Regulatory Compliance Status

⚙️ Technical Implementations

🌍 UAE Geo-Blocking (VARA) Implemented

Geographic access restriction for UAE residents in compliance with VARA Marketing Regulations 2024.

Implementation: IP-based geo-filtering
Regulation: VARA Rulebook Section 337
Status: Active since January 2026
Scope: UAE only (country code: AE)

🔑 Clawback Multisig Governance In Implementation

Multi-signature architecture for Stellar CAP-35 Clawback operations to ensure no unilateral control.

Architecture: 3-of-5 Multisig
Parties: Cuandeoro + 2 Independent Validators
Regulation: MiCA Art. 3 (Control Definition)
ETA: Q1 2026

🛡️ GDPR Privacy Architecture Implemented

Data minimization and "cryptographic deletion" for blockchain compliance with GDPR Article 17.

Method: Salted Hash + Key Destruction
Guidance: EDPB Guidelines 02/2025
On-chain Data: Zero PII stored
Off-chain: Encrypted with user-controlled keys

🔐 Client-Side Key Generation Implemented

Cryptographic keys generated exclusively on user devices. Cuandeoro never has access to private keys.

Standard: BIP39/BIP44
Regulation: BaFin Eigenverwahrung
Verification: Open-source audit available

🏗️ Non-Custodial Architecture Summary

✓
MiCA Recital 83 Exemption: Operating as non-custodial software provider. Users retain exclusive control of their cryptographic keys.
✓
BaFin Compliance: Qualifies as "Technischer Dienstleister" (Technical Service Provider) under German KWG, exempt from Kryptoverwahrgeschäft licensing.
✓
Stellar CAP-35 Mitigation: Clawback authority delegated to multi-party governance structure, eliminating unilateral control concerns.

📋 Regulatory Registrations by Jurisdiction

🇪🇸 Spain - CNMV/SEPBLAC Compliant

Anti-money laundering compliance under Law 10/2010 and CNMV crypto provider guidelines.

Registration: SEPBLAC AML Registry
Type: Virtual Asset Service Provider
Status: Active

🇲🇽 Mexico - SAT Registry In Process

Registration with SAT as "Vulnerable Activity" provider under LFPIORPI for AML compliance.

Registration: Padrón de Actividades Vulnerables
Authority: SAT / UIF
Filed: January 2026
Expected: Q1 2026

🇵🇦 Panama - SSNF/UAF In Process

VASP registration under Ley 248 de 2024 with Superintendencia de Sujetos no Financieros.

Regulation: Ley 248 de 2024 (Criptoactivos)
Authority: SSNF
Filed: January 2026
Expected: Q2 2026

🇦🇪 UAE - VARA License Planned

VARA license application planned for future UAE market entry. Currently geo-blocked.

Current Status: Geo-blocking active
License Type: Marketing / VASP
Timeline: To be determined
Contact: compliance@cuandeoro.io

🇪🇺 European Union - MiCA Exempt

Operating under MiCA Recital 83 exemption as non-custodial software provider.

Exemption: Recital 83 (Non-custodial wallet)
Confirmation: Legal opinion obtained
Monitoring: ESMA guidelines compliance

🇩🇪 Germany - BaFin Compliant

Classified as Technical Service Provider (Technischer Dienstleister), not requiring Kryptoverwahrgeschäft license.

Classification: Eigenverwahrung model
Reference: BaFin Merkblatt 2020
Key Control: Client-side only

📅 Compliance Roadmap

January 2026

UAE Geo-blocking Implementation

VARA Marketing Regulations compliance - IP filtering deployed

January 2026

GDPR Privacy Architecture

Salted hash + key destruction mechanism for "cryptographic deletion"

Q1 2026

Mexico SAT Registration

Padrón de Actividades Vulnerables - Documentation submitted

Q1 2026

Multisig Clawback Governance

3-of-5 multi-party governance for Stellar CAP-35 operations

Q2 2026

Panama VASP Registration

Ley 248 de 2024 compliance - SSNF registration

TBD

UAE VARA License Application

Market entry evaluation pending strategic assessment

📧 Compliance Inquiries

For regulatory inquiries or compliance documentation requests:

compliance@cuandeoro.io

🔐 Regulatory Compliance Status

ℹ️ About This Page