Proof of Personhood vs Proof of Human Work
Proving you're human is table stakes. The next decade belongs to proving what that human did. They are not the same problem — and treating them as the same is why most identity protocols stall.
What each one is
Proof of Personhood (PoP). A binary, one-time guarantee: this account belongs to a unique human. Worldcoin is the canonical example — the Orb verifies iris uniqueness, the protocol issues a ZK-proof that the holder is one human, exactly. Apple's Passkeys are PoP at device-scale. India's Aadhaar is PoP at nation-scale. Each implementation differs in privacy and reach; all answer the same yes/no question.
Proof of Human Work (PoHW). A continuous, attributable record of what a verified human did. Every code commit, design file, contract, decision, supervision, mentoring session — each carries a cryptographic stamp tied to the human's identity. The record compounds; the score derived from it predicts future contribution. Manav is the canonical implementation; the term is ours.
The simplest analogy
PoP is your passport. PoHW is your tax return. Different documents. Different questions. Different audiences.
Your passport says: a sovereign confirms you exist as a unique person. Your tax return says: a sovereign confirms you produced verifiable economic activity over a period. You need both to access different things in life. Pretending one is the other gets you stuck at customs and the bank.
Side by side
| Proof of Personhood | Proof of Human Work | |
|---|---|---|
| Question answered | Are you a unique human? | What has this human done? |
| Time horizon | One-time | Continuous |
| Output | Binary boolean | Continuous record + score |
| Verification cost | High (biometric, hardware) | Low per-event, high cumulative |
| Sybil resistance | Strong (the point of it) | Inherits from PoP layer |
| Privacy posture | Selective disclosure of "human" | Selective disclosure of work claims |
| Best applications | Free tier limits, airdrops, voting | Hiring, contracting, regulatory compliance, agent delegation |
| Where it stops | After verification, no record | Without PoP, vulnerable to Sybil farming |
Why both are needed
PoP without PoHW is sufficient for narrow use cases — a one-time airdrop, a free-tier rate limit, a vote. The moment the use case becomes continuous (employment, regulated AI oversight, marketplace transactions), PoP alone runs out of information. The protocol can prove you exist; it cannot prove you've done anything since the verification event.
PoHW without PoP is a Sybil farm. Without the binding to a unique human, attackers create N identities, attest synthetic work to each, and harvest rewards. PoHW is structurally dependent on a credible PoP layer underneath.
The right architecture stacks them: PoP at Layer 1 (verified human), PoHW at Layer 3 (work attestation), with PoHW deriving Sybil resistance from Layer 1's biometric anchor. This is HATI's design; this is also where Worldcoin's beautiful Layer 1 implementation can federate with Manav's Layer 3 for a complete stack.
Why the distinction matters
The deepfake hiring crisis (91% of hiring managers encountered AI-generated answers; $501M+ in fraud losses) is fundamentally a PoHW problem. Background checks confirm an identity exists. They do not confirm continuity from the identity in the database to the person on the video call to the work product on day-one. PoHW closes that gap; PoP alone cannot.
The EU AI Act's Article 14 is also a PoHW problem dressed in compliance language. It demands cryptographic proof that a verified human supervised, intervened, and approved high-risk AI decisions. PoP (you are a human) does not satisfy "this verified human approved this specific action at 14:22:01." PoHW does.
Where each protocol wins
Use Proof of Personhood when: you need binary uniqueness (one account per human), the use case is one-time (airdrop, waitlist), you do not need to track continuity beyond the verification event, you can absorb the privacy and reach trade-offs of biometric hardware.
Use Proof of Human Work when: you need continuous attributability over weeks, months, or careers; the use case requires audit trails (regulated industries, high-stakes employment); the verifier needs to evaluate the human's record, not just their existence; you need to satisfy regulatory frameworks built around human supervision.
Use both when: you are building anything in regulated AI, agentic workflows, hiring, professional credentialing, or marketplace settlement.
The slogan
Common objections
Two objections come up across every conversation. Will the platform vendors ship this themselves? Some will, inside their boundary; none can ship the cross-platform shape, by their own architectural choice. Is the category too narrow to matter? It's the layer beneath every agent action — narrow looks broad once the wire bends.
Frequently asked questions
Why does this category not already exist? Because the failure mode it addresses is recent. The pre-agent enterprise could pretend the service account was the human; the agentic enterprise cannot. The category becomes named when the failure becomes regulator-visible, which is now.
Where does this end up in the standards stack? As a layer above OAuth and below the application. OAuth carried scoped delegation between services; this layer carries scoped delegation from a verified human to an agent. The IETF and W3C working groups are converging on the shape; the protocol that ships first sets the verbs.
What does adoption look like in practice? Quietly. The integrations are middleware, not platforms. Each vertical sees its specific compliance pain solved — healthcare gets Article 14, finance gets SOC 2 evidence, hiring gets continuous identity — and treats the underlying primitive as plumbing once it ships.
Where to start
Read proof of human work next for the deeper architecture. Then manav vs worldcoin for the closest practical anchor. The mental model that holds those two together holds the rest of the site as well.
Worldcoin proved you're human. PoHW proves you're working.
Both are necessary. Neither is sufficient. The protocols that win the agentic decade are the ones that compose them — instead of pretending one is the other.