diff --git a/.github/workflows/lint-pr-title.yaml b/.github/workflows/lint-pr-title.yaml
new file mode 100644
index 00000000..67fa5425
--- /dev/null
+++ b/.github/workflows/lint-pr-title.yaml
@@ -0,0 +1,35 @@
+# The title of the pull request is used as the commit message when working with a squash-based merging style.
+# This project also follows semantic versioning, so it is important that the title follows conventional commits and should therefore be checked.
+
+name: Lint PR title
+
+on:
+  pull_request:
+    branches:
+      - main
+      - next
+      - beta
+      - alpha
+    # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request
+    # types: [opened, synchronize, reopened, edited]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v4
+        with:
+          node-version: "lts/*"
+
+      - run: npm ci
+
+      - run: echo $TITLE | npx commitlint
+        env:
+          # Security: we mitigate script injections by using an intermediate environment variable
+          # https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-an-intermediate-environment-variable
+          TITLE: ${{ github.event.pull_request.title }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
new file mode 100644
index 00000000..20f05c02
--- /dev/null
+++ b/.github/workflows/release.yaml
@@ -0,0 +1,37 @@
+name: Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - next
+      - beta
+      - alpha
+
+permissions:
+  contents: read # for checkout
+
+jobs:
+  release:
+    name: release
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: write # to be able to publish a GitHub release
+      issues: write # to be able to comment on released issues
+      pull-requests: write # to be able to comment on released pull requests
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - uses: actions/setup-node@v3
+        with:
+          node-version: "lts/*"
+
+      - name: Release
+        run: npx semantic-release@24
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.releaserc.yaml b/.releaserc.yaml
new file mode 100644
index 00000000..4e9b8f63
--- /dev/null
+++ b/.releaserc.yaml
@@ -0,0 +1,4 @@
+plugins:
+  - "@semantic-release/commit-analyzer"
+  - "@semantic-release/release-notes-generator"
+  - "@semantic-release/github"
diff --git a/README.md b/README.md
index 92d9857e..94a8256e 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,15 @@
 # SSI Agent
 
+[![semantic-release: angular](https://img.shields.io/badge/semantic--release-angular-e10079?logo=semantic-release)](https://github.com/semantic-release/semantic-release)
+[![GitHub License](https://img.shields.io/github/license/impierce/ssi-agent)](https://github.com/impierce/ssi-agent/blob/HEAD/LICENSE)
+[![Docker Pulls](https://img.shields.io/docker/pulls/impiercetechnologies/ssi-agent)](https://hub.docker.com/r/impiercetechnologies/ssi-agent)
+
+<!-- This is a playful reference to the "Twelve-Factor App" conventions that we try to follow. -->
+
+[![twelve-factor-app](https://img.shields.io/badge/factors-twelve-blue)](https://12factor.net)
+
+---
+
 ## API specification
 
 [Follow these instructions](./agent_api_rest/README.md) to inspect the REST API.
@@ -161,3 +171,20 @@ OpenID4VCI Pre-Authorized Code Flow
 30-31: See steps 4-5.
    32: The API returns a `200 OK` response with the credential(s) in the response body.
 ```
+
+## Releases
+
+This project uses [semantic-release](https://semantic-release.gitbook.io) - plain and simple, without noteworthy custom configuration.
+
+### Branches
+
+| Branch name | Description                                                                                                  | Example tag      |
+| ----------- | ------------------------------------------------------------------------------------------------------------ | ---------------- |
+| `main`      | Current stable releases. Default version when pulling the `latest` Docker image.                             | `v1.2.1`         |
+| `next`      | Upcoming major version (containing breaking changes). Can be considered a stable preview of coming features. | `v2.0.8`         |
+| `beta`      | Pre-releases that are fully implemented, but require testing, validation and feedback.                       | `v2.0.8-beta.2`  |
+| `alpha`     | Experimental early-stage testing and development.                                                            | `v2.1.2-alpha.4` |
+
+### Merging strategy
+
+All PRs to any of the branches defined above are squashed to preserve a clean history. Since the PR title is used as the commit message, it is important to follow a conventional commit style in order to allow semantic releases (next version is determined by the commits since the last version). Therefore, the PR title is automatically linted by a GitHub Action.
diff --git a/commitlint.config.mjs b/commitlint.config.mjs
new file mode 100644
index 00000000..ba5c66fb
--- /dev/null
+++ b/commitlint.config.mjs
@@ -0,0 +1,3 @@
+export default {
+  extends: ["@commitlint/config-angular"],
+};