Regulatory compliance
Built for a regulated world
Not bolted-on compliance. Privacy and regulatory adherence built into every layer of the protocol architecture.
GDPReIDAS 2.0FATF Travel RuleSOC 2PSD2HIPAA
Regulatory frameworks
GDPR
General Data Protection Regulation
EU + EEAPrivacy by design. No PII on-chain. Right to erasure via DID revocation. GDPR Article 25 native.
eIDAS 2.0
EU Identity Regulation
European UnionCompatible with EU wallet architecture. Cross-border identity recognition.
FATF AML-CFT
Financial Action Task Force
GlobalCryptographic proof of sender/receiver identity for the Travel Rule. L2/L3 KYC tiers.
SOC 2 (Roadmap)
Service Organization Control 2
USA (AICPA)Type II audit in progress, target Q3 2026. Security, availability, and confidentiality trust service criteria.
PSD2
Payment Services Directive 2
European UnionSCA-compatible credential presentation. Identity verification for open banking.
HIPAA-adjacent
Health Insurance Portability
USAZero PII stored. User-controlled disclosure. Note: Solidus is not a covered entity — consult legal for HIPAA compliance.
GDPR article mapping
How Solidus satisfies each applicable GDPR article.
Article
Requirement
Solidus Approach
Art. 5
Lawfulness, fairness, data minimisation
Only BLAKE3 hash + signature stored. No PII fields on-chain.
Art. 6
Lawful basis for processing
User consent captured at credential issuance. Consent is on-chain.
Art. 17
Right to erasure ('right to be forgotten')
User revokes DID → all derived credentials become invalid. Effective erasure.
Art. 20
Right to data portability
DID is user-controlled and portable across any DID-compatible system.
Art. 25
Data protection by design and by default
Architecture prevents PII storage. Not a policy — an architectural constraint.
Art. 32
Security of processing
Ed25519 signatures, BFT consensus, BLAKE3 hashing, slashing for misbehavior.