KYE State Library™ · v1

Open-source state machines for every regulated industry.

Every regulated entity — a loan, a claim, a prescription, a drug batch, an AI system — has a lifecycle that regulators expect you to be able to evidence. The KYE State Library™ publishes those lifecycles as signed, versioned, machine-readable state machines. Adopt one for your tenant, tighten it where you must, replay it in audit.

library_books What it is grid_view 9 categories share Adopt + derive verified Open-source
1 · What it is

30 starter entries. 9 industries.

Each entry is a JSON document conforming to kye.state.library_entry.v1 — states (with obligations), transitions (with guards, actor roles, effects), platform_locked_obligations that cannot be overridden, a machine_seal sha256 over the canonical content, and a detached signature. Tenants adopt by reference and may add states, add transitions, tighten guards, or add extra obligations. They cannot remove states, loosen guards, or strip locked obligations.

  • Versioned. Semver per entry; supersedes pointer for migrations.
  • Signed. Sha256 machine_seal + Ed25519 signature with a published kid.
  • Aligned. Each entry cites the regulations it implements — FCA, PSD2, HIPAA, GDPR, EU AI Act, DORA, NIS2, IATA, IMO, GMP, ICH-E2B, and more.
  • Open. MIT / Apache-2.0 / CC-BY-4.0 only.
2 · The catalog

Pick the one that matches your regulator.

Banking · 5 entries

Loan applications under FCA CONC 5/6/7 and EU MCD. PSD2 Strong Customer Authentication for payment intents. BSA + 5AMLD KYC. Corporate credit facilities under Basel III + IFRS 9. Merchant / acquirer onboarding under scheme rules.

Payments · 3 entries

Outbound payouts across SEPA / Faster Payments / ACH / SWIFT. Refunds under PSD2 Art 76 + UK Consumer Rights Act. Chargebacks under Visa Core Rules + Mastercard CR + Reg Z.

Insurance · 3 entries

Claims under FCA ICOBS 8 and EIOPA guidance. Policy lifecycles under IDD. Underwriting cases governed by Solvency II + EIOPA POG.

Healthcare · 3 entries

Electronic prescriptions under HIPAA + NHS DCB0129/0160. Payer prior-authorisation under CMS-0057-F + HIPAA X12 278. Patient consent under HIPAA + GDPR Art 9.

Pharma · 3 entries

Drug manufacturing batches under EU GMP + FDA 21 CFR 11 + FMD/DSCSA serialisation. Clinical trial subjects under ICH-GCP E6(R3) + EU CTR. Adverse event reporting (ICSR) under ICH E2B(R3).

Logistics · 3 entries

Cargo shipments under IMO SOLAS VGM + IATA DGR + WCO SAFE. Bills of lading under UCP 600 + MLETR. Customs declarations under EU UCC + ICS2.

Energy · 2 entries

Smart meter readings under SMETS2 + Elexon BSC. Power Purchase Agreement settlements under EU REMIT + EFET.

RegTech · 4 entries

DORA third-party ICT provider lifecycle (Art 28-30). NIS2 significant incidents with 24h / 72h / 1-month windows. GDPR data subject requests (Art 12-22). AML suspicious transaction reports under 5AMLD + FATF R20.

AI Governance · 4 entries

EU AI Act high-risk systems (Art 16-29) — design through conformity assessment, CE marking, post-market monitoring, recall. Model evaluations against NIST AI RMF + ISO/IEC 42001. AI inference runs with drift + human-oversight controls. Prompt-injection incident handling.

3 · How adoption works

Adopt by reference. Derive by tightening.

  1. Pick a library entry — e.g. kye:state-library:banking.loan_application.v1.
  2. POST to /v1/state-machines/from-library with your tenant id + a local entity class.
  3. The platform resolves the entry, verifies the machine_seal, validates your overrides, and writes both a tenant-scoped state machine and a kye.state.machine_derivation.v1 record.
  4. From that point on, every transition in your tenant is checked against your derived machine — and the derivation is replayable from the signed library entry.

Derivations are constrained: you can add states / transitions / guards / obligations, but you cannot remove the ones the platform locked. That is what makes a regulator-acceptable starting position auditable across customers.

4 · License + governance

Open source. Signed releases.

Library entries ship under MIT, Apache-2.0, or CC-BY-4.0 — your in-house derivations remain yours. The maintainers (KYE™ Platform Team) co-sign new entries with a published kid; supersedes pointers preserve the chain when a regulator updates the underlying rule.

Ready to adopt these in your tenant?

Pilot the State Library with your team. We’ll help you classify your regulated entities, pick the entries that match, and ship your first signed derivation in a week.

rocket_launch Apply for pilot → code Browse on GitHub →