Compliance & Legal Framework

QBridge is built not just for security — but for compliance, auditability, and legal enforceability across jurisdictions. It enforces policies at the protocol level, not just in UI or apps.

📜 1. Programmable Enforcement

QBridge enables asset issuers to define compliance logic directly in smart contracts using a modular policy engine.

🛠️ No-code jurisdiction and KYC policies = gas-level enforcement.

✅ Supported policies:

• Jurisdiction filters (e.g. “Not available to U.S. persons”)

• Whitelist/blacklist enforcement

• Accredited investor only

• Transfer cap per wallet / time

📎 Example:

solidityCopyEditmodifier onlyAllowedJurisdiction(address user) {
  require(KYCRegistry[user].country != "US", "Restricted region");
  _;
}

---

🔐 2. On-Chain Identity Attestation

QBridge integrates identity proofs via:

• zkKYC / zkEmail / zkPassports

• Selectable opt-in disclosure

• Zero-knowledge preservation of private data

🧠 This means users can prove they’re accredited without revealing names, IDs, or addresses.

---

📡 3. Legal Metadata Channels

Each cross-chain payload includes:

Field	Example
Jurisdiction	SG (Singapore)
Asset License	bond-license-472-HKMA
Transfer Purpose	collateral, secondary sale, refund
Entity Type	private investor, fund, issuer

📎 Metadata is embedded, hashed, and validated on both source & target chain.

---

🧾 4. zkLedger for Regulatory Auditing

QBridge logs every transaction in a privacy-preserving ledger that supports:

• Opt-in audit visibility for approved regulators

• Immutable trails of mint/burn/lock/unlock events

• No user-identifiable data leak

🕵️ Regulators get oversight. Users keep privacy.

✅ Auditing support for:

• MiCA (Europe)

• eIDAS (EU digital ID)

• GDPR, HKPDPO (Asia)

---

🔄 Visual Suggestion: “Compliance Flow”

A flowchart showing:

1. User → zkKYC → token transfer request

2. Compliance oracle checks jurisdiction & role

3. Transfer executes or reverts

4. Event logged in zkLedger

5. Auditor reads from ledger if opted-in