CODEMA GLOBAL RATING · BLOCKCHAIN ASSURANCE

BLOCKCHAIN
CLAIMS
REQUIRE
BLOCKCHAIN EVIDENCE.

Codema Global Rating certification for tokenization platforms, digital asset custodians, and distributed ledger ecosystems — conducted by EONTA as Codema Accredited Partner (APFA, Codema Global Rating SAGL) with global authorization and no territorial limits. Assessments apply voluntary technical protocols RP2110/1 and RP2120/1, with normative references to MiCA, FATF, ISO 27001, and ISO 37301. Each evaluation is assigned a unique CRPA identifier by Codema — the sole valid reference for its existence, traceability and recognition under the Codema framework.

Start Your Trust Assessment
Aligned with
Codema RatingRP2110 · RP2120DLT Assurance
Codema Global Ratings — Innovating Certification
APFA Accredited Partner Global authorization · No territorial limits
Protocols: RP2100 · RP2110 · RP2120 · RP2150 · RP2200
Codema RatingAccredited partner
CRPA RegistryCodema-verified record
DLT AssuranceTechnical evaluation
RP2100 · RP2110 · RP2120 · RP2150 · RP2200Authorized protocols
Global AuthorizationAPFA · No territorial limits

The challenge

Cryptographic trust
still requires
institutional proof.

Institutional investors, regulators, and counterparties require documented evidence of governance, security, and operational integrity — not cryptographic claims alone. EONTA conducts Codema Global Rating evaluations as an Accredited Partner under the APFA with Codema Global Rating SAGL — applying voluntary technical protocols RP2110/1 (node independence and IT compliance) and RP2120/1 (fifteen auditable RWA tokenization domains), drawing on normative references including MiCA, DORA, FATF, ISO 27001, ISO 37301, and ISO 22739. The Codema methodology has a 15-year institutional lineage — originating in regulated pharma supply chain evaluation since 2009, developed with SUPSI, and today applied by organisations including CertX (SGS Group). Each evaluation is registered in the Codema centralized database with a unique CRPA identifier: the sole valid reference for its existence, traceability, and recognition.

Institutional counterparties require verifiable evidence

Institutional investors, fund administrators, and regulated banking counterparties operating in digital asset ecosystems require the same evidence-based due diligence they apply to traditional financial infrastructure. For Real-World Asset tokenization, RP2120/1 defines fifteen auditable domains — from ownership and custody to valuation, encumbrances, ESG claims, and governance independence — grounded in FATF Recommendations, MiCA disclosure requirements, ISO 55000 asset management principles, and ISO 31000 risk management. Cryptographic correctness alone does not satisfy compliance teams, legal counsel, or investment committees. A Codema Global Rating does.

Blockchain infrastructure requires verifiable node independence and asset-layer integrity

Distributed ledger infrastructures rely on node operators whose independence, governance, and IT integrity directly determine network security and decentralisation. Without structured assessment against a voluntary certification scheme such as Codema RP2110/1 — which incorporates MiCA governance standards, FATF beneficial ownership requirements, ISO 37301 compliance management, and ISO/IEC 27001 IT controls — stakeholders cannot reliably determine whether independence is real or merely declared. Demonstrating verified node-level trust, through a Codema certificate issued by a Codema Accredited Partner, has become a commercial and governance prerequisite.

Engagement models

One Verifiable Standard.

EONTA operates as Codema Accredited Partner — formally designated "Certification Body or Accredited Partner" under the APFA with Codema Global Rating SAGL — with global authorization and no territorial limits. The Codema framework is a voluntary technical scheme with over 15 years of institutional history, originating from regulated pharma supply chain evaluation and extended to blockchain, cloud, and digital asset infrastructure through protocols developed with SUPSI and applied by organisations including CertX (SGS Group). EONTA is authorized under RP2100 (Blockchain reference), RP2110/1 (Node Independence), RP2120/1 (RWA Tokenization), RP2150, and RP2200 (Cloud services). Each completed evaluation is registered in the Codema centralized database and assigned a unique CRPA identifier — the sole valid reference for its traceability and recognition.

Codema Global Rating · Independent Assessment

Codema Trust Rating

Structured, evidence-based evaluation of your distributed system — governance, technical architecture, and operational integrity — producing a formal Codema Global Rating that institutional counterparties and regulators can reference and verify.

  • Governance and control framework evaluation
  • Node independence and distribution assessment
  • Tokenization structure and RWA integrity
  • Operational security and key management controls

Codema Global Rating — standardised and comparable

Verifiable outputs for institutional counterparties

Independent — never an advisory or implementation role

"Can our institutional counterparties verify our trust posture against a standardised, independent rating?"

Core capabilities

What we evaluate and rate.

Each capability delivers structured, evidence-based evaluation — from governance to technical architecture — producing Codema Global Rating outputs — MiCA- and FATF-aligned — structured for institutional counterparty review, regulatory submission, and board reporting.

Governance & Control Validation

Evaluation of protocol governance, decision-making structures, key management, and administrative controls across your distributed system or digital asset platform.

Node Independence Assessment — RP2110/1

Assessment under Codema RP2110/1, conducted by a Codema-qualified Lead Auditor — covering legal identity, UBO identification, ownership and control structures, financial independence, related-party conflicts, operational integrity, baseline IT compliance (ISO/IEC 27001), and sustainability. Normative references: MiCA governance requirements, FATF beneficial ownership standards, ISO 37301, and DORA operational resilience provisions.

Tokenization & RWA Structure Review

Independent assessment of real-world asset tokenization structures — asset backing adequacy, custody arrangements, legal integrity, and disclosure documentation.

Codema Global Rating Certification

Rating evaluation and certification delivered by EONTA as Codema Accredited Partner (APFA — globally authorized, no territorial limits) — applying RP2110/1 for node providers and RP2120/1 for RWA tokenization platforms, under Continuous Control and Monitoring (CCM) by Codema. Each engagement is registered in the Codema centralized database and assigned a unique CRPA identifier — the sole valid reference for its existence, traceability and recognition. Independently verifiable in the Codema centralized registry via its CRPA reference.

Governance & Independence Assessment

Assessment of decision-making structures, independence of ownership and management, conflict-of-interest management, and ethical standards — evaluated under RP2120/1 Chapter 15 (Independence, Ethics & Governance) and RP2110/1 Chapter 2 (Compliance & Legal Soundness), drawing on ISO 37301 compliance management and MiCA governance body requirements. Conducted by a Codema-qualified Lead Auditor.

Service framework

Scope. Methodology.
Deliverables. Engagement model.

The information procurement and risk management teams need before approving an external assurance engagement.

Scope

  • Conformity assessment under RP2110/1: node independence, ownership transparency, financial integrity, IT compliance (ISO/IEC 27001), and sustainability — with normative reference to MiCA, FATF, ISO 37301, and DORA. Cloud infrastructure assessment available under RP2200 (IaaS, PaaS, SaaS)
  • Conformity assessment under RP2120/1 — fifteen auditable asset-layer domains from ownership and custody to ESG claims and governance independence
  • Tokenisation compliance posture: regulatory classification, custody, disclosure
  • Conformity assessment under RP2120/1: fifteen asset-layer domains from ownership and custody through valuation, encumbrances, insurance, MiCA-aligned disclosure, FATF compliance, ESG verification, and governance independence
  • Exclusions: smart contract development, blockchain implementation, legal token classification

Methodology

  • Governance framework review against applicable standards and regulatory guidance
  • RP2110/1 node-level assessment — independence, ownership, financial integrity, IT compliance, and sustainability
  • Custody control evaluation against institutional-grade requirements
  • Codema certification scheme methodology: RP2110/1 and RP2120/1 as technical criteria, with normative references to MiCA, DORA, FATF Recommendations, ISO/IEC 27001, ISO 37301, ISO 22739, ISO 55000, and ISO 31000
  • Trust architecture mapping and counterparty verification posture assessment

Deliverables

  • Digital trust architecture assessment report
  • Governance gap analysis with risk-rated findings
  • Codema Global Rating certificate — issued under RP2110/1 and/or RP2120/1, registered in Codema centralized database with unique CRPA identifier, with full normative alignment documentation (MiCA, FATF, DORA, ISO)
  • Board-ready digital trust posture report for counterparty disclosure

Engagement Model

  • Governance Review — framework, controls, and documentation assessment
  • Protocol Conformity Assessment — RP2110/1 and/or RP2120/1 structured evaluation
  • Scope defined by technology stack and regulatory jurisdiction
  • Engagements scoped against client DLT/token documentation before commencement

How it works

From digital asset claims
to verified trust.

A structured engagement that translates technical complexity into documented, verifiable evidence — producing outputs that institutional counterparties, regulators, and investors can rely on.

Scope

Define entity type, platform architecture, regulatory jurisdiction, and applicable Codema evaluation scope — RP2110/1 (node layer), RP2120/1 (asset layer), or both — with relevant normative alignment confirmed (MiCA, FATF, DORA, ISO). Codema Protocols are a voluntary technical framework; application is freely elected by the client. All evaluations are led by a Codema-qualified Lead Auditor, registered in the Codema centralized database, and assigned a unique CRPA identifier upon completion.

Assess

Structured governance, technical, and operational evaluation — assessing controls, architecture, and compliance posture against applicable standards.

Evidence

Documentation review and evidence package assembly — producing traceable, verifiable assurance outputs from governance through technical infrastructure.

Rate & Report

Codema Global Rating evaluation registered in the Codema centralized database and assigned a unique CRPA identifier by Codema — the sole valid reference for the engagement's existence and recognition. Certificate issued under RP2110/1 and/or RP2120/1, with full normative alignment documentation (MiCA, DORA, FATF, ISO). Structured for institutional counterparty disclosure, regulatory submission, and board governance reporting.

Why EONTA

What verified digital trust
actually requires.

Codema Global Ratings

Codema Global Rating Accreditation

EONTA holds an Accredited Partner Framework Agreement (APFA) with Codema Global Rating SAGL — formally designated as "Certification Body or Accredited Partner" under the APFA — with global authorization and no territorial limits. The Codema evaluation methodology has over 15 years of track record: founded in 2009 as Codema Pharma (Brussels) as a preferred evaluation partner to European regulators in pharmaceutical supply chains, the same protocol-based framework was extended to blockchain, cloud, and digital asset infrastructure. Codema protocols were developed in collaboration with SUPSI (University of Applied Sciences and Arts of Southern Switzerland) and are applied by organizations including CertX — part of the SGS Group, the world's leading testing, inspection, and certification company. Both RP2110/1 and RP2120/1 draw on internationally recognised normative references — MiCA, DORA, FATF, ISO 27001, ISO 37301, and ISO 22739 — ensuring a Codema certificate carries a consistent, comparable meaning for counterparties reviewing it under the Codema framework.

Technical and Governance Depth Combined

A Codema Global Rating requires both technical rigour and regulatory substance. RP2110/1 addresses node-layer integrity: legal identity, UBO transparency, IT compliance, financial independence, and sustainability. RP2120/1 addresses asset-layer integrity across fifteen auditable domains — with additional asset-family annexes applied where Codema has published them. EONTA is also authorized under RP2100 (Blockchain reference protocol), RP2150, and RP2200 (Cloud services — IaaS, PaaS, SaaS). Codema protocols are living documents under monthly revision through open expert working groups open to sector associations, regulators, and academic institutions. EONTA delivers all applicable evaluations in a single coordinated engagement, led by a Codema-qualified Lead Auditor.

Who this is for

Built for those
building digital trust ecosystems.

EONTA's digital trust assurance services are designed for the platforms, institutions, and governance functions accountable for digital asset integrity, regulatory standing, and institutional credibility.

Primary stakeholders

Tokenization Platform OperatorsCrypto-Asset Service ProvidersDigital Asset CustodiansDeFi Protocol GovernanceFinancial Institutions Exploring DLTReal World Asset IssuersFund Administrators & CustodiansCompliance & Legal Teams

Common engagement triggers

Institutional investor or counterparty due diligence requirement

Platforms requiring a Codema Global Rating certificate — issued by a Codema Accredited Partner under the APFA — to satisfy institutional investor, fund administrator, or regulated counterparty due diligence requirements.

Tokenization programme or RWA product launch

Institutions launching real-world asset tokenization products requiring a Codema RP2120/1 rating certificate — conducted by a Codema-qualified Lead Auditor — before institutional distribution or regulatory filing.

Frequently asked

Questions before
every digital trust engagement.

The Codema Global Rating is a standardised, voluntary evaluation and certification framework for distributed systems and digital asset platforms, owned and governed by Codema Global Rating SAGL (Lugano/Manno, Switzerland). The Codema methodology originates from over 15 years of regulated evaluation practice — founded in 2009 as Codema Pharma to evaluate pharmaceutical supply chains for European regulators, and extended to blockchain and digital infrastructure through protocols developed in collaboration with SUPSI (University of Applied Sciences and Arts of Southern Switzerland). Codema protocols — including RP2100, RP2110/1, RP2120/1, RP2150, and RP2200 — are applied by organisations including CertX, part of the SGS Group. Evaluations under the Codema framework are conducted exclusively by Accredited Partners holding an APFA with Codema, led by Codema-qualified Lead Auditors, and registered in the Codema centralized database with a unique CRPA identifier. Codema Protocols do not constitute regulatory authorisation and do not replace statutory due diligence obligations. EONTA acts as a Codema Accredited Partner under the APFA — a partner accreditation granted by Codema, not accreditation by a national accreditation body; no ISO/IEC 17065 accreditation is claimed.
The Codema evaluation methodology has over 15 years of institutional track record. Founded in 2009 as Codema Pharma (Brussels, Belgium), the organisation developed protocol-based evaluation frameworks for pharmaceutical and life science supply chains — positioning itself as an evaluation partner to European regulators and contributing to harmonised criteria for pharma supplier qualification. The same rule-based, protocol-driven methodology was extended to digital infrastructure, with Codema protocols developed in collaboration with SUPSI (University of Applied Sciences and Arts of Southern Switzerland). Codema Global Rating SAGL (Lugano/Manno, Switzerland) was established to apply this framework to blockchain, distributed ledger, tokenization, and cloud infrastructure. Codema protocols — including RP2100, RP2110, RP2120, RP2150, and RP2200 — are implemented by organisations including CertX (part of the SGS Group, the world's leading testing, inspection, and certification company). The ambition, expressed by founder Andrea Sacchi, is to establish the first global certification standard for blockchain infrastructure — doing for distributed systems what SGS and CertX do for safety-critical and cybersecurity-critical systems.
Complementary but structurally different. SOC 2 is a voluntary third-party attestation framework (AICPA SSAE 18). A Codema Global Rating is a voluntary evaluation and certification conducted under proprietary technical protocols (RP2110/1 and RP2120/1), with normative references to MiCA, FATF, DORA, and ISO standards. Each Codema evaluation is registered in the Codema centralized database with a unique CRPA identifier — ensuring traceability and independent verifiability. The output is standardised and carries a consistent, comparable meaning under the Codema framework. Codema evaluations do not replace statutory audit obligations. Many platforms hold both.
Our Digital Trust service covers: digital asset exchanges and custodians; tokenisation platforms; DeFi protocol governance; distributed ledger infrastructure used in financial services; CBDC and stablecoin issuer governance (assessed under our authorized RP2110/1 and RP2120/1 protocols); and cross-border payment networks using distributed architecture. The framework adapts to the specific governance and operational structure of each platform type.
An initial scoping call requires an overview of your platform architecture, governance structure, and any existing audit or assurance documentation. We typically review technical whitepapers, governance documentation, and any previous audit reports as preliminary inputs. All scoping conversations are confidential. The engagement scope is confirmed before any formal work commences.
Deliverables include: a Codema Global Rating assessment report with domain-level scores; a governance and control effectiveness review; a transparency and disclosure assessment; a risk and remediation matrix; and an institutional-grade summary suitable for counterparty due diligence and regulatory disclosure. The rating and evidence package are structured for use with institutional investors and regulators.
Regulators across the EU (MiCA, DORA), FATF member jurisdictions, and institutional markets require digital asset platforms to demonstrate governance maturity and operational trust through structured, verifiable evidence — not self-attestation. A Codema Global Rating evaluation — voluntary in nature but structured against internationally recognised normative references (MiCA, FATF, DORA, ISO) — provides precisely that evidence. Conducted by EONTA as a Codema Accredited Partner under the APFA, led by a Codema-qualified Lead Auditor, and registered with a unique CRPA identifier in the Codema centralized database: independently verifiable in the Codema centralized registry via its CRPA reference. Note: Codema evaluations do not constitute regulatory authorisation and do not replace statutory due diligence obligations. EONTA acts as a Codema Accredited Partner under the APFA — a partner accreditation granted by Codema, not accreditation by a national accreditation body; no ISO/IEC 17065 accreditation is claimed.
They are complementary but distinct in scope. RP2110/1 operates at the Node Provider layer — independence, IT compliance (ISO/IEC 27001), financial integrity, FATF-aligned beneficial ownership, and MiCA governance requirements. RP2120/1 operates at the Asset layer — fifteen tokenization suitability domains grounded in FATF, MiCA disclosure obligations, ISO 55000, and ISO 31000. Both produce a verifiable Codema Global Rating certificate under the same Codema certification scheme — a voluntary scheme whose protocols are drafted in line with the principles of ISO/IEC 17065 — conducted by EONTA as a Codema Accredited Partner under the APFA. EONTA is accredited by Codema, not by a national accreditation body, and no ISO/IEC 17065 accreditation is claimed. Many platforms require both — node-layer and asset-layer certification — in a single coordinated engagement.
EONTA assesses: public and permissioned blockchain networks; tokenization platforms issuing digital securities, RWAs, or digital commodities; crypto-asset service providers including exchanges, custodians, and brokers; DeFi protocol governance entities; and financial institutions exploring distributed ledger technology for settlement, custody, or issuance infrastructure. Our framework is platform-agnostic and adapted to each entity's specific architecture and regulatory context.
A Codema rating is an independent trust evaluation that produces a standardised, comparable rating output — designed for institutional market consumption and counterparty due diligence. An audit opinion is a formal assurance statement produced by an audit firm on specific financial or control assertions. They serve different purposes: a Codema rating communicates trustworthiness to institutional markets; an audit opinion satisfies specific regulatory or contractual assurance requirements. EONTA produces Codema ratings, not audit opinions.
Standard deliverables include: a formal Codema Global Rating certificate and supporting evaluation report; a governance and control assessment with detailed findings; a technical architecture review summary; where applicable, a tokenization structure and RWA integrity assessment under RP2120/1; and a board-ready executive summary. All deliverables are structured for institutional counterparty disclosure and regulatory submission.

Take the next step

Can your institutional counterparties verify your trust posture right now?

A Codema-rated EONTA assessment gives investors, regulators, and partners a standardised, verifiable answer. Define the scope in 30 minutes.

Start Your Trust Assessment Email Our Team

All scoping conversations are confidential. EONTA does not share engagement details with third parties.