Institutional-Grade Security and Compliance by Design
Seven independent layers protect every transaction, every key, and every settlement - with compliance enforced at the protocol layer before finality, not after failure.
What our security posture means for your team.
Six common audience-specific questions answered in plain language. The control tables, attestation reports, and full posture sit below.
Compliance frameworks
SOC 2 Type II in flight (Q4 2027 attestation). HIPAA via AWS BAA. NIST CSF 2.0 + CIS Controls v8 mapped. GDPR + UK GDPR DPIA on file. PCI-DSS scope minimized (we don't store cardholder data; payment flow is delegated). Per-jurisdiction opinions for MiCA/DORA, FCA, MAS, FINMA, JFSA.
Cryptographic posture
Hybrid signatures: classical Ed25519 + post-quantum Dilithium-III on every verdict. KMS / CloudHSM for at-rest keys. Per-tenant encryption keys for PHI. Threshold (14-of-20) BFT consensus across 13+ jurisdictions for chain anchoring. We've already done the post-quantum migration most enterprises are still planning.
Data sovereignty
Customer evidence and PHI never leave the customer's elected jurisdiction. US workloads in US regions. EU workloads in EU regions (Frankfurt/Stockholm). UK in London. Singapore in Singapore. The data-at-rest map matches your residency posture; we don't shuffle data globally for cost.
Non-custodial by construction
JIL doesn't hold customer assets, customer keys, or customer PHI without per-document encryption keys you control. Compromise of JIL doesn't compromise your assets. Compromise of JIL doesn't unlock your sealed records. The blast radius is bounded by design, not by promise.
Audit access
Customer audit teams get read access to CloudTrail logs scoped to their tenant. CourtChain™ anchor stream is verifiable independently (the L1 ledger is public; per-tenant tags are private). SOC 2 Type II report under NDA on request. Pen-test summary letter on request.
Incident response + SLA
Security incidents: 4-hour notification window for confirmed breaches affecting your tenant. Service incidents: status.jilsovereign.com + per-tenant ops contact. SLAs vary by tier - Pre-Clearance Tier 1 = 99.9% / 30s p95 verdict latency; Money API = 99.95% / 2s p95.
Compliance enforced at the protocol layer - before settlement, not after failure.JIL Sovereign Adaptive Transaction Compliance Engine
Five independent security pillars protect every asset and every transaction.
1. SCN Validator Quorum Consensus
Every settlement requires cryptographic agreement from a supermajority of SCN validators distributed across independent legal jurisdictions.
- 14-of-20 BFT - every settlement requires agreement from SCN validators across multiple legal jurisdictions
- Network survives 6 simultaneous SCN validator failures with zero impact to operations
- No single government, corporation, or individual can unilaterally control the network
- SCN Validators operate across 13 independent compliance zones worldwide
2. Cryptographic Verification
Dual-layer cryptographic verification combining current-generation algorithms with post-quantum lattice-based cryptography.
- Post-quantum Dilithium/Kyber lattice-based cryptography for long-term security
- Ed25519 for high-performance current-generation signing operations
- Future-proof cryptographic foundation designed for 50+ years against quantum computing advances
- AES-256-GCM encryption at rest for all key material and sensitive data
3. Key Management (MPC 2-of-3)
True self-custody through multi-party computation threshold signing. The user always holds one key shard - no single party can sign unilaterally.
- User holds one key shard - true self-custody with no counterparty risk
- Recovery ceremony protocol with guardian attestation for key restoration
- No single party can sign transactions unilaterally - requires 2-of-3 agreement
- $250K automatic protection coverage included with Premium tier
4. On-Chain Attestation and Immutable Record
Every attestation result is signed, recorded immutably on the distributed ledger, and permanently retrievable via API.
- Attestation enforced before consensus - every transaction completes identity, sanctions, and origin checks
- Jurisdiction-aware rules covering SEC, MiCA, MAS, FINMA, FCA, BaFin, JFSA, FSRA, CVM, and FATF
- Zone-based security isolation for different asset classes and risk profiles
- Immutable blockchain record for every attestation result - retrievable via API at any time
5. Independent Validation
The security model has been independently reviewed by external engineering firms with continuous automated testing across all layers.
- Independent attestation and security testing by [SOC2-FIRM]
- BlockChainX security assessment of protocol and infrastructure
- 512M certified test cases across SOC 2, NIST CSF 2.0, OWASP, FIPS 140-3, and 8 additional frameworks
- Ongoing security monitoring via SentinelAI Fleet Inspector
Compliance enforced at the protocol layer - before settlement, not after failure.
The Adaptive Transaction Compliance Engine (ATCE) evaluates every transaction against identity, sanctions, jurisdiction, and risk rules before finality is granted.
Adaptive Transaction Compliance Engine (ATCE)
Three security zones - Protected, Unprotected, and Quarantine - with real-time policy evaluation before every settlement.
- Pre-execution policy evaluation on every transaction
- Corridor-based compliance gating per jurisdiction pair
- Automatic quarantine of suspicious activity
- Settlement pause triggers for anomalous patterns
- Immutable compliance receipts for every decision
Identity Verification (KYC/KYB)
Multi-layer identity verification stack covering individuals, businesses, and beneficial ownership structures.
- Business identity verification via GLEIF LEI and OpenCorporates
- Ultimate Beneficial Owner (UBO) graph analysis with circular ownership detection
- Email and domain verification (RDAP, MX/SPF/DMARC, disposable blocklist)
- Document proofing via pluggable third-party providers (Onfido, Jumio, Sumsub)
- No raw PII stored on-chain - credential-bound identity only
Sanctions and Screening
Real-time sanctions screening embedded at the protocol layer - every transaction is screened before settlement.
- OFAC SDN list screening on every counterparty
- OpenSanctions/Yente integration for global watchlists
- PEP (Politically Exposed Persons) detection
- Cross-border corridor risk evaluation (FATF/OFAC flags)
- Batch screening for high-throughput institutional workflows
Risk Scoring and Fraud Prevention
Composite risk scoring engine that evaluates transactions across multiple dimensions before allowing settlement.
- 0-100 composite risk score per transaction
- Auto-approve, hold, or reject based on configurable thresholds
- Velocity and behavioral anomaly detection
- Beneficiary change hold (72-hour cooling period)
- Immutable forensic audit trail with hash chaining
Designed to operate within regulated environments across 13+ jurisdictions.
The compliance engine supports jurisdiction-specific rules for each regulatory framework:
| Region | Regulator / Framework |
|---|---|
| United States | SEC, OFAC, FinCEN |
| European Union | MiCA, AMLD6 |
| Switzerland | FINMA |
| Singapore | MAS |
| Abu Dhabi | FSRA / ADGM |
| United Kingdom | FCA |
| Germany | BaFin |
| Japan | JFSA |
| Brazil | CVM |
| Global | FATF Travel Rule |
- KYC/KYB validation enforced before settlement
- Sanctions screening at the protocol layer (not application layer)
- Jurisdiction fencing per compliance zone
- FATF Travel Rule support for cross-border corridors
- Immutable audit traceability for every compliance decision
Every Claim is Verifiable
JIL Sovereign publishes cryptographic proof artifacts, SCN validator attestations, and compliance receipts for independent verification. Every security claim made on this page can be validated through on-chain evidence.
Security and Compliance Roadmap
External Validation
Independent engineering review by Emerging Technologies LLC and BlockChainX
SOC 2 Engagement
SOC 2 Type II audit formally engaged with [SOC2-FIRM]
Protocol Audit
Full protocol security audit covering consensus, MPC, and verification layers
SOC 2 Type II
Certification leveraging 512M+ certified test evidence base across 12 frameworks
Bridge Verification
Independent verification of cross-chain bridge contracts and relayer security
Independent Testing and Certification
Independent Testing
512 million test cases certified across 12 frameworks by [SOC2-FIRM]
SOC 2 Type II
Audit engagement in progress - estimated completion [SOC2-DATE]
EDGAR Filing
SEC Regulation D Rule 506(c) filed - EDGAR #9999999996-26-031508 | DUNS #10258665
Explore the Security and Compliance Architecture
Review the evidence, examine the infrastructure, or connect with our team to discuss institutional security and compliance requirements.
Request a briefing
One mailbox for institutional security inquiries, SOC 2 documentation requests, and compliance diligence. Response within one business day.
Schedule a call
For confidential institutional inquiries. Routed to the security team for technical review.