An FAA-certified aircraft mechanic spends 35 hours auditing a single aircraft's maintenance chain. The checklist: Has every service been performed by a certified vendor? Are all parts genuine? Do serial numbers match? Has every regulatory requirement been satisfied? The answer forms a massive compliance portfolio worth millions in regulatory certainty.
Currently, this portfolio lives in disconnected documents: maintenance logs, vendor certificates, parts catalogs, inspection reports. The mechanic manually cross-checks each document against federal regulations (FAA Part 43). If a single piece is missing or inconsistent, the entire chain is suspect.
AeroMaint reimagines this: what if every aircraft was a token, and every maintenance rule was embedded inside the token logic? A mechanic wouldn't need to audit—the token would prove compliance automatically.
The Compliance Crisis: Why Auditing is Broken
Current compliance architecture is expensive theater:
- Manual audits: $30-40 per aircraft, 35 hours per inspection cycle
- Document fragmentation: Records live in 5-7 systems; no single source of truth
- Retroactive discovery: Non-compliance is only found during audits, after violations have occurred
- Proof of absence: Regulators must prove what DIDN'T happen, rather than proving what DID
The FDA faces this same problem with pharma supply chains. They audit after the fact. A batch has been distributed for 6 months before inspectors discover it lacked proper cold-chain documentation. By then, thousands of patients may have received substandard doses.
DUAL inverts this: compliance is proven continuously, in real-time, by the token itself.
A Concrete Example: PharmChain DSCSA Rules Embedded in a Token
The FDA's PharmChain rules include a critical requirement: a drug batch can only transition to DISPENSED_TO_PATIENT if the chain-of-custody has exactly three verified handoffs (manufacturer → distributor → pharmacy). Each handoff must include:
- Actor's digital identity (DID)
- Cryptographic signature from that actor
- Timestamp within regulatory limits
The compliance rule is embedded as token logic:
// PharmChain compliance rule: DSCSA 3-handoff requirement
rule "dscsa_chain_of_custody" {
// Only allow transition to DISPENSED_TO_PATIENT if:
requires: {
"handoff_count": 3,
"all_handoffs_signed": true,
"all_actors_certified": true,
"no_gaps_in_custody": true
}
on_transition_attempt {
// Pseudo-code: check preconditions
handoff_count = count(token.custody_chain)
if (handoff_count < 3) {
deny "Chain of custody incomplete. Expected 3 handoffs, found " + handoff_count
emit COMPLIANCE_VIOLATION
}
for each handoff in token.custody_chain {
if (!verify_signature(handoff.actor_did, handoff.signature)) {
deny "Handoff signature invalid. Actor: " + handoff.actor_did
emit COMPLIANCE_VIOLATION
}
if (!is_actor_certified(handoff.actor_did, "PHARMA_DISTRIBUTOR")) {
deny "Actor not certified. Actor: " + handoff.actor_did
emit COMPLIANCE_VIOLATION
}
}
// If all checks pass, allow transition
allow_transition(DISPENSED_TO_PATIENT)
}
}When a pharmacy attempts to transition a PharmChain batch to DISPENSED_TO_PATIENT, the token automatically checks every rule. If any rule fails:
- The transition is denied
- An immutable compliance violation is logged
- A webhook fires to the FDA audit system
- The batch stays in its current state until the violation is resolved
No human audit required. No retroactive discovery. The token is self-enforcing.
Execution Model: Sub-Second Compliance at Scale
A critical difference from traditional smart contracts: DUAL's compliance checks execute in O(1) constant time, not O(n) or O(n²).
Why? Because the compliance rule doesn't scan the entire blockchain. It checks a single token's embedded state. The token carries all necessary information:
| Architecture | Compliance Check Time | Bottleneck |
|---|---|---|
| Ethereum smart contract (iterates history) | O(n) — linear in transaction history | Blockchain lookup, history iteration |
| DUAL token (embedded state) | O(1) — constant, single lookup | Signature verification (near-instant) |
| Manual audit (human review) | 35 hours per asset | Human time |
Result: A pharmaceutical batch can be verified for DSCSA compliance in ~100 milliseconds, versus 35 hours for manual audit, versus 5-30 seconds for Ethereum contract execution at scale.
Real Example: BuildFinance Compliance Cascade
BuildFinance embeds compliance rules around payment release tied to milestone completion. The rule set is substantial:
Milestone Submission
Subcontractor submits proof of work completion (photos, inspection report). Token state: MILESTONE_SUBMITTED
Compliance Rule 1: Photo Verification
Token rule checks: Is metadata of photos current (within 24 hours)? Is GPS location within project bounds? Does photo hash match inspector's signature?
If fails: Token state → REJECTED_INVALID_PHOTOS. Payment not released.
Compliance Rule 2: Inspector Certification
Token checks: Is the inspector certified for this project type? Has their certification expired? Are they under regulatory hold?
If fails: Token state → REJECTED_UNCERTIFIED_INSPECTOR. Payment blocked.
Compliance Rule 3: Insurance Requirement
Token checks: Does the subcontractor's insurance cover this scope of work? Is insurance active (not lapsed)? Does coverage limit exceed contract value?
If fails: Token state → REJECTED_INSURANCE_ISSUE. Payment withheld.
All Rules Pass
Token state → MILESTONE_VERIFIED. Event Bus triggers payment release automatically.
Lender is immediately notified. Retainage accounting updates in real-time. Subcontractor's wallet receives funds.
Each rule executes in parallel. The entire compliance cascade completes in < 500ms. If any rule fails, payment is withheld and the failure is logged immutably. The lender can query the token's compliance history and see exactly why payment was rejected.
Failing States: What Happens When Compliance Breaks
A core difference from traditional systems: DUAL treats compliance failures as atomic state transitions, not soft alerts.
Example: An aircraft maintenance token requires that every component be replaced with parts having valid serial numbers (FAA Part 43 requirement). A mechanic attempts to log a service using a counterfeit engine gasket.
// Attempted state transition
service_part_add({
"part_serial": "ENG_GASKET_F4852X",
"supplier_did": "parts_distributor_xyz_did",
"mechanic_did": "mechanic_001_did"
})
// Token rule: Verify part authenticity
compliance_check: {
if (query_supplier_cert(supplier_did) == null) {
deny_transaction()
emit_violation({
"violation_type": "UNCERTIFIED_PARTS_SUPPLIER",
"part_serial": "ENG_GASKET_F4852X",
"actor": "mechanic_001_did",
"timestamp": 1712689301
})
}
}The transaction is rejected. The token's state does NOT change. The mechanic cannot proceed. Importantly, the violation is logged to an immutable audit trail that regulators can query: "On 2026-04-09 at 18:35 UTC, mechanic 001 attempted to install parts from uncertified supplier XYZ. The attempt was blocked by token compliance rules."
This is the inverse of current systems, which log compliance violations after the fact (if at all). DUAL prevents them before they occur.
Comparison: Manual Audit vs. Embedded Rules
FAA Part 43 Manual Audit
Cost: $30-40/aircraft, 35 hours per audit cycle
Frequency: Quarterly or annually
Proof: Post-hoc documentation review
Gap: Violations discovered 3-12 months after they occurred
DUAL Token Compliance
Cost: Embedded in token, near-zero marginal cost
Frequency: Continuous, real-time
Proof: Pre-emptive rule enforcement
Gap: Violations prevented before they occur
The FAA currently spends roughly $5 billion annually auditing aircraft maintenance across 10,000 active commercial aircraft. If compliance were embedded in tokens, that cost approaches zero. The auditor becomes an observer, not a gate.
Conditional Logic: Multi-Step Compliance
Some compliance rules are conditional. A Conditional Trade token might allow payment release only if a shipment arrives on time AND insurance claim is approved AND quality inspection passes.
// Conditional trade: payment release rule
rule "payment_release_condition" {
requires: {
shipment_delivered_on_time: true,
insurance_approved: true,
quality_inspection_passed: true
}
on_check {
condition1 = (token.arrival_time <= token.deadline)
condition2 = (token.insurance_status == "APPROVED")
condition3 = (token.quality_score >= 0.95)
if (condition1 AND condition2 AND condition3) {
allow "PAYMENT_RELEASE"
} else {
defer "Awaiting: " + missing_conditions()
}
}
}The beauty of this model: the token doesn't just record whether conditions are met. It reports which conditions are still pending. A buyer querying the token sees: "Shipment delivered ✓, Insurance pending ✗, Quality inspection pending ✗. Payment will release when insurance is approved and quality > 95%."
The Audit Trail: Immutable Proof of Compliance
Every compliance check is logged to the token's immutable audit trail:
{
"compliance_audit_trail": [
{
"timestamp": 1712689301,
"rule_checked": "dscsa_chain_of_custody",
"result": "PASS",
"actor": "pharmacy_001_did"
},
{
"timestamp": 1712689315,
"rule_checked": "temperature_excursion_check",
"result": "PASS",
"actor": "temperature_oracle_did"
}
]
}An FDA inspector can query this trail and see every compliance check performed, when it was performed, and what the result was. The inspector is no longer auditing whether rules were followed. The token has already proved it.
What's Next
Compliance rules must be triggered by real-world events. In Part 3, we'll explore the Event Bus—the nervous system that connects compliance rules to the real world. When a temperature sensor fires, a payment is verified, or a certificate expires, the Event Bus carries that signal to every token that needs to know about it.