Contents

  1. The one-line answer: the gap between claim and fact is whether it can be re-checked
  2. What hasCredential is: turning "we are certified" into one machine-readable line
  3. The uncomfortable truth: self-declared schema takes five minutes to forge
  4. The dividing line: issuer, subject, and a publicly checkable URL
  5. What a trustworthy verification page looks like (with a counter-example)
  6. How we do it: our public verification center and 3 certified companies (the honest version)
  7. Three things you can do today

One-line conclusion: schema.org's hasCredential can turn "we are certified" into machine-parseable structured data, but anyone can write any certification into their own JSON-LD, so "self-declared" is only a claim. What actually turns a claim into a fact is a third-party verification page that lives on the issuer's domain, requires no login, can be checked in real time, and reflects revocation. This article shows you how to close that gap.

Run a small experiment first. Open the source of any website and find the <script type="application/ld+json"> block. Every word in it was placed there by that site's own owner, including "this company is certified by so-and-so" and "winner of such-and-such award." No technical mechanism checks whether any of it is true before you hit save. That is the core problem this article addresses: when the cost of self-assertion approaches zero, what do AI and search engines use to decide whom to trust?

1. The one-line answer: the gap between claim and fact is whether it can be re-checked

The difference is not what you wrote, but whether someone else can check it. Self-declared schema is a lone assertion: the source and the claimant are the same party. A third-party verifiable endorsement is cross-evidence: an issuer (another verifiable entity), on its own domain, using a page anyone can open, vouches for your identity and qualification. To any system doing cross-verification, those are two entirely different classes of signal.

This principle is not an AI-era invention. Google's quality-rating framework has consistently held that authority and trustworthiness come from "what others say about you" — off-site, independent reputation — not from what you declare on your own page[3]. Google's Search Liaison has even said plainly that adding an author byline by itself will not help you rank better[4]. AI answer engines face the same problem when picking which sources to cite: the web is full of pages that call themselves authoritative, so what an engine needs is a re-checkable chain of evidence, not a louder self-introduction.

2. What hasCredential is: turning "we are certified" into one machine-readable line

hasCredential is a property schema.org defines on Person and Organization, whose value is an EducationalOccupationalCredential. It can describe the certification name, its category, and most critically recognizedBy — who recognizes or issued the credential[1][2].

A minimal usable example looks like this:

{
  "@context": "https://schema.org",
  "@type": "Organization",
  "name": "Example Company Ltd.",
  "url": "https://example.com",
  "hasCredential": {
    "@type": "EducationalOccupationalCredential",
    "name": "Verified Partner Certification",
    "credentialCategory": "certification",
    "recognizedBy": {
      "@type": "Organization",
      "name": "Issuer Organization Name",
      "url": "https://issuer.example"
    }
  }
}

Its value is disambiguation and parseability: a sentence buried deep in an "About us" page saying "this company is certified" leaves the machine to guess; a structured hasCredential lets the machine read out directly "who holds what certification, issued by whom." This is the correct syntax for wiring a certification fact into the knowledge graph.

HONESTY NOTE But first, be clear about what it is not: attaching hasCredential does not directly lift rankings — Google states plainly that E-E-A-T is an evaluation framework that does not directly affect rankings, and structured data is not a ranking factor[3]. Moreover, a 2025 controlled experiment found that several AI systems ignore JSON-LD when fetching a page directly and read only the visible HTML[5] — so certification facts must also be written in visible text on the page. Schema is trust infrastructure, not a ranking switch.

3. The uncomfortable truth: self-declared schema takes five minutes to forge

That JSON-LD above can be copy-pasted by anyone who swaps the name, and in five minutes they "hold" any certification. No signature, no check, no gatekeeper. This is not a flaw in schema.org — it was only ever a description syntax, not a verification mechanism. The flaw is in treating "written down" as "proven."

The implication is direct: if self-declared schema alone could establish trust, that trust would have inflated to worthlessness long ago. In practice, any system that does cross-verification — whether Google's rating mechanism or an AI engine picking citation sources — must discount information that "only the claimant says." You can fill your entire JSON-LD with awards, certifications, and memberships, but when those claims have no matching evidence anywhere else on the web — the issuer has no such page, the names do not match, the institution itself is a phantom — they are just noise.

Self-declared schema: "We hold certification X." — source = the claimant, cost = five minutes, credibility = discounted.

Third-party verifiable endorsement: "The issuer has a page on its own domain stating: we reviewed this company, the certificate is currently valid, and you can check any time." — source = independent entity, re-checkable, revocable, cross-comparable.

So the right question is not "is my schema written beautifully enough," but: "when someone takes my claim and tries to verify it, can they find it?"

4. The dividing line: issuer, subject, and a publicly checkable URL

Upgrading a "claim" to a "verifiable endorsement" requires three conditions to hold at once: a clear and self-verifiable issuer, a clear and matching subject, and a public verification endpoint that reflects live status. Miss any one and the evidence chain breaks.

The three requirements of a verified endorsement — miss one and it breaks
RequirementWhat passesWhat fails
1. Issuer The verification page lives on the issuer's own domain; the issuer is itself a verifiable entity (registered on record, has an official site, matching sameAs) "International Association of X" has no registration, no official site — or the verification page actually sits on the subject's own website
2. Subject Clearly states which company or person is certified, with a name and site that match the subject's own self-declaration Vague "partner" or "strategic alliance"; you cannot tell who was certified, or for what
3. Publicly checkable No login, read-only, humans and crawlers can open it any time; the page status changes when a certification is revoked A static badge image on the official site, a scanned PDF — you cannot tell it was revoked ten years ago

Note the detail in the third requirement that is easiest to overlook: revocation must be reflected. A verification page that permanently shows "valid" is about as good as no verification page — it only proves "this was once issued," not "this is still valid now." A trustworthy verification endpoint must read live review status: if the issuer revokes today, the page must change today.

Wire the three requirements back into schema: the recognizedBy inside your hasCredential should point to the issuer's real URL, and the issuer's verification page should in turn state that you are the subject. The two ends point at each other, the names match, and only then does cross-verification actually work. This aligns with what we argued in Why Certified Brands Get Cited by AI: AI citations concentrate on entities that are "recognizable, matchable, and trustworthy."

5. What a trustworthy verification page looks like (with a counter-example)

A verification page is, in essence, the issuer's public window for checking. It should let a first-time stranger (or a crawler that does not run JavaScript) confirm on a single page: who issued the certificate, to whom, at what level, and whether it is currently valid.

Verification-page checklist

No login, read-only

Requiring registration to verify = locking out the very people doing the checking. Verification is for "other people," not for members.

State the issuer and the basis of review

The issuer's full name, legal registration, and what was reviewed (identity? business registration? professional qualification?). "Certified" carries no information; "passed KYC identity and business-registration review" does.

Live status, revocation visible

The page reads real review status, not a static page generated on the day of issue and never updated again. Revocation, expiry, and suspension must all be reflected.

Key facts carried in visible text

Controlled experiments show several AI systems read only visible HTML and ignore JSON-LD when fetching a page directly[5]. Issuer, subject, status, date — write them in visible text; attach schema in sync, but do not rely on schema alone.

A common counter-example: putting a "certification badge" image in your own site footer that links nowhere, or links to the issuer's homepage (rather than a verification page for your specific certificate). This approach misses all three requirements: the checker cannot find the issuer's specific endorsement of you, cannot match the subject, and cannot look up live status. The badge itself is not the problem — the absence of a re-checkable endpoint is.

6. How we do it: our public verification center and 3 certified companies (the honest version)

We built our own certification system to the three requirements above. The issuer is Chengtong Digital / TrueLink (registered legal entity: Chengtong Zhihui Co., Ltd.); the verification window is no-login, read-only, and public; credential data is generated from real review status, not self-reported.

Concretely, readers can open and check these right now:

HONESTY NOTE The honest scale: right now the directory holds the first batch of 3 KYC-certified companies. That is 3, not "hundreds." We write the real number, because this article's whole thesis is "self-declared does not count" — a platform that teaches others to build verifiable endorsement would collapse its own argument if its own numbers could not survive a check. Equally honest: we do not claim "attach certification and your ranking or AI citations rise X%" — no controlled study currently supports such a number, and whoever hands you one made it up.

This is also why we treat "the issuer must be self-verifiable" so seriously: TrueLink's own organization info, registration number, and sameAs are all public and matching. The weight of a third-party endorsement ultimately depends on the third party's own verifiability — an issuer that is itself a phantom can issue a thousand certificates worth zero.

7. Three things you can do today

Step one: get your self-declared baseline complete (this is still necessary)

Self-declared schema cannot prove you, but without it the machine cannot even parse your basic identity. Use the schema generator to attach baseline structured data for Organization / Person — name, url, sameAs, registration number — and write the key facts in visible text on the page too.

Step two: inventory every "certification claim" you already have

For every badge and every "certified by X" line on your site, ask one by one: is the issuer verifiable? Is there a verification page for me? Does it reflect revocation? For any that fail, either add the issuer's verification link or honestly remove it — a claim with no re-checkable backing hurts more than no claim at all.

Step three: add at least one re-checkable third-party endorsement

Complete a review with an issuer that is itself verifiable, so your hasCredential's recognizedBy points to a real third party and their verification page states it is you. From then on, your certification claim has another end that can be checked.

Turn "what you say" into "what can be checked"

TrueLink's certification plans do exactly this: KYC identity review, a public verification center, and hasCredential data generated from real review status. We do not promise ranking numbers — we make your trust something anyone, and any AI, can re-check.

See certification plans Related: why certified brands get cited by AI

Sources (all checkable)

  1. schema.org: hasCredential property definition (Person / Organization → EducationalOccupationalCredential). schema.org/hasCredential
  2. schema.org: EducationalOccupationalCredential type definition (credentialCategory / recognizedBy). schema.org/EducationalOccupationalCredential
  3. Google Search Central: Understanding E-E-A-T (Trust matters most; E-E-A-T does not directly affect rankings; authority comes from off-site reputation, not self-declaration). developers.google.com/search/blog/2022/12/google-raters-guidelines-e-e-a-t
  4. Google: Creating helpful, reliable, people-first content (strongly recommends accurate bylines linking to more info; byline is not a ranking factor). developers.google.com/search/docs/fundamentals/creating-helpful-content
  5. searchVIU controlled experiment (2025-10): ChatGPT / Claude / Perplexity / Gemini ignore JSON-LD and read only visible HTML when fetching a page directly. searchviu.com/en/schema-markup-and-ai-in-2025…