Paxeer. All documents
COMPLIANCE

Compliance Statement

Issued by
PaxLabs Inc., a Delaware corporation ("PaxLabs," "we," "us," or the "Operator"), on behalf of the Paxeer ecosystem's operated services.
Version
1.0
Effective Date
June 10, 2026

1Our Approach to Compliance

1.1 The Paxeer ecosystem combines a decentralized Layer 1 blockchain (the Paxeer Network), a marketplace for Agent services and Developer APIs (Deus), an AI agentic infrastructure (Matrix), and supporting settlement, security, and governance infrastructure. We build and operate these services with compliance as a design consideration — embedded in architecture, governance, and operations — while recognizing the genuine novelty of agentic, onchain systems and the evolving state of the law that governs them.

1.2 This Compliance Statement (the "Statement") summarizes PaxLabs' compliance posture across the regulatory frameworks applicable to the Services. It is a transparency document, not an operative policy. The underlying policies referenced below contain the binding obligations and operative detail.

1.3 This Statement supplements the Terms of Service and should be read together with the full suite of policies incorporated therein.

2Regulatory Frameworks We Address

PaxLabs designs and operates its services to address the requirements of the following frameworks, to the extent they apply to PaxLabs' activities, the Services offered, the jurisdictions in which the Services are available, and the Users who access them:

2.1 Data Protection and Privacy

  • (i)The EU and UK General Data Protection Regulation ("GDPR") — governing the collection, processing, storage, and transfer of personal data of individuals in the EEA and UK.
  • (ii)The California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA") — governing the collection, use, and sale/sharing of personal information of California residents.
  • (iii)Other U.S. state privacy laws — including the Colorado Privacy Act, Connecticut Data Privacy Act, Virginia Consumer Data Protection Act, and similar legislation as enacted.
  • (iv)Operative policies: Privacy Policy; On-Chain Data Privacy Notice.

2.2 Financial Crime Prevention

  • (i)Anti-money-laundering and counter-terrorist-financing laws — including the U.S. Bank Secrecy Act and FinCEN regulations, EU Anti-Money Laundering Directives, UK Money Laundering Regulations, and FATF Recommendations.
  • (ii)Sanctions programs — including those administered by OFAC, the UN, the EU, and HM Treasury.
  • (iii)Counter-proliferation financing obligations, where applicable.
  • (iv)Operative policies: AML/KYC Policy; Acceptable Use Policy.

2.3 Crypto-Asset Regulation

  • (i)The EU Markets in Crypto-Assets Regulation ("MiCA") — to the extent PaxLabs or its ecosystem entities provide crypto-asset services within the scope of MiCA, including custody, exchange, transfer, and advisory services.
  • (ii)Analogous national and state-level crypto-asset, virtual-currency, and money-transmission regulatory regimes, as applicable to the services operated by PaxLabs and ChainFlow Inc.
  • (iii)Operative policies: Terms of Service; AML/KYC Policy; Risk Disclosures and Asset Disclosure.

2.4 Artificial Intelligence

  • (i)The EU Artificial Intelligence Act (Regulation (EU) 2024/1689) — establishing risk-based obligations for AI systems, including prohibitions on certain practices, requirements for high-risk systems, and transparency obligations.
  • (ii)Emerging AI governance frameworks in other jurisdictions, monitored on an ongoing basis.
  • (iii)Operative policies: EU AI Act Compliance page; AI Agent Responsible Use Policy; Acceptable Use Policy.

2.5 Consumer Protection and Electronic Commerce

  • (i)Applicable consumer-protection laws in the jurisdictions where the Services are offered, including requirements related to unfair or deceptive practices, electronic disclosures, and digital-service transparency.
  • (ii)The EU Digital Services Act ("DSA"), to the extent applicable to PaxLabs as a provider of intermediary services to EU users.
  • (iii)Operative policies: Terms of Service; Marketplace Terms and Conditions; Privacy Policy.

2.6 Intellectual Property

  • (i)Copyright, trademark, patent, and trade-secret laws applicable to the Services and to content submitted by Users.
  • (ii)The EU Digital Single Market Directive (Directive (EU) 2019/790), including text-and-data-mining provisions, to the extent relevant to AI model training and content processing.
  • (iii)Operative policies: Terms of Service (Section 9); API Terms of Use.

2.7 Applicability determination. The applicability of each framework depends on the specific service, the activity, the User, and the jurisdiction. PaxLabs determines applicability with qualified counsel on a framework-by-framework and jurisdiction-by-jurisdiction basis. This Statement describes the frameworks PaxLabs addresses; it does not represent that every framework applies to every Service or in every jurisdiction.

3The Decentralization and Irreversibility Boundary

3.1 What PaxLabs operates. PaxLabs operates certain services within the ecosystem, including: account onboarding and identity verification; the Deus marketplace; the Matrix agentic infrastructure and AI features; the Credit Ledger and metered billing; developer tooling, APIs, and SDKs; and the websites and interfaces through which Users access the Services. ChainFlow Inc. operates the settlement and transaction-processing infrastructure. OpenNet Security LLC provides security engineering, auditing, and incident response.

3.2 What PaxLabs does not control. The Paxeer Network is a decentralized protocol. PaxLabs does not control the Network's consensus mechanism, validator set, block production, or the execution of smart contracts deployed by third parties. The Paxeer Network Foundation stewards the protocol but does not operate Onchain Activity on behalf of Users. Third-party Developers and Operators build and deploy their own Agents, APIs, and applications through Matrix; PaxLabs provides infrastructure but does not control the behavior of third-party systems.

3.3 Why the boundary matters. PaxLabs' compliance commitments attach to the services PaxLabs operates, not to the underlying protocol's autonomous, permissionless operation. This boundary materially affects which obligations PaxLabs can fulfill:

  • (i)Obligations PaxLabs can fulfill — identity verification; sanctions screening of Users and transactions within operated services; transaction monitoring within settlement infrastructure; data-protection compliance for off-chain data; AI Act obligations for AI systems PaxLabs provides or deploys; content moderation and listing review on Deus; enforcement actions (suspension, termination, holds on contestable funds); law-enforcement cooperation; and regulatory reporting.
  • (ii)Obligations limited by decentralization and immutability — erasure or rectification of onchain data (which is permanent and public by design); reversal of confirmed onchain transactions; control of third-party smart contracts, validators, or protocol behavior; censorship of onchain state; and retroactive modification of the public ledger.

3.4 PaxLabs is transparent about this boundary because it is foundational to understanding the compliance posture of any platform built on decentralized infrastructure. Compliance is maximized within the scope of what PaxLabs controls; Users should understand the inherent limitations where decentralization and immutability apply.

4Compliance Architecture Across the Ecosystem

4.1 Entity-Level Allocation.

Compliance responsibilities are allocated across the ecosystem entities according to their operational roles, expertise, and regulatory exposure:

  • (i)PaxLabs Inc. — Overall compliance coordination for operated services. Primary contracting party with Users. Responsible for: AML/KYC program oversight; data-protection compliance (controller of off-chain personal data); AI Act compliance for PaxLabs-provided and PaxLabs-deployed AI systems; consumer-protection and DSA compliance; policy development and enforcement; and regulatory engagement.
  • (ii)ChainFlow Inc. — Payments, settlement, and transaction-processing infrastructure. Responsible for: transaction-level sanctions screening within settlement infrastructure; transaction monitoring and alert generation; Travel Rule compliance for qualifying transfers; and settlement-related regulatory obligations. Operates under written allocation agreement with PaxLabs (see AML/KYC Policy, Section 9).
  • (iii)OpenNet Security LLC — Security engineering, auditing, and incident response. Responsible for: security assessments and penetration testing; incident detection and response; support for independent testing of AML/CFT controls; and AI robustness assessment. Supports PaxLabs' compliance function on security-adjacent controls.
  • (iv)Paxeer Network Foundation — Steward of the decentralized Paxeer Network protocol, governance framework, and public goods. The Foundation does not operate User-facing services and does not perform compliance functions on behalf of PaxLabs.
  • (v)OpenChain Labs Inc. — Core protocol and infrastructure research and development. Supports compliance through secure-by-design engineering practices. Does not operate User-facing services.
  • (vi)Sidiora Markets LTD — Markets, launchpad, and trading-related products and services. Subject to the regulatory frameworks applicable to its specific activities (including, where applicable, MiCA authorization for crypto-asset services). Maintains its own compliance function for services it operates.

4.2 Inter-Entity Coordination.

Where compliance obligations span multiple entities (e.g., AML/KYC program spanning PaxLabs and ChainFlow, security incident response spanning PaxLabs and OpenNet Security), responsibilities are allocated by written inter-entity agreements. PaxLabs retains overall program responsibility and serves as the single compliance-coordination point for Users.

4.3 Developer and Operator Obligations.

Developers and Operators who build, deploy, or operate AI systems, Agents, APIs, and services through the ecosystem bear independent compliance obligations under applicable law. PaxLabs provides infrastructure, policies, and compliance-supporting tooling, but does not assume or discharge a Developer's or Operator's regulatory obligations. Key areas of Developer/Operator responsibility include:

  • (i)EU AI Act compliance for AI systems they provide or deploy (see EU AI Act Compliance page);
  • (ii)Data-protection compliance for personal data they collect or process through their services;
  • (iii)AML/CFT compliance to the extent their activity constitutes regulated financial services;
  • (iv)Tax compliance for transactions they conduct on Deus; and
  • (v)Compliance with the Acceptable Use Policy, Agent Policy, and M2M Agreement.

5Compliance by Design

5.1 PaxLabs integrates compliance considerations into the design and architecture of the Services, rather than treating compliance solely as a post-deployment overlay. Key compliance-by-design elements include:

5.2 Architecture-Level Controls

  • (i)Constrained runtime — Matrix operates within a constrained execution environment with a closed verb vocabulary and typed intent representation, limiting Agent actions to a predefined set of authorized operations and supporting auditability.
  • (ii)Deterministic replay — Byte-identical, replayable execution records provide a verifiable audit trail for Agent actions, supporting traceability, investigation, and regulatory inspection.
  • (iii)Separation of off-chain and onchain data — Clear architectural separation between data controlled by PaxLabs (off-chain) and data committed to the public ledger (onchain), enabling PaxLabs to fulfill data-protection obligations for the data it controls while being transparent about the limitations for onchain data.
  • (iv)Authentication and attribution — Multi-modal authentication (credentials, wallet, DID, JWT, EIP-712) ensures that every Agent and User action is attributable to an identifiable party, supporting AML/KYC, enforcement, and accountability.

5.3 Policy-Level Controls

  • (i)Layered policy architecture — The legal suite is structured so that the Terms of Service establish the foundational framework, service-specific policies (Marketplace Terms, API Terms, Agent Policy, M2M Agreement) layer on additional requirements for specific activities, and compliance-specific policies (AML/KYC Policy, EU AI Act Compliance, this Statement) address regulatory obligations directly.
  • (ii)Risk-based frameworks — Both the AML/KYC Policy (customer risk tiering, enhanced due diligence) and the Agent Policy (standard, elevated, and high-risk Agent classifications) apply proportionate controls based on assessed risk, consistent with regulatory expectations.
  • (iii)Prohibited-conduct alignment — The Acceptable Use Policy, Agent Policy, and M2M Agreement prohibit conduct that would violate applicable law across all relevant regulatory domains, creating multiple, reinforcing enforcement vectors.

5.4 Operational Controls

  • (i)Sanctions screening and transaction monitoring — Automated screening and monitoring integrated into onboarding, settlement, and ongoing operations, supported by ChainFlow's transaction-processing infrastructure and third-party analytics providers.
  • (ii)Content moderation and listing review — Marketplace content-moderation capabilities, including the right to review, label, suspend, or remove Listings that violate policies or applicable law.
  • (iii)Incident response — Documented incident-detection and response procedures, supported by OpenNet Security LLC, covering security incidents, data breaches, AML/CFT escalations, and AI-system incidents.
  • (iv)Training — Periodic AML/CFT, sanctions, data-protection, and AI-governance training for relevant personnel.

6Ongoing Commitment

6.1 Regulatory Monitoring.

PaxLabs actively monitors regulatory developments across all applicable frameworks, including: legislative changes; regulatory guidance, opinions, and enforcement actions; FATF recommendations and mutual-evaluation findings; EU AI Office guidance, delegated acts, and harmonized standards; data-protection authority decisions; and industry best practices and standards.

6.2 Periodic Review.

PaxLabs reviews and updates its compliance program, risk assessments, and policies: (a) at least annually; (b) upon material changes to the Services, products, markets, or customer base; (c) upon material changes in applicable law or regulatory guidance; (d) following significant compliance incidents; and (e) in response to findings from independent testing or audit.

6.3 Regulatory Cooperation.

PaxLabs cooperates with lawful requests, inquiries, examinations, and audits from competent regulatory authorities, law-enforcement agencies, and supervisory bodies. Cooperation includes the provision of records, information, and access as required by applicable law, subject to applicable legal privileges.

6.4 External Engagement.

PaxLabs engages with regulators, industry bodies, standards organizations, and peer platforms to contribute to the development of regulatory frameworks that are workable for novel technologies, including decentralized infrastructure, AI agents, and machine-to-machine interactions.

7What This Statement Is — and Is Not

7.1 What this Statement is. This Statement is a transparency document that summarizes PaxLabs' compliance approach and directs Users, regulators, and stakeholders to the operative policies that contain the binding detail. It reflects PaxLabs' good-faith assessment of its compliance posture as of the Effective Date.

7.2 What this Statement is not.

  • (i)This Statement is not a representation that any specific Service is licensed, registered, authorized, or approved in any particular jurisdiction. Specific registration, licensing, and authorization status is addressed, where applicable, in the relevant service's documentation or upon request. [Counsel to confirm what licensing and registration claims, if any, may be made publicly, and in which jurisdictions.]
  • (ii)This Statement is not a warranty of any regulatory outcome, including the outcome of any examination, investigation, or enforcement proceeding.
  • (iii)This Statement is not legal advice and does not create any obligation beyond what is set forth in the operative policies.
  • (iv)This Statement does not make PaxLabs responsible for the compliance of Developers, Operators, or other third parties who build on or use the Services.
  • (v)This Statement does not extend PaxLabs' compliance commitments to the decentralized Paxeer Network protocol, third-party smart contracts, or Onchain Activity that does not pass through PaxLabs-operated infrastructure.

8Operative Policy Index

The following policies contain the binding obligations and operative detail underlying this Statement:

PolicyPrimary Subject MatterVersion
Terms of ServiceFoundational user agreement; ecosystem structure; liability1.0
Privacy PolicyData protection; GDPR; CCPA/CPRA1.0
Acceptable Use PolicyProhibited conduct; content standards; enforcement1.0
Marketplace Terms and ConditionsDeus marketplace; Provider/Consumer obligations1.0
API Terms of Use / License AgreementPlatform APIs; Developer API hosting; licensing1.0
AI Agent Responsible Use PolicyAgent deployment; risk classification; safety1.0
Machine-to-Machine (M2M) AgreementAgent-to-agent interactions; settlement; liability1.0
AML/KYC PolicyIdentity verification; sanctions; transaction monitoring1.0
EU AI Act ComplianceAI regulatory compliance; risk tiers; GPAI1.0
Risk Disclosures and Asset DisclosureDigital-asset risks; protocol risks[Pending]
On-Chain Data Privacy NoticeOnchain data; immutability; privacy limitations[Pending]

9Contact

Compliance inquiries: [compliance@paxlabs — or dedicated email to be inserted]

Data protection: [privacy contact to be inserted]

AML/KYC: [AML contact — per AML/KYC Policy, Section 13]

EU AI Act: [AI Act contact — per EU AI Act Compliance, Section 12]

Security and incidents: [security contact to be inserted]

General legal: [legal contact — per Terms of Service, Section 19]

Version 1.0 — Effective Date: June 10, 2026

↑ Top