Back to HomeVeriGlob Logo

Compliance

Last Updated: January 3, 2025

Compliance Overview

Veriglob is designed from the ground up to help organizations achieve and maintain regulatory compliance while leveraging decentralized identity technology. Our privacy-preserving architecture aligns with global data protection regulations and industry standards.

Compliance by Design: Veriglob's architecture enables data minimization, user consent, and privacy preservation—core requirements of modern privacy regulations—while still meeting verification and audit requirements.

Regulatory Framework Support

General Data Protection Regulation (GDPR)

Veriglob's protocol supports GDPR compliance through:

  • Data Minimization (Art. 5): Verifiers receive only cryptographic proofs, not underlying personal data, collecting only what's necessary for verification.
  • Purpose Limitation (Art. 5): Selective disclosure allows users to share only specific claims required for each purpose.
  • Consent (Art. 6-7): Users explicitly consent before any credential presentation occurs.
  • Right to Access (Art. 15): Users maintain full control and visibility of their credentials and sharing history.
  • Right to Erasure (Art. 17): Users can revoke credentials and remove their data from issuers.
  • Data Portability (Art. 20): Credentials are portable across services using open standards.
  • Privacy by Design (Art. 25): Privacy protection is built into the protocol architecture.

California Consumer Privacy Act (CCPA)

  • Right to Know: Full transparency about what data is collected and how it's used.
  • Right to Delete: Users can request deletion of personal information.
  • Right to Opt-Out: No sale of personal information; users control their data sharing.
  • Non-Discrimination: Equal service regardless of privacy choices exercised.

eIDAS Regulation (EU)

Our protocol aligns with the European electronic identification framework:

  • Support for qualified electronic signatures and seals
  • Interoperability with national eID schemes
  • Compliance with trust service provider requirements
  • Preparation for upcoming eIDAS 2.0 and European Digital Identity Wallet standards

Financial Services Regulations

KYC/AML Compliance

Enable compliant identity verification without storing customer documents. Verifiable credentials from trusted issuers satisfy KYC requirements while minimizing data retention.

PSD2/Open Banking

Strong customer authentication (SCA) support with verifiable credentials for secure, consent-based data sharing.

FATF Guidelines

Travel Rule compliance through verifiable credentials for originator and beneficiary information sharing.

SOX Compliance

Tamper-proof audit trails and access controls support Sarbanes-Oxley requirements.

Certifications and Standards

Current Certifications

In Progress

ISO 27001

Information Security Management System certification demonstrating systematic management of sensitive information.

In Progress

SOC 2 Type II

Service Organization Control audit covering security, availability, processing integrity, confidentiality, and privacy.

In Progress

W3C DID Compliant

Full compliance with W3C Decentralized Identifiers (DIDs) v1.0 specification.

In Progress

W3C VC Compliant

Full compliance with W3C Verifiable Credentials Data Model v1.1 and v2.0.

Planned Certifications

  • ISO 27701: Privacy Information Management (Expected Q3 2025)
  • HIPAA Compliance: Healthcare data protection (Expected Q4 2025)
  • FedRAMP: US Government cloud services authorization (Planned 2026)

Sanctions and Export Compliance

Veriglob maintains strict compliance with international sanctions and export control regulations.

Sanctions Screening

  • Automated screening against OFAC (US), EU, UN, and other international sanctions lists
  • Continuous monitoring and re-screening of existing accounts
  • Immediate suspension of services upon identification of sanctioned parties

Restricted Jurisdictions

Our services are not available in the following jurisdictions:

Cuba, Iran, North Korea, Syria, Crimea region of Ukraine, and other jurisdictions subject to comprehensive US, EU, or UN sanctions. This list may be updated as sanctions regimes change.

Export Controls

Our cryptographic software complies with applicable export control regulations. The open-source protocol components are publicly available under applicable exemptions. Enterprise customers may be subject to additional export compliance requirements.

Data Residency and Sovereignty

We offer data residency options to help organizations meet local data protection requirements:

RegionData CentersAvailability
European UnionFrankfurt, AmsterdamAvailable
United StatesVirginia, OregonAvailable
United KingdomLondonAvailable
Asia PacificSingapore, TokyoAvailable
AfricaSouth AfricaComing Q2 2025

Enterprise customers can configure data residency requirements to ensure data stays within specific geographic boundaries. Contact our sales team for multi-region and custom deployment options.

Trust Registries and Governance

Veriglob supports trust registry integration for regulatory oversight and governance:

  • Issuer Authorization: Define which entities are authorized to issue specific credential types.
  • Verifier Restrictions: Control which verifiers can access certain credential types.
  • Schema Governance: Centralized management of credential schemas for compliance consistency.
  • Audit Logging: Complete audit trails of verification events for regulatory reporting.

Governments and industry consortia can operate their own trust registries using Veriglob's open-source governance framework.

Compliance Tools for Organizations

We provide tools to help organizations using Veriglob maintain their own compliance:

Audit Dashboard

Real-time visibility into verification activities, credential issuance, and access logs for compliance monitoring and reporting.

Compliance Reports

Pre-built compliance reports for common regulatory frameworks, exportable in multiple formats.

Policy Engine

Define and enforce verification policies based on credential types, issuer trust levels, and jurisdictional requirements.

Data Retention Controls

Configurable data retention policies with automatic purging to meet regulatory requirements.

Compliance Assistance

Our compliance team is available to help enterprise customers navigate regulatory requirements:

  • Compliance Consultation: Expert guidance on implementing Veriglob in regulated environments.
  • Documentation: Compliance documentation and certifications available for your auditors.
  • Data Processing Agreements: GDPR-compliant DPAs available for all enterprise customers.
  • Custom Assessments: Tailored compliance assessments for specific regulatory frameworks.

Regulatory Reporting

We are committed to transparency with regulators and provide:

  • Annual transparency reports on law enforcement requests
  • Cooperation with authorized regulatory inquiries
  • Notification to users when legally permitted in case of regulatory actions affecting their data

Contact Compliance Team

For compliance-related inquiries, audit requests, or to discuss specific regulatory requirements:

Veriglob Ltd.

Compliance Team: Compliance Team

Data Protection Officer: DPO Officer

Enterprise Sales: Enterprise Sales

← Back to Home