Regulatory Coverage

Regulatory Atlas

This page is the law-by-law map behind the trust program. It explains how the current site, Lucid wallet disclosures, privacy workflow, and trust surfaces are intended to align with the regional and sectoral laws we are tracking.

This atlas is intentionally precise. It distinguishes between an implemented baseline, an active implementation track, and regimes that still require a separate regulated environment before they can be claimed.
Live legal baseline0 sectionsRights routing activeDocs-ready presentation
Last updated May 31, 2026
Page structure
Hero briefing
Scope, applicability, and status markers
Live surface
Interactive controls, forms, or datasets below
Support docs
Related policies, packs, and trust materials
Related docs
Docs Center
Core policies and rights flows
Privacy Request Center
Access, delete, export
Regulatory Packs
Counsel and diligence view
Vendor Register
Processor and DPA posture
Recommended use

This is the best place to fill the space: not decorative noise, but a useful orientation layer. It gives readers page structure, supporting docs, and a quick sense of what to do next before they reach the live form, pack, or data surface below.

Recommended filler pattern
  • Quick actions or entry points
  • Support response timing or scope note
  • Cross-links to the most relevant trust materials
Open primary docOpen support path
Law-by-law map

Regional regulatory atlas

This atlas turns the trust program into a law-by-law map. It is meant to show which regulatory baselines are already reflected in the covered site and Lucid surfaces, and which ones still require additional product scope, contracts, or audit evidence before they can be claimed more strongly.

Europe

This group covers the European privacy and consent baseline used for the corporate site, Lucid legal surfaces, and the shared privacy-request workflow.

European Economic Area and aligned European regimes

GDPR

Regulation (EU) 2016/679 remains the core European personal-data framework.

Implemented baseline
Covered surfaces
Corporate site noticesLucid noticesPrivacy Request CenterCookie preference center
Baseline now
  • Published notices identify the controller, purposes, legal bases, recipients, transfer framing, retention categories, and rights-routing channels.
  • The request portal already supports access, deletion, correction, portability, objection, restriction, appeal-style follow-up, and consent-withdrawal intake.
  • Cookie handling on covered surfaces is positioned behind explicit consent for non-essential technologies.
Still required
  • Continue validating any new data flow, analytics change, or child-brand launch against Article 13 and 14 transparency duties before activation.
  • Keep transfer safeguards, vendor contracts, and retention evidence aligned with the actual processor stack as it changes.
Official references
EUR-Lex GDPR textEuropean Commission transparency guidance
EU member states and similar consent-regulated markets

ePrivacy cookie rules

The ePrivacy Directive baseline still requires consent for non-essential terminal-equipment access or storage, and Planet49 remains a high-signal consent case.

Implemented baseline
Covered surfaces
Corporate site cookiesCookie preference centerBrowser technology inventory
Baseline now
  • The current cookie model avoids implied consent and allows an essential-only path.
  • A supported Global Privacy Control signal is recognized as a restrictive browser-layer baseline until the user makes an explicit site-specific choice.
  • The cookie policy and browser-technology inventory are published so declared categories can be compared to the code-backed baseline.
Still required
  • Any future optional analytics, advertising, or embedded third-party browser technology must stay gated behind the matching consent category before production release.
Official references
EUR-Lex ePrivacy DirectiveEUR-Lex Planet49 decision