Compliance & Identity Layer

The Compliance Layer transforms regulatory requirements into enforceable, machine-readable policies. It is built on top of decentralised identity primitives and verifiable credentials, allowing participants to prove that they satisfy specific regulatory conditions without exposing unnecessary personal data.

Participants such as investors, issuers, brokers, and custodians are represented by W3C-compliant Decentralized Identifiers (DIDs). Regulated KYC/KYB providers, accreditation verifiers, and other trusted entities issue Verifiable Credentials (VCs) that attest to attributes such as jurisdiction, investor category, sanctions-screening status, onboarding date, and licence type.

Compliance rules are expressed as policies that reference both these credentials and asset-level parameters. Policies can encode, for example:

• Eligibility criteria for participation in a given offering

• Transfer restrictions, lock-up periods, and holding limits

• Jurisdictional constraints and distribution rules

• Requirements derived from travel rule and reporting obligations

When a transaction is submitted, the Compliance Layer evaluates the relevant policies against the credentials and contextual data associated with the sender, receiver, and asset. Smart contracts and modules can use this evaluation as a gating mechanism, only executing state transitions when applicable policies are satisfied. This architecture keeps regulatory logic explicit, auditable, and upgradable without requiring every application to implement its own compliance engine.