Governance

Corporate Governance of RegistryRail™

RegistryRail™ is operated by VerifiedClimate™ Limited, an Irish incorporated company (Company Registration No. 788557), trading as RegistryRail™.
RegistryRail™ provides neutral evidentiary infrastructure that seals declarations at submission and preserves them in tamper-evident form.
‍
This page sets out the structural and operational controls under which the service is governed.
Data protection matters are addressed separately in the Privacy Policy.
‍

1. Legal Identity and Oversight

‍Legal Entity:
VerifiedClimate™ Limited Incorporated in Ireland Company Registration No. 788557.
VerifiedClimate™ Limited operates RegistryRail™ as a trading name and evidentiary infrastructure service.
The company is governed in accordance with Irish company law and applicable European legal frameworks. Directors retain fiduciary responsibility for oversight, risk management, and operational integrity. Custody controls are embedded in technical architecture and are not subject to discretionary modification through commercial decision-making.
‍

2. Custody Architecture

2.1 Record Finality
Upon submission:
• Content is hashed using SHA-256.
• A timestamp is applied using an RFC-3161-compliant timestamping authority.
• The resulting Record is sealed as issued.
‍
There is no system functionality to edit or overwrite a sealed Record. If a submitter wishes to change content, a new Record must be created.
Any alteration of sealed material produces a detectable cryptographic mismatch.

2.2 Defined Mandate
‍The service:
• Does not certify accuracy, completeness, or compliance.
• Does not verify identity or legal authority.
• Does not interpret or adjudicate disputes.
• Does not amend issued Records.
Its mandate is limited to cryptographic sealing at submission and preservation thereafter.
‍

3. Operational Controls

3.1 Automated Processing
Issuance is system-driven.
Submission triggers cryptographic hashing, timestamp application, generation of verification artefacts, and secure storage.
No routine human review or editorial intervention occurs between submission and sealing.

3.2 Access Governance
Operational access is governed by:
• Role-based permissions,
• Least-privilege principles,
• Multi-factor authentication for administrative functions,
• Logged administrative activity.
Access to stored data is restricted to operational necessity and governed by documented internal procedures.

3.3 Change Management
Infrastructure and custody logic changes:
• Are tested prior to deployment,
• Undergo internal review,
• Are recorded in traceable change logs.
Updates affecting cryptographic or timestamping mechanisms require formal review before implementation.
‍

4. Security Governance

RegistryRail™ operates on infrastructure aligned with recognized security standards.

4.1 Infrastructure Controls
• Encryption in transit (TLS).
• Encryption at rest (AES-256 or equivalent).
• Segregated operational environments.
• Controlled production access.
Hosting and storage services are provided by ISO/IEC 27001-certified and SOC-audited providers under data processing agreements.

4.2 Cryptographic Integrity
Each Record incorporates:
• SHA-256 hashing (FIPS 180-4 standard),
• RFC-3161 timestamping,
• Cryptographic binding between content and timestamp.
Verification can be performed independently using standard cryptographic tools.
RegistryRail™ does not represent itself as a qualified time stamp authority under eIDAS unless expressly certified.
‍
4.3 Monitoring and Incident Response
Systems are monitored for unauthorized access, integrity anomalies, and operational instability.
VerifiedClimate™ Limited maintains documented incident response procedures and complies with applicable legal notification requirements.
‍

5. Continuity and Durability

5.1 Independent Verification
Each issuance generates:
1. A Live Record URL under submitter control; and
2. A Sealed Reviewer Copy containing the original content, timestamp data, cryptographic hash, and verification artefacts.
The Sealed Reviewer Copy enables integrity validation without reliance on ongoing system access.

5.2 Resilience
Records are stored on redundant infrastructure designed to reduce concentration risk and preserve availability.
Backup and replication processes operate within hosted environments. While no system eliminates all operational risk, the architecture is designed to support durable evidentiary preservation consistent with institutional expectations.
‍

6. Legal Process and Limits

RegistryRail™ operates within applicable law.
Where lawful process requires disclosure of information, VerifiedClimate™ Limited will comply with its legal obligations.
The system does not provide functionality to alter sealed Records. Integrity remains cryptographically verifiable irrespective of requests concerning access or disclosure.
Records are not modified or reissued except through creation of a new Record by a submitter.
‍

7. Institutional Boundary

RegistryRail™ is evidentiary infrastructure.
It is not:
• A regulatory authority,
• A certification body,
• A compliance determination service,
• A governance platform,
• A legal advisory function.
Its role is confined to sealing declarations under neutral custody at submission and preserving them in tamper-evident form.
‍

8. Governance of This Disclosure

This page describes structural and operational controls as of the date below.
Material changes to governance structure or custody architecture will be reflected through updates to this disclosure.
This document is descriptive and does not replace contractual terms contained in the Terms of Service.
‍
Operated by:
VerifiedClimate™ Limited (Ireland) trading as RegistryRail™
Last Updated: [February 2026]
For governance inquiries: governance@registryrail.com
‍

Milestones

Funding

Board Decisions

Institutional Submissions

Regulatory Filings

Compliance

Audit

Procurement

Policy

Methodology

Research

Evidence

Prior Art

Public Declarations

Estate & Succession

Asset Retirement

Personal Declarations

Independent Instructions