Regulatory compliance

Built for a regulated world

Not bolted-on compliance. Privacy and regulatory adherence built into every layer of the protocol architecture.

GDPReIDAS 2.0FATF Travel RuleSOC 2PSD2HIPAA

Regulatory frameworks

GDPR

General Data Protection Regulation

EU + EEA

Privacy by design. No PII on-chain. Right to erasure via DID revocation. GDPR Article 25 native.

eIDAS 2.0

EU Identity Regulation

European Union

Compatible with EU wallet architecture. Cross-border identity recognition.

FATF AML-CFT

Financial Action Task Force

Global

Cryptographic proof of sender/receiver identity for the Travel Rule. L2/L3 KYC tiers.

SOC 2 (Roadmap)

Service Organization Control 2

USA (AICPA)

Type II audit in progress, target Q3 2026. Security, availability, and confidentiality trust service criteria.

PSD2

Payment Services Directive 2

European Union

SCA-compatible credential presentation. Identity verification for open banking.

HIPAA-adjacent

Health Insurance Portability

USA

Zero PII stored. User-controlled disclosure. Note: Solidus is not a covered entity — consult legal for HIPAA compliance.

GDPR article mapping

How Solidus satisfies each applicable GDPR article.

Article
Requirement
Solidus Approach
Art. 5
Lawfulness, fairness, data minimisation
Only BLAKE3 hash + signature stored. No PII fields on-chain.
Art. 6
Lawful basis for processing
User consent captured at credential issuance. Consent is on-chain.
Art. 17
Right to erasure ('right to be forgotten')
User revokes DID → all derived credentials become invalid. Effective erasure.
Art. 20
Right to data portability
DID is user-controlled and portable across any DID-compatible system.
Art. 25
Data protection by design and by default
Architecture prevents PII storage. Not a policy — an architectural constraint.
Art. 32
Security of processing
Ed25519 signatures, BFT consensus, BLAKE3 hashing, slashing for misbehavior.

Compliance built in, not bolted on.