Issuing certificates

Certificates should be considered the result of verifying that some specific amount of electricity is from a renewable source. To achieve this, we define that device and time frame uniquely identify a certificate. Volume and owner are properties that are a mandatory part of every certificate.

Once issued, certificates can be freely traded like any other commodity. The local issuer is not interested in how trading is done, as long as at any point in time there’s clear information on who owns what. As no-one besides local issuer can mint new certificates, that also means that no-one can just “lose” certificates. They always have to be owned by someone.

The issuer keeps a discretionary right to suspend certificates at any point in time, with a caveat that claimed certificates can’t be suspended. Local issuer may issue new certificates in a place of old suspended ones. This is a way for a local issuer to correct any potential mistake that might have occurred while issuing (e.g. issued to a wrong account, device, incorrect metadata, etc).

Depending on the region, and the way a local issuer operates in that region, certificates are issued either by a device owner asking for certification of their generation data or by a local issuer issuing certificates as part of the automated process. We’ll take a closer look at how issuance actually works.

Requesting certification of generation evidence

Different standards require different ways to provide evidence of RE generation. In some cases, a device owner is submitting a written document provided by an impartial party like DSO or TSO that can confirm a specific device generated a specific volume (MWh) in a specific time period. But in cases where a local issuer is at the same time the impartial party producing a document (evidence), the device owner doesn’t have to submit the evidence and therefore gets certificates automatically.

In an ideal situation, evidence would come from a metering device that’s signing and pushing all data straight to the chain.

In most Origin based marketplaces, the issuance request together with the generation evidence is provided through a user interface. The request is registered in the Origin system and if needed, forwarded to a certificate registry (e.g. I-REC) for verification. This means that Origin will support submitting evidence, but it won’t pay a lot of attention into facilitating verification as this processes is standard-specific and currently mostly done by checking documentation, performing on-site inspection, and making sure evidence is not submitted to other systems (e.g. requesting at the same time green certificates and carbon offsets for the same MWh generated from the same device in the same time period).

Issue certificates

Once the local issuer of the certificate registry approves the certification request by verifying provided generation evidence, it is time to issue new certificates to the device owners account in the Origin system. Device owners can decide if they want to have the certificates issued publicly or using privacy preservation techniques to mask the volume. In the case of private issuance, the issuer holds all information to prevent double spending.



  1. Only issuer can mint new certificates

  2. Only issuer can suspend certificates

  3. Issuer can mint new certificates only for devices in its region

  4. Issuer can suspend certificates only for devices in its region

  5. One region can have multiple issuers

  6. Same issuer can be in multiple regions

  7. Only owner of a certificate can transfer or claim the certificate

  8. No one can suspend or transfer claimed certificates


  1. Certificates can be issued only for a time period that has no previously issued certificates, excluding suspended certificates. This means that issuer can issue new certificates “in a place” of old suspended certificates

  2. Number of newly issued certificates has to be greater than zero


  1. Device owner may keep his volume and identity private

  2. We should consider that all device owners want their volume and identity kept private by default

  3. Device owner, at any point of time, may reveal his identity and volume of certificates owned


  1. Certificate structure:

  2. Requesting certificates:

  3. Approving issuance requests:

  4. Directly issuing certificates:

  5. Revoking certificates: