# Compliance and Regulation Model

Real-world assets are governed by jurisdiction-specific laws, investor eligibility rules, and transfer restrictions. A decentralized tokenisation protocol cannot ignore these constraints — but it also cannot hard-code a single regulatory worldview into global infrastructure.

The compliance model is therefore designed to be **configurable, explicit, and enforceable**, without turning the protocol into a centralized gatekeeper.

***

#### Compliance as On-Chain Rules, Not Off-Chain Promises

Compliance in Invest Network is enforced through **on-chain rule sets**, not through issuer policy statements or manual intervention.

These rules may govern:

* who can hold a token
* who can transfer it
* under what conditions transfers are allowed
* when transfers must be restricted or paused

If a rule is not encoded, it is not enforced.

This removes ambiguity and prevents selective or discretionary enforcement.

***

#### Jurisdiction-Aware, Not Jurisdiction-Locked

Assets may be subject to different regulations depending on the holder’s jurisdiction.

The protocol supports:

* jurisdiction-specific rule sets
* asset-level compliance configuration
* dynamic eligibility checks

At the same time, it avoids:

* assuming a single global regulator
* embedding country lists directly into protocol logic

Jurisdictional interpretation remains external; enforcement remains deterministic.

***

#### Permissioned and Permissionless Modes

The same tokenisation framework supports different access models.

| Mode           | Description                           |
| -------------- | ------------------------------------- |
| Permissionless | Anyone may hold and transfer          |
| Permissioned   | Eligibility checks enforced           |
| Hybrid         | Transfers restricted under conditions |

These modes are selected **per asset**, not globally, allowing different RWAs to coexist on the same network.

***

#### Investor Eligibility Without Identity Exposure

Compliance often requires knowing *whether* someone is eligible, not *who* they are.

The protocol supports:

* credential-based eligibility proofs
* role-based access controls
* privacy-preserving verification mechanisms

Where appropriate, zero-knowledge proofs can be used to demonstrate compliance **without revealing personal identity or financial data**.

***

#### Transfer Restrictions and Enforcement

Compliance rules are evaluated at the point of transfer.

This includes checks such as:

* sender eligibility
* recipient eligibility
* holding limits
* lock-up or vesting periods

If a transfer violates rules, it fails atomically. There are no retroactive reversals or discretionary overrides.

***

#### Regulatory Change Over Time

Regulatory environments evolve.

The compliance model supports:

* governed updates to rule sets
* transparent change logs
* forward-compatible rule definitions

Updates are:

* explicit
* auditable
* subject to asset-level governance

There is no silent rule drift.

***

#### What the Protocol Does *Not* Do

To avoid false assumptions, the protocol does not:

* interpret laws
* verify legal opinions
* guarantee regulatory compliance in all jurisdictions
* substitute for legal advice

It enforces declared rules — nothing more.

***

#### Compliance Failure Modes

When compliance inputs fail or become uncertain:

* transfers can be restricted
* issuance may be paused
* escalation paths are triggered

The system prioritizes **legal safety over liquidity**.

***

#### Why This Model Works

Many tokenisation platforms either:

* ignore compliance entirely
* centralize it behind opaque permissioning systems

This model avoids both extremes by:

* encoding compliance rules explicitly
* separating interpretation from enforcement
* supporting privacy-preserving verification

The result is a system that institutions can reason about and regulators can inspect.