About This Page
This Legal & Compliance Hub provides comprehensive information regarding the governance, liability limitations, certification scope, and regulatory framework of the VeritasChain Standards Organization (VSO) and the VeritasChain Protocol (VCP). This page is designed for investors, regulators, auditors, and market participants seeking clarity on legal and compliance matters.
Scope of this Policy
This Legal & Compliance Hub applies to the VeritasChain Protocol (VCP) specification, the VSO certification program (VC-Certified), the VeritasChain Explorer (VCC Explorer), official SDKs and reference implementations, and all services operated under veritaschain.org domain and its subdomains. This policy governs the use of VCP-related tools, documentation, and certification processes provided by VeritasChain Co., Ltd.
Table of Contents
1. Legal Structure & Governance
The VeritasChain Standards Organization (VSO) is an independent international standardization body dedicated to developing and maintaining the VeritasChain Protocol (VCP), a global standard for algorithmic trading transparency, auditability, and security.
Legal Entity
Company Name:
VeritasChain Co., Ltd.
(VeritasChain株式会社)
Jurisdiction:
Tokyo, Japan
Legal Contact:
Website:
Organizational Mission
VSO operates as a neutral, vendor-agnostic entity with the mission to establish cryptographically verifiable standards for algorithmic trading across all financial markets, including:
- High-Frequency Trading (HFT) systems
- Institutional algorithmic trading platforms
- Retail trading systems (MT4/MT5)
- Cryptocurrency exchanges
- Regulatory reporting systems
2. VC-Certified Disclaimer (Critical)
⚠️ IMPORTANT: Scope and Limitations of VC-Certified
VeritasChain Certified (VC-Certified) is a technical compliance certification that verifies a system's adherence to VCP specifications (data integrity, timestamp synchronization, cryptographic signatures, etc.). It is NOT a financial guarantee, investment recommendation, or endorsement of business practices.
What VC-Certified Does NOT Guarantee:
-
No Financial Guarantee: VC-Certified does NOT verify the financial solvency, capital reserves, or business continuity of certified entities. It is not a substitute for financial audits or credit assessments.
-
No Profit or Performance Guarantee: VC-Certified does NOT evaluate or endorse the profitability, investment returns, or trading strategies of any algorithmic system.
-
No Regulatory Compliance Guarantee: While VCP is designed to support compliance with regulations (MiFID II, GDPR, EU AI Act, etc.), full regulatory compliance remains the sole responsibility of the certified entity in their respective jurisdictions.
-
No Business Ethics Guarantee: VC-Certified verifies technical implementation only. It does NOT assess business models, ethical practices, or customer treatment.
Investor Due Diligence Required
Investors and users should conduct independent due diligence regarding the financial health, regulatory status, and business practices of any certified entity. VC-Certified status should be considered as one component of a comprehensive risk assessment, not a standalone guarantee.
3. VSO Independence Policy
VSO operates under strict principles of neutrality and independence to ensure the integrity and credibility of the VeritasChain Protocol and certification process.
Core Principles
Vendor Neutrality
VSO does not affiliate with, promote, or favor any specific technology vendor, broker, exchange, or trading platform.
Jurisdictional Independence
VSO operates independently from national interests, ensuring VCP serves the global financial community without geopolitical bias.
Transparent Governance
VCP specifications are developed through open, transparent processes with community feedback and expert technical committees.
Security First
Cryptographic integrity and data immutability are non-negotiable foundations of the VCP standard.
4. Non-Endorsement Policy
VSO does NOT endorse any specific company, product, broker, proprietary trading firm (prop firm), investment strategy, or financial instrument, regardless of VC-Certified status.
What This Means
-
No Investment Advice: No information provided by VSO constitutes investment advice, recommendations, or solicitation to trade or invest.
-
No Commercial Partnerships: VC-Certified status does not imply a commercial partnership, revenue-sharing agreement, or promotional relationship with VSO.
-
Certification ≠ Recommendation: VC-Certified entities are listed for informational purposes only. Their inclusion does not constitute a recommendation by VSO.
5. Data Privacy & GDPR Compliance
5.1 Protocol-Level Privacy (VCP-PRIVACY)
The VeritasChain Protocol is designed with "Privacy by Design" principles, ensuring that personally identifiable information (PII) is protected through cryptographic mechanisms.
Crypto-Shredding Technology
VCP implements Crypto-Shredding, a technique where PII is encrypted using user-specific encryption keys. If a data subject exercises their "Right to Erasure" under GDPR, the decryption key is destroyed, rendering the encrypted data mathematically unrecoverable while maintaining the immutable audit trail.
Technical Mechanism: AES-256-GCM encryption with key rotation and secure key management systems (KMS).
5.2 GDPR Compliance Framework
VCP is designed to comply with the EU General Data Protection Regulation (GDPR) through the following mechanisms:
- Data Minimization: Only essential data is recorded in VCP logs.
- Purpose Limitation: Data is collected solely for audit, compliance, and regulatory reporting.
- Storage Limitation: Retention periods align with regulatory requirements (typically 5-7 years per MiFID II, CFTC rules).
- Data Subject Rights: Support for access, rectification, erasure (crypto-shredding), and portability.
- Consent Management: VCP-PRIVACY includes consent tracking via unique identifiers.
5.3 Data Retention Policy
VSO does not store user trading data or personal information. Data retention is the responsibility of certified entities (data controllers) who must comply with applicable regulations:
- MiFID II (EU): Minimum 5 years
- CFTC Rules (US): 5 years
- CAT Rule 613 (US): 7 years
- Local Regulations: As required by jurisdiction
6. Limitation of Liability
Disclaimer of Warranties
VSO and VeritasChain Co., Ltd. provide the VCP specification, SDK, VeritasChain Explorer, and all related services on an "AS IS" and "AS AVAILABLE" basis, without warranties of any kind, express or implied.
VSO expressly disclaims all warranties, including but not limited to:
- Merchantability, fitness for a particular purpose, and non-infringement
- Accuracy, reliability, or completeness of VCP specifications or tools
- Uninterrupted or error-free operation of any VCP-compliant system
- Security guarantees against all forms of cyber attacks or data breaches
Limitation of Damages
To the fullest extent permitted by applicable law, VSO and VeritasChain Co., Ltd. shall NOT be liable for any damages arising from the use or inability to use VCP specifications, tools, or services, including but not limited to:
- Direct, indirect, incidental, special, consequential, or punitive damages
- Loss of profits, revenue, data, or business opportunities
- Trading losses or investment losses of any kind
- Costs of procurement of substitute goods or services
- Interruption of business or loss of use
Maximum Liability: In jurisdictions where liability limitations are not permitted, VSO's maximum aggregate liability shall not exceed the fees (if any) paid by the user for VCP-related services in the 12 months preceding the claim.
7. Cookie & Data Handling
7.1 Website Cookies
The VSO website and VeritasChain Explorer use minimal, essential cookies to ensure proper functionality. We do not use third-party advertising or tracking cookies.
Cookie Types Used:
-
Essential Cookies: Required for website functionality (session management, security)
-
Analytics Cookies: Anonymous usage statistics to improve user experience (opt-out available)
Note: No marketing or data sales. All analytics are anonymized.
7.2 Access Logs
Standard server access logs (IP addresses, timestamps, user agents) are collected for security monitoring and service maintenance. These logs are retained for a maximum of 90 days and are not shared with third parties.
7.3 Data Sharing
VSO does not sell, rent, or trade user data. Data may only be disclosed in the following circumstances:
- With user consent
- To comply with legal obligations or court orders
- To protect VSO's legal rights or safety
8. Intellectual Property
8.1 VCP Specification License
The VeritasChain Protocol Specification v1.0 is published under:
CC BY 4.0 International License
This license allows free use, modification, and distribution of the VCP specification, provided that appropriate credit is given to VSO and any changes are indicated. Commercial use is permitted.
View Full License Terms8.2 Trademarks
The following names, logos, and marks are trademarks of VeritasChain Co., Ltd. and may not be used without prior written permission:
VeritasChain
™
VCP
™
VC-Certified
™
Unauthorized use of these trademarks may result in legal action.
8.3 Open Source Components
VSO provides reference implementations and SDKs under open-source licenses (typically Apache 2.0 or MIT). Each component's specific license is clearly indicated in its repository.
9. Regulatory Compliance Framework
VCP is designed to support compliance with major international financial regulations. However, compliance responsibility rests solely with implementing entities.
Supported Regulatory Frameworks
MiFID II (EU)
Clock synchronization accuracy (RTS 25), transaction reporting (RTS 22), record-keeping requirements (Article 16(6))
GDPR (EU)
Privacy by design, data minimization, right to erasure (crypto-shredding), consent management (VCP-PRIVACY module)
EU AI Act (2024)
Transparency and explainability requirements for high-risk AI systems, human oversight, audit trails (VCP-AI-DECISION module)
CAT Rule 613 (US)
Consolidated Audit Trail requirements, nanosecond timestamp precision, lifecycle event tracking
CFTC Rules (US)
Swap data reporting (Part 43, 45), automated trading compliance, record retention (5 years)
Post-Quantum Crypto
Crypto-agility framework supporting migration to NIST-approved post-quantum algorithms (DILITHIUM, FALCON)
Compliance Responsibility
While VCP is designed to facilitate regulatory compliance, final compliance responsibility rests with each certified entity. Organizations must consult with legal and compliance experts to ensure full adherence to applicable laws in their operating jurisdictions.
10. Contact Information
For legal, compliance, or certification inquiries, please contact us through the following channels:
Legal & Compliance
Email: legal@veritaschain.org
For legal inquiries, regulatory questions, and compliance matters
VC-Certified Program
Email: certification@veritaschain.org
For certification applications and audit inquiries
Corporate Address
VeritasChain Co., Ltd.
Tokyo, Japan
Registered legal entity in Tokyo
Response Time: We aim to respond to legal and compliance inquiries within 3-5 business days. For urgent matters, please indicate "URGENT" in the subject line.
Policy Updates
VSO reserves the right to update this Legal & Compliance Hub to reflect changes in:
- International regulations and compliance requirements
- VCP specification versions and technical standards
- Organizational structure or governance policies
- Legal interpretations or jurisdictional requirements
Last Updated: November 25, 2025
Version: 1.0
Next Review: Q2 2026