Skip to content

Ontology

Generated from ontology/cfr.ttl.

Class hierarchy

On-chain Artifact

graph LR
    On_chain_Artifact["On-chain Artifact"]
    On_chain_Artifact --> Merkle_Patricia_Trie["Merkle Patricia Trie"]
    Merkle_Patricia_Trie --> Identity_Trie["Identity Trie"]
    Merkle_Patricia_Trie --> Process_Trie["Process Trie"]
    Merkle_Patricia_Trie --> Regulation_Trie["Regulation Trie"]
    On_chain_Artifact --> Smart_Contract["Smart Contract"]
Class Description
On-chain Artifact An on-chain data structure or mechanism in the architecture.
Merkle Patricia Trie An MPT stored in a single UTxO. Three types: identity trie, regulation trie, process trie.
↳ Identity Trie Attested actor public keys. Maintained by the identity provider.
↳ Process Trie Items, processes, and state. One per operator. Governed by the smart contract.
↳ Regulation Trie Actor qualifications and operator standing. Maintained by the regulator. Reference input for the smart contract.
Smart Contract The regulation in executable form. A Plutus validator published by the regulator. Governs the process trie, reads identity and regulation tries as reference inputs.

Party

graph LR
    Party["Party"]
    Party --> Beneficiary["Beneficiary"]
    Party --> Identity_Provider["Identity Provider"]
    Party --> Operator["Operator"]
    Party --> Regulator["Regulator"]
    Party --> User["User"]
    Party --> Verification_Body["Verification Body"]
Class Description
Party An actor in a regulated process. The schema defines four canonical roles; each regulation maps its actors to these roles.
Beneficiary A party that benefits from the transparency the regulation creates.
Identity Provider Maintains the identity trie of verified real-world entities. Attests actor public keys. Can serve multiple regulators.
Operator Participates in the regulated market. Manages a process trie. A transparent pipe: collects user payloads, verifies off-chain, submits transactions, pays fees.
Regulator The institution that defines the rules. Maintains the regulation trie, publishes the smart contract, defines the beacon minting policy. Does not run infrastructure.
User Interacts with the process via a signing function. No wallet, no ADA, no blockchain knowledge. Receive, use, pass on.
Verification Body An entity that checks compliance — auditors, notified bodies, certification bodies, market surveillance authorities.

Protocol Pattern

graph LR
    Protocol_Pattern["Protocol Pattern"]
    Protocol_Pattern --> Baton_Pattern["Baton Pattern"]
    Protocol_Pattern --> Beacon_Gated_Attestation["Beacon-Gated Attestation"]
    Protocol_Pattern --> Commitment_then_Submit["Commitment-then-Submit"]
    Protocol_Pattern --> Cross_Operator_Handoff["Cross-Operator Handoff"]
    Protocol_Pattern --> Double_Signature["Double Signature"]
    Protocol_Pattern --> Lifecycle_State_Machine["Lifecycle State Machine"]
    Protocol_Pattern --> MPT_per_Operator["MPT-per-Operator"]
    Protocol_Pattern --> Operator_as_Aggregator["Operator-as-Aggregator"]
    Protocol_Pattern --> Relay_State_Machine["Relay State Machine"]
    Protocol_Pattern --> Reward_Distribution["Reward Distribution"]
    Protocol_Pattern --> Tiered_Access["Tiered Access"]
    Protocol_Pattern --> Upstream_Verification["Upstream Verification"]
Class Description
Protocol Pattern A reusable on-chain pattern extracted from the framework. Each addresses a specific class of regulatory requirement.
Baton Pattern Authorization travels as a baton. Actor A's final submission includes Actor B's pubkey. Atomic transfer, no gap.
Beacon-Gated Attestation Operator must mint a beacon (sampling standing from regulation trie) before collecting user attestations. Forces transparency.
Commitment-then-Submit Proves an action occurred within a time window. Single-use, slot-bounded, no off-chain timestamp trust.
Cross-Operator Handoff Responsibility transfer. Old leaf read-only, new leaf in receiving operator's trie with back-link to original root.
Double Signature Every transition requires two signatures: process (authentication) and actor (authorization).
Lifecycle State Machine Status field in MPT leaf with on-chain validated transitions. No backward transitions unless explicitly allowed.
MPT-per-Operator One UTxO per operator, items as leaves. Cost scales with operators not items.
Operator-as-Aggregator Users have no wallet. Operator collects and batches actions into transactions, pays all fees.
Relay State Machine Multiple actors act in sequence. The regulation defines the ordering. Timeout/escalation if an actor stalls.
Reward Distribution Monotonically increasing reward accumulator in MPT leaf. Each valid action adds to the reporter's total.
Tiered Access On-chain: root hash only. Off-chain: encrypted layers per access tier (public, authorized, authority-only).
Upstream Verification One operator's compliance depends on reading another operator's trie. Supply chain cascading.

Regulation

graph LR
    Regulation["Regulation"]
    Regulation --> EU_Regulation["EU Regulation"]
    Regulation --> ISO_Standard["ISO Standard"]
    Regulation --> Industry_Certification["Industry Certification"]
Class Description
Regulation A regulation, directive, standard, or certification scheme analyzed through the framework. The top-level entity for each case study.
EU Regulation A regulation or directive issued by the European Union.
ISO Standard An ISO/IEC management system or product standard.
Industry Certification A sector-specific certification scheme (TISAX, PCI DSS, etc.).

Schema Mechanism

graph LR
    Schema_Mechanism["Schema Mechanism"]
    Schema_Mechanism --> Beacon["Beacon"]
    Schema_Mechanism --> Signing_Function["Signing Function"]
Class Description
Schema Mechanism A core mechanism in the schema that connects parties to the chain. Not an on-chain artifact per se — these are the conceptual constructions that make the protocol work.
Beacon The regulator's policy carrier. Forces the operator to sample their standing and the applicable data policy from the regulation trie before collecting user attestations. Carries two things: standing (the regulator's assessment) and data policy (who may receive the data and under what conditions). The user encrypts their contribution for the beacon's recipients and signs over the beacon. Expires to prevent stale reputation and stale disclosure authorization.
Signing Function An off-chain opaque capability that produces signatures. Lives on hardware (SE050), phone enclave, server, TEE, or ZK circuit. Only its public key and signatures appear on-chain.

Standalone classes

Class Description
Access Tier Visibility level for a data element.
Bright Line Phase A phase in the lifecycle of an on-chain hash's personal data status. The hash transitions from personal data (with lawful basis) to anonymous data (outside GDPR scope) when the off-chain pre-image is deleted.
Compliance Record A specific record type stored as a leaf in the process trie. The on-chain representation of an obligation.
Concrete Party A specific real-world actor type in a regulation, mapped to a schema role. E.g., 'Data Controller' maps to OperatorRole.
Constraint A constraint that must hold for a regulation to be a good blockchain candidate. All five must pass.
Constraint Assessment The result of evaluating a constraint against a specific regulation: pass or fail with justification.
Data Policy The beacon's second payload. Defines who may receive the data (recipient public keys or key classes) and under what conditions. The regulator encodes parameterized disclosure rules in the regulation trie; the beacon carries the applicable rule for each interaction.
Data Type Classification of a data element in a regulation.
Disclosure Context A parameterized rule that determines encryption recipients based on the purpose of the interaction. Examples: routine reading (owner + regulator), pre-sale disclosure (owner + buyer + regulator), regulatory audit (regulator only), repurposing (both operators + regulator).
Fit Assessment Overall blockchain fit assessment for a regulation.
Formal Invariant A property that must hold for a protocol pattern. If it cannot be stated precisely, the design is incomplete.
Guard A condition the validator checks for a specific redeemer action. Universal guards apply to all actions.
Lifecycle State A state in a lifecycle state machine.
Mode Physical mode (hardware attestation) or process mode (protocol enforcement).
Obligation A specific reporting or compliance obligation within a regulation, mapped to a protocol pattern.
Penalty The consequence of non-compliance.
Redeemer Action A specific action the smart contract recognises. Each action has guards (conditions the validator checks).
State Transition A valid transition between lifecycle states, triggered by a redeemer action.
Tension A conflict between a GDPR principle and a blockchain architectural property. Each tension has a standard framing, the architecture's response, and a residual risk.
Three-Question Pre-filter Quick screening: multi-party data, institutional anchor, verifiable history. All three must hold.
Token Type Something that behaves like a token in the regulation.
Trust Level
Trust Relationship The trust level between two parties, the risk if trust is misplaced, and whether blockchain mitigates it.

Property map

graph LR
    Regulation["Regulation"] -->|has fit assessment| Fit_Assessment["Fit Assessment"]
    Regulation["Regulation"] -->|uses mode| Mode["Mode"]
    Regulation["Regulation"] -->|has party| Concrete_Party["Concrete Party"]
    Concrete_Party["Concrete Party"] -->|maps to role| Party["Party"]
    Regulation["Regulation"] -->|has obligation| Obligation["Obligation"]
    Obligation["Obligation"] -->|implemented by| Protocol_Pattern["Protocol Pattern"]
    Obligation["Obligation"] -->|has data type| Data_Type["Data Type"]
    Obligation["Obligation"] -->|has access tier| Access_Tier["Access Tier"]
    Obligation["Obligation"] -->|produces record| Compliance_Record["Compliance Record"]
    Regulation["Regulation"] -->|has constraint assessment| Constraint_Assessment["Constraint Assessment"]
    Constraint_Assessment["Constraint Assessment"] -->|assesses constraint| Constraint["Constraint"]
    Regulation["Regulation"] -->|has trust relationship| Trust_Relationship["Trust Relationship"]
    Trust_Relationship["Trust Relationship"] -->|party A| Concrete_Party["Concrete Party"]
    Trust_Relationship["Trust Relationship"] -->|party B| Concrete_Party["Concrete Party"]
    Trust_Relationship["Trust Relationship"] -->|has trust level| Trust_Level["Trust Level"]
    Regulation["Regulation"] -->|has token| Token_Type["Token Type"]
    Regulation["Regulation"] -->|has penalty| Penalty["Penalty"]
    Regulation["Regulation"] -->|uses pattern| Protocol_Pattern["Protocol Pattern"]
    Protocol_Pattern["Protocol Pattern"] -->|has invariant| Formal_Invariant["Formal Invariant"]
    Regulation["Regulation"] -->|has redeemer action| Redeemer_Action["Redeemer Action"]
    Redeemer_Action["Redeemer Action"] -->|has guard| Guard["Guard"]
    Regulation["Regulation"] -->|has lifecycle| Lifecycle_State_Machine["Lifecycle State Machine"]
    Lifecycle_State_Machine["Lifecycle State Machine"] -->|has state| Lifecycle_State["Lifecycle State"]
    Lifecycle_State_Machine["Lifecycle State Machine"] -->|has transition| State_Transition["State Transition"]
    State_Transition["State Transition"] -->|from state| Lifecycle_State["Lifecycle State"]
    State_Transition["State Transition"] -->|to state| Lifecycle_State["Lifecycle State"]
    State_Transition["State Transition"] -->|triggered by| Redeemer_Action["Redeemer Action"]
    On_chain_Artifact["On-chain Artifact"] -->|maintained by| Party["Party"]
    Merkle_Patricia_Trie["Merkle Patricia Trie"] -->|governed by| Smart_Contract["Smart Contract"]
    Smart_Contract["Smart Contract"] -->|reads as reference input| Merkle_Patricia_Trie["Merkle Patricia Trie"]
    Beacon["Beacon"] -->|has data policy| Data_Policy["Data Policy"]
    Data_Policy["Data Policy"] -->|has disclosure context| Disclosure_Context["Disclosure Context"]
    Regulation["Regulation"] -->|has bright line phase| Bright_Line_Phase["Bright Line Phase"]
    Regulation["Regulation"] -->|has tension| Tension["Tension"]
    Regulation["Regulation"] -->|converges with| Regulation["Regulation"]
    Regulation["Regulation"] -->|complemented by| Regulation["Regulation"]

Object properties

Property Domain Range Description
assesses constraint Constraint Assessment Constraint
complemented by Regulation Regulation A standard that operationalises a regulation (e.g., ISO 27001 for NIS2).
converges with Regulation Regulation Compliance evidence from one regulation satisfies requirements of another. The same trie serves multiple smart contracts.
from state State Transition Lifecycle State
governed by Merkle Patricia Trie Smart Contract
has access tier Obligation Access Tier
has bright line phase Regulation Bright Line Phase A phase in the hash personal-data lifecycle for this regulation.
has constraint assessment Regulation Constraint Assessment
has data policy Beacon Data Policy The data policy carried by this beacon.
has data type Obligation Data Type
has disclosure context Data Policy Disclosure Context A disclosure context permitted by this data policy.
has fit assessment Regulation Fit Assessment
has guard Redeemer Action Guard
has invariant Protocol Pattern Formal Invariant
has lifecycle Regulation Lifecycle State Machine
has obligation Regulation Obligation
has party Regulation Concrete Party A concrete actor type in this regulation.
has penalty Regulation Penalty
has redeemer action Regulation Redeemer Action
has state Lifecycle State Machine Lifecycle State
has tension Regulation Tension
has token Regulation Token Type
has transition Lifecycle State Machine State Transition
has trust level Trust Relationship Trust Level
has trust relationship Regulation Trust Relationship
implemented by Obligation Protocol Pattern The protocol pattern that realises this obligation on-chain.
maintained by On-chain Artifact Party
maps to role Concrete Party Party The schema role this concrete party maps to.
party A Trust Relationship Concrete Party
party B Trust Relationship Concrete Party
produces record Obligation Compliance Record The on-chain compliance record type this obligation creates.
reads as reference input Smart Contract Merkle Patricia Trie
to state State Transition Lifecycle State
triggered by State Transition Redeemer Action
uses mode Regulation Mode
uses pattern Regulation Protocol Pattern

Datatype properties

Property Domain Range Description
action label Redeemer Action string
architecture response Tension string How this architecture addresses the tension.
behavior Token Type string
deadline Obligation string E.g., '72 hours', '1 month', '3-year cycle'.
description Guard string
description Penalty string
formal statement Formal Invariant string
full text URL Regulation anyURI Link to the official regulation text (EUR-Lex, ISO, etc.).
in force date Regulation date
is universal Guard boolean True if this guard applies to every redeemer action.
justification Constraint Assessment string
legal basis Obligation string Article reference, e.g., 'Art 33'.
maximum fine Penalty string E.g., '€20M / 4% global turnover'.
mitigation Trust Relationship string
obligation label Obligation string
official reference Regulation string Official identifier, e.g., '(EU) 2016/679'.
on-chain representation Compliance Record string What is stored on-chain, e.g., 'hash of consent record + timestamp'.
party label Concrete Party string E.g., 'Data Controller', 'Manufacturer', 'Supervisory Authority'.
proof status Formal Invariant string 'Proved', 'Conjectured', 'Open'.
residual risk Tension string The remaining risk after the architecture addresses the tension.
result Constraint Assessment string 'Pass' or 'Fail'.
risk Trust Relationship string
standard framing Tension string How the literature frames this tension.
tension label Tension string
token label Token Type string

Named individuals

Individual Type
Active Compliance Bright Line Phase
Authorities Only Access Tier
Authorized Operators Access Tier
Certificate Token Type
Credit Token Type
Data Cadence Constraint
Dynamic Data Type
Emergency Recall Disclosure Context
Event-driven Data Type
Fee Alignment Constraint
Good Fit Assessment
High Trust Level
Identity Delegation Constraint
Liveness Constraint
Low Trust Level
Medium Fit Assessment
Medium Trust Level
None Trust Level
Obligation Token Type
Physical Mode Mode
Post-Erasure Bright Line Phase
Pre-sale Disclosure Disclosure Context
Process Mode Mode
Public Access Tier
Regulatory Audit Disclosure Context
Repurposing Assessment Disclosure Context
Restricted Access Tier
Retention under Exception Bright Line Phase
Reward Token Type
Right Token Type
Routine Reading Disclosure Context
Sequential Access Constraint
Static Data Type
Strong Fit Assessment
Weak Fit Assessment