EnfinitOS is built around the 2026 platform reality. This page is the honest scope statement: what the platform covers natively, what it surfaces for tenant operators to handle, and what is explicitly out of scope.Documentation Index
Fetch the complete documentation index at: https://docs.enfinitos.com/llms.txt
Use this file to discover all available pages before exploring further.
The sandbox is available now — request access at
enfinitos.com/apply. Full production
goes live in April 2027 (incorporating in February 2027). Regulatory
coverage modules that rely on substrate-specific SDKs (Drone, Gaming,
Maritime, Satellite) ship with those SDKs at the April 2027 launch.
The constraint enforcement logic is implemented in the platform core
and exercisable in the sandbox today via the constraint-demo endpoint.
What the platform covers natively
Items marked at launch require a substrate SDK that ships at the April 2027 production launch. The underlying constraint logic is in the platform core and exercisable in the sandbox today viaPOST /api/sandbox/constraint-demo.
| Regulation | Coverage | Available |
|---|---|---|
| GDPR (EU) | Article 15 (access) + Article 17 (erasure) DSAR endpoints, data map, signed audit trail. | Sandbox now |
| UK GDPR + DPA 2018 | Same as GDPR; ICO-aligned. | Sandbox now |
| CCPA / CPRA (California) | Subject access + opt-out registry. | Sandbox now |
| TCPA (US messaging) | Pre-send checks enforced by the OptOutRegistryConstraint in the Messaging SDK. | At launch |
| PECR (UK marketing) | Same machinery as TCPA, scoped to PECR registries. | At launch |
| CASL (Canada) | Same machinery, scoped to CASL. | At launch |
| DNC registries | National Do-Not-Call registry checks. | At launch |
| FAA Part 89 / EU 2019/947 (Remote ID) | ASTM F3411-22a Remote ID broadcast in the Drone SDK. | At launch |
| FAA Part 108 (BVLOS) | BVLOS waiver verification before takeoff. | At launch |
| IAB Gaming SIG 2024 (gaming viewability) | Viewability projection in the Gaming SDK. | At launch |
| GMDSS (maritime safety channels) | Hard-coded refusal list in the Maritime SDK. | At launch |
| ITU / FCC / Ofcom (satellite spectrum) | Spectrum + footprint compliance modules in the Satellite SDK. | At launch |
What the platform surfaces but tenants own
| Concern | Why |
|---|---|
| HIPAA | The platform doesn’t process PHI directly; tenants operating in regulated health environments own the BAAs and controls. |
| PCI DSS | Card data is never processed by the platform; tenants own their PSP integration. |
| SOX / SOC 2 | SOC 2 Type II is on the multi-year roadmap; tenants in scope today own their own controls. |
| MIFID II / financial promotion | Industry-specific; tenants own their FCA / equivalent. |
What is explicitly out of scope
- Content moderation: the platform enforces policy, not taste. Tenants own their content review process.
- Brand-safety scoring: out of scope; we surface the signals, tenants score.
- Forensic IRB-style human-subject research: not what the platform is for.