Consolidated Governance and Liability Framework
1Purpose and Scope
1.1 This Consolidated Governance and Liability Framework (the "Framework") provides a unified reference for how governance authority, operational responsibility, liability exposure, and accountability are structured and allocated across the Paxeer ecosystem. It consolidates and synthesizes the governance and liability provisions distributed across the operative policy suite into a single, cohesive document.
1.2 This Framework is a transparency and reference document. It does not create new rights, obligations, or liabilities beyond those established in the operative policies. Where this Framework describes a governance structure, liability allocation, or accountability mechanism, the referenced operative policy governs. In the event of any inconsistency between this Framework and an operative policy, the operative policy controls.
1.3 This Framework supplements the Terms of Service, the Compliance Statement, and the Regulatory Infrastructure Overview. It should be read together with the full policy suite listed in Section 12.
1.4 Intended audience. This Framework is designed for regulators, institutional counterparties, auditors, legal counsel, and sophisticated stakeholders who need to understand the governance and liability architecture of the ecosystem as a whole.
2Governance Architecture
2.1 Dual-Governance Model.
The Paxeer ecosystem operates under a dual-governance model that separates the governance of the decentralized protocol from the governance of the operated services:
- (i)Community governance of the network core. The Paxeer Network protocol — including consensus rules, validator set, block production, core protocol parameters, and network upgrades — is governed by PAXEER NETWORK UNITED DAO through decentralized governance mechanisms. Governance proposals, voting, and implementation at this layer are conducted through the DAO's on-chain governance process. PaxLabs participates in this governance as a stakeholder but does not exercise unilateral control.
- (ii)Corporate governance of the advanced infrastructure tier. The operated services — including the Deus marketplace, the Matrix agentic infrastructure, settlement infrastructure, security infrastructure, developer tooling, and all User-facing products — are governed by PaxLabs Inc. and its subsidiaries through conventional corporate governance (board oversight, management authority, internal policies). Governance decisions at this tier are made by PaxLabs' management and board and are subject to the accountability mechanisms described in this Framework.
2.2 The Paxeer Network Foundation.
The Paxeer Network Foundation serves as the steward of the decentralized protocol, the governance framework, and network public goods. The Foundation:
- (i)Maintains and evolves the protocol governance framework;
- (ii)Manages grants, public-goods funding, and ecosystem-development programs;
- (iii)Coordinates protocol upgrades and governance proposals;
- (iv)Does not operate User-facing services, does not process transactions on behalf of Users, does not custody User assets, and does not perform compliance functions on behalf of PaxLabs; and
- (v)Is not the contracting party under the Terms of Service and is not liable for the Services operated by PaxLabs.
2.3 Why Dual Governance Matters.
The dual-governance model has direct implications for liability and accountability:
- (i)PaxLabs' liability and accountability attach to the services it controls and operates — the advanced infrastructure tier. PaxLabs can make commitments, accept responsibility, and implement controls within this scope.
- (ii)The network core operates through decentralized consensus. No single entity can unilaterally alter protocol behavior, reverse confirmed transactions, modify consensus rules, or censor onchain state. Liability for the deterministic behavior of the protocol cannot be imposed on PaxLabs, the Foundation, or any single entity.
- (iii)This separation is not a liability-avoidance structure. It reflects the genuine technical architecture of the ecosystem — one layer is centrally operated, the other is decentralized — and the governance model is disclosed transparently so that Users, regulators, and counterparties understand the scope and limits of PaxLabs' authority.
3Entity-Level Governance and Accountability
3.1 PaxLabs Inc. — Operator and Primary Contracting Party
- (i)Governance: Conventional corporate governance — board of directors, officers, management authority, internal policies and procedures.
- (ii)Accountability scope: All operated services (Deus, Matrix application layer, account onboarding, Credit Ledger, developer tooling, websites, interfaces). Overall compliance-program coordination. Policy development and enforcement. User-facing obligations under the Terms of Service and incorporated policies.
- (iii)Liability position: Primary contracting party under the Terms of Service. Users' rights and remedies run against PaxLabs except where a separate written agreement expressly states otherwise. Subject to the limitation of liability in the Terms of Service (Section 13).
- (iv)Compliance ownership: AML/CFT program ownership; data controller under GDPR; provider/deployer under EU AI Act (where applicable); consumer-protection compliance; regulatory reporting and cooperation.
3.2 ChainFlow Inc. — Settlement Infrastructure
- (i)Governance: Separate Delaware corporation with its own governance structure.
- (ii)Accountability scope: Payments, settlement, and transaction-processing infrastructure. Transaction-level sanctions screening. Transaction monitoring and alert generation. Travel Rule compliance. Settlement-related regulatory obligations.
- (iii)Liability position: Operates under written inter-entity agreement with PaxLabs. Users contract with PaxLabs, not directly with ChainFlow, unless a separate agreement expressly provides otherwise. ChainFlow's liability to Users is indirect, flowing through PaxLabs' obligations under the Terms of Service.
- (iv)Compliance role: Supports PaxLabs' AML/CFT program within the settlement infrastructure. Does not independently contract with Users for compliance purposes.
3.3 OpenNet Security LLC — Security Infrastructure
- (i)Governance: Separate Delaware LLC with its own governance structure.
- (ii)Accountability scope: Security engineering, auditing, penetration testing, vulnerability management, incident detection and response, AI robustness assessment, and support for independent testing of compliance controls.
- (iii)Liability position: Service provider to PaxLabs. Users do not contract directly with OpenNet Security. OpenNet Security's obligations run to PaxLabs under their inter-entity agreement.
- (iv)Compliance role: Supports PaxLabs' compliance program on security-adjacent controls. Does not independently hold AML, data-protection, or AI-governance responsibilities to Users.
3.4 Paxeer Network Foundation — Protocol Steward
- (i)Governance: Foundation governance structure (constitution, council, governance framework).
- (ii)Accountability scope: Protocol stewardship, governance-framework maintenance, public-goods funding, ecosystem development.
- (iii)Liability position: Not a contracting party under the Terms of Service. Not liable for the operated services. Not liable for the deterministic behavior of the decentralized protocol. Users do not have claims against the Foundation under the Terms of Service.
3.5 OpenChain Labs Inc. — Protocol R&D
- (i)Governance: Separate Delaware corporation.
- (ii)Accountability scope: Core protocol and infrastructure research and development. Does not operate User-facing services.
- (iii)Liability position: Not a contracting party under the Terms of Service. Users do not have direct claims against OpenChain Labs under the Terms of Service.
3.6 Sidiora Markets LTD — Markets and Trading
- (i)Governance: Separate limited company with its own governance structure and compliance function.
- (ii)Accountability scope: Markets, launchpad, and trading-related products and services. Maintains its own compliance program for services it operates.
- (iii)Liability position: Liable to Users of its own services under the terms of its own agreements. Not liable under PaxLabs' Terms of Service for PaxLabs-operated services. Where Sidiora's services integrate with PaxLabs-operated infrastructure, liability allocation is governed by the inter-entity agreement between them.
4Liability Allocation — Principles
4.1 The following principles govern liability allocation across the ecosystem. These principles are reflected in the operative policies and are consolidated here for reference.
4.2 Single-Counterparty Principle.
Users contract with PaxLabs as their sole counterparty under the Terms of Service. Where a Service is provided in whole or in part by another ecosystem entity, that provision is made under arrangements between PaxLabs and that entity. Users' rights and remedies run against PaxLabs except where a separate written agreement with another entity expressly provides otherwise. This principle ensures that Users have a single, identifiable counterparty for claims, rather than navigating a multi-entity structure.
4.3 Scope-of-Control Principle.
PaxLabs accepts liability only for the services it controls and operates. PaxLabs does not accept liability for:
- (i)The deterministic behavior of the decentralized Paxeer Network protocol;
- (ii)Third-party smart contracts, oracle data, or validator behavior;
- (iii)Third-party Agents, Developer APIs, or applications built and operated by Developers and Operators;
- (iv)The conduct of, or transactions between, Users (including Provider-Consumer transactions on Deus and Operator-to-Operator M2M interactions);
- (v)Third-party GPAI model outputs, errors, or behavior;
- (vi)The value, volatility, or legal status of PAX or any digital asset; or
- (vii)The inability to modify, reverse, or delete confirmed onchain data.
4.4 Operator-Responsibility Principle.
For autonomous Agents and M2M interactions, the Operator of the Agent bears full responsibility for the Agent's actions within its authorized scope. An Agent has no independent legal personality. All actions taken by an Agent are the legal acts of its Operator. This responsibility is strict within the authorized scope and cannot be delegated to the Agent or disclaimed on the basis of autonomous behavior.
4.5 Provider-Responsibility Principle.
Providers who list services on the Deus marketplace are solely responsible for their listings, the services they provide, and their compliance with applicable law. PaxLabs operates marketplace infrastructure but is not a party to Provider-Consumer transactions and does not warrant Provider performance.
4.6 Developer-Responsibility Principle.
Developers who build applications, APIs, and AI systems on the ecosystem's infrastructure bear independent responsibility for their own products, including compliance with the EU AI Act, data-protection laws, and other applicable regulations. PaxLabs provides infrastructure; PaxLabs does not assume the Developer's regulatory obligations.
5Liability Caps and Disclaimers
5.1 Limitation of Liability.
PaxLabs' total aggregate liability arising out of or relating to the Terms of Service or the Services is capped at the greater of: (a) the total amounts actually paid by the User to PaxLabs for the specific Service giving rise to the claim during the three (3) months immediately preceding the event giving rise to the claim, or (b) one hundred United States dollars (USD $100.00). This cap applies to the fullest extent permitted by applicable law.
5.2 Exclusion of Consequential Damages.
To the maximum extent permitted by applicable law, the PaxLabs Parties are not liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, or for any loss of profits, revenue, data, goodwill, business opportunity, or digital assets, regardless of the theory of liability and regardless of whether the PaxLabs Parties have been advised of the possibility of such damages.
5.3 Disclaimers.
The Services are provided "AS IS" and "AS AVAILABLE" without warranties of any kind, whether express, implied, statutory, or otherwise, including without limitation implied warranties of merchantability, fitness for a particular purpose, title, and non-infringement.
5.4 Essential Basis of the Bargain.
The liability limitations, damage exclusions, and disclaimers described in this Section 5 reflect a reasonable allocation of risk between the parties and form an essential basis of the bargain. The Services — including free API hosting, the Free Tier, and the take-nothing marketplace configuration — would not be offered on the current terms without these limitations.
5.5 Jurisdictional Variations.
Some jurisdictions do not allow certain limitations of liability or exclusions of damages. In those jurisdictions, PaxLabs' liability is limited to the maximum extent permitted by mandatory applicable law. Nothing in the operative policies excludes or limits liability that cannot be excluded or limited under applicable law, including (where applicable) liability for death or personal injury caused by negligence, liability for fraud or fraudulent misrepresentation, and any other liability that mandatory law prohibits excluding.
5.6 Source of Authority.
The liability provisions summarized in this Section 5 are established in the Terms of Service (Sections 12 and 13) and are incorporated by reference into each service-specific policy. This Framework restates them for consolidation purposes; the Terms of Service govern.
6Indemnification Architecture
6.1 User Indemnification of PaxLabs.
Users indemnify PaxLabs and the ecosystem entities against claims arising from: the User's access to or use of the Services; the User's Onchain Activity; the deployment, operation, or conduct of the User's Agents; the User's content; the User's breach of the Terms, incorporated policies, or applicable law; and the User's violation of third-party rights. This indemnification obligation is established in the Terms of Service (Section 14) and is reinforced in each service-specific policy.
6.2 Provider Indemnification.
Providers on the Deus marketplace additionally indemnify PaxLabs and the ecosystem entities against claims arising from their Listings, the services they offer or deliver, their breach of the Marketplace Terms, and disputes with Consumers. This is established in the Marketplace Terms (Section 11.2).
6.3 Developer Indemnification.
Developers additionally indemnify PaxLabs and the ecosystem entities against claims arising from their Developer APIs, applications, Agents, data processing, breach of the API Terms, and claims by end users or Consumers of the Developer's services. This is established in the API Terms (Section 14).
6.4 M2M Operator Indemnification.
Each Operator in M2M interactions indemnifies PaxLabs and the ecosystem entities against claims arising from the Operator's M2M activity, Agent conduct in M2M interactions, disputes with other Operators, and breach of the M2M Agreement. This is established in the M2M Agreement (Section 10.3).
6.5 Indemnification is cumulative. Where a User acts in multiple capacities (e.g., as a Developer, Provider, and Operator), the indemnification obligations applicable to each capacity apply independently and cumulatively.
6.6 PaxLabs' Defense Rights.
PaxLabs reserves the right, at the indemnifying party's expense, to assume the exclusive defense and control of any matter subject to indemnification. The indemnifying party may not settle any claim without PaxLabs' prior written consent.
7Risk Allocation by Activity Type
7.1 The following table summarizes how risk is allocated for the principal activity types within the ecosystem. "Risk bearer" identifies the party that bears the primary risk of loss or liability for the activity.
7.2 Marketplace Transactions (Deus)
| Risk | Risk Bearer | Basis |
|---|---|---|
| Quality and performance of listed service | Provider | Marketplace Terms §§ 3, 11 |
| Fitness for Consumer's intended purpose | Consumer | Marketplace Terms § 4 |
| Accuracy of Listing description | Provider | Marketplace Terms § 3.2 |
| Settlement of DeusVouchers | Provider and Consumer (bilateral) | Marketplace Terms § 6 |
| Network fees (gas) | Transacting party | Terms of Service § 7.3 |
| Marketplace infrastructure availability | PaxLabs (disclaimed; no SLA) | Terms of Service § 12 |
| Disputes between Provider and Consumer | Provider and Consumer | Marketplace Terms § 9 |
7.3 Agent Operations
| Risk | Risk Bearer | Basis |
|---|---|---|
| Agent actions within authorized scope | Operator | Agent Policy § 1.3 |
| Agent exceeds authorization or malfunctions | Operator | Agent Policy §§ 1.3, 5 |
| AI model inaccuracy or error | Operator | Agent Policy § 6.3 |
| Irreversible Onchain Activity by Agent | Operator | Agent Policy § 3.1; Terms § 6.5 |
| Third-party model outputs | Operator (for reliance); model provider (for provider obligations) | Agent Policy § 6.3; EU AI Act Compliance § 4 |
| Runtime and infrastructure availability | PaxLabs (disclaimed; no SLA) | Terms of Service § 12; API Terms § 9 |
| Agent compliance with applicable law | Operator | Agent Policy § 2.1.6 |
7.4 M2M Interactions
| Risk | Risk Bearer | Basis |
|---|---|---|
| Obligations incurred by Agent | Operator of that Agent | M2M Agreement § 2 |
| Counterparty non-performance or default | Operator bearing the counterparty risk | M2M Agreement § 7.2 |
| Cascading failures and feedback loops | Operators of participating Agents | M2M Agreement §§ 6, 7.2 |
| Settlement finality | Protocol (deterministic); non-reversible | M2M Agreement § 4.3 |
| Contested amounts (pre-finality) | Disputing Operators | M2M Agreement § 7.3 |
| Netting outcomes | Operators (protocol-determined) | M2M Agreement § 4.3 |
7.5 Developer API Hosting
| Risk | Risk Bearer | Basis |
|---|---|---|
| Lawfulness and security of Developer API | Developer | API Terms § 3.2 |
| Data processed through Developer API | Developer (controller) | API Terms § 7; Privacy Policy |
| Hosting availability | PaxLabs (disclaimed; no SLA) | API Terms § 9 |
| API changes and deprecation | PaxLabs (with notice obligations) | API Terms § 10 |
| End-user claims arising from Developer's services | Developer | API Terms § 14 |
7.6 Digital Assets and Onchain Activity
| Risk | Risk Bearer | Basis |
|---|---|---|
| PAX price volatility | User | Terms of Service §§ 7.4, 8.1 |
| Loss of private keys or credentials | User | Terms of Service §§ 4.3, 8.3 |
| Smart-contract or protocol risk | User (protocol-level) | Terms of Service §§ 3.3, 8.1 |
| Irreversibility of onchain transactions | User | Terms of Service § 7.5; On-Chain Data Privacy Notice |
| Regulatory uncertainty | User | Terms of Service § 8.1 |
| Self-custodied asset security | User | Terms of Service § 8.3 |
8Dispute-Resolution Architecture
8.1 Disputes Between Users and PaxLabs.
All disputes between a User and PaxLabs arising under the Terms of Service or any incorporated policy are resolved through the dispute-resolution provisions of the Terms of Service (Section 15):
- (i)Informal resolution first — written Dispute Notice followed by a thirty (30)-day good-faith negotiation period.
- (ii)Binding arbitration — if informal resolution fails, final resolution by binding arbitration administered by the American Arbitration Association (AAA) under its Commercial Arbitration Rules, conducted by a single arbitrator, in English, seated in Wilmington, Delaware.
- (iii)Class action waiver — all disputes resolved on an individual basis; class, collective, representative, and private attorney general actions are waived to the maximum extent permitted by law.
- (iv)Mass arbitration — where twenty-five (25) or more similar demands are filed within sixty (60) days, AAA mass-arbitration or batch-arbitration procedures apply.
- (v)Injunctive relief — either party may seek injunctive or equitable relief in court to protect intellectual property, confidential information, or the security of the Services.
- (vi)Consumer protections — mandatory, non-waivable consumer-forum rights are preserved.
8.2 Disputes Between Users (Marketplace).
Provider-Consumer disputes regarding service performance, quality, description, or settlement are between the parties. PaxLabs is not obligated to mediate or resolve such disputes. Where PaxLabs offers an optional dispute mechanism, any determination is administrative, not legally binding adjudication. PaxLabs may hold contested pre-finality amounts for up to ninety (90) days.
8.3 Disputes Between Operators (M2M).
Operator-to-Operator disputes arising from M2M interactions are between the Operators. PaxLabs is not a party to M2M agreements and is not obligated to resolve Operator disputes. PaxLabs may hold contested pre-finality amounts for up to sixty (60) days. The deterministic execution record may serve as evidence.
8.4 Disputes Involving Digital Assets.
Disputes involving Onchain Activity, confirmed settlement, or digital-asset losses are subject to the fundamental limitation that PaxLabs cannot reverse, modify, or recover confirmed onchain transactions. Dispute resolution is limited to off-chain remedies (account actions, holds on contestable amounts, referral to authorities) for conduct already committed to the Network.
9Enforcement Architecture
9.1 Enforcement Authority.
PaxLabs enforces the operative policies through a graduated framework:
- (i)Warning — notice of violation and required corrective action;
- (ii)Throttling and restriction — rate limiting, feature restriction, or temporary access limitation;
- (iii)Suspension — temporary suspension of account, Agent, Listing, or API access;
- (iv)Termination — permanent account closure, Listing removal, or API de-provisioning;
- (v)Financial measures — withholding contested settlement amounts; forfeiture of Free Tier or Credit Ledger balances associated with abusive activity;
- (vi)Regulatory referral — reporting conduct to law enforcement or regulatory authorities where required or permitted by law.
9.2 Proportionality.
Enforcement measures are generally proportionate to severity, intent, repetition, harm, and cooperation, with the right to take immediate, severe action for financial crime, exploitation of minors, active security threats, or imminent systemic risk.
9.3 Onchain Limitations.
Enforcement is constrained by the immutability of the Paxeer Network. PaxLabs cannot reverse onchain transactions, modify onchain state, or censor confirmed blocks. Enforcement of already-committed onchain conduct is limited to off-chain measures.
9.4 Cross-Policy Enforcement.
A violation of any operative policy may be enforced under any other operative policy to the extent the enforcement mechanism is relevant. For example, an AUP violation discovered through transaction monitoring under the AML/KYC Policy may result in enforcement under the AUP, Agent Policy, and Terms of Service simultaneously.
10Accountability Gaps and Acknowledged Limitations
10.1 PaxLabs acknowledges the following structural limitations of the ecosystem's governance and liability architecture. These are disclosed transparently rather than concealed:
10.2 Decentralization Gap.
PaxLabs cannot impose compliance controls at the protocol layer. Onchain Activity that occurs without touching PaxLabs-operated infrastructure (purely peer-to-peer transactions between self-custodied wallets using only the base protocol) is outside PaxLabs' operational and compliance scope. PaxLabs mitigates this gap by implementing controls at the infrastructure and application layers where it has authority.
10.3 Immutability Gap.
Onchain data cannot be modified or deleted. Privacy rights (erasure, rectification) cannot be fully exercised for onchain data. Enforcement of already-committed onchain conduct is limited to off-chain measures. PaxLabs mitigates this gap through data minimization, advance disclosure (On-Chain Data Privacy Notice), and off-chain data-protection controls.
10.4 Autonomous-Agent Gap.
Agents may take actions faster than human oversight can intervene. Despite required safeguards (spend limits, circuit breakers, monitoring), autonomous Agent behavior may result in harm before the Operator can respond. PaxLabs mitigates this gap through the Agent Policy's risk-classification framework, required safeguards, and the M2M Agreement's cascading-risk provisions, but cannot eliminate the risk inherent in autonomous operation.
10.5 Third-Party Model Gap.
Matrix routes inference requests to third-party GPAI model providers. PaxLabs does not control model training, weights, biases, or outputs. Inaccurate, biased, or harmful model outputs may affect Agent behavior and User outcomes. PaxLabs mitigates this gap through contractual terms with model providers, data-minimization measures, and the Agent Policy's requirement that Operators validate AI outputs.
10.6 Cross-Border Gap.
The Services are offered globally. Regulatory requirements vary by jurisdiction, and PaxLabs cannot guarantee compliance with every law in every jurisdiction where a User may access the Services. PaxLabs mitigates this gap through prohibited-jurisdiction restrictions, jurisdiction-specific measures, and the Terms of Service's requirement that Users comply with the laws applicable to them.
10.7 Counterparty Gap.
PaxLabs is not a party to Provider-Consumer or Operator-to-Operator transactions. PaxLabs cannot guarantee counterparty performance, creditworthiness, or compliance. PaxLabs mitigates this gap through reputation signals, Listing standards, AUP enforcement, and optional dispute mechanisms, but cannot eliminate counterparty risk in a peer-to-peer marketplace.
11Governance of This Framework
11.1 Updates.
This Framework will be updated when: (a) the operative policies it references are materially amended; (b) the ecosystem entity structure changes; (c) governance arrangements are modified; (d) new regulatory obligations affect the governance or liability architecture; or (e) PaxLabs identifies a material gap requiring disclosure.
11.2 Notice.
When we make material updates, we will update the "Version" and "Effective Date" and provide notice through the Services or by other reasonable means.
11.3 Precedence.
This Framework is a consolidation and reference document. It does not override or modify the operative policies. Where any provision of this Framework is inconsistent with an operative policy, the operative policy controls.
12Operative Policy Index
| Policy | Governance / Liability Provisions Referenced |
|---|---|
| Terms of Service | Entity structure (§3); eligibility (§4); disclaimers (§12); liability cap (§13); indemnification (§14); dispute resolution (§15); force majeure (§17.5) |
| Privacy Policy | Data controller designation; data-subject rights; breach notification; retention |
| Acceptable Use Policy | Prohibited conduct; enforcement framework; safe harbor |
| Marketplace Terms | PaxLabs' role; Provider/Consumer liability; settlement; disputes between Users; Provider indemnity |
| API Terms | License scope; Developer responsibility; hosting disclaimers; Developer indemnity; API changes |
| AI Agent Responsible Use Policy | Operator responsibility; risk classification; authorization; safety; enforcement |
| M2M Agreement | Operator responsibility; Agent legal status; formation; settlement finality; cascading risk; Operator indemnity |
| AML/KYC Policy | Compliance program governance; entity allocation; reporting; enforcement |
| EU AI Act Compliance | Role classification; risk tiers; provider/deployer obligations; enforcement |
| Compliance Statement | Overall compliance posture; frameworks addressed; limitations |
| Regulatory Infrastructure Overview | Entity map; regulatory allocation; technology controls; incident response |
| On-Chain Data Privacy Notice | Onchain data characteristics; privacy-right limitations; data minimization |
| Risk Disclosures and Asset Disclosure | Digital-asset risks; protocol risks [pending] |
13Contact
General legal: [Legal contact — per Terms of Service, Section 19]
Compliance: [Compliance contact — per Compliance Statement]
Data protection: [Privacy contact — per Privacy Policy]
Security and incidents: [Security contact — per AUP]
Version 1.0 — Effective Date: June 10, 2026