6. Mizuhiki Compliance Suite
Compliance has, historically, been a property of applications rather than of blockchains. Each application that wants to serve regulated customers must build, maintain, and engage its own Know Your Customer, anti-money-laundering, and transaction-monitoring stack. The result is a fragmented and expensive compliance landscape in which every developer reinvents a function that is substantively identical from one application to the next, and in which small variations in implementation produce real regulatory risk. For Japan, whose regulated institutions place a high weight on compliance rigor, this state of affairs has been a persistent obstacle to on-chain adoption.
The MIZUHIKI Compliance Suite takes the opposite approach. Rather than treating compliance as an application-layer concern, MIZUHIKI provides compliance primitives at the platform layer, available to every application on the chain as a shared resource. The cost of compliance does not disappear, but it is paid once, by the network, rather than redundantly by each application.
The Compliance Suite is provided free of charge to users and projects building on MIZUHIKI. It is modular and opt-in: applications may use all of its components, some of them, or none, as their use case and regulatory obligations require.
6.1 Three Modules
The Compliance Suite consists of three modules, each of which serves a distinct function and each of which may be adopted independently.
MIZUHIKI Identity provides eKYC-verified identity to any address on MIZUHIKI. A user who completes eKYC through a licensed MIZUHIKI Attestor receives a soulbound token, attesting that the holder of the relevant private key has undergone the specified verification procedure in Japan. No personally identifiable information is stored on-chain; all personal data is held by the Attestor or by the user, and is presented selectively to applications on demand through zero-knowledge or standard verifiable-credential mechanisms. Identity is described in detail in Section 7.
MIZUHIKI Compliance provides third-party compliance validation for regulated activities on MIZUHIKI. It surfaces on-chain compliance signals and proofs — sanctions screening, wallet risk scoring, issuer eligibility, transaction-monitoring feedback — through a hybrid on-chain/off-chain architecture that applications can query without building their own monitoring infrastructure. MIZUHIKI Compliance is designed to be interoperable with existing global compliance providers (Chainalysis, Elliptic, TRM) as well as with Japan-specific data sources, so that applications obtain a unified compliance view from a single on-chain endpoint.
MIZUHIKI Risk Management provides on-chain enforcement of operational and transactional control policies that applications or institutional users wish to impose on their own activity. Transaction limits, asset gating, multi-party approvals, geographic restrictions, and time-based controls can be codified as on-chain policies and enforced automatically. This module is distinct from MIZUHIKI Compliance: Compliance enforces external regulatory obligations, while Risk Management enforces internal institutional controls. Both are necessary for institutional deployment; neither substitutes for the other.
6.2 Alignment with FSA Guidance
The Financial Services Agency of Japan has, in its published research and policy work, articulated three specific concerns about the use of public blockchains as infrastructure for regulated activity. MIZUHIKI's architecture has been designed to address each of these concerns directly, not as a retrofit but as a primary design criterion. The table below maps each concern to the MIZUHIKI components that address it.
| FSA Concern | MIZUHIKI Component | Mechanism |
|---|---|---|
| Governance and accountable parties: While there is no single point of failure, the party responsible for the entire system remains unclear | Japan-sovereign validator set; MIZUHIKI Foundation | MIZUHIKI maintains a public environment accessible to anyone, while limiting the validators responsible for network consensus building to highly reliable corporations within Japan. This design eliminates governance risks stemming from "unclear responsibility" and "disorderly node participation," which are problems in permissionless networks, thereby achieving operations that balance transparency and accountability. |
| AML/CFT enforcement | MIZUHIKI Identity; MIZUHIKI Compliance | Every verified user is anchored to eKYC via MyNumber or equivalent attestation. MIZUHIKI Compliance surfaces sanctions, PEP, and wallet-risk signals on-chain. Applications gate regulated interactions with soulbound tokens rather than relying on off-chain claims. |
| Circulation control | MIZUHIKI Risk Management; Paymaster eligibility gating | Protocol-level policy enforcement allows issuers and applications to enforce transfer limits, holding restrictions, and approval requirements. Paymaster eligibility is restricted to compliance-validated stablecoins, giving the network itself a lever for circulation control on regulated instruments. |
It is important to state that the Compliance Suite does not substitute for the compliance obligations of an application or an issuer operating on the chain. The Compliance Suite provides the infrastructure against which applications can build their own compliance programmes, and to do so in a way that directly addresses the three concerns the FSA has identified.
6.3 Privacy by Design
A central commitment of the Compliance Suite is that no personally identifiable information is exposed on-chain. The MIZUHIKI Compliance Suite is built on the decentralised identity primitives described in Section 7, under which personal data is held by the user (or by a licensed Attestor on the user's behalf) and disclosed to applications selectively, through verifiable presentations, such as soulbound tokens, that reveal only the claims an application legitimately needs. Users retain the ability to revoke consent, to abstract credentials from their underlying identities, and to limit application access to the specific attributes required for the interaction at hand.
This is a deliberate departure from the prevailing practice on existing public chains, where every application that requires user verification typically collects and stores its own full copy of user personal data on a backend database. This standard has led to a limited ability to use privacy-preserving protocols that help to keep an entity's on-chain activity (such as assets under management or financial positions) private. Privacy is essential not just for large trading companies, publicly listed companies, financial traders, but also for general personal safety of individuals. On the other hand, using privacy-preserving protocols without providing KYC information to the protocol can result in affiliation with illicit entities, who seek on-chain privacy for adverse reasons.
MIZUHIKI's architecture treats the current rigid information-sharing pattern as both inefficient and privacy-hostile. The solution we seek is a single compliant verification, portably attested and selectively disclosed, which is safer for the user, cheaper for the ecosystem, and helps to solve legitimate on-chain privacy.
6.4 Continuous Compliance
MIZUHIKI is committed to driving down the cost of compliance through programmatic, continuous, adherence to up-to-date regulations. Where a compliance check today requires an application to implement its own periodic re-screening, MIZUHIKI's infrastructure will increasingly support automatic re-attestation, automated policy updates driven by evolving regulatory guidance, and composable compliance components that applications can assemble into the exact compliance posture their activity requires. The intention is that, over time, the cost of compliance for a new application on MIZUHIKI should approach zero — not because compliance obligations are reduced, but because the infrastructure that supports them has been paid for once and is shared across the network.