Compliance is a property, not a project.
Boundless treats every regulation in the telecoms and data-protection canon as a continuous, machine-verifiable property of the platform - not an annual scramble for paperwork.
Six headline frameworks, always green.
Status reflects the live posture of the platform. Certification milestones for ISO 27001, SOC 2 and PCI-DSS run alongside a continuous-evidence operating model - we don't wait for an annual audit to know where we stand.
24 regimes.
One cognitive substrate.
Each card shows the rule, the industry default response, our answer, and where we exceed. Click any card to expand. All entries reflect publicly documented regulatory text as of May 2026.
UK + EU first. Allied roaming, never opaque.
Every byte and every signalling event is routed through licensed, sovereign points-of-presence under UK or EU jurisdiction. Roaming partners are restricted to allied carriers under bilateral attestation - and the routing decision for every call is signed and exportable.
Sense → Decide → Act → Remember.
Compliance is the by-product of running the platform - not a project we periodically chase. Every layer of Abel writes signed evidence into a SHA-256 hash-chained log; the chain is verifiable by anyone with admin access via the abel_verify_chain RPC.
Lawful basis on every record
Every record carries a machine-tagged lawful basis (Art. 6 GDPR) and a purpose-of-processing flag. The basis is enforced at the data plane - not promised in policy.
DSAR - 24h SLA
Subject access, rectification and erasure requests are handled by a signed pipeline with a 24-hour SLA. Proof-of-deletion is anchored on the chain.
No vendor escapes the chain.
Every Tier-1 vendor is attested at provisioning and re-attested on every release. Our responsible-disclosure programme accepts reports 24/7 and commits to a 90-day patch SLA on all confirmed findings.
Safety, accessibility and consumer rights are first-class.
Children & families
Family-pack ships with kid-mode at the SIM. Network-level filtering with parental override; no in-app trickery.
Accessibility - WCAG 2.2 AA
Public site and admin console audited against WCAG 2.2 AA. Screen reader-first navigation; reduced-motion respected.
Telecoms consumer rights
Ofcom General Conditions honoured: switching, complaints handling, transparency on speed/coverage. Plain-English contracts.
Certs are catching up to the platform.
We've architected the platform to exceed the controls these regimes require; we're now paying for the formal stamps.
One click. Signed. Hash-anchored.
Admins can export a JSON evidence bundle with the chain status, audit row count, latest pentest summary and a signed SHA-256 hash. The export action itself writes a Layer-26 audit row.
The evidence pack contains live, signed compliance metadata. Available to authenticated administrators only.
Sign inReal people. Real mailboxes.
Bring your hardest auditor.
We'll walk through every control, layer by layer, with our compliance and security leads in the room.
Book a compliance deep-dive