like. NADIM is where it happens technically. ModiTrust solves the two problems NADIM cannot solve alone: why would anyone voluntarily share, and how can competing actors ever trust each other? The answer is mathematical — not political.

Swiss mobility operators hold valuable data but refuse to share it — revealing ridership numbers means exposing commercially sensitive information to competitors. MODI's national data infrastructure depends on voluntary sharing, but without trust and economic incentives, voluntary means nobody participates. ModiTrust solves both: Zero Knowledge Proofs let operators prove data facts — such as "this corridor is below capacity" — without revealing a single underlying number, while token micropayments make sharing financially rational for the first time. A three-tier smart contract layer, aligned with the Swiss DLT Act 2020 and MODIG, governs every request — from publicly verifiable proofs, to aggregated statistics, to raw data under formal agreement — and raw data never leaves the owner's servers. Built by TrustNoteD with HSLU as research partner, the prototype connects two real Swiss data sources on the Luzern corridor, demonstrating a foundation for NADIM's data exchange architecture.