offline rules for validation apps as suggested by @dirkx in the mail discussion from 09.04.
Must be able to verify multiple citizen without any network contact.
Are required to fetch the latest trust list at least once every 24 hours and no more frequent than every 6 hours*.
MS should block their verifiers from verification if the trust list is older than 48 hours. But are permitted to continue to run with 'stale' trust lists provided they have taken put adequate measures in place ahead of time to deal with false positives and false negatives which do not unfairly/discriminate citizens.
Verifiers MUST not fetch a trust list re-actively to a citizen scan*.
offline rules for validation apps as suggested by @dirkx in the mail discussion from 09.04.