Retail & commercial banking
PSD3, FFIEC, RBI, MAS, CRR3 — agent and employee actions need a payment authority chain, not an OAuth token.
SOC 2 · ISO 27001 · PCI DSS 4.0 · PSD2/3 · DORA · NIS2
By sector · 12 regulated industries
One protocol. Every regulated sector.
Each sector profile composes Core with the relevant overlays. Banking, healthcare, capital markets, custody, AI labs, public sector, defence, energy, manufacturing, automotive, maritime, logistics, aviation — adopt only what you need.
Sectors
12 sector profiles. One core protocol.
Each sector profile composes Core + the relevant overlays. Adopt only what you need; the core never shifts under you.
- account_balance Banking & payments — PSD3 / FFIEC / RBI / MAS / CRR3. Payments + Treasury + Federation + Capability + Recovery.
- credit_card Payments & cards — PCI DSS 4.0, ISO 20022 high-assurance overlay.
- local_hospital Healthcare & life sciences — HIPAA + HITECH overlay; consent + redaction + ePHI.
- trending_up Capital markets & treasury — Treasury + Custody + Attestation + Transparency + Recovery.
- savings Custody & digital-asset operators — chain-of-authority across wallets, signers, recovery.
- shield Insurance & underwriting — data-source authority, consent, federation across data partners.
- smart_toy AI labs & agent platforms — capability registry, supply-chain attestation, cascade revocation.
- account_balance Public sector — cross-domain trust, attested workloads, FOIA-grade transparency log.
- military_tech Defence — mission authority, command-chain audit, autonomous-system rules of engagement.
- bolt Energy & critical infrastructure — operator / vendor / maintenance / emergency authority on safety-critical AI/automation.
- precision_manufacturing Manufacturing, oil & gas, mining — field-asset authority, contractor delegation, safety-critical actions.
- directions_car Automotive, maritime, logistics, aviation — vehicle / vessel / shipment / aircraft authority + OTA updates + supply-chain attestation.
Sector profile details — whitepaper §7.
18 sectors with their profile bundles.
Pick the sector you operate in. The profiles you need are listed below it. Adopt only those; Core handles the rest.
Payments & cards
Per-currency, per-rail, per-amount sPDP gating; signed proof bundles per authorise; ISO 20022 alignment in the high-assurance overlay.
PCI DSS 4.0 · PSD2/3 · DORA
Healthcare & life sciences
HIPAA wants the consent chain. The hospital wants the redaction trace. The patient wants their AI not to leak their record.
HIPAA · ISO 27001 · EU AI Act
Capital markets & treasury
An autonomous treasury bot rebalances. Auditors need authority + scope + attestation + decision — not “the bot did it.”
SOC 2 · ISO 27001 · DORA
Custody & digital-asset operators
Wallets, signers, signers’ signers. Without an authority chain, “who moved this” is forensics, not policy.
SOC 2 · ISO 27001 · MiCA
Insurance & underwriting
Underwriting agents pull data and price risk. Regulators need the data-source authority and the consent the customer gave.
SOC 2 · ISO 27001 · GDPR · EU AI Act
AI labs & autonomous agents
Your agent does something destructive. The user asks you to prove it wasn’t supposed to. Now do that for every agent on every tenant.
EU AI Act · SOC 2 · NIS2
Public sector
Cross-domain trust, attested workloads, FOIA-grade transparency log — one chain across agencies and contractors.
NIST 800-207 · FedRAMP · NIS2
Marketplaces & platforms
Sellers, agents acting for sellers, model-trained tools acting for both. Disputes need the chain, not chat logs.
SOC 2 · ISO 27001 · GDPR
Defence
Mission authority, command-chain audit for autonomous and semi-autonomous systems — rules of engagement attached to every action.
NIST 800-207 · FedRAMP · NIS2 · EU AI Act
Energy & critical infrastructure
Operator, vendor, maintenance and emergency authority on safety-critical AI/automation across grid, water, telecom, transport.
NIS2 · IEC 62443 · ISO 27001
Manufacturing
Robot, cobot, MES, SCADA, supplier tooling — prove who/what may act on which production asset, under what state and approval.
ISO 27001 · ISO 9001 · IEC 62443 · EU AI Act
Oil & gas
Field-asset authority, contractor delegation, safety-critical actions, emergency overrides, environmental incident evidence.
IOGP · ISO 14001 · IEC 62443 · NIS2
Mining
Autonomous equipment authority, site access, operator delegation, safety exclusion zones, remote-control authority.
ISO 27001 · ISO 45001 · IEC 62443
Automotive
Vehicle software authority, OTA updates, supplier components, fleet/driver/dealer delegation, model/tool version audit.
UNECE R155/R156 · ISO 21434 · IATF 16949 · EU AI Act
Maritime & shipping
Vessel, crew/officer, port agent, cargo, customs, autonomous-vessel and inspection authority — one chain across the route.
IMO MSC.428 · ISPS · ISO 27001
Logistics
Shipment authority, warehouse-robot delegation, courier auth, customs delegation, cold-chain authority, exception approvals.
ISO 27001 · GDPR · IATA
Aviation
Air operations, ground services, autonomous aviation systems — authority and audit for crew, ground, ATC, MRO.
FAA · EASA · ICAO · ISO 27001
Each sector profile composes with the EU AI Act profile (kye-euaiact-1.0) when AI systems or AI agents are involved. KYE Compliance Mapping Rail™ binds the resulting evidence to framework controls.